Smart Card Applications

Smart cards have to interoperate with their environment in order to form secure smart card applications. The interoperability is usually semi-formally specified in standards, many of which are public, and some even free. Examples of relevant standards are:

• ISO 7816
• Java Card
• Open Platform
• GSM
• Finread
• EN 726 (Chipper)
• EN 1546 (Proton, Chipknip)
• CEPS

Evaluating whether a concrete smart card (or Java Card applet) complies with one of these standards is not trivial since the standard (and preferably also the applet) should be specified very precisely.

Checking whether a smart card application satisfies some security property is even more difficult.This is especially true when certain concrete details of the application are not specified precisely enough in the standard, or when the standard is not public. Security evaluation of deployed systems is sometimes possible nevertheless, but might require some creative experimental work in order to disclose those details.

Figure 1: Interesting device used in reconstructing the communication protocol between a smart card and a terminal.

Within this project we try to develop methods to make the evaluation of concrete smart card applications easier. We take both the standards (if publicly available) and the implementations into account.

For more information, contact Martijn Oostdijk.