UCL Discovery
UCL home » Library Services » Electronic resources » UCL Discovery

JCMathLib: Wrapper Cryptographic Library for Transparent and Certifiable JavaCard Applets

Mavroudis, V; Svenda, P; (2020) JCMathLib: Wrapper Cryptographic Library for Transparent and Certifiable JavaCard Applets. In: 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). (pp. pp. 89-96). IEEE: Genoa, Italy. Green open access

[img]
Preview
Text
JCMathLib__Towards_Transparent_and_Auditable_JavaCard_Applets (3).pdf - Accepted version

Download (226kB) | Preview

Abstract

The JavaCard multi-application platform is now deployed to over twenty billion smartcards, used in various applications ranging from banking payments and authentication tokens to SIM cards and electronic documents. In most of those use cases, access to various cryptographic primitives is required. The standard JavaCard API provides a basic level of access to such functionality (e.g., RSA encryption) but does not expose low-level cryptographic primitives (e.g., elliptic curve operations) and essential data types (e.g., Integers). Developers can access such features only through proprietary, manufacturer-specific APIs. Unfortunately, such APIs significantly reduce the interoperability and certification transparency of the software produced as they require non-disclosure agreements (NDA) that prohibit public sharing of the applet's source code.We introduce JCMathLib, an open library that provides an intermediate layer realizing essential data types and low-level cryptographic primitives from high-level operations. To achieve this, we introduce a series of optimization techniques for resource-constrained platforms that make optimal use of the underlying hardware, while having a small memory footprint. To the best of our knowledge, it is the first generic library for low-level cryptographic operations in JavaCards that does not rely on a proprietary API.Without any disclosure limitations, JCMathLib has the potential to increase transparency by enabling open code sharing, release of research prototypes, and public code audits. Moreover, JCMathLib can help resolve the conflict between strict open-source licenses such as GPL and proprietary APIs available only under an NDA. This is of particular importance due to the introduction of JavaCard API v3.1, which targets specifically IoT devices, where open-source development might be more common than in the relatively closed world of government-issued electronic documents.

Type: Proceedings paper
Title: JCMathLib: Wrapper Cryptographic Library for Transparent and Certifiable JavaCard Applets
Event: 5th IEEE European Symposium on Security and Privacy Workshops EUROS&PW 2020
ISBN-13: 9781728185972
Open access status: An open access version is available from UCL Discovery
DOI: 10.1109/EuroSPW51379.2020.00022
Publisher version: http://dx.doi.org/10.1109/EuroSPW51379.2020.00022
Language: English
Additional information: This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions.
Keywords: Cryptography, JavaCard, Auditability, Transparency, Elliptic Curves, Big Integers
UCL classification: UCL
UCL > Provost and Vice Provost Offices
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science
URI: https://discovery.ucl.ac.uk/id/eprint/10117901
Downloads since deposit
0Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item