New reliese of Java Card 3.0.5, Classic Edition from Oracle

One more proof of that security becomes so important. New release of Java Card 3.0.5, Classic Edition become available in June 2015. Let's have a look briefly what is new especially in security enforcement...

Package	Class/Interface		What is new?
javacard.framework
	APDU		New constants to support JIS X 6319-4:2010 transport protocol Type F and Transport protocol Media - APDU over HCI defined for the APDU gate in ETSI TS 102 622 respectively.
	OwnerPINBuilder		This class is factory for Owner PIN object
	OwnerPINx		This interface represents an Owner PIN, extends Personal Identification Number functionality as defined in the PIN interface, and provides the ability to update the PIN, update the try limit and try counter and thus owner functionality.
	OwnerPINxWithPredecrement		This interface extends the OwnerPINx interface, to support the decrementing of the tries counter before any PIN validation attempts.
	SensitiveArrays		This class provides methods for creating and handling integrity-sensitive array objects.
	Util		New methods arrayFill which fills an array in an atomic way and arrayEqual which compares two arrays.
javacard.security
	DHKey		These interfaces support Diffie-Hellman modular exponentiation.
	DHPrivateKey
	DHPublicKey
	KeyBuilder		Additional support of Domain Data Conservation for Diffie-Hellman, Elliptic Curve and DSA keys.
	Signature		oneShot method to support efficient one-shot, signing and verification verifyPreComputedHash method to support verification of pre-computed hash. New constants to support plain ECDSA and AES CMAC signature algorithm.
	RandomData		OneShot()method to support efficient one-shot random number generation getAlgorithm() nextBytes() New mode ALG_FAST, ALG_KEY_GENERATION, ALG_PRESEEDED_DRBG, ALG_TRNG
	MessageDigest		Added new constants to support SHA3(224, 256, 384, 512)
javacardx.apdu.util
	APDUUtil		Contains utility functions to parse CLA byte from a command APDU.
javacardx.biometry1toN
			Functionality for implementing a 1:N biometric framework .
javacardx.crypto
		Cipher	Added new constants to support SHA3(224, 256, 384, 512) OneShot()method to support efficient one-shot cryptographic operations. New constant to support a cipher using AES in counter (CTR) mode. New constants  to extend PKCS#1-OAEP scheme support to SHA224, SHA256, SHA384 and SHA512
		AEADCipher	To support Authenticated Encryption with Associated Data (AEAD) ciphers. Only GCM and CCM modes of operation for AES are supported in this version.
javacardx.security
			Functionality, for implementing security countermeasures to protect security relevant applet assets on the Java Card platform.
		SensitiveResult	Class which provides methods for asserting results of sensitive functions.
javacardx.framework.util
		ArrayLogic	arrayFillGeneric and arrayFillGenericNonAtomic  methods added

One more thing I forgot to mention is RSA 3K now supported.

Not so bad, right? Well let see than a first product will become avalible on a market…

https://blogs.oracle.com/ericv/entry/java_card_3_0_5

Stay tuned!

Embedded Security - become a very important and hot topic today. How about you? Are you ready for a new challenges?

Today here and there people discussing importance of overall product security. More and more electronic devices become connected with each other through a public networks. IoT brings this new trend in our life. Apart of IoT there are plenty of other devices which supports connectivity but may have no access to public networks. All of them anyhow can be accessed by potential attackers who might want to still your private information or data which might be sensitive to you. Moreover they could change behaviour of your device in such way that at least bring you a lot of problems and even might be dangerous for your life (health care devices for example).

There two aspects of embedded security: SW and HW. What is important to understand, is that they are both could not be developed without taking into account specificities of each other. Otherwise overall security will become Inefficient. To better understand influence of SW security and possible weakness in its implementation designer and developer must closely work with HW developer and be able to analyse HW behaviour when it is driven by his SW. Usually this kind of equipment cost a lot (thousands kilo $) and only big companies can have it at their RnD department. But things are changing and people start to think about that more and more. One of a good example I found recently on www.kickstarter.com is ChipWhisperer.

ChipWhisperer and target board

"The objective of ChipWhisperer is nothing short of revolutionizing the entire embedded security industry. Every designer who uses encryption in their design should be able to perform a side-channel attack, and understand the ramifications of these attacks on their designs."

Here are some videos about subj:

Introduction

VCC Glitching example

Stay tuned!