|
last update: September 21, 2011
|
|
e-Smart at a Glance
| |
DAY 1 – Wednesday Sept. 21
|
DAY 2 – Thursday Sept. 22
|
DAY 3 – Friday Sept. 23
|
| |
|
|
|
 |
|
|
|
|
| |
|
|
|
|
 |
|
|
|
|
|
|
Stream A:
|
Digital Security Innovations
|
|
|
Stream B:
|
Trust & Security Breakthroughs
|
|
Day 1 - Sept. 21
DAY 1 – Wednesday Sept. 21 – Morning
|
09.00am – 10.30am: Badges delivery – Registration – Welcome Coffee
|
Smart Event 2011 Grand Opening Session
MOBILE SERVICES
THE NEW "CHIP-TO-CLOUD" CHALLENGE
Security, Privacy, Interoperability: which business models and strategies?
" Now all is in the cloud: the information haven’t to be stored anymore in the SIM card"
Eric Schmidt, Google CEO, February 18, 2010 Barcelona MWC
"The wallet is still in the cloud. It’s never in the mobile, but the phone is a point of entry to the cloud, which we have to trust."
Sébastien Taveau, Astronomer, PayPal Ecosystems and Technologies Integration (in SCT March-April Issue 2011) |
" iCloud is more than an hard drive in the sky"
Steve Jobs, CEO of Apple
"Identity Access Management requires a number of technologies now applied to the rapidly growing domain of cloud computing the development of which is an urgent demand all over, to secure user access and segment their access rights."
Olivier Piou, CEO of Gemalto (in SCT November Issue 2011) |
Cloud computing is ushering to a new era where security is no more a matter of firewalls and passwords for protecting and managing access to physical office networks. It is in the nature of cloud services to be accessed anytime and from anywhere thanks to chip-based devices we need to trust. But the need to shift from a simple IT security approach to a more complex “identity-proof“ security (strong authentication) model raises questions in terms of security, privacy and interoperability:
Are low security, critical privacy concerns and restricted interoperability featuring close "chip-to-cloud" ecosystems and big brand logic?
On the contrary, are high security and privacy protection, and large interoperability the distinctive attributes of the open chip-to-cloud ecosystems and coopetitive industrial initiatives?
How will they both coexist in the future?
Led by Jean-Paul Thomasson, e-Smart and Smart Mobility Program Committee Chair
• Part I: Research and industry leaders will address the various technological dimensions of the “cloud-to-chip” model and will draw future perspectives in their respective domains.
- Holger Lenz, Director Business Development, Cinterion, Germany
- Marc Muller, Head of Common Technologies, Gemalto, France
- Travis Spencer, Senior Technical Architect, Ping Identity, USA
• Part II: Panel debate on the different industrial approaches of the cloud-to-chip model: brand-based, ?coopetitive? or a new approach to be defined?
The panel will include:
- Yvon Avenel, Publisher of SmartCardsTrends, France
- Holger Lenz, Director Business Development, Cinterion, Germany
- Marc Muller, Head of Common Technologies, Gemalto, France
- Travis Spencer, Senior Technical Architect, Ping Identity, USA
- Jörg Suchy, Group Leader, Strategic Business Development, Smart Card and NFC Products, Samsung Semiconductor Europe, Germany |
|
|
|
|
12.30am – 2.00pm: Lunch – Networking – Exhibition
|
DAY 1 – Wednesday Sept. 21 – Afternoon
| |
Smart Grids |
Trusted Technologies for NFC & Contactless |
| |
Moderator: Jean-Paul Thomasson, e-Smart Program Committee Chair, Strategies Telecoms & Multimedia, France
To ensure smart grids reliability and dependability, a compromise need to be found between security, long operating time, interoperability and regulation challenges. Discover how in this session.
|
Moderator: J.M. Mulder, Sales Director Europe, Collis, The Netherlands
This session tackles the various means to secure contactless cards and NFC-enabled devices while ensuring users’ privac. From the low level of protocols and interfaces up to card-based programming, the state-of-the-art of trusted technologies is presented here.
