NDLI: Getting to know your Card: Reverse-Engineering the Smart-Card Application Protocol Data Unit

Please wait, while we are loading the content...

Evaluating the Flexibility of the Java Sandbox

Decentralized Authorization and Privacy-Enhanced Routing for Information-Centric Networks

Vulnerability Assessment of OAuth Implementations in Android Applications

Control Flow and Code Integrity for COTS binaries: An Effective Defense Against Real-World ROP Attacks

Handling Reboots and Mobility in 802.15.4 Security

JaTE: Transparent and Efficient JavaScript Confinement

AuDroid: Preventing Attacks on Audio Channels in Mobile Devices

Provenance-based Integrity Protection for Windows

Soteria: Offline Software Protection within Low-cost Embedded Devices

Proximity Verification for Contactless Access Control and Authentication Systems

Is Bigger Better? Comparing User-Generated Passwords on 3x3 vs. 4x4 Grid Sizes for Android's Pattern Unlock

Binary Code Continent: Finer-Grained Control Flow Integrity for Stripped Binaries

Towards Analyzing the Input Validation Vulnerabilities associated with Android System Services

Analyzing and Modeling Longitudinal Security Data: Promise and Pitfalls

Combining Differential Privacy and Secure Multiparty Computation

Getting to know your Card: Reverse-Engineering the Smart-Card Application Protocol Data Unit

Emerging Image Game CAPTCHAs for Resisting Automated and Human-Solver Relay Attacks

Know Your Achilles' Heel: Automatic Detection of Network Critical Services

BareDroid: Large-Scale Analysis of Android Apps on Real Devices

A Principled Approach for ROP Defense

Using Channel State Information for Tamper Detection in the Internet of Things

Cross-Site Framing Attacks

On the Robustness of Mobile Device Fingerprinting: Can Mobile Users Escape Modern Web-Tracking Mechanisms?

MOSE: Live Migration Based On-the-Fly Software Emulation

PIE: Parser Identification in Embedded Systems

Scalable and Secure Concurrent Evaluation of History-based Access Control Policies

ErsatzPasswords: Ending Password Cracking and Detecting Password Leakage

ShrinkWrap: VTable Protection without Loose Ends

MorphDroid: Fine-grained Privacy Verification

Accurate, Low Cost and Instrumentation-Free Security Audit Logging for Windows

Secure and Efficient Key Derivation in Portfolio Authentication Schemes Using Blakley Secret Sharing

Logical Partitions on Many-Core Platforms

On the Security and Usability of Crypto Phones

Proactive Security Analysis of Changes in Virtualized Infrastructures

Experimental Study with Real-world Data for Android App Security Analysis using Machine Learning

Defeating ROP Through Denial of Stack Pivot

Using Visual Challenges to Verify the Integrity of Security Cameras

Covert Botnet Command and Control Using Twitter

Grab 'n Run: Secure and Practical Dynamic Code Loading for Android Applications

Privacy-preserving Virtual Machine

Defending Against Malicious USB Firmware with GoodUSB

Entity-Based Access Control: supporting more expressive access control policies

PARS: A Uniform and Open-source Password Analysis and Research System

DynaGuard: Armoring Canary-based Protections against Brute-force Attacks

MobiPluto: File System Friendly Deniable Storage for Mobile Devices

SeSQLite: Security Enhanced SQLite: Mandatory Access Control for Android databases

Hardware-assisted Memory Tracing on New SoCs Embedding FPGA Fabrics

Getting to know your Card: Reverse-Engineering the Smart-Card Application Protocol Data Unit

Content Provider	ACM Digital Library
Author	Bozzato, Claudio Gkaniatsou, Andriana McNeill, Fiona Steel, Graham Bundy, Alan Focardi, Riccardo
Abstract	Smart-cards are considered to be one of the most secure, tamper-resistant, and trusted devices for implementing confidential operations, such as authentication, key management, encryption and decryption for financial, communication, security and data management purposes. The commonly used RSA PKCS#11 standard defines the Application Programming Interface for cryptographic devices such as smart-cards. Though there has been work on formally verifying the correctness of the implementation of PKCS#11 in the API level, little attention has been paid to the low-level cryptographic protocols that implement it. We present REPROVE, the first automated system that reverse-engineers the low-level communication between a smart-card and a reader, deduces the card's functionality and translates PKCS#11 cryptographic functions into communication steps. REPROVE analyzes both standard-conforming and proprietary implementations, and does not require access to the card. To the best of our knowledge, REPROVE is the first system to address proprietary implementations and the only system that maps cryptographic functions to communication steps and on-card operations. We have evaluated REPROVE on five commercially available smart-cards and we show how essential functions to gain access to the card's private objects and perform cryptographic functions can be compromised through reverse-engineering traces of the low-level communication.
Starting Page	441
Ending Page	450
Page Count	10
File Format	PDF
ISBN	9781450336826
DOI	10.1145/2818000.2818020
Language	English
Publisher	Association for Computing Machinery (ACM)
Publisher Date	2015-12-07
Publisher Place	New York
Access Restriction	Subscribed
Subject Keyword	Apdu formal modeling Pkcs#11 low-level attacks Apdu attacks Smart-card reverse-engineering
Content Type	Text
Resource Type	Article

Central Library (ISO-9001:2015 Certified)
Indian Institute of Technology Kharagpur
Kharagpur, West Bengal, India | PIN - 721302

See location in the Map
03222 282435
Mail: support@ndl.gov.in

Sl.	Authority	Responsibilities	Communication Details
1	Ministry of Education (GoI), Department of Higher Education	Sanctioning Authority	https://www.education.gov.in/ict-initiatives
2	Indian Institute of Technology Kharagpur	Host Institute of the Project: The host institute of the project is responsible for providing infrastructure support and hosting the project	https://www.iitkgp.ac.in
3	National Digital Library of India Office, Indian Institute of Technology Kharagpur	The administrative and infrastructural headquarters of the project	Dr. B. Sutradhar bsutra@ndl.gov.in
4	Project PI / Joint PI	Principal Investigator and Joint Principal Investigators of the project	Dr. B. Sutradhar bsutra@ndl.gov.in Prof. Saswat Chakrabarti will be added soon
5	Website/Portal (Helpdesk)	Queries regarding NDLI and its services	support@ndl.gov.in
6	Contents and Copyright Issues	Queries related to content curation and copyright issues	content@ndl.gov.in
7	National Digital Library of India Club (NDLI Club)	Queries related to NDLI Club formation, support, user awareness program, seminar/symposium, collaboration, social media, promotion, and outreach	clubsupport@ndl.gov.in
8	Digital Preservation Centre (DPC)	Assistance with digitizing and archiving copyright-free printed books	dpc@ndl.gov.in
9	IDR Setup or Support	Queries related to establishment and support of Institutional Digital Repository (IDR) and IDR workshops	idr@ndl.gov.in