Correctness by construction: a manifesto for high integrity software
SCS '05 Proceedings of the 10th Australian workshop on Safety critical systems and software - Volume 55
Computer security from a programming language and static analysis perspective
ESOP'03 Proceedings of the 12th European conference on Programming
Automatic verification of a turbogas control system with the murϕ verifier
HSCC'03 Proceedings of the 6th international conference on Hybrid systems: computation and control
Parallel and distributed model checking in eddy
SPIN'06 Proceedings of the 13th international conference on Model Checking Software
Interleaving command sequences: a threat to secure smartcard interoperability
CIMMACS'11/ISP'11 Proceedings of the 10th WSEAS international conference on Computational Intelligence, Man-Machine Systems and Cybernetics, and proceedings of the 10th WSEAS international conference on Information Security and Privacy
Real time scheduling verification with incomplete information
AMERICAN-MATH'12/CEA'12 Proceedings of the 6th WSEAS international conference on Computer Engineering and Applications, and Proceedings of the 2012 American conference on Applied Mathematics
| Hi-index | 0.00 |
In the next years, smart cards are going to become the main personal identification document in many nations. In particular, both Europe and United States are currently working to this aim. Therefore, tens of millions of smart cards, based on hardware devices provided by many different manufacturers, will be distributed all over the world, and used in particular to accomplish the security tasks of electronic authentication and electronic signature . In this context, the so called Common Criteria define the security requirements for digital signature devices. Unfortunately, these criteria do not address any interoperability issue between smart cards of different manufacturers, which usually implement digital signature process in still correct but slightly different ways. To face the interoperability problem, we realized a complete testing environment whose core is the Crypto Probing System ©Nestor Lab , an abstract interface to a generic cryptographic smart card, embedding a standard model of the correct card behavior, which can be used to test the digital signature process behavior, also in the presence of alternate or disturbed command sequences, in conjunction with automatic verification techniques such as model checking . The framework allows to verify abstract behavior models against real smart cards , so it can be used to automatically verify the Common Criteria as well as the extended interoperability criteria above and many other low-level constraints. In particular, in this paper we show how we can verify that the card, in the presence of a sequence of (partially) modified commands, rejects them without any side effect, remaining usable, or accepts them, generating a correct final result.