
OpenCrypto: Unchaining the JavaCard Ecosystem - dc352
https://dan.enigmabridge.com/black-hat-2017-usa-opencrypto-unchaining-the-javacard-ecosystem/
======
jfim
It's a pretty cool hack to reuse crypto primitives in order to implement some
operations.

If you're not very familiar with JavaCard and why this would be noteworthy,
JavaCard is basically a very stripped-down version of Java that only bears
some similarity to regular Java SE. Amongst these limitations is a very
stripped down standard library (there is no java.lang.String for example),
only a few types (byte, short and arrays of bytes, support for int is
optional, no support for char, long, double, float, etc.) and no garbage
collection (so everything is preallocated at program start, including
exceptions).

Given these limitations, implementing newer crypto algorithms is quite a feat.

------
HuangShi
I don't know very much about this field - what are the major uses of JavaCard
other than in SIM cards?

Or are SIM cards where this OpenCrypto would be most useful for
makers/researchers?

~~~
closeparen
Smart Cards used for military/corporate computer authentication and facility
access, some transit systems, some purpose-specific stored value cards (like
bike locker rental at BART stations), then of course chip credit/debit cards.

Anywhere you want the user's credential to have some intelligence (sign
challenges under specific circumstances, credit and debit a balance without
any central database in the loop, etc) but be highly resistant to data
tampering/exfiltration (like inflating the balance or copying the key) by its
bearer.

~~~
robterrin
I used to implement smart card as Personal Identity Verification for Federal
employees. It was required by a regulation driven by the post 9/11 Bush era
called HSPD-12 (Homeland Security Presidential Directive - 12).

It was a real boon to the DC area technology consulting business. Timed well
with stimulus in the post crash crisis as well. Lots of investment in this
technology (reminiscent of the Secret History of Silicon Valley) and surprised
it has taken this long to get to finance and other uses.

I think one problem is smart cards were timed with the take off of mobile.
They weren't very mobile friendly and seemed kind of redundant, but I prefer
them to a fingerprint scanner on the iphone or galaxy.

Excited to see where this goes.

