The adoption rate of JavaCard features by certified products and open-source projects

Result code in IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F24%3A00135434" target="_blank" >RIV/00216224:14330/24:00135434 - isvavai.cz</a>

Result on the web

<a href="https://crocs.fi.muni.cz/_media/publications/pdf/2023-cardis-javacard.pdf" target="_blank" >https://crocs.fi.muni.cz/_media/publications/pdf/2023-cardis-javacard.pdf</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1007/978-3-031-54409-5_9" target="_blank" >10.1007/978-3-031-54409-5_9</a>

Result language

angličtina

Original language name

The adoption rate of JavaCard features by certified products and open-source projects

Original language description

JavaCard is the most prevalent platform for cryptographic smartcards nowadays. Despite having more than 20 billion smartcards shipped with it and thirteen revisions since the JavaCard API specification was first published more than two decades ago, uptake of newly added features, cryptographic algorithms or their parameterizations, and systematic analysis of overall activity is missing. We fill this gap by mapping the activity of the JavaCard ecosystem from publicly available sources with a focus on 1) security certification documents available under Common Criteria and FIPS140 schemes and 2) activity and resources required by JavaCard applets released in an open-source domain. The analysis performed on all certificates issued between the years 1997-2023 and on more than 200 public JavaCard applets shows that new features from JavaCard specification are adopted slowly, typically taking six or more years. Open-source applets utilize new features even later, likely due to the unavailability of recent performant smartcards in smaller quantities. Additionally, almost 70% of constants defined in JavaCard API specification are completely unused in open-source applets. The applet portability improves with recent cards, and transient memory requirements (scarce resource on smartcards) are typically small. While twenty or more products have been consistently certified every year since 2009, the open-source ecosystem became more active around 2013 but seemed to decline in the past two years. As a result, the whole smartcard ecosystem might be negatively impacted by limited exposure to new ideas and usage scenarios, serving only well-established domains and potentially harming its long-term competitiveness.

Czech name

—

Czech description

—

Type

D - Article in proceedings

CEP classification

—

OECD FORD branch

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Project

<a href="/en/project/VJ02010010" target="_blank" >VJ02010010: Tools for AI-enhanced Security Verification of Cryptographic Devices</a><br>

Continuities

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Publication year

2024

Confidentiality

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Article name in the collection

Smart Card Research and Advanced Applications

ISBN

9783031544088

ISSN

0302-9743

e-ISSN

—

Number of pages

21

Pages from-to

169-189

Publisher name

Springer, Cham

Place of publication

Springer Nature Switzerland

Event location

Amsterdam, The Netherlands

Event date

Jan 1, 2024

Type of event by nationality

WRD - Celosvětová akce

UT code for WoS article

001255169500009