CARDIS

Pieter H. Hartel Pierre Paradinas Jean-Jacques Quisquater (Eds.)

Proceedings 
A

1996

CARDIS



Smart Card Research and Advanced Applications 2nd International Conference CARDIS 1996 CWI, Amsterdam, The Netherlands, September 16{18, 1996 Editors Pieter H. Hartel University of Amsterdam Department of Computer Science Kruislaan 403, 1098 SJ Amsterdam, The Netherlands





Pierre Paradinas Gemplus PSI 1 Place de la Mediterranee, F-95200, Sarcelles, France Jean-Jacques Quisquater Universite Catholique de Louvain Department of Electrical Engineering (DICE) Place du Levant, 3 B{1348, Louvain-la-Neuve, Belgium

Smart Card Research and Advanced Applications: second International Conference; proceedings / CARDIS 1996, Amsterdam, The Netherlands, September 18-20, 1996. Pieter H. Hartel; Pierre Paradinas; Jean-Jacques Quisquater (eds.) Amsterdam: Stichting Mathematisch Centrum 1996

CR subject classi cation (1991): B.1, B.2, B.3, C.1, D.2, D.4, E.3, F.3, H.3, J.1, K.4 ISBN 90 6196 465 2 Published by Stichting Mathematisch Centrum Amsterdam 1996

Preface This volume contains the papers accepted for presentation at the second international conference on Smart Card Research and Advanced Applications (CARDIS) held in Amsterdam, The Netherlands, September 16{18, 1996. The rst CARDIS conference was held in Lille, France in November 1994. The rst three papers discuss applications of cryptology to smart cards. The rst paper by Kim et al presents a solution to eciently implementing a stream cipher. The second paper by Kelsey et al uses cryptology to certify outcomes of programs. This makes it possible to bill for software usage. The third paper by Alexandre identi es a form of keyboard based biometrics that would probably be more acceptable than most other forms of biometrics. The next set of three papers consider architectures for smart cards. A comprehensive overview of current arithmetic co-processors is provided by Naccache et al. The second architecture paper describes a public key co-processor and the last paper on this theme by Dhem et al describes dierent approaches to compressing information that is to be processed by a smart cards. The third set of three papers deal with methodological issues. Glaser et al discuss ways of analysing cryptographic protocols using visual rendering. In the paper by Alberda et al an example is given of how formal methods can be used to reason about a programming language used to construct a smart card operating system. In the paper by Hollmann et al an application of statistically analysing data obtained from monitoring the hardware is discussed. The last set of three papers deals with the environment in which smart cards operate. Domingo-Ferrer discusses how a client server approach helps to securely ooad compute intensive operations. Carlier et al take this theme further by discussing how not only the card but also the user's mobility should be taken into account. The last paper by Biget et al discusses how object orientation and the CORBA architecture may help to provide a distributed environment for smart cards. On behalf of the programme committee we thank all those who submitted papers. We thank the referees for their careful work in the reviewing and selection process. The organisation of the conference is grateful to CWI for allowing the use of its conference facilities. Simone Panka, Frans Snijders (both CWI) and Jon Mountjoy (UvA) have done most of the local organisation, which is gratefully acknowledged. Pieter H. Hartel, Amsterdam Pierre Paradinas, Sarcelles Jean-Jacques Quisquater, Louvain-la-Neuve July 1996

Programme committee Stefan Brands Andre Gamache Louis Guillou Josep Domingo-Ferrer Pieter Hartel Hans-Joachim Knobloch Pierre Paradinas Reinhard Posch Jean-Jacques Quisquater Matt Robshaw Bruno Struif Doug Tygar

CWI, Amsterdam Universite de Laval, Quebec, Canada CCETT, France Universitat Rovira i Virgili, Tarragona, Spain University of Southampton, UK and University of Amsterdam, The Netherlands NTG/Xlink, Kalrsruhe, Germany Gemplus, France Graz Institute of Technology, Austria Universite Catholique de Louvain, Louvain-la-Neuve, Belgium RSA Laboratories, USA GMD, Darmstadt, Germany Carnegie-Mellon University, Pittsburg, USA

Referees Marjan Alberda Pierre Ardouin Stefan Brands Josep Domingo Herve Guibert Pieter Hartel Hansi Knobloch Cetin Koc David Naccache Pierre Paradinas Thomas Pornin

Karl Posch Gilbert Pradel Jean-Jacques Quisquater Matt Robshaw Dirk Scheuermann Bruno Struif Nadia Tawbi Nhan Le Thanh Doug Tygar Jean-Jacques Vandewalle

Supporting institutions CARDIS 1996 was organised in cooperation with the following organisations: { IFIP Special group 16. { International Association for Cryptologic Research (IACR). { Association Francaise des Sciences et Technologies de l'Information et des

Systemes (AFCET).

