Titlebook: Smart Card Research and Advanced Applications; 9th IFIP WG 8.8/11.2 Dieter Gollmann,Jean-Louis Lanet,Julien Iguchi-Car Conference proceedin

FLOUR

Secure Delegation of Elliptic-Curve Pairingard) will delegate the computation of the pairing .(.,.) to a more powerful device (for example a PC), in such a way that 1) the powerful device learns nothing about the points . and ., and 2) the limited device is able to detect when the powerful device is cheating.

DEAF

Side-Channel Leakage across Bordersby information leakage via side channels like the power consumption or the electromagnetic radiation. In this paper, we show that the side-channel leakage in the power consumption is not limited to the power-supply lines and that any input/output (I/O) pin can comprise secret information. The amount

Synovial-Fluid

Designing a Side Channel Resistant Random Number Generator the generation of cryptographic keys and other sensitive materials, the RNG has a number of stringent security requirements that the random bits must be of . quality i.e. the bits must not be predictable or biased. To this end, a number of standards such as the German AIS 31 mandate that true rando

并入

acquisition

Atomicity Improvement for Elliptic Curve Scalar Multiplicationmicity principle. First of all we reexamine classical assumptions made by scalar multiplication designers and we point out that some of them are not relevant in the context of embedded devices. We then describe the state-of-the-art of atomic scalar multiplication and propose an atomic pattern improv

exacerbate

Key-Study to Execute Code Using Demand Paging and NAND Flash at Smart Card Scalems, like very small main memory, and their cost of production make it very difficult to achieve. One solution is to execute code from a secondary memory, cheaper, denser, but slower, as NAND Flash. Solutions based on Demand Paging and using a cache in main memory, began to be proposed and implemente

愤世嫉俗者

PHONE

Combined Attacks and Countermeasureslidity of code, in particular bytecode verification. More recently, the idea has emerged to combine logical attacks with a physical attack, in order to evade bytecode verification. We present practical work done recently on this topic, as well as some countermeasures that can be put in place against

贪心

Attacks on Java Card 3.0 Combining Fault and Logical Attacksption remained realistic as long as the bytecode verifier was commonly executed off-card and could thus be bypassed. Nevertheless it can no longer be applied to the Java Card 3 . context where the bytecode verification is necessarily performed on-card. Therefore Java Card 3 . seems to be immune agai

Hallowed

Improved Fault Analysis of Signature Schemesults affecting one byte. They showed that 2304 faulty signatures would be expected to reduce the number of possible keys to 2., allowing a 160-bit private key to be recovered. In this paper we show that Giraud and Knudsen’s fault attack is much more efficient than originally claimed. We prove that 3