research-article

Implementation of Revocable Keyed-Verification Anonymous Credentials on Java Card

Authors:

Raúl Casanova-Marqués,

Jan HajnyAuthors Info & Claims

ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and Security

Article No.: 140, Pages 1 - 8

https://doi.org/10.1145/3538969.3543798

Published: 23 August 2022 Publication History

Abstract

Java Card stands out as a good choice for the development of smart card applications due to the high interoperability between different manufacturers, its security, and wide support of cryptographic algorithms. Despite extensive cryptographic support, current Java Cards do not support non-standard cryptographic algorithms such as post-quantum, secure-multiparty computations, and privacy-enhancing cryptographic schemes. Moreover, Java Card is restricted by the Application Programming Interface (API) in algebraic operations, which are the foundation of modern cryptographic schemes. This paper addresses the issue of developing these modern schemes by exploiting the limited cryptographic API provided by these types of cards. We show how to (ab)use the Java Card’s API to perform modular arithmetic operations, as well as basic operations on elliptic curves. Furthermore, we implement an attribute-based privacy-enhancing scheme on an off-the-shelf Java Card. To do so, we use our cryptographic API and several optimization techniques to make the scheme as efficient as possible. To demonstrate the practicality of our solution, we present the implementation results and benchmark tests.

References

[1]

Paulo S. L. M. Barreto and Michael Naehrig. 2006. Pairing-Friendly Elliptic Curves of Prime Order. In Selected Areas in Cryptography. Springer Berlin Heidelberg, Berlin, Heidelberg, 319–331. https://doi.org/10.1007/11693383_22

Digital Library

[2]

Jens Bender, Marc Fischlin, and Dennis Kügler. 2009. Security Analysis of the PACE Key-Agreement Protocol. In Information Security. Springer Berlin Heidelberg, Berlin, Heidelberg, 33–48. https://doi.org/10.1007/978-3-642-04474-8_3

Digital Library

[3]

Patrik Bichsel, Jan Camenisch, Thomas Groß, and Victor Shoup. 2009. Anonymous Credentials on a Standard Java Card. In Proceedings of the 16th ACM Conference on Computer and Communications Security. ACM Press, Chicago, Illinois, USA, 600–610. https://doi.org/10.1145/1653662.1653734

Digital Library

[4]

Jan Camenisch, Manu Drijvers, Petr Dzurenda, and Jan Hajny. 2019. Fast Keyed-Verification Anonymous Credentials on Standard Smart Cards. In ICT Systems Security and Privacy Protection. Springer International Publishing, Cham, 286–298. https://doi.org/10.1007/978-3-030-22312-0_20

[5]

Petr Dzurenda, Jan Hajny, Lukas Malina, and Sara Ricci. 2017. Anonymous Credentials with Practical Revocation using Elliptic Curves. In Proceedings of the 14th International Joint Conference on e-Business and Telecommunications. SCITEPRESS - Science and Technology Publications, Madrid, Spain, 534–539. https://doi.org/10.5220/0006467705340539

[6]

Petr Dzurenda, Sara Ricci, Jan Hajny, and Lukas Malina. 2017. Performance Analysis and Comparison of Different Elliptic Curves on Smart Cards. In 2017 15th Annual Conference on Privacy, Security, and Trust (PST). IEEE, Calgary, AB, 365–36509. https://doi.org/10.1109/PST.2017.00050

[7]

Federal Office for Information Security (BSI) 2008. Advanced Security Mechanism for Machine Readable Travel Documents – Extended Access Control (EAC), Password Authenticated Connection Establishment (PACE), and Restricted Identification (RI), BSI-TR-03110 (2 ed.). Federal Office for Information Security (BSI).

[8]

Jan Hajny, Petr Dzurenda, Raúl Casanova-Marqués, and Lukas Malina. 2021. Privacy ABCs: Now Ready for Your Wallets!. In 2021 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops). IEEE, Kassel, Germany, 686–691. https://doi.org/10.1109/PerComWorkshops51409.2021.9431139

[9]

Jan Hajny, Petr Dzurenda, and Lukas Malina. 2014. Privacy-PAC: Privacy-Enhanced Physical Access Control. In Proceedings of the 13th Workshop on Privacy in the Electronic Society. ACM, Scottsdale Arizona USA, 93–96. https://doi.org/10.1145/2665943.2665969

Digital Library

[10]

Jan Hajny, Petr Dzurenda, and Lukas Malina. 2015. Attribute-based credentials with cryptographic collusion prevention. Security and Communication Networks 8, 18 (December 2015), 3836–3846. https://doi.org/10.1002/sec.1304

Digital Library

[11]

Jan Hajny and Lukas Malina. 2013. Unlinkable Attribute-Based Credentials with Practical Revocation on Smart-Cards. In Smart Card Research and Advanced Applications. Springer Berlin Heidelberg, Berlin, Heidelberg, 62–76. https://doi.org/10.1007/978-3-642-37288-9_5

Digital Library

[12]

Lukas Malina, Petr Dzurenda, Jan Hajny, and Zdenek Martinasek. 2018. Assessment of Cryptography Support and Security on Programmable Smart Cards. In 2018 41st International Conference on Telecommunications and Signal Processing (TSP). IEEE, Athens, 1–5. https://doi.org/10.1109/TSP.2018.8441334

