|| Home || IT Security || Smart cards || Resources || Links || switch_to_cz

Abstract
Software applications executed in current common PC environments are not protected before skilled attackers able to use debuggers or disassemblers. We describe practical implemented system (SecureFW) to improving security of software application (e.g. software agent) using programmable cryptographic smartcards with support for JavaCard, combined with methods of a mobile cryptography. SecureFW framework provides background to shift sensitive code and data of software agent into physical secured environment of smartcard. Allows controlled usage restricted by rules, which can be remotely defined using XML commands. Special implementation of authentication and data exchange protocol for controlled usage is designed, which provides protection to authentization information on software agent's side and improves integrity protection of software agent execution. WhiteBox attack resistant implementation of AES algorithm is employed and some new additions are proposed to enabling cohesion with software agent code in a manner of mobile cryptography. Possible usages as a ground for Digital Rights Managment architecture and enchancing protection of signing key against malware is described.

Documents

Name Lang. Description Size Date File Zip Sig
Improving Security of Software Application using Cryptographic Smartcard
[SecureFW_europen2004.pdf]		 CZ EurOpen 2004 conference talk on SecureFW framework.
P.Svenda, V. Matyas		 0.19MB 9/2004 SecureFW_europen2004.pdf SecureFW_europen2004.zip SecureFW_europen2004.pdf.asc
Digital Rights Managment
[DRM2004.pdf]		 CZ Master thesis, FI MUNI.
P. Svenda		 1.11MB 6/2004 DRM2004.pdf DRM2004.zip DRM2004.pdf.asc
DRM (appendix)
[DRMappendix2004.pdf]		 CZ Master thesis appendix
P. Svenda		 0.44MB 6/2004 DRMappendix2004.pdf DRMappendix2004.zip DRMappendix2004.pdf.asc
DRM (slides)
[DRMslides2004.ppt]		 CZ Master thesis slides
P. Svenda		 0.22MB 6/2004 DRMslides2004.ppt DRMslides2004.zip DRMslides2004.ppt.asc

Binaries

Program Description Size Date File Sig
AESGen 1.1.0 WBACR AES tables generator (MS Win2K/XP) 30kB 9/2004 AESGen_1_1_0.zip AESGen_1_1_0.zip.asc
LightApp 1.0.0 SecureFW demo & test application (MS Win2K/XP) 1.15MB 6/2004 LightApp1_0.zip LightApp1_0.zip.asc
SecureAlg 1.0.0 Security proxy, JavaCard applet (Gemplus GXPPro-R3) 61kB 6/2004 SecureAlg1_0.zip SecureAlg1_0.zip.asc
Older versions still available here.

Source codes (GPL licence)

Program Description Size Date File Sig
AESGen 1.1.0 WBACR AES tables generator (C++, Microsoft VC++ 6.0) 0.15MB 9/2004 WBACR_AES_1_1_0src.zip WBACR_AES_1_1_0src.zip.asc
SecureFW 1.0.1 SecureFW core classes (C++, Microsoft VC++ 6.0) 74kB 9/2004 SecureFW_1_0_1src.zip SecureFW_1_0_1src.zip.asc
LightApp 1.0.0 SecureFW demo & test application (C++, Microsoft VC++ 6.0) 0.14MB 6/2004 LightApp1_0src.zip LightApp1_0src.zip.asc
SecureAlg 1.0.0 Security proxy, JavaCard applet (JavaCard, Borland JBuilder 6.0) 61kB 6/2004 SecureAlg1_0src.zip SecureAlg1_0src.zip.asc
Older versions still available here.

contact
OpenPGP key : 0x89CEB31C