Smart Card Security

  • Kostas Markantonakis
  • Keith Mayes
  • Michael Tunstall
  • Damien Sauveron
  • Fred Piper

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    3GPP organisation. http://www.3gpp.org/
  2. 2.
    3GPP organisation. 3GPP TS 33.102 3G Security; Security Architecture (Release 99) V3.13.0 (2002-12), 2002Google Scholar
  3. 3.
    M.-L. Akkar and C. Giraud. An implementation of DES and AES secure against some attacks. In Ç . K. Koçc, D. Naccache, and C. Paar, editors, Cryptogaphic Hardware and Embedded Systems — CHES 2001, volume 2162 of Lecture Notes in Computer Science, pp. 309–318. Springer-Verlag, 2001Google Scholar
  4. 4.
    C. Aumüller, P. Bier, P. Hofreiter, W. Fischer, and J.-P. Seifert. Fault attacks on RSA with CRT: Concrete results and practical countermeasures. In B. S. Kaliski Jr., Ç. K. Koç, and C. Paar, editors, Cryptogaphic Hardware and Embedded Systems — CHES 2000, volume 2523 of Lecture Notes in Computer Science, pages 260–275. Springer-Verlag, 2002Google Scholar
  5. 5.
    F. Bao, R. H. Deng, Y. Han, A. Jeng, A. D. Narasimhalu and T. Ngair. Breaking Public Key Cryptosystems on Tamper Resistant Devices in the Presence of Transient Faults, the Proceedings of the 5th Workshop on Secure Protocols, volume 1361 of Lecture Notes in Computer Science, Springer-Verlag, pp. 115– 124, 1997Google Scholar
  6. 6.
    H. Bar-El, H. Choukri, D. Naccache, M. Tunstall, and C. Whelan. The sorcerers apprentice guide to fault attacks. Proceedings of the IEEE: Special Issue on Cryptography and Security, 94(2):370–382, IEEE, 2006Google Scholar
  7. 7.
    G. Betarte, E. Gimenez, B. Chetali, and C. Loiseaux. FORMAVIE: Formal Modeling and Verification of Java Card 2.1.1 Security Architecture, In Proceedings of E-Smart 2002, pp. 215–229, 2002Google Scholar
  8. 8.
    E. Biham and A. Shamir. Differential cryptanalysis of DES-like cryptosystems. In A. Menezes and S. Vanstone, editors, Advances in Cryptology — CRYPTO ’90, volume 537 of Lecture Notes in Computer Science, pp. 2–21. Springer- Verlag, 1991Google Scholar
  9. 9.
    E. Biham and A. Shamir. Differential fault analysis of secret key cryptosystems. In B. S. Kaliski Jr., editor, Advances in Cryptology — CRYPTO ’97, volume 1294 of Lecture Notes in Computer Science, pp. 513–525. Springer-Verlag, 1997Google Scholar
  10. 10.
    A. Biryukov, A. Shamir, and D. Wagner. Real time cryptanalysis of A5/1 on a PC, In B. Schneier, editor, Fast Software Ecryption — FSE 2000, volume 1978 of Lecture Notes in Computer Science, pp. 1–18, Springer-Verlag, 2000Google Scholar
  11. 11.
    J. Blömer and J.-P. Seifert. Fault based cryptanalysis of the advanced encryption standard (AES). In R. N. Wright, editor, Financial Cryptography, volume 2742 of Lecture Notes in Computer Science, pp. 162–181. Springer-Verlag, 2003Google Scholar
  12. 12.
    D. Boneh, R. A. DeMillo, and R. J. Lipton. On the importantce of checking computations. In W. Fumy, editor, Advances in Cryptology — EUROCRYPT ’97, volume 1233 of Lecture Notes in Computer Science, pages 37–51. Springer- Verlag, 1997Google Scholar
  13. 13.
    M. Briceno, I. Goldberg, and D. Wagner. GSM Cloning. 20 April 1998. http://www.isaac.cs.berkeley.edu/isaac/gsm.html
  14. 14.
    E. Brier, C. Clavier and F. Olivier. Correlation power analysis with a leakage model. In M. Joye and J.-J. Quisquater, editors, Cryptographic Hardware and Embedded Systems — CHES 2004, volume 3156 of Lecture Notes in Computer Science, pp. 16–29. Springer-Verlag, 2004Google Scholar
  15. 15.
