Smart Card Research and Advanced Applications
10th IFIP WG 8.8/11.2 International Conference, CARDIS 2011, Leuven, Belgium, September 14-16, 2011, Revised Selected Papers
Published on 13. December 2011
XI, 337 pages
978-3-642-27257-8 (ISBN)
Description
This book constitutes the thoroughly refereed post-conference proceedings of the 10th IFIP WG 8.8/11.2 International Conference on Smart Card Research and Advanced Applications, CARDIS 2011, held in Leuven, Belgium, in September 2011. The 20 revised full papers presented were carefully reviewed and selected from 45 submissions. The papers are organized in topical sections on smart cards system security, invasive attacks, new algorithms and protocols, implementations and hardware security, non-invasive attacks, and Java card security.
More details
Other editions
Additional editions
Emmanuel Prouff
Smart Card Research and Advanced Applications
10th IFIP WG 8.8/11.2 International Conference, CARDIS 2011, Leuven, Belgium, September 14-16, 2011, Revised Selected Papers
Book
12/2011
Springer
€53.49
Shipment within 7-9 days
Content
- Intro
- Title Page
- Preface
- Organization
- Table of Contents
- Smart Cards System Security
- Evaluation of the Ability to Transform SIMApplications into Hostile Applications
- Introduction
- Fault Attacks and Countermeasures
- Fault Model
- Defining a Mutant Application
- Hardware Countermeasures
- Software Countermeasures
- Control Flow Integrity
- Checking Paths during Runtime Execution
- Using Java Annotation
- Principle of the ``PATHCHECK'' (PC) Method
- Experimentation and Results
- Evaluation Context
- Results
- Conclusions
- References
- Synchronized Attacks on Multithreaded Systems- Application to Java Card 3.0 -
- Introduction
- Involved Mechanisms
- Multithreading
- I/O Network Interfaces
- The Attack Concept
- Practical Implementation on a Java Card
- Context of the Attack
- The Attack Concept Key Assumptions
- The Practical Attack
- Discussion on Protections
- Conclusion
- References
- A Formal Security Model of a Smart Card Web
- Introduction
- Smart Card Web Server
- Specification Analysis and Recommendations
- Security Policy
- A Coq Model of the Smart Card Web Server
- SCWS State
- SCWS Transition
- Proof of the Security Properties
- External Observation of Servlet Invocation
- Proof
- Related Work
- Concluding Remarks
- References
- Invasive Attacks
- Differential Fault Analysis of AES-128 Key Schedule Using a Single Multi-byte Fault
- Introduction
- Preliminaries
- The AES Algorithm
- Notations
- Fault Model Used
- Existing Fault Analysis
- Limitation of Existing Attack
- Proposed Attack Using Single Faulty Ciphertext
- Attack Principle
- Time Complexity Reduction Technique
- Analysis of the Proposed Attack
- Experimental Results
- Comparison with the Previous Works
- Conclusions
- References
- Combined Fault and Side-Channel Attack on Protected Implementations of AES
- Introduction
- Previous Work
- SCA and Masking
- DFA and Redundancy
- Combined Attacks and Combined Countermeasures
- Notations
- A New DFA
- Best Case Scenario: Key Schedule Pre-computation
- Fault Model.
- Attack Description
- Why the Attack Works.
- Key Schedule Re-executed at Each Cipher Execution
- Unmasked Key Schedule Implementation.
- Masked Implementation.
- Combined Attack Against (HO-)Masked and DFA Resistant Implementation of AES
- Fault Injection Resistant Implementations
- Combined Attack Description
- Evaluation of the Attack Success Rate
- Countermeasures
- Conclusion
- References
- Memory-Efficient Fault Countermeasures
- Introduction
- Exponentiation and Fault Countermeasures
- Yao's m-Ary Exponentiation
- Protecting against Faults
- A Variant of Baek's Algorithm
- Memory-Efficient Methods
- SPA-FA Resistant Right-to-Left m-Ary Exponentiation
- Dealing with the Neutral Element 1G
- Binary Case
- Efficiency
- Conclusion
- References
- New Algorithms and Protocols
- Redundant Modular Reduction Algorithms
- Introduction
- Modular Reduction Algorithms
- Montgomery Reduction
- Barrett Reduction
- Static Redundant Modular Arithmetic
- Dynamic Redundant Modular Arithmetic Propositions
- Dynamic Redundant Montgomery Reduction
- Dynamic Redundant Barrett Reduction
- Efficiency and Security Evaluation
- Conclusion
- References
- Fresh Re-keying II: Securing Multiple Parties against Side-Channel and Fault Attacks
- Introduction
- Background: The Africacrypt 2010 Scheme
- Security of g against Algebraic SPA
- Extending the Africacrypt Scheme to n Parties
- Scheme 1: Using n Master Keys
- Scheme 2: Using a Single Master Key
- Security Model
- Security of Scheme 1
- Security of Scheme 2
- Security against Divide-and-Conquer Attacks
- SCA Security of the Extended Function g
- Software Implementation in an AVR Microcontroller
- Multiplication
- Shuffling of the Fresh Re-keying
- Shuffling of the AES
- Performance Results
- Future Research and Conclusions
- References
- Fast Key Recovery Attack on ARMADILLO1 and Variants
- Introduction
- Related Work
- Description of ARMADILLO
- ARMADILLO1
- ARMADILLO2
- General ARMADILLOgen Algorithm
- ARMADILLO1b: Shrinking the Xinter Register
- ARMADILLO1c: Adding a Linear Layer in T3
- ARMADILLO1d: Adding a Fixed Transposition in T1
- Key Recovery Attack against ARMADILLO1 and ARMADILLO1b
- Attack Extension with Linear Layer in T3 (ARMADILLO1c)
- Attack Extension with a Fixed Transposition in T1 (ARMADILLO1d)
