 |
|
e-Smart Program |
Outline
and discuss the future of digital security technologies with the whole
Smart Security Industry: industry leaders, research labs and
universities, associations, standards and government bodies.
e-Smart
will present latest smart security advances from the labs and concrete
solutions to ensure an adequate level of security for every use cases.
At the forefront this year, smart grids, the "cloud", contactless issues, Java Card, new USIM apps...
e-Smart parallel streams:
| Technology Innovations |
Cutting edge innovations in hardware and software security for smart cards and other trusted portable devices |
|
|
| Smart Security |
New threats and latest advances in secure embedded software design & implementation
|
|
| DAY 1 - Wednesday
Sept. 22 - Morning |
|
Smart Event 2010 Grand Opening Session - Plenary Session |
|
 Part 1: "Privacy and Trust in Future Social Networking"
Plenary session chaired by Jacques Bus, independent consultant Trust in the Information Society
Hundreds
of millions of people share personal information on online social
networks. The extensive use of social networking tools has far-reaching
impact on our professional and personal life. It also creates a
tremendous privacy and trust issue in a world facing growing concerns
about massive profiling, protection of personal data, identity theft
and other cybercrime offenses.
The
challenge of sharing information between social networks while ensuring
privacy and trust will be discussed in multiple dimensions: - User
centric identity and privacy management, centralized/decentralized ID
architectures
- Data protection, profiling, privacy protection, security, and
interoperability issues of social networks
- How Europe can play a role in the development of the next generation
of social networks
- What are the essential changes for the next generations of social
networks
- Economic, societal and legal viability of social networking
|
Part 2 -
Panel:
Trusted Mobility: IT security Vs Smart security
|
|
According
to ABI research, mobile security services revenue growth exceeded 40%
in 2009, driven by enterprise IT managers looking to safeguard
corporate data, and regulatory requirements to protect sensitive
personal and financial information. But security client
applications are not the only part of the Mobile Security. Security
must be considered as a whole from chip to cloud.
Shielded Chipsets, fingerprint sensors, SIM cards, Secure SD cards,
trusted operating systems (sandboxes), secure cloud services,
antivirus, firewall, etc. a lot of products, solutions and services are
involved in the mobile security and provided by the industry.
A central question arise: how
this industry –IT industry and smart security industry– is competing
and/or partnering to achieve the right way towards "Trusted Mobility"?
Panellists will include:
- Pr Willie Donnelly, Head Research and Innovation, TSSG, Waterford Institute
- Claudia Eckert, Director Fraunhofer SIT, Vice Director CASED, Chair IT security at TUM
- Mika Lauhde, Director Security and Business Continuity, Nokia
- Pr Thomas Engel, Deputy Director, Center for Security Dependability and Trust, University of Luxembourg
- and representatives from Gemalto, RIM, Orange…
|
|
|
|
| DAY 1 - Wednesday
Sept. 22 - Afternoon |
|
Smart Grids Security |
|
Threats, Attacks and New Security
Issues |
Cryptology Breakthroughs |
|
|
|
Smart Grids Security
Moderator: Jean-Paul Thomasson, Conference Program Chair
|
Security
is now emerging as a key means to operate intelligent electricity
networks. But to ensure smart grids reliability and dependability, a
compromise need to be found between security, long operating time,
interoperability and regulation challenges. Discover how in this
session and learn more on the opportunities of this rising submarket of
M toM.
|
Smart Grid Security Keynote Introduction
Laurent Sustek, Technical Marketing, Atmel (France)
• Is a compromise between Security, Long operating time,
Interoperability and Regulation possible?
• What are security requirements?
• What is the opportunity for Secure Microcontroller manufacturer?
|
Profiling energy use in households and office spaces
Salman Taherian, Research Associate, Speaker - Marcelo Pias, Researcher - University of Cambridge (UK)
• Smart system is not a user-independent system, users are valuable
sources of information
• Time-series energy profile data: meaningful information but also
sensitive for privacy!
• Awareness + Personalization + Ownership --> User Engagement
• Simple coordinated user actions can lead to great savings
|
Smart grid security; reliable energy services on a trusted information infrastructure
Dieter Arnold, Teamleader R&D, Speaker - T. Kikardes, R&D , Albis Technologies (Switzerland)
• The liberalization of the energy market transform physical assets to
information assets.
• Information security controls access to "personalized" data
• Reliable energy services requires a trusted infrastructure.
