CARDIS 2012 – Program

Eleventh Smart Card Research and Advanced Application Conference

The pre-proceedings are available here. The program is also available as PDF.

Wednesday, November 28
12:30 - 14:15 Registration & Welcome Buffet
14:15 - 14:25 Opening Remarks
14:25 - 15:40 Java Card Security / Chair: Berndt Gammel Michael Lackner, Reinhard Berlach, Christian Steger, Reinhold Weiss, Johannes Loinig and Ernst Haselsteiner
Towards the Hardware Accelerated Defensive Virtual Machine - Type and Bound Checks
Guillaume Barbu, Philippe Andouard and Christophe Giraud
Dynamic Fault Injection Countermeasure – A New Conception of Java Card Security
Julien Lancia
Java Card combined attacks with localization-agnostic fault injection
15:40 - 16:10 Coffee
16:10 - 17:00 Protocols / Chair: Konstantinos Markantonakis Sébastien Canard, Loïc Ferreira and Matt Robshaw
Improved (and Practical) Public-key Authentication for UHF RFID Tags
Jan Hajny and Lukas Malina
Unlinkable Attribute-Based Credentials with Practical Revocation on Smart-Cards
19:00-22:00Welcome Reception (Landhaus-Keller, Graz)
Thursday, November 29
08:30 - 09:00 Registration
09:00 - 10:40 Side-Channel Attacks I / Chair: Hermann Drexler Thomas Roche, Emmanuel Prouff and Jean-Sébastien Coron
On the Use of Shamir’s Secret Sharing Against Side-Channel Analysis
Luk Bettale
Secure Multiple SBoxes Implementation with Arithmetically Masked Input
Jean-Luc Danger, Sylvain Guilley, Philippe Hoogvorst, Cedric Murdica, and David Naccache
Low-Cost Countermeasure against RPA
François Durvaux, Mathieu Renauld, Francois-Xavier Standaert, Loic Van Oldeneel Tot Oldenzeel and Nicolas Veyrat-Charvillon
Efficient Removal of Random Delays from Embedded Software Implementations using Hidden Markov Models
10:40 - 11:15 Coffee
11:15 - 12:15Invited Talk IN. AsokanMobile Platform Security
12:15 - 14:00 Lunch
14:00 - 15:15 Implementations / Chair: Lejla Batina Tolga Yalcin and Elif Bilge Kavun
On the Implementation Aspects of Sponge-based Authenticated Encryption for Pervasive Devices
Josep Balasch, Baris Ege, Thomas Eisenbarth, Benoît Gérard, Zheng Gong, Tim Güneysu, Stefan Heyse, Stéphanie Kerckhof, Francois Koeune, Thomas Plos, Thomas Poppelmann, Francesco Regazzoni, Francois-Xavier Standaert, Gilles Van Assche, Ronny Van Keer, Loic Van Oldeneel Tot Oldenzeel and Ingo von Maurich
Compact Implementation and Performance Evaluation of Hash Functions in ATtiny Devices
Markus Pelnar, Michael Muehlberghuber and Michael Hutter
Putting Together What Fits Together – GrAEStl
15:15 - 15:45 Coffee
15:45 - 16:35 Implementations for Constrainted Devices / Chair: Marcel Medwed Yuto Nakano, Carlos Cid, Shinsaku Kiyomoto and Yutaka Miyake
Memory Access Pattern Protection for Resource-constrained Devices
Petr Susil and Serge Vaudenay
Multipurpose Cryptographic Primitive ARMADILLO3
17:00-19:00City-Tour Graz
19:00-23:00Gala Dinner at Restaurant SCHLOSSBERG
Friday, November 30
08:30 - 09:00 Registration
09:00 - 10:40 Side-Channel Attacks II / Chair: Francois-Xavier Standaert David Oswald and Christof Paar
Improving Side-Channel Analysis with Optimal Pre-Processing Methods
Sebastien Tiran and Philippe Maurine
SCA with Magnitude Squared Coherence
Johann Heyszl, Dominik Merli, Benedikt Heinz, Fabrizio De Santis and Georg Sigl
Strengths and Limitations of High-Resolution Electromagnetic Field Measurements for Side-Channel Analysis
Timo Bartkewitz
Efficient Template Attacks Based on Probabilistic Multi-class Support Vector Machines
10:40 - 11:15 Coffee
11:15 - 12:15 Invited Talk IIDavid Naccache Defensive Leakage Camouflage
12:15 - 12:20 Closing remarks
12:20 - 14:00 Farewell buffet

Invited Speakers

Mobile Platform Security
N. Asokan

In the past few years, there has been a dramatic increase in the popularity of the category of mobile phones commonly known as smartphones. Consequently there is increased interest in the security and privacy research community in smartphone security. All dominant smartphone platforms, or more generally, mobile phone application platforms, incorporate platform security architectures that are widely deployed.
In this talk, I will first discuss the reasons why mobile platform security has seen such widespread deployment: in contrast to PC platforms, mobile phones began as closed systems with limited functionality but right from the beginning different stakeholders had certain clear security requirements for mobile devices. For example, regulators required that a mobile phone must have unique device identifier and must incorporate technical mechanisms to resist modification of this identifier; mobile operators required technical means to enforce subsidy locks.
I will then discuss and compare some of the mobile platform security architectures in more detail. All of them make use of several common techniques that date back several decades but have also adapted them for the particular needs of the mobile device setting. I will present a common framework and highlight some of the different design choices made in different platform security architectures.
I will conclude by pointing out some open problems.

The Speaker: N. Asokan ( is a Professor of Computer Science at the University of Helsinki. Until recently, he was a Distinguished Researcher at Nokia Research Center where he led the Security and Networking Protocols research group. Asokan received his doctorate in Computer Science from the University of Waterloo.

Defensive Leakage Camouflage
David Naccache

We consider the transfer of digital data over a leaky communication channel, that releases side-channel emissions and prevent the attacker from accurately measuring these emissions.
The method pairs each secret key k with a camouflage value v and simultaneously transmits both k and v over the channel. This releases an emission e(k,v). We wish to select the camouflage values v(k) as a function of k in a way that makes the quantities e(k,v(k)) as indistinguishable as possible.
We model the problem and show that optimal camouflage values can be effectively derived from a limited amount of a priori measures over emission traces (just as the attacker will do), under very weak physical assumptions. Consequently, the model is applicable across a wide range of readily available technologies.
We propose a statistical analysis of camouflage, in one, two and more dimensions. We discuss algorithms for inferring the best camouflage values from actual emission traces. Our algorithms are efficient for low dimensions (say up to 4) and heuristic beyond.
We provide some experimental results obtained on some memories, buses and IO emissions from other tamper-proof black-boxes.

The Speaker: David Naccache is a cryptographer, currently a professor at the Pantheon-Assas Paris II University and member of the École normale supérieure's Computer Laboratory. He is also a visiting professor at Royal Holloway University of London's Information Security Group. He received his Ph.D. in 1995 from the École nationale supérieure des télécommunications. Naccache's most notable work includes the design of the SHACAL block ciphers with Helena Handschuh as well as substantial work in public-key cryptography, including the cryptanalysis of digital signature schemes. Together with Jacques Stern he designed the similarly named but very distinct Naccache-Stern cryptosystem and Naccache-Stern knapsack cryptosystem.