|
| 2.00pm – 2.30pm |
IT security in the smart grid with embedded devices  Bullet Points:
- Smart Meter: State of the art for the prosumer of the Smart Grid
- Smartcards as a key technology for industrial embedded devices
Nils Tekampe, Product Manager; Markus Bartsch, Business Development (speaker), TUV Informationstechnik, Germany
|
NFC identity for mobile services Bullet Points:
- Why identity is the cornerstone of mobile services
- Identity for payment in an NFC context
- Identity for cloud computing in a smartphone environment
Pascal Urien, Professor at Telecom ParisTech and Founder of the EtherTrust company, France
|
| 2.30pm – 3.00pm |
Java Card as a Privacy Enhancing Technology for Smart Meters Bullet Points:
- Status of the UK project to roll out smart meters to all 25 million UK households
- Using Java Card local processing in smart meters and home hubs to solve the smart meter privacy problem
- Dynamically and securely deploying telecare and metering software
Charles Palmer, Project Manager of “Project Hydra”, Acute Technology
|
COPRIM: Contactless privacy manager Bullet Points:
- Threats to the privacy of NFC users
- Technical solutions
- Sociological survey
Louis Goubin, Professor; Malika Izabachene, PhD – PRiSM Laboratory, Versailles St Quentin en Yvelines University; Olivier Lavoisy, Engineer, PhD, PACTE lab , Pierre Mendes-France University and CNRS; Pierre-Henri Thevenon, PhD student, CEA LETI, France (co-presenter); Vincent Verneuil, Cryptology Engineer, Inside Secure, France (co-presenter) |
| 3.00pm – 3.30pm |
A holistic approach to protecting "Smart Grid" infrastructures
Laurent Sustek, Product Marketing Manager, Inside Secure, France |
The case for more opacity – The open protocol for access control, identification and ticketing with privacy Bullet Points:
- A new set of contactless protocol, more secure and privacy aware
- Have convergence fully secure use cases with privacy protection over the contactless interface
- OPACITY is standard, free, and open source
Philip Hoyer, Director Strategic Solutions (speaker); Eric Le Saint Senior Director of Research IP and Security, ACTIVIDENTITY, UK
|
|
|
| |
Smart Security Pre-Competitive Research Projects
|
|
| |
Get new perspectives with these projects just out from the labs. They exploit smart cards abilities or investigate new possibilities for mobile services and logistics monitoring.
|
| 4.15pm – 4.45pm |
Security by contract for open multi-application smart cards Bullet Points:
- Open multi-application smart cards require a policy enforcement mechanism for evolution
- Security-by-Contract framework certifies applications at the loading time
- Each application provider’s policy is respected across updates
Olga Gadyatskaya, Post Doctoral Fellow University of Trento Italy (speaker), Fabio Massacci, University of Trento Italy – Boutheina Chetali and Quang-Huy Nguyen, Trusted Labs France |
Simple approach to bring NFC compliance to metal foil-sealed blister packs Bullet Points:
- NFC allows useful smart functions on medical blister packages
- But standard transponders do not work metal foil sealed blister packages
- The solution to make the blister “NFC-compliant”
Gernot Schmid, Project Manager, EMC Division, Seibersdorf Laboratories, Austria |
| 4.45pm – 5.15pm |
The uService Platform for realizing the mobile super prosumer concept Bullet Points:
- uService Platform
- Identity Management and Security
- uRun Application Scenario
- Business Analysis
Carsten Rust, Senior R&D Project Manager, Morpho e-Documents Division, Germany |
Connection of the SD cards to the NFC ecosystem Bullet Points:
- NFC applications in a mobile: technologies to support service providers?
- What is the best host for your application?
- What SD cards can offer for your services?
- How to make this complex ecosystem work?
Denis Praca, Standardization Technical Marketing Manager, Gemalto, France |
| 5.15pm – 5.45pm |
Wireless Sensor Networks in Secure Logistics Monitoring Bullet Points:
- Description of the logistics scenario and the application of WSN in this scenario
- Broadcast authentication with µTESLA
- The achievement of time synchronisation of the nodes in the network
Katharina Schulz, Technology Consultant (speaker), Walter Hinz, Giesecke & Devrient, Germany |
Java Card 3.0 Classic, GP Amendment C and the ETSI HCI API and how they enable NFC service from the SIM card Bullet Points:
- The work for the Java CardPlatform in GlobaPlatform and ETSI
- Taking full advantage of the NFC interface, the mobile phone as an application platform and the Java Card platform
- Developing dynamic and high secure card application.