- Case with no General T2 and T4
- Extension with the T4 and T2 Transformations
- Extension to a General
- Attack Impact on ARMADILLO2
- Conclusion
- References
- Implementations and Hardware Security 1
- Implementation and Evaluation of an SCA-Resistant Embedded Processor
- Introduction
- Description of the Power-Trust Security Concept
- ASIC Prototype Implementation
- Features of the Secure Zone
- Implementation Details
- Possible Improvements
- Security Evaluation
- Analysis of the Results
- Conclusions
- References
- Evaluating 16-Bit Processors for Elliptic Curve Cryptography
- Introduction
- Related Work
- Elliptic-Curve Cryptography
- Algorithms Used
- Modular Multiplication
- Field Multiplication
- Texas Instruments MSP430
- Microchip PIC24 and dsPIC
- Generic Product Scanning on the dsPIC
- Unrolled Product Scanning on the dsPIC
- Montgomery Multiplication on the dsPIC
- Comparison Results
- Relative Performance
- Scaling of Performance
- Conclusion
- References
- A Hardware Processor Supporting Elliptic Curve Cryptography for Less than 9 kGEs
- Introduction
- Elliptic Curve Cryptography
- Design-Space Exploration
- The Hardware Multiplier
- The Memory Type and Architecture
- Hardware Architecture
- Central Processing Unit (CPU)
- Memory for Program, Data, and Constants
- Implementation Details
- Carry-Less Multiply-Accumulate Unit
- Modular Arithmetic
- Results
- Results for Higher-Level Protocol Implementations
- Conclusions
- References
- Implementations and Hardware Security 2
- Memory Encryption for Smart Cards
- Introduction
- Memory Encryption
- Memory Encryption Background
- Previous Work
- Memory Encryption System Design Issues
- Address Scrambling
- Performance Issues
- System Performance and Block Cipher Selection
- Implementation Aspects and Simulations
- AES Round Function and Core Design
- PRESENT Round Function and Core Design
- Memory Encryption Module Design
- XEX-Mode
- CTR-Mode
- Conclusions
- References
- Compact FPGA Implementations of the Five SHA-3 Finalists
- SHA-3 Finalists
- Related Works
- Methodology
- Architectures
- Implementation Results and Discussion
- References
- Non-invasive Attacks
- An Exploration of the Kolmogorov-Smirnov Test as a Competitor to Mutual Information Analysis
- Introduction
- Our Contributions
- Differential Power Analysis
- Evaluation Methodology
- Theoretic vs. Practical Distinguishing Vectors
- Notion of Distinguishability
- The Kolmogorov-Smirnov Distinguisher
- Kolmogorov-Smirnov Based DPA Attacks
- Multivariate Extensions
- Results
- Optimistic Scenario: DES S-Box with (Known) Hamming Weight Leakage
- Realistic Scenario: DES S-Box with Unknown Power Model
- Higher-Order Scenario: Second-Order Attacks against a Masked Implementation
- Bivariate Extensions for an Unprotected Implementation
- Conclusion
- References
- A High-Performance Implementation of Differential Power Analysis on Graphics Cards
- Introduction
- Differential Power Analysis
- Computations on Graphics Cards
- Differential Power Analysis on Graphics Cards
- Leakage Model Creation
- Computation of the Sums
- Computation of the Correlation Coefficient Matrix
- Special Case: Hamming Weight Model
- Experimental Results
- Conclusion and Future Work
- References
- RAM: Rapid Alignment Method
- Introduction
- Related Work
- Alignment with Wavelets
- Wavelets
- Block Wavelets
- New Algorithm
- Detector
- Descriptor
- Matcher
- Warper
- Experiments and Results
- Settings
- Comparison Results
- Conclusions and Future Work
- References
- Java Card Security
- Combined Software and Hardware Attacks on the Java Card Control Flow
- Introduction
- State of the Art
- Java Card Security
- The CAP File
- Logical Attacks
- EMAN2: A Stack Underflow in the Java Card
- Genesis
- How to Obtain the Address of Our Malicious Array?
- Java Card Stack
- Our Attack
- Counter-Measure
- EMAN4: Modifying the Execution Flow with a Laser Beam
- Description of Our Attack
- How Re-loop a for Loop
- Our Attack
- Counter-Measures
- Conclusion
- References
- Java Card Operand Stack: Fault Attacks, Combined Attacks and Countermeasures
- Introduction
- Basics of Operand Stack, Fault and Combined Attacks
- The Operand Stack, a Central Element of the JCVM
- Fault and Combined Attacks
- The Selected Fault Model
- Fault Attacks on the Operand Stack
- Taking Advantage of Erroneous Integral Values
- The Case of Boolean Values
- Combined Attack through Faulty Object References
- Yet Another Way to Type Confusion
- Instance Confusion: The Case Study of Security Role Impersonation
- Countermeasures
- When to Check for Faults?
- Software Fault Detection
- Costs Comparison
- Conclusion
- References
- Formal Analysis of CWA 14890-1
- Introduction
- The AVISPA Tool
- Smart Card Commands
- An Asymmetric Session Key Agreement Protocol with Privacy Protection
- Authentication Steps
- HLPSL Specifications
- Roles
- Composed Roles
- Role IFD
- Modelling Authentication in HLPSL
- Role ICC
- Role Environment
- Automatic Analysis of the Protocol
- Specification and Analysis of Asymmetric Key Transport Scheme Based on RSA
- Authentication Steps
- HLPSL Specifications
- Modeling Secrecy in HLPSL
- Security Analysis
- Specification and Analysis of Symmetric Authentication Scheme
- Authentication Steps
- HLPSL Specifications
- Automatic Analysis of the Protocol
- Conclusion
- References
- Author Index