    S. Chari, C. S. Jutla, J. R. Rao, and P. Rohatgi. Towards approaches to counteract power-analysis attacks. In M. Wiener, editor, Advances in Cryptology — CRYPTO ’99, volume 1666 of Lecture Notes in Computer Science, pp. 398–412, Springer-Verlag, 1999Google Scholar
  16. 16.
    M. Ciet and M. Joye. Practical fault countermeasures for chinese remaindering based RSA. In L. Breveglieri and I. Koren, editors, Workshop on Fault Diagnosis and Tolerance in Cryptography 2005 — FDTC 2005, pp. 124–131, 2005Google Scholar
  17. 17.
    B. Chevallier-Mames, M. Ciet, and M. Joye. Low-cost solutions for preventing simple side-channel analysis: side-channel atomicity. IEEE Transactions on Computers, 53(6):760–768, IEEE, 2004CrossRefGoogle Scholar
  18. 18.
    C. Clavier, J.-S. Coron, and N. Dabbous. Differential power analysis in the presence of hardware countermeasures. In Ç. K. Koç and C. Paar, editors, Cryptographic Hardware and Embedded Systems — CHES 2000, volume 1965 of Lecture Notes in Computer Science, pp. 252–263. Springer-Verlag, 2000Google Scholar
  19. 19.
    R. Cohen. The defensive Java virtual machine specification, Technical Report, Computational Logic Inc., 1997Google Scholar
  20. 20.
    Common Criteria. www.commoncriteria.org
  21. 21.
    Z. Chen. Java Card Technology for Smart Cards : Architecture and Programmer’s Guide, Addison-Wesley, 2000Google Scholar
  22. 22.
    S. Chaumette and D. Sauveron. Some Security Problems Raised by Open Multiapplication Smart cards, 10th Nordic Workshop on Secure IT-systems — Nord- Sec 2005, 2005Google Scholar
  23. 23.
    S. Chaumette and D. Sauveron, An efficient and simple way to test the security of Java cards, In Proceedings of the 3rd International Workshop on Security in Information Systems — WOSIS 2005, pp. 331–341. INSTICC Press, 2005Google Scholar
  24. 24.
    European Technical Standards Institute, http://www.etsi.org/
  25. 25.
    European Technical Standards Institute. GSM 11:11 - Digital cellular telecommunications system (phase 2+); Specification of the Subscriber Identity Module - Mobil Equipment (SIM-ME) interface, Version 8.3.0, 1999Google Scholar
  26. 26.
    European Technical Standards Institute, Security Algorithms Group of Experts (SAGE). http://portal.etsi.org/sage/sage tor.asp
  27. 27.
    Europay International. MAOS Paltforms Status Technical Report, www.europay.com
  28. 28.
    K. Gandolfi, C. Mourtel, and F. Olivier. Electromagnetic analysis: concrete results. In Ç. K. Koç, D. Naccache and C. Paar, editors, Cryptographic Hardware and Embedded Systems — CHES 2001, volume 2162 of Lecture Notes in Computer Science, pp. 251–261. Springer-Verlag, 2001Google Scholar
  29. 29.
    Gemplus. MPCOS Multi Application Payment Chip, Reference Manual Ver 4.0, 1994Google Scholar
  30. 30.
    C. Giraud and H. Thiebeauld. A survey on fault attacks. In Y. Deswarte and A. A. El Kalam, editors, Smart Card Research and Advanced Applications VI — 18th IFIP World Computer Congress, pp. 159–176. Kluwer Academic, 2004Google Scholar
  31. 31.
    Global Platfom. Global Platform Card Specification, Version 2.1, 2001, http://www.globalplatform.org
  32. 32.
    L. Hemme. A differential fault attack against early rounds of (triple-)DES. In M. Joye and J.-J. Quisquater, editors, Cryptographic Hardware and Embedded Systems — CHES 2004, volume 3156 of Lecture Notes in Computer Science, pp. 254–267. Springer-Verlag, 2004Google Scholar
  33. 33.
    F. Hilebrand. GSM & UMTS, Wiley 2002Google Scholar
  34. 34.
    Intercede Group plc. OpenPlatform, http://www.intercede.com/Technology-OpenPlatform.htm
  35. 35.
    International Standard Organisation. ISO/IEC 7816, Information technology — Identification cards — Integrated circuit(s) cards with contacts — Part 4: Interindustry commands for interchange, 1995Google Scholar
  36. 36.