Sebastian Hans, Principal Java Card Standards and Direction, Oracle, USA |
| 5.45pm – 6.15pm |
Smart Card based secure management of digital items in the future internet Bullet Points:
- Concepts and objectives of the CONVERGENCE project
- The Versatile Digital Item
- The CONVERGENCE Token for secure management of versatile digital items
Carsten Rust, Senior R&D Project Manager, Morpho e-Documents Division, Germany |
GlobalPlatform system messaging specification in action: Deploying mobile-NFC services Bullet Points:
- NFC Services deployment using GlobalPlatform System Messaging Specification
- Implementation in different contexts: TSM-centric, MNO-centric or SP-centric
- Deployment whatever the Secure Element and whatever the Device
Laurence Bringer,Technical Marketing Standardization and Technology Department, Gemalto, France |
|
Day 2 - Sept. 22
DAY 2 – Thursday Sept. 22 – Morning
| |
Trusted Execution Environments
|
|
| |
Moderator: Serge Chaumette, Professor, LaBRI University of Bordeaux, France
The TEE offers an interoperable solution for securing trusted applications on mobile devices. Best examples to achieving its full potential are presented here.
|
Latest advances of cryptography research are presented here through their application based on chaotic-based key stream, on leakage resilience and protocol-level resilience.
|
| 9.00am – 9.30am |
GlobalPlatform: Supporting the use of trusted execution environments Bullet Points:
- The necessity of a Trusted Execution Environment
- The unknown security risks of mobile devices
- GlobalPlatform’s proposed work in this area
Gil Bernabeu, GlobalPlatform Technical Director |
Smart-Card Authentication Scheme Based on Cahotic Keystream Cipher Bullet Points:
- Smart-cards are powerful enough to accommodate different authentication schemes
- Chaotic-based key stream is implemented easily on smart-cards
- Chaotic-based key stream performance lies between AES and ZKP schemes
Rui Gustavo Crespo, Lecturer & Researcher (speaker); Jose Rafael Carvalho Researcher, Instituto Superior Tecnico DEEC, Technical University of Lisbon, Portugal
|
| 9.30am – 10.00am |
How to generate qualified electronic signatures with the German e-ID and a smart phone Bullet Points:
- Qualified electronic signatures with smart phones
- The Trusted Execution Environment technology
- The German Identity Card “neuer Personalausweis”
Gisela Meister, Head of Technology Consulting R&D, Standardisation Manager C-TO; Jan Eichholz, Technology Consultant – Giesecke & Devrient, Germany |
Leakage Resilient Cryptography – A new approach to ensure embedded cryptosystems security Bullet Points:
- The advantage of the Leakage Resilient Cryptography and its limitation
- Application: First leakage resilient primitives
- Perspectives for Leakage Resilient Cryptosystem
Soline Renner, PhD Student at Institut Mathématiques Bordeaux, Security Engineer at Oberthur Technologies, France
|
| 10.00am – 10.30am |
How to create trust in an un-personalized system Bullet Points:
- De-personalization concept implies trusted fundamentals
- Secure boot is key enabler to start chain of security
- Unified personalization services are the key for device personalization after issuance
Laurent Sustek, Product Marketing Manager (speaker); Jean-Charles Lesage, Inside Secure, France |
Cryptographic protocols resilient to physical level attacks Bullet Points:
- Resilience as a smart alternative to brutal resistance, against implementation-level attacks
- Proven schemes, relying on standardized cryptography, are readily available
- We introduce protocol-level resilience by algorithmic interaction, which eases contamination
- Uses for identification protocols, such as e-passport, provided the protocol is enhanced
Sylvain Guilley, Scientific Advisor, Secure IC, France
|
|
10.30am – 11.15am: Coffee & Refreshments Break – Networking – Exhibition
|
| |
Identity & Privacy Protection |
|
| |
The utilization and protection of users’ digital identity online is an exciting challenge addressed here in a smart security approach.
|
| 11.15am – 11.45am |
The European Citizen Card – Promising Security Anchor for the world of mobile transaction
Helmut Scherzer, Group Vice President, C-TO Technology Management, Giesecke & Devrient, Germany |
Presentation to be confirmed
|
| 11.45am – 12.15am |
Privacy preservation and low cost authentication in federated identity management Bullet Points:
- Transparent and interoperable Identity Management platform
- This platform allows to access secure electronic services
- New non hierarchical “user” PKI 2.0 protocol is proposed allowing low-cost user registration
- A privacy middleware that has been developed enables privacy contract negotiations to guarantee privacy
Samia Bouzefrane, Associate Professor, CNAM (speaker); Pascal Thoniel, Chairman Executive & CTO, NTX Research; Maryline Laurent, Professor and Kheira Bekara, PhD Student, Telecom SudParis, France
|
Presentation to be confirmed
|
| 12.15am – 12.45am |
Seamless fusion of online authentication and digital identity services using smart cards Bullet Points:
- What are the hurdles to replacing online password authentication with smart card based solutions?
