SMART CARD RESEARCH AND ADVANCED APPLICATIONS VI IFIP – The International Federation for Information Processing IFIP was founded in 1960 under the auspices of UNESCO, following the First World Computer Congress held in Paris the previous year. An umbrella organization for societies working in information processing, IFIP’s aim is two-fold: to support information processing within its member countries and to encourage technology transfer to developing nations. As its mission statement clearly states, IFIP’s mission is to be the leading, truly international, apolitical organization which encourages and assists in the development, exploitation and application of information technology for the benefit of all people. IFIP is a non-profit making organization, run almost solely by 2500 volunteers. It operates through a number of technical committees, which organize events and publications. IFIP’s events range from an internationalcongress to local seminars, but the most importantare: The IFIP World Computer Congress, heldevery second year; Open conferences; Workingconferences. The flagship event is the IFIP World Computer Congress, at whichboth invited and contributed papers are presented. Contributed papers are rigorously refereed and the rejection rate is high. As with the Congress, participation in the open conferences is open to all and papers may be invited or submitted. Again, submitted papers are stringently refereed. The working conferences are structured differently. They are usually run by a working group and attendance is small and by invitation only. Their purpose is to create an atmosphere conducive to innovation and development. Refereeing is less rigorous and papers are subjected to extensive group discussion. Publications arising from IFIP events vary. The papers presented at the IFIP World Computer Congress and at open conferences are published as conference proceedings, while the results of the working conferences are often published as collections of selected and edited papers. Any national society whose primary activity is in information may apply to become a full member of IFIP, although full membership is restricted to one society per country. Full members are entitled to vote at the annual General Assembly, National societies preferring a less committed involvement may apply for associate or corresponding membership. Associate members enjoy the same benefits as full members, but without voting rights. Corresponding members are not represented in IFIP bodies. Affiliated membership is open to non-national societies, and individual and honorary membership schemes are also offered. SMART CARD RESEARCH AND ADVANCED APPLICATIONS VI IFIP 18th World Computer Congress TC8/WG8.8 & TC11/WG11.2 Sixth International Conference on Smart Card Research and Advanced Applications (CARDIS) 22–27 August 2004 Toulouse, France Edited by Jean-Jacques Quisquater UCL, Louvain-la-Neuve, Belgium Pierre Paradinas CNAM, Paris, France Yves Deswarte LAAS-CNRS, Toulouse, France Anas Abou El Kalam LAAS-CNRS, Toulouse, France KLUWER ACADEMIC PUBLISHERS NEW YORK,BOSTON, DORDRECHT, LONDON, MOSCOW eBookISBN: 1-4020-8147-2 Print ISBN: 1-4020-8146-4 ©2004 Springer Science + Business Media, Inc. Print ©2004by International Federation for Information Processing. Boston All rights reserved No part of this eBook maybe reproducedortransmitted inanyform or byanymeans,electronic, mechanical, recording, or otherwise,withoutwritten consent from the Publisher Createdin the United States of America Visit Springer's eBookstore at: http://www.ebooks.kluweronline.com and the Springer Global Website Online at: http://www.springeronline.com Contents Preface vii Acknowledgements ix Part I. Java Cards Enforcing High-Level Security Properties for Applets 1 Mariela Pavlova, Gilles Barthe, Lilian Burdy, Marieke Huisman, Jean-Louis Lanet On-the-Fly Metadata Stripping for Embedded Java Operating Systems 17 Christophe Rippert, Damien Deville Part II. Privacy Privacy Issues in RFID Banknotes Protection Schemes 33 Gildas Avoine Smartcard-based Anonymization 49 Anas Abou El Kalam, Yves Deswarte, Gilles Trouessin, Emmanuel Cordonnier Privacy Protecting Protocols for Revocable Digital Signatures 67 István Zsolt Berta, Levente Buttyán, István Vajda Anonymous Services using Smart Cards and Cryptography 83 Sébastien Canard, Jacques Traoré Part III. Side Attacks EfficientCountermeasures against Power Analysis for Elliptic Curve Cryptosystems 99 Kouichi Itoh, Tetsuya Izu, Masahiko Takenaka Smart-Card Implementation of Elliptic Curve Cryptography and DPA-type Attacks 115 Marc Joye vi Smart Card Research and Advanced Applications VI Differential Power Analysis Model and Some Results 127 Sylvain Guilley, Philippe Hoogvorst, Renaud Pacalet Part IV. Fault Injection Attacks Place and Route for Secure Standard Cell Design 143 Kris Tiri, Ingrid Verbauwhede A Survey on Fault Attacks 159 Christophe Giraud, Hugues Thiebeauld Differential Fault Analysis Attack Resistant Architectures for the Advanced Encryption Standard 177 Mark Karpovsky, Konrad J. Kulikowski, Alexander Taubin Part V. Middleware 1 Secure Network Card. Implementation of a Standard Network Stack in a Smart Card 193 Michael Montgomery, Asad Ali, Karen Lu A Pattern Oriented Lightweight Middleware for Smartcards 209 Jean-Michel Douin, Jean-Marie Gilliot Card-Centric Framework - Providing I/O Resources for Smart Cards 225 Pak-Kee Chan, Chiu-Sing Choy, Cheong-Fat Chan, Kong-Pang Pun Part VI. Cryptographic Protocols On the Security of the DeKaRT Primitive 241 Gilles Piret, François-Xavier Standaert, Gael Rouvroy, Jean-Jacques Quisquater An Optimistic Fair Exchange Protocol for Trading Electronic Rights 255 Masayuki Terada, Makoto Iguchi, Masayuki Hanadate, Ko Fujimura Accountable Ring Signatures: A Smart Card Approach 