An Observe-and-Detect Methodology for the Security and Functional Testing of Smart Card Applications

Germain Jolly; Sylvain Vernois; Christophe Rosenberger

doi:10.5220/0005682202820289

An Observe-and-Detect Methodology for the Security and Functional Testing of Smart Card Applications

Germain Jolly, Sylvain Vernois, Christophe Rosenberger

2016

Abstract

Smart cards are tamper resistant devices but vulnerabilities are sometimes discovered. We address in this paper the security and the functional testing of embedded applications in smart cards. We propose an original methodology for the evaluation of applications and we show its beneﬁt by comparing it to a classical certiﬁcation process. The proposed method is based on the observation of the APDU (Application Protocol Data Unit) communication with the smart card. Some speciﬁc properties are veriﬁed as a complementary method in the evaluation process and allows the on-the-ﬂy detection of an anomaly and the reasons that triggered this anomaly during the test. Here are presented two uses of this method: a simple use to illustrate the use of properties to verify an implementation of an application and a more complex illustration by applying the fuzzing method to show what we can obtain with the proposed approach, i.e. an analysis of an anomaly.

Download

Paper Citation

in Harvard Style

Jolly G., Vernois S. and Rosenberger C. (2016). An Observe-and-Detect Methodology for the Security and Functional Testing of Smart Card Applications . In Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-167-0, pages 282-289. DOI: 10.5220/0005682202820289

in Bibtex Style

@conference{icissp16,
author={Germain Jolly and Sylvain Vernois and Christophe Rosenberger},
title={An Observe-and-Detect Methodology for the Security and Functional Testing of Smart Card Applications},
booktitle={Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2016},
pages={282-289},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005682202820289},
isbn={978-989-758-167-0},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - An Observe-and-Detect Methodology for the Security and Functional Testing of Smart Card Applications
SN - 978-989-758-167-0
AU - Jolly G.
AU - Vernois S.
AU - Rosenberger C.
PY - 2016
SP - 282
EP - 289
DO - 10.5220/0005682202820289