Filters








3 Hits in 2.5 sec

Attacking GlobalPlatform SCP02-compliant Smart Cards Using a Padding Oracle Attack

Gildas Avoine, Loïc Ferreira
2018 Transactions on Cryptographic Hardware and Embedded Systems  
We describe in this paper how to perform a padding oracle attack against the GlobalPlatform SCP02 protocol.  ...  SCP02 is implemented in smart cards and used by transport companies, in the banking world and by mobile network operators (UICC/SIM cards).  ...  Acknowledgments We thank the anonymous reviewers and especially Kerstin Lemke-Rust for their valuable comments, and Jean-Louis Lanet for telling us about the OPAL library.  ... 
doi:10.13154/tches.v2018.i2.149-170 dblp:journals/tches/AvoineF18 fatcat:alymnwxugrevrakcpk6tq2nldq

The Long and Winding Path to Secure Implementation of GlobalPlatform SCP10

Daniel De Almeida Braga, Pierre-Alain Fouque, Mohamed Sabt
2020 Transactions on Cryptographic Hardware and Embedded Systems  
GlobalPlatform (GP) card specifications are defined for smart cards regarding rigorous security requirements.  ...  We provide a full implementation of these attacks. For instance, an attacker can get the freshly generated session keys in less than three hours.  ...  We would like to thank Gil Bernabeu, the Technical Director of GlobalPlatform, for his responsiveness regarding the identified vulnerabilities.  ... 
doi:10.13154/tches.v2020.i3.196-218 dblp:journals/tches/BragaFS20 fatcat:dh5cieht2jcfdojvyz4nujsbl4

Cryptanalysis of GlobalPlatform Secure Channel Protocols [chapter]

Mohamed Sabt, Jacques Traoré
2016 Lecture Notes in Computer Science  
GlobalPlatform (GP) card specifications are the de facto standards for the industry of smart cards. Being highly sensitive, GP specifications were defined regarding stringent security requirements.  ...  First, we demonstrate a theoretical attack against SCP02, which is the most popular protocol in the SCP family.  ...  We define four actors to describe the plot of the attack: (1) a trusted service manager (TSM) who owns a security domain on a smart card; (2) a victim who uses the said smart card to execute some critical  ... 
doi:10.1007/978-3-319-49100-4_3 fatcat:u4vfrzmgefevfd56xl3n2juugm