Robustness and Interoperability Problems in Security Devices
In the next years, smart cards are going to become the main personal identification document in many nations. In particular, both Europe and United States are currently working to this aim. Therefore, tens of millions of smart cards, based on hardware devices provided by many different manufacturers, will be distributed all over the world, and used in particular to generate and use electronic signatures.In this context, the so called Common Criteria define the security requirements for digital signature devices. Unfortunately, these criteria do not address any interoperability issue between smart cards of different manufacturers, which usually implement digital signature process in still correct but slightly different ways. In turn, the interoperability problem gives rise to relevant robustness problems, since uncorrect drivers can be used or uncorrect commands can be wrongly sent to the card, when the signature process involves many different cards. The robustness problem is exactly concerned with the behavior of the card, when solicited with alternated or disturbed command sequences, with possibly wrong or inappropriate parameters.To face these interoperability and robustness problems, we realized a complete testing environment whose core is the Crypto Probing System(c)Nestor Lab, an abstract interface to a generic cryptographic smart card, embedding a standard model of the correct card behavior, which can be used to test the digital signature process behavior, also in the presence of disturbances, with the help of automatic verification techniques such as model checking. The Crypto Probing System is able to simultaneously process many different cards and is able to distribute the verification task between many different processors.To this aim, in the present paper we show how this integrated framework can be used to check that the cards STM-Incrypto34 and Inf ineon-CardOs are actually robust with respect to systematic disturbances in the values of the parameters in the command sequence during the digital signature process, w.r.t. reasonable models of correct behavior.This verification, which extends previous work of the authors about disturbances in the structure of the commands, can be considered as a preliminary step towards a general model of the correct behavior of a digital signature devise, able to cope with the general interoperability problem.
Maurizio Talamo Franco Arcieri Giuseppe Delia Penna Andrea Dimitri Benedetto Intrigila Daniele Magazzeni
Department of Mathematics, University of Roma Tor Vergata, Italy Nestor Lab-University of Roma To Nestor Lab-University of Roma Tor Vergata, Italy Department of Computer Science, University of LAquila, Italy Department of Mathematics, University of Roma Tor Vergata, Italy
国际会议
Fourth International Conference,Inscrypt 2008(第四届中国密码学与信息安全国际会议)
北京
英文
131-150
2008-12-01(万方平台首次上网日期,不代表论文的发表时间)