• National calibration offices assure "trustworthiness" of Smart
(digital) Meters
|
Coffee & Refreshments Break - Networking - Exhibition
|
Hacking the Smart Grid: The myths, nightmares & professionalism
Gib Sorebo, Chief Cybersecurity Technologist, SAIC (USA)
• Common attacks on smart meters and associated mitigation techniques
• Pros and cons of publicly reporting vulnerabilities involving critical infrastructure components
• Legal, regulatory, and standards-based requirements
• Challenging both the fear mongering and the downplaying of legitimate risks
|
Securing and extending the functionality of smart meters with smart card technologies
Charles Palmer, Project Hydra Project Manager, Onzo Ltd (UK)
• Smart meters have similar security problems to credit cards and mobile phones.
• Tamper-resistant hardware, Java Card and GlobalPlatform in smart meters.
• Project Hydra for telehealth applications on smart meters.
|
Trusted Chips: No More Secrets
Karsten Nohl, Chief Scientist, Security Research Labs (Germany)
• Why security chips must not blindly be trusted
• Why securing a system involves lowering attack incentives as much as increasing defences
• End-to-end protection for the smart grid
|
| Closing discussion: Issues & Perspectives |
| |
|
|
|
Threats, Attacks and New Security Issues
Moderator: Pascal Urien, Professor, Telecom ParisTech
|
As
a starter of the Smart Security stream, this half-session addresses
attacks in their complexity and variety: FA of embedded systems, smart
grids threats, fake fingertips.
|
Towards a new fault model for FA characterization
Emmanuel Prouff,
Manager of the Security Research Activities, Oberthur Technologies,
speaker - Yannick Sierra, Crypto Group, Oberthur Technologies (France)
• On the analogy between Information Coding Theory and FA modelization
• On a new notion of channel to characterize the device, the adversary
and the attack
• Modelling a Fault Attack in our framework
|
Responding to security threats in the smart grid
Daniel Borleteau, Security Program Manager, Speaker - Aurélien Miana, Renesas Electronics Europe (France)
• Sensitive functions in smart metering
• Security requirements
• Type of threats and answers from the Smart Digital Industry
|
Inkjet printing of false fingers in fingerprint recognition
Abdel Yakoub, Research Engineer, speaker - Sébastien Sanaur - Claude Barral - Assia Tria - Patrick Benaben, Microelectronics Center of Provence, ENSM-SE (France)
• inkjet printing in printed electronics
• inkjet printing of false fingers
• fingerprint sensors technologies
• evaluation of different fingerprint sensors
|
Coffee & Refreshments Break - Networking - Exhibition
|
|
Cryptology Breakthroughs
Moderator: Pascal Urien, Professor, Telecom ParisTech
|
First
level of solutions to counter attacks, latest advances of cryptography
research are presented here through their application to attacks on DES
algorithms, quantum key distribution and public key infrastructures.
|
Fault-Algebraic attacks on implementation of DES
Dr. Nicolas Courtois, Senior Lecturer, University College London (UK), speaker - Keith Jackson Principal Engineer and David Ware Security Technology Manager, RFI Global Services Ltd. (UK)
• Fault attacks on inner rounds of DES with protected implementation
• How to adapt (recent) algebraic attacks DES with too few faulty ciphertexts
• A new DFA attack on inner rounds faster than brute force
|
Quantum Key Distribution as a strong physical layer security enabler
Romain Alleaume, Assistant Professor, Telecom ParisTech (France)
• Long-term security of QKD, unachievable with classical cryptography
• QKD for high-security network security segment (military, government)
• QKD integrated within networks
• Integrating QKD with smartcards
|
A user-centric PKI based protocol to manage digital identities
Khaled Garri, PhD Student, CNAM (France) Speaker - Samia Bouzefrane, Assistant Professor, CNAM (France) Speaker - Pascal Thoniel, Chairman Executive & CTO, NTX Research (France)
• Secure electronic services access trough this platform developed within FC˛ project
• New "user" PKI 2.0 protocol allowing low-cost user registration.
• "Child-care center" use case |
|
|
|
|
| DAY 2 - Thursday Sept. 23 - Morning |
|
Innovative Secure Devices and Platforms |
|
Cryptographic Implementations Breakthroughs |
|
|
Innovative Secure Devices and Platforms
Moderator: Marc Muller, Head of Common Technologies, Gemalto (France)
|
Discover
latest smart technologies from the labs: strong authentication for
remote connections and the "cloud", new trustworthy embedded platforms,
secure portable devices, secure web services and new application areas
for smart card applications. Take the opportunity of this session to
analyse the potential usage and new markets possible with theses new
features.