[13]

Lukas Malina and Jan Hajny. 2011. Accelerated Modular Arithmetic for Low-Performance Devices. In 2011 34th International Conference on Telecommunications and Signal Processing (TSP). IEEE, Budapest, Hungary, 131–135. https://doi.org/10.1109/TSP.2011.6043757

[14]

Lukas Malina and Jan Hajny. 2014. Efficient Modular Multiplication for Programmable Smart-Cards. Telecommunication Systems 55, 4 (April 2014), 491–498. https://doi.org/10.1007/s11235-013-9804-0

Digital Library

[15]

Vasilios Mavroudis and Petr Svenda. 2018. Towards Low-level Cryptographic Primitives for JavaCards. CoRR abs/1810.01662(2018), 16 pages. arXiv:1810.01662

[16]

Vasilios Mavroudis and Petr Svenda. 2020. JCMathLib: Wrapper Cryptographic Library for Transparent and Certifiable JavaCard Applets. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, Genoa, Italy, 89–96. https://doi.org/10.1109/EuroSPW51379.2020.00022

[17]

Wojciech Mostowski and Pim Vullers. 2012. Efficient U-Prove Implementation for Anonymous Credentials on Smart Cards. In Security and Privacy in Communication Networks. Springer Berlin Heidelberg, Berlin, Heidelberg, 243–260. https://doi.org/10.1007/978-3-642-31909-9_14

[18]

Michaël Sterckx, Benedikt Gierlichs, Bart Preneel, and Ingrid Verbauwhede. 2009. Efficient implementation of anonymous credentials on Java Card smart cards. In 2009 First IEEE International Workshop on Information Forensics and Security (WIFS). IEEE, London, 106–110. https://doi.org/10.1109/WIFS.2009.5386474

[19]

Petr Svenda. 2013. JavaCard Algorithm Test: Detailed analysis of cryptographic smart cards running with JavaCard platform.https://github.com/crocs-muni/JCAlgTest.

[20]

Hendrik Tews. 2010. OV-Chip 2.0 Hacker’s Guide. https://www.sos.cs.ru.nl/ovchip/.

[21]

Pim Vullers and Gergely Alpár. 2013. Efficient Selective Disclosure on Smart Cards Using Idemix. In Policies and Research in Identity Management. Springer Berlin Heidelberg, Berlin, Heidelberg, 53–67. https://doi.org/10.1007/978-3-642-37282-7_5

Cited By

Dzurenda PRicci SIlgner PMalina LAnglès-Tafalla C(2023)Privacy-Preserving Solution for European Union Digital Vaccine CertificatesApplied Sciences10.3390/app13191098613:19(10986)Online publication date: 5-Oct-2023
https://doi.org/10.3390/app131910986
Dufka AŠvenda P(2023)Enabling Efficient Threshold Signature Computation via Java Card APIProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3600180(1-10)Online publication date: 29-Aug-2023
https://dl.acm.org/doi/10.1145/3600160.3600180

Index Terms

Implementation of Revocable Keyed-Verification Anonymous Credentials on Java Card
1. Security and privacy
  1. Security services

Recommendations

Scalable Revocation Scheme for Anonymous Credentials Based on n-times Unlinkable Proofs
WPES '16: Proceedings of the 2016 ACM on Workshop on Privacy in the Electronic Society

We propose the first verifier-local revocation scheme for privacy-enhancing attribute-based credentials (PABCs) that is practically usable in large-scale applications, such as national eID cards, public transportation and physical access control ...
Privacy-Enhancing Proxy Signatures from Non-interactive Anonymous Credentials
DBSec 2014: Proceedings of the 28th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy XXVIII - Volume 8566

Proxy signatures enable an originator to delegate the signing rights for a restricted set of messages to a proxy. The proxy is then able to produce valid signatures only for messages from this delegated set on behalf of the originator. Recently, two ...
Algebraic MACs and Keyed-Verification Anonymous Credentials
CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

We consider the problem of constructing anonymous credentials for use in a setting where the issuer of credentials is also the verifier, or more generally where the issuer and verifier have a shared key. In this setting we can use message authentication ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and Security

August 2022

1371 pages

ISBN:9781450396707

DOI:10.1145/3538969

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 August 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

European Union?s Horizon 2020 Research and Innovation programme under the Marie Sklodowska Curie
Ministry of the Interior of the Czech Republic

Conference

ARES 2022

ARES 2022: The 17th International Conference on Availability, Reliability and Security

August 23 - 26, 2022

Vienna, Austria

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
96
Total Downloads

Downloads (Last 12 months)24
Downloads (Last 6 weeks)1

Reflects downloads up to 13 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Dzurenda PRicci SIlgner PMalina LAnglès-Tafalla C(2023)Privacy-Preserving Solution for European Union Digital Vaccine CertificatesApplied Sciences10.3390/app13191098613:19(10986)Online publication date: 5-Oct-2023
https://doi.org/10.3390/app131910986
Dufka AŠvenda P(2023)Enabling Efficient Threshold Signature Computation via Java Card APIProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3600180(1-10)Online publication date: 29-Aug-2023
https://dl.acm.org/doi/10.1145/3600160.3600180

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Figures

Tables

Media

View Table of Conten