    International Standard Organisation. ISO/IEC 7816, Information technology — Identification cards — Integrated circuit(s) cards with contacts — Part 5: Numbering system and registration procedure for application identifiers, 1994Google Scholar
  37. 37.
    International Standard Organisation. ISO/IEC 7816, Information technology — Identification cards — Integrated circuit(s) cards with contacts — Part 6: Inter-industry data elements, 1996.Google Scholar
  38. 38.
    D.H Habing. The use of lasers to simulate radiation-induced transients in semiconductor devices and circuits, In IEEE Transactions On Nuclear Science, volume 39, pp. 1647–1653, IEEE, 1992Google Scholar
  39. 39.
    Hive-Minded. Smartcard.NET, www.hiveminded.com
  40. 40.
    M. Joye and F. Olivier. Side-channel attacks. In H. van Tilborg, editor, Encyclopedia of Cryptography and Security, pp. 571–576. Kluwer Academic Publishers, 2005Google Scholar
  41. 41.
    M. Joye, J.-J. Quisquater, F. Bao, and R.H. Deng. RSA-type signatures in the presence of transient faults, In M. Darnell, editor, Cryptography and Coding, volume 1355 of Lecture Notes in Computer Science, pp. 155–160, Springer-Verlag, 1997Google Scholar
  42. 42.
    P. Kocher. Timing attacks on implementations of diffe-hellman, RSA, DSS, and other systems. In N. Koblitz, editor, Advances in Cryptology — CRYPTO ’96, volume 1109 of Lecture Notes in Computer Science, pp. 104–113. Springer- Verlag, 1996Google Scholar
  43. 43.
    P. Kocher, J. Jaffe, and B. Jun. Differential power analysis. In M. J. Wiener, editor, Advances in Cryptology — CRYPTO ’99, volume 1666 of Lecture Notes in Computer Science, pp. 388–397. Springer-Verlag, 1999Google Scholar
  44. 44.
  45. 45.
    T. M. Jurgensen and S. B. Guthery. Smart cards : the developer’s toolkit, Prentice Hall, 2002Google Scholar
  46. 46.
    X. Leroy. Bytecode verification for java smart card. Software Practice & Experience, volume 32, pp. 319–340, 2002Google Scholar
  47. 47.
    MAOSCO Ltd. The MULTOSTMSpecification, http://www.multos.com/
  48. 48.
    C. Markantonakis. The case for a secure multi-application smart card operating system. In E. Okamoto, G. I. Davida, and M. Mambo, editors, Information Security Workshop 97 — ISW ’97), volume 1396 of Lecture Notes in Computer Science, pp. 188–197. Springer-Verlag, 1997Google Scholar
  49. 49.
    G. McGraw and E. W. Felten. Securing java, J. Wiley & Sons, 1999Google Scholar
  50. 50.
    G. McGraw, K. Ayer, and E. W. Felten. Jave Security meets smart cards, security enhancements in java card 2.1.1 will help multi-application smart cards take off in U.S. markets, Information Security Magazin, http://www.infosecurity.com/articles/march01/cover.shtml, 2001
  51. 51.
    T. S. Messerges. Power Analysis Attacks and Countermeasures for Cryptographic Algorithms. PhD thesis, University of Illinois, Chicago, 2000Google Scholar
  52. 52.
    T. S. Messerges. Using second-order power analysis to attack DPA resistant software. In Ç. K. Koç and C. Paar, editors, Cryptogaphic Hardware and Embedded Systems — CHES 2000, volume 1965 of Lecture Notes in Computer Science, pp. 71–77. Springer-Verlag, 2000Google Scholar
  53. 53.
    U. Meyer and S. Wetzel, On the Impact of GSM Encryption & Man-in-the- Middle Attacks on the Security of Interoperating GSM/YMTS Networks. In Proceedings of IEEE International Symposium on Personal, Indoor and Mobile Radio Communications — PIMRC 2004, volume 4, pp. 2876–2883, IEEE, 2004.Google Scholar
  54. 54.
    M. Montgomery, K. Krishna. Secure object sharing in Java card, In proceedings of the USENIXWorkshop on Smart Card Tehnology—Smartcard ’99, USENIX, 1999Google Scholar
  55. 55.