271 Shouhuai Xu, Moti Yung Part VII. Middleware 2 Checking and Signing XML Documents on Java Smart Cards 287 Nils Gruschka, Florian Reuter, Norbert Luttenberger XML Agent on Smart Cards 303 Sunil Sayyaparaju, Deepak B. Phatak Index of contributors 317 Preface This CARDIS is special in the list of all CARDIS conferences, nevertheless it follows the tradition where every 2 years the scientific smart card world from academic research organizations meet together with technologists from industries. This year, CARDIS is celebrating its 10th anniversary, and the pioneers are less isolated now. More universities, more research and industrialcenters have set up or launchedresearch activities. For this edition we received 45 papers and we selected 20 papers, with 20% from Asia or America and 60% from Europe. In contrast with the first editions where we received “marketing product presentation” – of course rejected – the quality across the years is more and more valuable, and CARDIS is renewed as “The conference” in smart card technology. CARDIS’1994 was in Lille (France), CARDIS’1996 in Louvain-La- neuve (Belgium), CARDIS’1998 in Amsterdam (The Netherlands), CARDIS’2000 Bristol (UK), CARDIS’2002 San Jose (California) and now it returns to France and takes place within the IFIP World Computer Congress. This may be also viewed as progress in the visibility of smart card technology and research. The program committee was very accurate and fair during the review process, and the papers from the program committee members were reviewed more severely by more reviewers. The PC meeting hosted by CNAM (Paris) was very productive and at the end of the day the program main stream was set up. We hope you will enjoy the conference as much as we liked to review and prepare the program of CARDIS’2004. Jean-Jacques Quisquater (General Chair) Pierre Paradinas (Program Chair) Yves Deswarte (Local Chair) Acknowledgements Conference General Chair: Jean-Jacques Quisquater, UCL, Louvain-la-Neuve, Belgium Local Organization Chair: Yves Deswarte, LAAS-CNRS, Toulouse, France Program Committee Chair: Pierre Paradinas, CNAM, Paris, France Program Committee: Boris Balacheff, Hewlett-Packard Labs, UK Edouard de Jong, Sun Microsystems, USA Yves Dewarte, LAAS-CNRS, France Josep Domingo-Ferrer, Universitat Rovira i Virgili, Spain Jean-Bernard Fischer, OCS, France Gilles Grimaud, RD2P, France Pieter Hartel, University ofTwente, Netherlands Peter Honeymann, University of Michigan, USA Dirk Husemann, IBM Research, Switzerland Jean-Louis Lanet, INRIA-DirDRI, France Xavier Leroy, INRIA & Trusted Logic, France Mike Montgomery, Schlumberger, USA Erik Poll, Nijmegen University, Netherlands Joachim Posegga, SAP-Corporate Research, Germany Jean-Jacques Quisquater, UCL, Belgium Jean-Jacques Vandewalle, Gemplus Labs, France Serge Vaudenay, EPFL, Switzerland J. Verschuren, TNO-EIB, The Netherlands Tim Wilkinson, Hive Minded, USA x Smart Card Research and Advanced Applications VI Additional Referees: Gildas Avoine Pascal Junod Thomas Baignères Caroline Kudla Claude Barral Laurent Lagosanto Asker Bazen Yee Wei Law Rob Bekkers Gabriele Lenzini Arnaud Boscher Yi Lu Richard Brinkman Antoni Martínez Ballesté Jordi Castella-Roca Jean Monnerat LiqunChen Christophe Muller Chong Cheun Ngen Martijn Oostdijk Alessandro Coglio Gilles Piret Ricardo Corin David Plaquin Bert den Boer Joseph R. Kiniry Eric Deschamps Jim Rees Jean-François Dhem PhilipRobinson Christophe Giraud Peter Schmitt Dieter Gollman Berry Schoenmakers Jochen Haller Francesc Sebé Keith Harrison Jan Seedorf Engelbert Hubbers David Simplot-Ryl Dieter Hutter François-Xavier Standaert Mounir Idrassi Susan Thompson Pierre Jansen David Ware Marc Joye Martijn Warnier ENFORCING HIGH-LEVEL SECURITY PROPERTIES FOR APPLETS MarielaPavlova1‚ Gilles Barthe1‚ Lilian Burdy1‚ Marieke Huisman1 and Jean-Louis Lanet2 1INRIA Sophia Antipolis‚ France and2INRIA Dir DRI‚ France Abstract Smart card applications often handle privacy-sensitive information‚ and therefore must obey certain security policies. Typically‚ such policies are described as high-level security properties‚ stating for example that no pin verification must take place within a transaction. Behavioural interface specification languages‚ such as JML (Java Modeling Language)‚ have been successfully used to validatefunctional properties of smart card applications. However‚ high-level security prop- erties cannot directly be expressed in such languages. Therefore‚ this paper proposes a method to translate high-level security properties into JML annotations. The method synthesises appropriate annotations and weaves them throughout the application. In this way‚ security policies can be validated using existing tools for JML. The method is general and applies to a large class of security properties. To validate the method‚ it has been applied to several realistic ex- amples of smart card applications. This allowed us to find violations against the documented security policies for some of these applications. Keywords: Smartdevices‚ security‚ specification‚ verification 1. Introduction Nowadays‚ most efforts in smart card security focus on adequate coun- termeasures against hardware attacks. However‚ logical attacks‚ caused by e.g. illegal control flow or uncaught exceptions‚ form a new major threat for security and privacy. An example of such an attack is a ma- licious GSM applet that performs illegal calls to the method sendSMS. To ensure user confidence‚ smart card application providers there- fore have to guarantee the dependability of their software. This can be achieved by following certification procedures‚ such as “Common Criteria1”‚ focusing on security aspects. But such procedures are rela- tively heavy‚ and they are also concerned with aspects unrelated to soft-