Damien Sauveron

Multiapplication smart card: Towards an open smart card?

Smart cards were invented four decades ago so as to keep data secrets and to process them secretly. Even though their main goal are still the same today, the smart cards have been subject to many evolutions at both their hardware and software levels. Indeed they have been the target of numerous attacks and new demands from the market. These demands have expanded their domains of application. When they were born and during some thirty years smart cards have been monolithic platforms with a fixed piece of software dedicated to one single application. But in the mid 90s, some technologies appeared that have broken this situation by enabling to easily host several applications on the same card. These new technologies have changed the business models and pushed the smart cards towards new domains and to a world where they will integrate lots of new functionalities. The aim of this paper is to give an overview of the evolution of the smart cards (and of their application domains) from monolithic static pieces of hardware and software to a flexible multiapplication platforms. This paper also explores the possibilities to see open multiapplication cards in the future and exposes the breakthroughs that are required to achieve in order to produce such cards.

Which Trust Can Be Expected of the Common Criteria Certification at End-User Level?

For the end-user of IT (information technologies) products, several questions exist about their real security. For instance, in the case of a smart card which is the more secure device in the collective mind, how to have confidence in a card bought anywhere ? How to be sure that the held cards have been subjected to security evaluation/certification processes and which level of trust could be expected? These questions can be shifted to the providers of secure IT solutions.

A novel consumer-centric card management architecture and potential security issues

Multi-application smart card technology has gained momentum due to the Near Field Communication (NFC) and smart phone revolution. Enabling multiple applications from different application providers on a single smart card is not a new concept. Multi-application smart cards have been around since the late 1990s; however, uptake was severely limited. NFC has recently reinvigorated the multi-application initiative and this time around a number of innovative deployment models are proposed. Such models include Trusted Service Manager (TSM), User Centric Smart Card Ownership Model (UCOM) and GlobalPlatform Consumer-Centric Model (GP-CCM). In this paper, we discuss two of the most widely accepted and deployed smart card management architectures in the smart card industry: GlobalPlatform and Multos. We explain how these architectures do not fully comply with the UCOM and GP-CCM. We then describe our novel flexible consumer-centric card management architecture designed specifically for the UCOM and GP-CCM frameworks, along with ways of integrating the TSM model into the proposed card management architecture. Finally, we discuss four new security issues inherent to any architecture in this context along with the countermeasures for our proposed architecture.

Overview of Security Threats for Smart Cards in the Public Transport Industry

The advantages of utilising smart card technology, more importantly contactless smart cards, in the transport industry have long been realised. In this paper we provide an overview of the generic security issues and threats encountered whenever smart cards are utilised within the transport industry. To help highlight the issues, we analyse the different types of cards, their hosted applications, along with certain requirements on the relevant card issuing authorities.

Secure and Trusted Execution: Past, Present, and Future - A Critical Review in the Context of the Internet of Things and Cyber-Physical Systems

Notions like security, trust, and privacy are crucial in the digital environment and in the future, with the advent of technologies like the Internet of Things (IoT) and Cyber-Physical Systems (CPS), their importance is only going to increase. Trust has different definitions, some situations rely on real-world relationships between entities while others depend on robust technologies to gain trust after deployment. In this paper we focus on these robust technologies, their evolution in past decades and their scope in the near future. The evolution of robust trust technologies has involved diverse approaches, as a consequence trust is defined, understood and ascertained differently across heterogeneous domains and technologies. In this paper we look at digital trust technologies from the point of view of security and examine how they are making secure computing an attainable reality. The paper also revisits and analyses the Trusted Platform Module (TPM), Secure Elements (SE), Hypervisors and Virtualisation, Intel TXT, Trusted Execution Environments (TEE) like GlobalPlatform TEE, Intel SGX, along with Host Card Emulation, and Encrypted Execution Environment (E3). In our analysis we focus on these technologies and their application to the emerging domains of the IoT and CPS.

