A Novel Consumer-Centric Card Management Architecture and Potential Security Issues

International audienceMulti-application smart card technology has gained momentum due to the Near Field Communication (NFC) and smart phone revolution. Enabling multiple applications from different application providers on a single smart card is not a new concept. Multi-application smart cards have been around since the late 1990s; however, uptake was severely limited. NFC has recently reinvigorated the multi-application initiative and this time around a number of innovative deployment models are proposed. Such models include Trusted Service Manager (TSM), User Centric Smart Card Ownership Model (UCOM) and GlobalPlatform Consumer-Centric Model (GP-CCM). In this paper, we discuss two of the most widely accepted and deployed smart card management architectures in the smart card industry: GlobalPlatform and Multos. We explain how these architectures do not fully comply with the UCOM and GP-CCM. We then describe our novel flexible consumer-centric card management architecture designed specifically for the UCOM and GP-CCM frameworks, along with ways of integrating the TSM model into the proposed card management architecture. Finally, we discuss four new security issues inherent to any architecture in this context along with the countermeasures for our proposed architecture

Decrease of resistance to air flow with nasal strips as measured with the airflow perturbation device

BACKGROUND: Nasal strips are used by athletes, people who snore, and asthmatics to ease the burden of breathing. Although there are some published studies that demonstrate higher flow with nasal strips, none had directly measured the effect of the strips on nasal resistance using the airflow perturbation device (APD). The APD is an inexpensive instrument that can measure respiratory resistance based on changes in mouth pressure and rate of airflow. METHOD: This study tested forty-seven volunteers (14 men and 33 women), ranging in age from 17 to 51. Each volunteer was instructed to breathe normally into the APD using an oronasal mask with and without nasal strips. The APD measured respiratory resistance during inhalation, exhalation, and an average of the two. RESULTS: Results of a paired mean t-test comparing nasal strip against no nasal strip were statistically significant at the p = 0.05 level. The Breathe Right™ nasal dilator strips lowered nasal resistance by an average of 0.5 cm H(2)0/Lps from an average nasal resistance of 5.5 cm H(2)0/Lps. CONCLUSIONS: Nasal strips reduce nasal resistance when measured with the APD. The effect is equal during exhalation and during inhalation

Reverse engineering of Java Card applets using

Power analysis of smart cards is commonly used to obtain information about implemented cryptographic algorithms. We propose a similar methodology for reverse engineering of Java Card applets. In order to acquire power traces, we present a new microcontroller based smart card reader with an accurate adjustable trigger function. Because power analysis only does not provide enough information, we refine our methodology by involving additional information sources. Issues like distinguishing between instructions performing similar tasks and reverse engineering of conditional branches and nested loops are also addressed. The proposed methodology is applied to a commercially available Java Card smart card and the results are reported. We conclude that our augmented power analysis can be successfully used to acquire information about the instructions executed on a Java Card smart card

Reverse engineering of Java Card applets using power analysis

Abstract. Poweranalysisonsmartcardsiswidelyusedtoobtaininformation about implemented cryptographic algorithms. We propose similar methodology for Java Card applets reverse engineering. Because power analysis alone does not provide enough information, we refine our methodology by involving additional information sources. Issues like distinguishing between bytecodes performing similar tasks and reverse engineering of conditional branches and nested loops are also addressed. The proposed methodology is applied to a commercially available Java Card smart card and the results are reported. We conclude that our augmented power analysis can be successfully used to acquire information about the bytecodes executed on a Java Card smart card.

A Bit-Level Approach to Side Channel Based Disassembling

International audienceSide-Channel Based Disassembling (SCBD) is a powerful application of side-channel analysis that allows recovering instructions executed by a processor from its physical leakages, such as the electromagnetic field (EM) emitted by the chip. These attacks directly compromise code confidentiality, but they can also reveal to an adversary many critical information on the system's internals. In this work, we propose a new approach for SCBD that directly focuses the bit encoding of an instruction using local EM leakage. We exploit a very precise bit-level leakage model and derive from it new algorithms that aim at recovering the actual bit values. We also propose strategies to automate the complex tasks of finding the best EM probe positions and combining them to improve results. On a PIC16 target, our method succeed in recovering the bits of an instruction with an average rate of 99,41% per bit. Compared to the state of the art, our disassembler is easier to train, recovers more information about instructions than just opcode and requires almost no modifications to target other processor architectures. Thus, this kind of disassemblers might become a threat to more complex processors, where side-channel disassembling has not been proved to be feasible yet