- Drawbacks of existing smart card based solutions.
- Designing online authentication that is secure, yet simple to deploy and use
- How to combine strong online authentication with additional smart card security services?
Karen Lu, Principal Engineer, Gemalto USA
|
Presentation to be confirmed
|
| |
Presentation to be confirmed
|
Presentation to be confirmed
|
|
12.45am – 2.00pm: Lunch – Networking – Exhibition
|
DAY 2 – Thursday Sept. 22 – Afternoon
| |
Advances on Java Card |
Embedded Security Platforms |
| |
Moderator: Christian Goire, Java Card Forum President
Review the possibilities of Java Card in light of the latest specifications and get fresh perspectives on the new ways to design, develop, deploy and integrate smart card applications.
|
Moderator: Pierre Paradinas, Chair of Embedded Systems, CNAM, France
This session addresses the latest advances that move forward the security of embedded platforms. See state-of-the-art in Physical Unclonable Functions and embedded PKI, innovative hardware implementation of cryptography.
|
| 2.00pm – 2.30pm |
Keynote
Java Card Perspectives (to be confirmed) Bullet Points:
- The latest Java Card market data
- Why Java Card remains leading security element software platform
- Oracle’s strategic initiatives related to Java Card platform
Jean-Yves Bitterlich, Principal Java Card Engineering, New Technologies, Oracle USA |
Security in embedded public key cryptography Bullet Points:
- Background on Embedded Public Key Cryptography
- Side Channel Attacks
- Fault Attacks
- Perspectives and Conclusion
Benoit Feix, Product Security Engineer, Inside Secure, France |
| 2.30pm – 3.00pm |
How to build flexible multi-application e-ID documents with Java Card Bullet Points:
- Java Card can respond to challenges of e-ID documents frequent changes
- Approach combining applets for standardized MRTD and e-ID applications
- Benefits and drawbacks of this flexible and modular approach
Benjamin Drisch, Product Manager, cv cryptovision, Germany |
Growing roots of trust from physical unclonable functions Bullet Points:
- Physical Unclonable function technology is reliable and mature
- PUFs provide a trust anchor for any type of embedded security application
- They enable secure boot, hardware-software binding, content protection, trusted platforms
- They are inherently noisy and thus also allow generating truly random numbers
Helena Handschuh, Chief Technology Officer, Intrinsic-ID, USA |
| 3.00pm – 3.30pm |
OPAL: an open-source global platform Java Library which includes the remote application management over HTTP Bullet Points:
- State of art of Smart Card management tools
- OPAL features
- SCP authenticate protocols and OPAL
Bkakria Anis, CRYPTIS Master degree student (speaker); Jean-Louis Lanet, Professor, Leader of the Smart Secure Device Team, Labs XLIM, University of Limoges, France |
Enhancing secure access modules with physical unclonable functions Bullet Points:
- Be aware of state-of-the-art in Physical Unclonable Functions
- Learn how to enhance Secure Access Module security
- See an innovative approach to device authentication and dedicated protocol
- Understand applications and trends within Smart Card & PUF interaction
Claude Barral, Biometrics and Security Senior Scientist, Technology & Innovation, Security Labs, Gemalto, France |
|
|
| |
Java Card Security |
|
| |
Java Card platform exploration continues here through innovative secure applications and security assessment.
|
| 4.15pm – 4.45pm |
Embedding Java Cards to secure communications and manage identities in a UAVnet (network of drones) Bullet Points:
- Secured fleets of mobile terminals
- Embedding a Java Card in a UAV (Drone)
- Distributed identity management
Serge Chaumette, Professor, Rémi Laplace, PhD Student, LaBRI, University of Bordeaux |
Embedded UICC challenges and standardization status Bullet Points:
- Remote provisioning: the history
- Remote provisioning: the solutions
- Embedded SIM: the latest news from standard
- New opportunities or jump into the unknown?
Denis Praca, Standardization Technical Marketing Manager, Gemalto, France |
| 4.45pm – 5.15pm |
Application replay attack on Java Card 3 – When the garbage collector gets confused Bullet Points:
- The Case of Orphan Objects on Java Card 3 Connected Edition
- Fault-Injection-Based Reference Prediction and Forgery.
