Andriana Gkaniatsou
Mon 02 Mar 2015, 14:00 - 15:00
Informatics Forum (IF-4.31/4.33)

If you have a question about this talk, please contact: Suzanne Perry (sperry)

Smart-cards are seen as one of the most secure, tamper-proof, and trusted devices for implementing confidential operations, such as secure log-in, for financial, communication, security and data management purposes.

These operations typically involve communication between smart-cards and third-party systems. Such communication must be secure, and developers usually prefer proprietary implementations which create the illusion of security as hide the cards code.

In this talk we will present REPROVE, an automated system that reverse-engineers the communication trace and deduces the card's functionalities. REPROVE does not require access to the card, and deals with both inter-industry and proprietary implementations. We will discuss some specifications of REPROVE,  the evaluation tests and the results we obtained.