The increasingly widespread use of smartcards for a variety of sensitive
applications, including digital signatures, creates the need to ensure and
possibly certify the secure interoperability of these devices. Standard
certification criteria, in particular the Common Criteria, define security
requirements but do not sufficiently address the problem of interoperability.
Here we consider the interoperability problem which arises when various
applications interact with different smartcards through a middleware. In such a
situation it is possible that a smartcard of type S receives commands that were
supposed to be executed on a different smartcard of type S'. Such "external
commands" can interleave with the commands that were supposed to be executed on
S. We experimentally demonstrate this problem with a Common Criteria certified
digital signature process on a commercially available smartcard. Importantly,
in some of these cases the digital signature processes terminate without
generating an error message or warning to the user.Comment: 6 pages; published in the 10th WSEAS International Conference on
Information Security and Privacy (ISP 2011