|
The EU funded project SEPIA - Secure, embedded platform with advanced process isolation and anonymity capabilities
Dr. Stephan Spitz, Program Manager New Technologies New Business Development, Giesecke & Devrient (Germany) Speaker - Haydn Povey, ARM (UK)
• Security enhancements of mobile platforms
• Cryptography and privacy protecting technologies
•
Delta-evaluation and certification methodologies
|
Smart Card Web Server in 2010 aComplete Framework
Laurence Bringer, Technical Marketing, Standardization and Technology Department, Gemalto (France)
• SCWS standardisation status (Open Mobile Alliance, GlobalPlatform,
ETSI)
• Other standards using the SCWS technology
• Expected evolutions of the SCWS technology, new opportunities for SCWS integration or usage
|
MaXSSIMM program (title to be confirmed)
Laurent Manteau, MaXSSIMM Program Director, Handset Technology & Mobile Innovation, Telecom BU, Gemalto (France)
|
Coffee Break - Networking - Exhibition
|
Designing secure portable devices to address today's entreprise and government needs
Asad Ali, Senior Research Engineer, Gemalto (USA)
• Dealing with security threats of using unsafe USB devices in
corporations
• Plug-n-play solutions for authentication and data protection
•
How to consolidate different security tokens and/or passwords
|
A new smart card interface; The service access layer as web service
Jan Eichholz, Technology Consultant, Giesecke & Devrient (Germany)
• A new smart card interface: The Service Access Layer Web Service
• New possibilities based on the Java Card 3.0 connected platform
The ISO/IEC 24727 stack model allows component distribution over the
internet
|
Privacy in advanced smart card applications: a challenging task
Pim Vullers, PhD Student, Radboud Univ. Nijmegen (Netherlands)
• New application area / security objective for smart card applications
• Advanced cryptographic protocols lead to advanced smart card
applications
• Requires all the possibilities of a modern smart
card (and a bit more)
• Challenging task due to limitations of the
Java Card API and the cryptographic co-processor
|
| Lunch - Networking - Exhibition |
|
|
|
Cryptographic Implementations Breakthroughs
Moderator:
Gisela Meister, Chair of the European Standardisation Group for
Electronic Signature; Head of Technology Consulting R&D,
Standardisation Manager CTO - Giesecke & Devrient (Germany)
|
This
full session is dedicated to the most innovative implementations of
cryptography: a first part covers design methodology and integration
while the second part deals with various levels of countermeasures for
embedded systems and smart cards.
|
Asynchronous design: a breakthrough for smart security
Marc Renaudin, CTO, Tiempo (France)
• Asynchronous designs: a major breakthrough leading to unprecedented
performances
• Substantial gains in power consumption
• Innovation leading to proven better resistance against hardware
attacks
|
Designing a secure accelerator for symmetric cryptography
Fabrice Romain, System Architecture Manager, Speaker - Marc Benveniste, Formal Methods Expert; Julien Mercier Hardware Security Engineer - STMicroelectronics (France)
• Goal of symmetric key accelerator
• Security properties to fulfil
• Designing the accelerator
• Verifying the security properties
|
Odyssee Project: fast and secure encryption in embedded systems
Blandine Debraize, Cryptologist, Gemalto, Speaker - Cecile Canovas-Dumas Research Engineer CEA LETI - Louis Goubin Professor University Versailles St Quentin en Yvelines - Aline Gouget, Cryptography Expert - Pascal Paillier, Gemalto (France)
• High speed encryption: a brief history of stream ciphers.
• Stream ciphers in smart cards: resistance against physical attacks.
• Stream cipher comparison in FPGA implementations
• Software
implementations in smart cards: stream ciphers versus AES, what is
best?
|
Coffee Break - Networking - Exhibition
|
BCDL: dual active and passive side-channel attacks contermeasure
Jean Luc Danger, Professor, Speaker - Laurent Sauvage, Institut TELECOM/Telecom ParisTech (France)
• BCDL: a logic style suitable both for ASIC and FPGA implementations
with no CAD tools required
• New concept of faults resilience; the more faults the better the
countermeasure
• Withstands the most advanced passive side-channel
attacks, being activity and timing-constant
|
Smart -SIC analyzer: a circuit level vulnerability assistant
Sylvain Guilley, Scientific Board Advisor, Speaker - Philippe Nguyen, Technical Director - Secure-IC (France)
• State-of-the-art of standard evaluation methodologies.
