We have been researching on smart cards, protocols, applications and associated security issues since the very early days (2002) of the SCC. In this research thread, we have examined various payment protocols based on smart cards, algorithms for SIMs on mobile phones, all the way to providing countermeasures for side-channel attacks on smart card microprocessors. Additionally, we also looked into a secure application on Java Card runtime environments. The important observation is that, although the smart card form factor may become extinct shortly, the underlying hardware and software smart card based microprocessor principles have high applicability in IoT devices.
Application execution in Java cards is vulnerable to attacks that modify the flow of execution. If an attacker can successfully perform such an attack, then even relatively effective security countermeasures will be rendered ineffective. Such attacks are common, especially on embedded devices when the device might be in the possession of a malicious user. To counter such attacks, in which a malicious user tries to modify the data related to an application execution maintained by the runtime environment, we have proposed a modification to the architecture of the Java Card runtime environment along with a set of countermeasures to prevent most of the associated state-of-the-art attacks.
Smart Card Web Server
We have investigated the use of the Smart Card Web Server which provides web functionality on a SIM. Proposed applications have included remote e-voting, privacy-preserving payments, branchless banking, online and offline authentication.