Our friends from Radboud University made the news again last week, when they got the Best Practical Paper Award at the IEEE Symposium on Security and Privacy. The most interesting part of this is the background, of course. NXP tried to stop the researchers from publishing the results of their work, and they failed, after […]
Category Archives: Research
Mesure and more
Trusted Labs is involved in the Mesure project, whose goal is to develop open benchmarks for Java Card. There are few partners to this project (CNAM, INRIA/POPS, and us), and in particular, no major manufacturer. Yet, the idea is here to start a community that will publish some results. Performance is a sensitive piece information […]
The art of Java Card programming
The title may be a bit pompous, but this is one of the sessions that will be offered during the Smart University event, from September 17 to September 20 in Sophia Antipolis (France). The program of this session is very nice, prepared by Pierre Paradinas, and clearly focused on real application development. The first day […]
Open Source or Security through Obscurity ?
I strongly believe that keeping things secret is not a good idea, and that security cannot be achieved through obscurity. There are many convincing examples of this, even in the smart card industry. The infamous GSM algorithms are a perfect example: cryptography using secret algorithms is a bad idea, because the algorithms get broken. Following […]
Small details
Every time that a Java Card specification comes out, I like to think that it is a good specification, and in particular that it provides complete information for developers. We have tried hard, but the completeness remains hard to reach. Not that the spec is bad, which is not true. The Java Card Forum has […]
e-Smart postface
e-Smart, day 3. e-Smart is over. I did not manage to attend a lot of sessions, but I found a few interesting things. I looked back at the things I commented on, and I found only three conclusions: I am obsessed by fault induction, but there is hope for a cure, at both the software […]
An efficient sensitive section API
e-Smart, day 3. Benoît Gonzalvo is from Gemalto’s security group, and he also participates to the Java Card Forum’s security work. The issue is to protect against attacks (side-channel observation or fault induction) [Gon06]. The two current approaches are: Protecting the whole VM, which is secure but potentially very slow. Protecting the application code, which […]
Java Card mobile grid
e-Smart, day 2. Serge Chaumette, Damien Sauveron, and the rest of the team directed by Serge at LaBRI, is the developer of the Java Card Grid, They have put together a bunch of smart cards readers with cards in them, and then used that as a server for security-sensitive operations. The basic idea was very […]
Designing chips against fault induction
e-Smart, day 1. The title of the talk by ST’s Christophe Tremlet was very appealing [Tre06]; the talk was interesting, but a bit under my expectations (the problem is not completely solved). Nevertheless, Christophe gave a very nice and interesting presentation of fault induction attacks, showing the different parameters that can be acted upon at […]
Web applications for smart devices
e-Smart, day 1. I arrived late, just in tiome for the talk by Gemalto’s Patrick George about Web applications for smart devices (he was replacing Jean-Jacques Vandewalle) [Van06]. Patrick gave an account of many previous attempts to link the Web and smart card, which we all know did not work so far: as of today, […]