• Review of scientific papers and industrial products
•
Introduction of constructive metrics for an accurate localization of
the vulnerabilities
• Specification of a characterization platform
through the example of the "Smart-SIC Analyzer" tool
|
A new way to insert asymmetrical cryptography in smartcard
Christophe Malherbe, Manager, SecureCodex , Speaker - Philippe Gaborit, Julien Schrek, Univ. of Limoges - Gilles Zémor, Univ. of Bordeaux (France)
• Reduce cost of asymmetrical cryptography
• Strengthening security systems most constrained
• Software solution for stronger security
|
| Lunch - Networking - Exhibition |
|
|
|
|
| DAY 2 - Thursday Sept. 23 - Afternoon |
|
Smart Card Advanced Requirements
Specifications |
Exploiting USIM Potential |
|
|
Formal methods:
Raising the Assurance Level
|
Wireless & Contactless
Technologies Security |
|
|
|
Smart Card Advanced Requirements Specifications
Moderator: Laurent Sourgen, Strategic R&D Program Director, MMS
Group - STMicroelectronics
|
Some
of the most significant works to extend smart cards abilities, such as
dynamic software update or high data rate communications, while
reaching the best compromise between security and efficiency.
|
Convergence OSGI-JAVACARD: Fine-grained dynamic update
Agnes C. Noubissi, PhD Student, Speaker - Julien Iguchi-Cartigny, Assistant Professor - Jean-Louis Lanet, Professor - Labs XLIM, Team SSD, Univ. of Limoges (France)
• Challenges of DSU for system components in the Java Card
• DSL and the extension of virtual machine with how it supports dynamic
update
• Security problems that can result to the upgrade
mechanisms in smart card
• How and why to use OSGi reconfiguration
techniques
|
An innovative solution for card to Reader VHDR contactless link: a basis for ISO 14443 standard extension
Florian Pebay Peyroula, Engineer, speaker - Jacques Reverdy - Elisabeth Crochon - Thierry Thomas - CEA-LETI (France)
• Very high data rate communication from card to reader up to 6.8 Mbit/s
• Impact on the card powering
• The card IC is as cheap as an ISO14443-B one to produce.
|
Designing an up-to-date efficient secure platform need hardware and software cohesion
Marc Saisse, Secure IC Design Project Leader, Inside Contactless (France) Speaker - Rémi Duclos - Benoit Feix - Georges Gagnerot - Sebastien Nérot - Mylčne Rousselet - Jérôme Vasseur - Inside Contactless (France)
• Introduction on attacks and security needs on platforms
• Hardware Countermeasures and Security Actions
• Software
Countermeasures and Cryptography
• Synergy for an efficient and
secure platform
|
Coffee Break - Networking - Exhibition
|
Exploiting USIM Potential
Moderator: Laurent Sourgen, Strategic R&D
Program Director, MMS Group - STMicroelectronics
|
To
offer trusted mobile services, mobile operators can rely on new secure
technologies based on the (U)SIM card. Review of them: key agreement
protocol, open ID, mobile services...
|
LTE Solutions - Opening up premium mobile broadband internet services for subscribers
Jean-Claude Perrin, Vice President LTE, Gemalto (France)
|
From users to mobile super prosumers - The userservice project - uSERVICE
Carsten Rust, R&D Project Manager, Sagem-Orga (Germany) - Jorge Perez Velasco, Researcher, Tecnalia-Robotiker (Spain)
• Concept of uServices and objectives for their realization
• General architecture for creation, provisioning and deployment of
uServices
• Integration and role of the UICC in the architecture
• uRun application scenario
|
A breakthrough for telcos: introducing openID services for USIM
Pascal Urien, Professor, Telecom ParisTech (France)
• How to deploy new SIM services in the WEB ecosystem
• What is OPENID
• Integration OPENID services in SIM cards
• MTM perspectives for
SSL embedded stacks
|
Data Stream Management on Smart Cards
Seda Polat, Researcher, Tubitak UEKAE (Turkey)
• Database Management Systems
• Stream Data Management Systems
• Smart Card database management
• Data Stream Applications for Smart Cards |
|
|
|
Formal methods:
Raising the Assurance Level
Moderator: Pr David Naccache, ENS Paris, CIM PACA
|
The
spreading of new services with mobile devices challenges the
certification processes of (U)SIM platforms. Discover the up-to-date
landscape of formal approaches, development methods and tools.
|
A GlobalPlatform model for security certification composition
Boutheina Chetali, R&D Group Manager, Gemalto (France)
• How to compose certified applications and non-certified ones on
certified platforms
• How to applications on certified UICC that minimize the cost
and the delay
• Deployment of basic applications on certified
products without re-certification
|
Reference implementation of the card specification of GlobalPlatform? - Utilizing its formal model
Roland Horsch, Chairman of GlobalPlatform's Card Compliance Working Group
• Implementation of formal model in Java
• Consistent inline-specification (JML)
• Improving the specification and verifying the implementation
|
Formal verification of a smart card web server design and implementation
Quang-Huy Nguyen, Research Security Scientist, Security Labs, Gemalto Technology & Innovation (France)
• Smart Card Web Server and multi-actor multi-application (U)SIM
• Formal approaches for specification and development
• Automatic
and interactive formal verification
• High-level Common Criteria
security evaluation
|
Coffee Break - Networking - Exhibition
|
Wireless & Contactless
Technologies Security
Moderator: Pr David Naccache, ENS Paris, CIM PACA
|
Contactless
remains one of the hottest topics of Smart Card industry. This session
tackles the various means to secure contactless cards, from design to
activation mechanisms.