    D. Naccache, P. Q. Nguyên, M. Tunstall, and C. Whelan. Experimenting with faults, lattices and the DSA. In S. Vaudenay, editor, Public Key Cryptography — PKC 2005, volume 3386 of Lecture Notes in Computer Science, pp. 16–28. Springer-Verlag, 2005Google Scholar
  56. 56.
    General Information Systems Ltd. OSCAR, Specification of a smart card filling system incorporating data security and message authentication, http://www.gis.co.uk/oscman1.htm
  57. 57.
    Parliamentary Office of Science and Technology. Mobile Telephone Crime. In POST Briefing Note 64, 1995Google Scholar
  58. 58.
    J. R. Rao, P. Rohatgi, H. Scherzer, and S. Tinguely. Partitioning attacks: or how to rapidly clone some GSM cards. In Proceedings of IEEE Symposium on Security and Privacy, pp. 31–41, IEEE, 2002Google Scholar
  59. 59.
    E. Rose and K. H. Rose. Lightweight bytecode verification. In Formal Underpinnings of Java — OOPSLA ’98, ACM, 1998Google Scholar
  60. 60.
    D. Samyde, S. P. Skorobogatov, R. J. Anderson, and J.-J. Quisquater. On a new way to read data from memory. In Proceedings of the First International IEEE Security in Storage Workshop, pp. 65–69, IEEE, 2002Google Scholar
  61. 61.
    D. Sauveron. Étude et réalisation d’un environnemet d’expérimentation et de modélisation pour la technologie java cardTM. application á la sécurité. PhD thesis, University of Bordeaux, Bordeaux, 2004Google Scholar
  62. 62.
    Season 2 Interface. http://www.maxking.co.uk/
  63. 63.
    S. P. Skorobogatov and R. J. Anderson. Optical fault induction attacks. In B. S. Kaliski Jr. and Ç. K. Koç and C. Paar, editors, Cryptogaphic Hardware and Embedded Systems — CHES 2002, volume 2523 of Lecture Notes in Computer Science, pp. 2–12. Springer-Verlag, 2002Google Scholar
  64. 64.
    SmartCard Trends. .NET brings web services to smart cards, April/May Issue, 2004Google Scholar
  65. 65.
    Sun Microsystems. Java Card API Ver 1.0, http://www.javasoft.com/javacard/
  66. 66.
    Sun Microsystems. Java Card API Ver 2.0, www.javasoft.com/javacard/
  67. 67.
    Sun Microsystems. Java Card 2.2.1 Application Programming Interface, 2003Google Scholar
  68. 68.
    Sun Microsystems. Java Card 2.2.1 Runtime Environment (JCRE) Specificqtion, 2003Google Scholar
  69. 69.
    Sun Microsystems. Java Card 2.2.1 Virtual Machine Specification, 2003Google Scholar
  70. 70.
    Sun Microsystems. Java Card API 2.2.1 Reference Implementation, 2002, http://www.javasoft.com/products/javacard/
  71. 71.
    Sun Microsystems. JSR 177 Expert Group. Security and Trust Services API (SATSA) for J2ME V1.0, 2004Google Scholar
  72. 72.
    D. A. Watt and D. F. Brown. Programming Language Processors in java: compilers and interpreters, Prentice Hall, 2000Google Scholar
  73. 73.
    M. Witteman, Java Card Security, Information Security Bulletin 8, pp. 291–298, 2003Google Scholar
  74. 74.
    ZeitControl. BasicCard. http://www.basiccard.com/
  75. 75.
    J. Ziegler. Effect of Cosmic Rays on Computer Memories, Science, volume 206, pp. 776–788, 1979Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Kostas Markantonakis
    • 1
  • Keith Mayes
    • 2
  • Michael Tunstall
    • 3
  • Damien Sauveron
    • 4
  • Fred Piper
    • 5
  1. 1.Smart Card Centre, Information Security Group, Royal HollowayUniversity of LondonSurreyUK
  2. 2.Smart Card Centre, Information Security Group, Royal HollowayUniversity of LondonSurreyUK
  3. 3.Smart Card Centre, Information Security Group, Royal HollowayUniversity of LondonSurreyUK
  4. 4.XLIM — UMR CNRS 6172University of LimogesLIMOGES CedexFRANCE
  5. 5.Information Security Group, Royal HollowayUniversity of LondonSurreyUK

Personalised recommendations