JCAlgTest: Robust Identification Metadata for Certified Smartcards

Petr Svenda, Rudolf Kvasnovsky, Imrich Nagy, Antonin Dufka

2022

Abstract

The certification of cryptographic smartcards under the Common Criteria or NIST FIPS140-2 is a well-established process, during which an evaluation facility validates the manufacturer’s claims and issues a product certificate. The tested card is usually identified by its name, type, ATR, and Card Production Life Cycle (CPLC) data. While sufficient to pair the purchased card to its original certificate when bought from a trustworthy seller, such static metadata stored on the card can easily be manipulated. We extend the currently used card identification with a more descriptive set of metadata extracted from supported functionality, performance profiling, and properties of generated cryptographic keys. All of this information can be obtained directly by the evaluation facility, appended to the certificate, and later verified by the end-user with no need for any special knowledge or equipment, resulting in a better assurance about the purchased product. We developed a suite of open tools for the extraction of such characteristics and collected results for a set of more than 100 different smartcards. The database, openly available, demonstrates the significant variability in the measured properties and allows us to estimate the trends in support of different cryptographic algorithms as provided by the JavaCard platform.

Download


Paper Citation


in Harvard Style

Svenda P., Kvasnovsky R., Nagy I. and Dufka A. (2022). JCAlgTest: Robust Identification Metadata for Certified Smartcards. In Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT, ISBN 978-989-758-590-6, pages 597-604. DOI: 10.5220/0011294000003283


in Bibtex Style

@conference{secrypt22,
author={Petr Svenda and Rudolf Kvasnovsky and Imrich Nagy and Antonin Dufka},
title={JCAlgTest: Robust Identification Metadata for Certified Smartcards},
booktitle={Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT,},
year={2022},
pages={597-604},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011294000003283},
isbn={978-989-758-590-6},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 19th International Conference on Security and Cryptography - Volume 1: SECRYPT,
TI - JCAlgTest: Robust Identification Metadata for Certified Smartcards
SN - 978-989-758-590-6
AU - Svenda P.
AU - Kvasnovsky R.
AU - Nagy I.
AU - Dufka A.
PY - 2022
SP - 597
EP - 604
DO - 10.5220/0011294000003283