Collaborative and Ubiquitous Consumer Oriented Trusted Service Manager

Near Field Communication (NFC) enables a mobile phone to emulate a contactless smart card. This has reinvigorated the multiapplication smart card initiative. Trusted Service Manager (TSM) is an entity that is trusted by all stakeholders in the proposed and trialled NFC-based smart card ecosystem. However, TSM-based models have the potential to create market segregation that might lead to limited or slow adoption. In addition, all major stakeholders (e.g. Telecom and banks) are pushing for their own TSM models and this might hinder deployment. In this paper we present a Collaborative and Ubiquitous Consumer Oriented Trusted Service Manager (CO-TSM) based model that combines different TSM models while providing scalability to the overall architecture. In addition, our proposal also provides flexibility to both consumers and application providers. To support our proposal, we present a core architecture based on two contrasting approaches: the Issuer Centric Smart Card Ownership Model (ICOM) and the User Centric Smart Card Ownership Model (UCOM). Based on the core architecture, we then describe our proposal for an application download framework and a secure channel protocol. Finally, the implementation experience and performance measurements for the secure channel protocol are discussed.

A Body-Centered Cubic Method for Key Agreement in Dynamic Mobile Ad Hoc Networks

Mobile ad hoc networking is an operating mode for rapid mobile host interconnection, where nodes rely on each other, in order to maintain network connectivity and functionality. Security is one of the main issues for mobile ad hoc networks (MANETs) deployment. We introduce a weak to strong authentication mechanism associated with a multiparty contributory key agreement method, designed for dynamic changing topologies, where nodes arrive and depart from a MANET at will. We introduce a new cube algorithm based on the body-centered cubic (BCC) structure. The proposed system employs elliptic curve cryptography, which is more efficient for thin clients where processing power and energy are significant constraints. The algorithm is designed for MANETs with dynamic changing topologies due to continuous flow of incoming and departing nodes.

Wireless Sensor Nodes

This chapter addresses the key points of wireless sensor nodes: applications, constraints, architecture, operating systems, and security concerns. It does not pretend to be exhaustive but to provide the major references on these topics.

Information Security Theory and Practices. Smart Cards, Mobile and Ubiquitous Computing Systems

Mobility.- A Smart Card Based Distributed Identity Management Infrastructure for Mobile Ad Hoc Networks.- A New Resilient Key Management Protocol for Wireless Sensor Networks.- Hardware and Cryptography I.- Efficient Use of Random Delays in Embedded Software.- Enhanced Doubling Attacks on Signed-All-Bits Set Recoding.- Privacy.- Securing the Distribution and Storage of Secrets with Trusted Platform Modules.- Distributed Certified Information Access for Mobile Devices.- Cryptography Scheme.- Linkability of Some Blind Signature Schemes.- Optimistic Non-repudiation Protocol Analysis.- Secure Remote User Authentication Scheme Using Bilinear Pairings.- Cryptanalysis of Some Proxy Signature Schemes Without Certificates.- Smart Card.- Performance Evaluation of Java Card Bytecodes.- Reverse Engineering Java Card Applets Using Power Analysis.- An Embedded System for Practical Security Analysis of Contactless Smartcards.- A Comparative Analysis of Common Threats, Vulnerabilities, Attacks and Countermeasures Within Smart Card and Wireless Sensor Network Node Technologies.- Small Devices.- Mobile Phones as Secure Gateways for Message-Based Ubiquitous Communication.- An Information Flow Verifier for Small Embedded Systems.- Survey and Benchmark of Stream Ciphers for Wireless Sensor Networks.- Hardware and Cryptography II.- Fault Attacks for CRT Based RSA: New Attacks, New Results, and New Countermeasures.- CRT RSA Algorithm Protected Against Fault Attacks.- Combinatorial Logic Circuitry as Means to Protect Low Cost Devices Against Side Channel Attacks.

Secure Autonomous UAVs Fleets by Using New Specific Embedded Secure Elements

Unmanned Aerial Vehicles (UAVs) fleets are becoming more apparent in both military and civilian applications. However security of these systems still remains unsatisfactory if a strong adversary model with a high attack potential (i.e. the adversary has capabilities and knowledge to capture a UAV, to perform side-channel or fault injection or other physical, software or combined attacks in order to gain access to some secret data like cryptographic keys, mission plan, etc.) is considered. The aim of this position paper is to draw security requirements for this kind of adversaries and to propose theoretical solutions based on an embedded Secure Element (SE) that could help to accommodate these requirements. Finally, our proposal on how to use these SEs to secure Autonomous UAVs fleets is presented.