Breaking Card: Reverse-Engineering the Smart-Card Application Protocol Data Unit

4 November 2015, 2.00 PM - 4 November 2015, 3.00 PM

Andriana Gkaniatsou, Edinburgh

MVB 0.03, Merchant Venturers Building, Woodland Road

Smart-Cards are considered as one of the most secure, trusted and tamper-resistant devices for performing cryptographic operations. The commonly used PKCS#11 standard defines the API for cryptographic devices such as smart-cards. Though there has been work on formally verifying the correctness of the implementation of PKCS#11 in the API level, little or none attention has been paid on the low-level protocols that implement it. We will present REPROVE the first automated tool that reverse-engineers the low-level communication between a smart-card and a reader, deduces the card's functionalities and maps that communication to PKCS#11 functions. REPROVE is implementation practice independent and does not require access to the card nor to its API.

Edit this page