- When the Garbage Collector Gets Confused: Preventing Object Deletion
Guillaume Barbu, PhD Student at Telecom Paris Tech, Innovation Group at Oberthur Technologies, France |
Low power solutions for cryptography and security Bullet Points:
- Scalable, flexible and portable IP core design can lead to high performance and low power solutions
- Smart engine IP cores provide cost effective and easy-to-use functionalities with 100% CPU offload
Thierry Pauwels, Marketing & Sales support, IP products, Barco Silex, Belgium – Philippe Lorent, IP security product manager, Barco Silex, Belgium |
| 5.15pm – 5.45pm |
JCSecure, for testing secure applet isolation Bullet Points:
- The need for high secure Java Card platforms for mobile payment
- Identify how the security of a Java Card/GP platform should be tested
- Demonstrate some interesting test cases against relevant security threats
Harko Robroch, Managing Director (speaker); Cees Bart Breunesse, Senior Security Analyst, Riscure, The Netherlands |
FPGA Based Fast RSA Crypto module Bullet Points:
- Parallism through multiplication partition
- Pipelined FPGA – DSP architecture for RSA
- RSA 1024 bit signature generation time ~ 3.66 milliseconds on Xilinx FPGA
- Best of class in comparison to commercial RSA IP cores
Arijit Kumar Bose, Associate Scientist (speaker); Fernando Alvarez, Chief Architect, Mallikarjun Kande, Sanjeev Koul, Scientist, ABB, India |
| 5.45pm – 6.15pm |
Automatic generation of vulnerability test suite for the Java Card verifier n Bullet Points:
- Verifying the Java byte code verifier
- Methodology to generate test cases
- Use of a formal model to generate faulty CAP file
Aymerick Savary, Marc Frappier, University of Sherbrooke Canada; Jean-Louis Lanet, Univ of Limoges, France
|
Secure Elements in Embedded Systems as Ubiquitous Hardware Trust Anchors
Prof. Georg Sigl, Technical University of Munich, Germany |
8.00pm: Social Event – Gala Dinner (Secure your seat now, limited availabilities)
|
Day 3 - Sept. 23
DAY 3 – Friday Sept. 23 – Morning only
| |
Security Assurance & Certification: Methods & Schemes
|
| |
Along with analyses of attacks on smart cards and embedded systems in their complexity and variety, this session provides various levels of methods and schemes to counter them. It also explores certification processes applied to mobile device platforms. |
| 9.00am – 9.30am |
Analysis of attacks on smart card chip active shields Bullet Points:
- Physical attacks on smart-card chip active shields
- Using voltage contrast to map active shield routing
- Using FIB to open active shields for probing attack
- Using backscatter electrons to detect tungsten plugs used in layer interconnects
John Walker, Principal Consultant, SiVenture a division of NDS Ltd, Uk |
| 9.30am – 10.00am |
Test vehicle for smart cards attacks Bullet Points:
- Unify ITSEF competencies
- Assessment tool to evaluate security laboratories
- State of the art in the field of smart card attacks
Corentin Boe, Security Evaluator, Trusted Labs, France |
| 10.00am – 10.30am |
Is Side Channel Attack a Regression? Bullet Points:
- New Side Channel Attack.
- On Attack Improvement
- Attack Demonstration
- Conclusion and perspectives
Emmanuel Prouff, Manager of the Security Research Activities (speaker); Julien Doget, Oberthur Technologies, France |
|
10.30am – 11.00am: Coffee & Refreshments Break – Networking – Exhibition
|
| 11.00am – 11.30am |
Side channel and fault attacks on embedded systems Bullet Points:
- Judge the impact of side channel and fault attacks on embedded systems
- Understand differences of these attacks on smart cards vs. embedded systems
- Identify emerging threats and developments from these attacks on embedded systems
- Demonstrate specifics of applying side channel and fault attacks on embedded systems
Job de Haas, Director Embedded Technology, Riscure, The Netherlands |
| 11.30am – 12.00am |
Simulating Physical Attacks in Smart Card C Codes: The Jump Attack Case Bullet Points:
- Is it possible to simulate physical attacks at software level?
- The jump attack case: the goto simulation
- Comparison of attacks against assembly code/binaries and high level attacks
- Application to vulnerable function identification
Xavier Kauffmann, Research Engineer, Oberthur Technologies, France |
| 12.00m – 12.30am |
What type of certification to use for mobile devices security Bullet Points:
- Why is security certification important? Only to gain trust?
- Components of a mobile to be certified
- What approach to use in security certification of the components?
Christian Damour, Security Business Manager, FIME, France
|
|
Move the mouse over the symbol to view the Bullet Points of a presentation in the detailed program
|
