Smart cards are the safer device to execute cryptographic algorithms. Applications are verified before being loaded in the card. Recently, the idea of combined attacks to bypass byte code verification has emerged. Indeed, correct and legitimate Java Card applications can be dynamically modified on-card using a laser beam to become mutant applications or fault enabled viruses. We propose a frame...

ÐThis paper examines how monitoring power consumption signals might breach smart-card security. Both simple power analysis and differential power analysis attacks are investigated. The theory behind these attacks is reviewed. Then, we concentrate on showing how power analysis theory can be applied to attack an actual smart card. We examine the noise characteristics of the power signals and deve...

The executions of operating system services based on smart cards allow one to personalize some functionalities of the operating system by using the secret information stored in a smart card and the basic computations that a smart card can perform. However, current solutions for integrating smart card features in operating system services require at least a partial execution of the operating sys...

Smart cards have provided security services for a wide range of applications including telecommunication, banking, and citizen identification. Connecting web applications with smart cards is a natural step forward to address some of the security issues in today’s Web. The traditional approach for smart card based web applications provides security, but has the drawbacks of usability and flexibi...

The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology. Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is ...

Smart cards are credit card-sized plastic cards with an integrated microcontroller chip. This chip is protected against physical and logical tampering, thus unauthorized access to internal data structures is virtually impossible. This makes a smart card an excellent device for storing secret cryptographic keys and other sensitive data. In practice, smart cards are used for applications like dig...

In a complex, smart card based system this feature turns smart cards from passive datastorage devices into active computational units. In fact they contain a tamper resistant secure one-chip microcomputer able to execute various cryptographic functions. Moreover, their potential can be extended after the issuance of the card by uploading various new applications. However, the limited resources ...

The paper describes the status of a joint project between Gemplus and ONERA. Gemplus developed an electronic purse running on Java enabled smart cards. The project goal is to verify security properties that should be enforced by the applets involved in this application. A security policy has been defined that associates levels to applet attributes and methods and defines authorized flows betwee...

Gerhard de Koning Gans presented a paper that looks at the key diversification scheme built in to the iClass contactless smart card system. The key diversification scheme was known to involve a single DES operation followed by a key fortification function. Through some amount of reverse engineering, they determined that the key fortification function is highly invertible. For a given output of ...

Till recently it was impossible to have more than one single application running on a smart card. Multiapplication cards, and especially Java Cards, now make it possible to have several applications sharing the same physical piece of plastic. This raises new security problems by creating additional ways to attack a card. These problems are the topic of this paper. The attacks will be described ...