Sponsors The following companies and organisations have generously provided nancial support: { CWI (Center for Mathematics and Computer Science), Amsterdam, The Netherlands { Gemplus SA, Sarcelles, France { Irdeto Consultants BV, Hoofddorp, The Netherlands { Integrity Arts Inc, San Mateo, California { KNAW (Royal Academy of Sciences), Amsterdam, The Netherlands { QC Technology, Zaandam, The Netherlands { SION (Foundation for Computer Science Research), Amsterdam, The Netherlands { WINS (Faculty of Mathematics, Computer Science, Physics and Astronomy), Univ. of Amsterdam, The Netherlands

Table of contents On the Design of a Stream Cipher and a Hash Function Suitable to Smart Card Applications Yongdae Kim, Sangjin Lee, Choonsik Park (Electronics and Telecommunications Research Institute, Taejon, Korea)

::::::::::::::::::

1

:::::::::::::::::::::::::::

11

::::::::::::::::::::::::::::::

25

Authenticating Outputs of Computer Software Using a Cryptographic Coprocessor John Kelsey, Bruce Schneier (Counterpane Systems, Minneapolis, USA) Biometrics on Smartcards: An Approach to Keyboard Behavioral Signature Thomas J. Alexandre (Carnegie Mellon Univ., Pittsburgh, USA)

Arithmetic Co-processors for Public-key Cryptography: The State of the Art David Naccache, David M'Rahi (Gemplus PSI, Sarcelles, France)

39

:::::::::::::::::::

FAME: A 3rd Generation Coprocessor for Optimising Public Key Cryptosystems in Smart Card Applications Ronald Ferreira, Ralf Malzahn, Peter Marissen, Jean-Jacques Quisquater, Thomas Wille (Philips Smart Cards & Systems, Paris, France; Philips Semiconductors, Hamburg, Germany; Math RiZK, Rhode-Saint-Genese, Belgium)

59

Lossless Compression Algorithms for Smart Cards: A Progress Report Jean-Francois Dhem, Jean-Jacques Quisquater, Renaud Lecat (Univ. Catholique de Louvain, Louvain-la-Neuve, Belgium)

73

Structuring and Visualising an IC-card Security Standard Hugh Glaser, Pieter H. Hartel, Eduard K. de Jong Frz, (Univ. of Southampton, UK; Univ. of Amsterdam, The Netherlands; QC Technology, Zaandam, The Netherlands)

89

Using Formal Methods to Cultivate Trust in Smart Card Operating Systems Marjan I. Alberda, Pieter H. Hartel, Eduard K. de Jong Frz (Univ. of Amsterdam, The Netherlands; Univ. of Southampton, UK; Integrity Arts Inc, San Mateo, USA)

111

::::::::::::::::::::::

::::::::::::::::::::::::

::::::::::::::::::

::::::::::::::::::::::::::::::::

Protection of Software Algorithms Executed on Secure Microprocessors : : : 133 H.D.L. Hollmann, J.P.M.G. Linnartz, J.H. van Lint, C.P.M.J. Baggen, L.M.G. Tolhuizen (Philips Research Laboratories, Eindhoven, The Netherlands; Eindhoven Univ. of Technology, The Netherlands) Multi-Application Smart Cards and Encrypted Data Processing : : : : : : : : : : : 145 Josep Domingo-Ferrer (Univ. Rovira i Virgili, Tarragona, Catalonia, Spain) Smart Card use to Manage User's Mobility David Carlier, Sylvain Lecomte, Patrick Trane (RD2P, Univ. de Lille, France; Tokyo Institute of Technology, Japan)

157

How Smart Cards Can Take Bene ts from Object-Oriented Technologies Patrick Biget, Patrick George, Jean-Jacques Vandewalle (RD2P, Univ. de Lille, France)

175

:::::::::::::::::::::::::::::::

:::::::::::::::::::::::::::::::::::::