Foreword: If you have been following the tutorial, you may have noticed that the last post was numbered 13. There are therefore 3 missing posts. Like post 13, they should be dedicated to testing techniques (building a test plan, writing tests, etc.). However, writing tests without using proprietary tools is not as easy as I naively thought, so these posts will have to wait a little. So for now, we will go for a few post about communication security.
– o –
In most smart card applications, the communication between the card and the terminal needs to be secured. Smart card developers rapidly get used to this, and securing communications becomes a reflex. Nevertheless, let’s spend a little time looking at the reasons behind this security measure.
Secure communication is an answer to a few important questions, that we will detail below.
Continue Reading »
I recently posted about contactless card security and about voting machines. Well, these two items are still in the news.
About contactless card, it seems that the researchers from Radboud University Nijmegen are being sued by NXP in an attempt to avoid the full disclosure of their flaw. The article I linked to contains a link to a video that shows that this attempt is pointless. The dutch research team was smart enough to identify a flaw in the cryptographic algorithm, but they are not the only capable team of researchers in the world. Suing them will buy a little time, but other teams will get on the topic, and it will be hard to avoid disclosure for very long. I hope that NXP also has other contingency plans to react to this new security issue.
On a completely different topic, a scientific study in France by Chantal Enguehard has shown that there were more errors on precincts that use voting machines than on those that don’t. I must say that I can easily believe in this, as my experience looking at voting machines being used has shown that the use of the machines is often confusing for both staffers and voters. Since confusion leads to errors, the report does not come as a surprise.
I haven’t found the report itself, just an article about it. I will get back to the issue, as I am quite happy that the file against the voting machines currently used in France is becoming thicker, and that we can hope to achieve some results there.