|
|
Securing your contactless card with new antenna design
Ricardo Malherbi Martins, Researcher Engineer, Speaker - Sylvain Bacquet - Jacques Reverdy - CEA-LETI (France)
• Antenna design for secure contactless system
• Attacks on ISO 14443 systems
• Skimming or remote activation on ISO 14443 system
|
What's up in Elliptic curve cryptography for embedded devices?
Vincent Verneuil, Cryptology Engineer, Inside Contactless (France)
• Edwards curves: the announced revolution?
• Euclidean addition chains: a promising tool
• Atomicity improvement: a secure implementation at low cost
|
TISPHANIE, bringing the truth about security of mobile phones
Anthony Ferrari, Senior Security Evaluator, Trusted Labs (France) Speaker - Jacques Fournier, Research Engineer, CEA-LETI (France)
• Addressing the growing need for security for value-added mobile
application
• Thorough analysis of the security of mobile phones.
• Methodology to identify assets, threats and level of security of
mobile phones
|
Contactless smart cards with new personal activation mechanism and state machine
Ernst Piller, Head of Research Institute, St Poelten University of Applied Sciences (Austria)
• New developments and security improvements for contactless smart cards
• Personal smart card activation mechanism
New state machine to enhance security and processing speed
|
|
|
|
|
| DAY 3 - Friday
Sept. 24 - Morning only |
|
|
Java Card Security
Moderator: Christian Goire, President, Java Card Forum
|
Java
Card platform exploration will be conducted here through security
assessment and examples of innovative secure applications.
|
Combined attacks on Java Card 3 - Type confusion issues
Guillaume Barbu, Embedded Software Developer, Oberthur Technologies (France)
• Combined Attacks on Java Card 3
• Evading from Type Safety
• Security Policy Abuse, Unauthorised Connections and Application
Alteration
• Making the Platform Secure
|
How to hoax an off-card verifier
Emilie Faugeron, Security Evaluator Engineer, Speaker - Sebastien Valette, Program Manager & Crypto Engineer, Thales Security Solutions & Services, Thales ITSEF (France)
• Off-Card vs On Card Verifier Functionalities
• Security Issues
• Off-Card/On-Card Verifier Characterisation
• Example of Off-Card Verifier Vulnerability Exploitation
|
A secure virtual machine for Java Card Platform
Ahmadou Al Khary Sere, PhD Student - Julien Iguchi-Cartigny, Associate Professor - Jean-Louis Lanet, Professor - XLIM Labs, SSD Team, Univ. of Limoges (France)
• Fault model against which we have to protect the applications
• Secure virtual machine against fault attacks
• New lightweight mechanisms to protect smart card against fault attacks
• Evaluation of these detection mechanisms efficiency
|
Coffee Break - Networking - Exhibition
|
Java Card & Java Card 3.0 Implementation
Moderator: Christian Goire, President, Java Card Forum
|
Review
the possibilities of Java Card in light of the Java Card 3.0
specification and get fresh perspectives on the new ways to design,
develop, deploy and integrate smart card applications.
|
Flexible, Extendable and Off-line Key-Agreement Protocol for Large-Scale Multi-Application Smart Card Projects
Omid Nadjarbashi, Technical Manager, Kasra Card (Iran)
• Key management for transaction management, applications and user
privacy
• Application in-field extension without need to call for issued card
• Key ceremony scheme from card manufacturer to card-issuer
|
Development methodologies of java card web applications
Nassima Kamel, PhD Student, Speaker - Julien Iguchi-Cartigny, Assistant Professor - Jean-Louis Lanet, Professor, Labs XLIM, Team SSD - Univ. of Limoges (France)
• Web side of java card 3 platform
• Web attacks that can occur on this platform
• Presents some countermeasures to prevent these attacks |
|
|
|
End of e-Smart 2010 - no lunch
Further adjustments can occur. The organizers reserve the right to
change the agenda of the conference and the identity of the speaking
persons.
|
Technology Innovations |
|
Smart Security |
|
|
|
|
|
|
