====== JCAlgTest: Robust identification metadata for certified smartcards [SECRYPT 2022]  ======
~~NOTOC~~

<grid>
<col xs="12" sm="8" lg="8">
<TEXT size="large">

\_{{fa>user}}\_\_//Authors:// [[:publications:authors:petr-svenda|Petr Svenda]],  Rudolf Kvasnovsky, Imrich Nagy, Antonin Dufka

{{fa>user-circle-o}}\_//Primary contact:// Petr Svenda %%<%%<svenda@fi.muni.cz>%%>%%

{{fa>bullhorn}}\_//Conference:// [[https://secrypt.scitevents.org/|19th International Conference on Security and Cryptography 2022]]

</TEXT>
</col>

<col xs="12" sm="4" lg="4">
<TEXT align="right">

<button type="warning" icon="fa fa-fw fa-file-pdf-o">{{:public:papers:jcalgtest_forensic_certification_profile_secrypt22_preprint.pdf|PRE-PRINT PDF}}</button>
\_
<button collapse="bibtex" icon="fa fa-fw fa-file-code-o">BiBTeX</button>
</TEXT>
</col>
</grid>

<collapse id="bibtex" collapsed="false">
  @InProceedings{2022-jcalgtest-svenda,
    title = {JCAlgTest: Robust identification metadata for certified smartcards},
    author = {Petr Svenda and Rudolf Kvasnovsky and Imrich Nagy and Antonin Dufka},
    address = {Lisabon},
    booktitle = {19th International Conference on Security and Cryptography},
    keywords = {smartcards},
    language = {eng},
    location = {Lisabon},
    publisher = {INSTICC},
    isbn = {978-989-758-590-6},
    doi = {10.5220/0000163500003283},
    pages = {597--604},
    year = {2022}
  }
</collapse>

<panel type="default" title="Abstract">
The certification of cryptographic smartcards under the Common Criteria or NIST FIPS140-2 is a well-
established process, during which an evaluation facility validates the manufacturer’s claims and issues a
product certificate. The tested card is usually identified by its name, type, ATR, and Card Production Life
Cycle (CPLC) data. While sufficient to pair the purchased card to its original certificate when bought from a
trustworthy seller, such static metadata stored on the card can easily be manipulated. We extend the currently
used card identification with a more descriptive set of metadata extracted from supported functionality, per-
formance profiling, and properties of generated cryptographic keys. All which can be obtained directly by the
evaluation facility, appended to the certificate, and later verifiable by the end-user with no need for any special
knowledge or equipment, resulting in better assurance about the purchased product by end-user. We developed
a suite of open tools for the extraction of such characteristics and collected results for a set of more than 100
different smartcards. The database, openly available, demonstrates the significant variability in the properties
measured and allows us to estimate the trends in support of different cryptographic algorithms as provided by
the JavaCard platform.
</panel>

===== Research artifacts (supplementary material) =====

  * Download extended version of paper: {{:public:papers:JCAlgTest_Forensic_Certification_Profile_SECRYPT22_preprint.pdf|pdf}} 
  * Download poster: {{:public:papers:jcalgtest_secrypt22_poster.pdf|pdf}}
  * JCAlgTest source code: [[https://github.com/crocs-muni/JCAlgTest/ | JCAlgTest repo]]
  * JCAlgTest results database: [[https://github.com/crocs-muni/jcalgtest_results/ | results repo]]
  * Interactive webpage with results: http://jcalgtest.org