SlideShare a Scribd company logo
1 of 18
Problem and Improvement of the Composition Documents
for Smart Card Composed Product Evaluation
September 10, 2013
Jeonghoon Han (1st Author)
TTA (Telecommunications Technology
Association), CIST (Center for Information
Security Technologies) of Korea University
jhhan@tta.or.kr
Seungjoo Kim (Corresponding Author)
CIST (Center for Information Security
Technologies) of Korea University
skim71@korea.ac.kr
01. Introduction
02. Problems
03. Improvement
Introduction
4
Introduction
About me…
Senior Research Engineer (jhhan@tta.or.kr)
Information Security Evaluation Department, Software Testing & Certification Laboratory
TTA (Telecommunications Technology Association)
PhD Course (xbtion4ever@korea.ac.kr)
CIST (Center for Information Security Technology), Korea University
Corresponding Author (Professor. Seungjoo Kim, skim71@korea.ac.kr)
CIST (Center for Information Security Technology), Korea University
5
Introduction
About COMP…
Booklet
Antenna
IC Chip
6
Introduction
About presentation…
Problems(difficulties) in composite documents
Insufficient information…
- No exceptional cases of mandatory implementation requirements
- No way to verify integrity of certified platform TOE’s software library
Improving problems of composite documents
Need to provide information about exceptional cases and integrity…
- To avoid applying unnecessary countermeasures of crypto functions
- To confirm that certified platform TOE’s configuration is not modified
Problems
8
Problems - #1
ETR_COMP (from the platform TOE evaluation facility)
SAN (Security Application Note, from the platform TOE manufacturer)
Above composite documents enforce to apply the following countermeasure
against perturbation attack on DES.
“It is MANDATORY to perform DES decryption after DES encryption (or DES encryption after
DES decryption) and to compare the result with initial data before sending the result out in order
to ensure that no error occurred during the encryption (or decryption)”
If application developer can analyze attack potential about perturbation attack,
it is easy to determine whether to apply the countermeasure. However,
unfortunately, most developers can not do that.
So when evaluating smart card composite product, we have some difficulties.
In next slide, let me show you a case of the BAC mechanism in MRTD.
9
Problems - #1
Inspection System
(IFD, InterFace Device)
e-Passport
(ICC, Integrated Circuit Card)
GET CHALLENGE
Generate RND.ICC
RND.ICC
Generate RND.IFD, K.IFD
S = RND.IFD || RND.ICC || K.IFD
E_IFD = EK_ENC(S)
M_IFD = MACK_MAC(E_IFD)
MUTUAL AUTHENTICATION
(E_IFD || M_IFD)
Verify MAC (M_IFD)
Decrypt E_IFD → Verify RND.ICC
Generate K.ICC
R = RND.ICC || RND.IFD || K.ICC
E_ICC = EK_ENC(R)
M_ICC = MACK_MAC(E_ICC)
E_ICC || M_ICC
Verify MAC (M_ICC)
Decrypt E_ICC → Verify RND.IFD
Authentication and Key Establishment
(ISO/IEC 11770-2 Key Establishment Mechanism 6 using 3DES)
Key Derivation Mechanism
(Doc 9303 MRTD Part 1 - APPENDIX 5, 6)
K_ENC (c=‘00000001’)
K_MAC (c=‘00000002’)
10
Problems - #1
When attacker has a victims’ MRTD,
The attacker doesn’t need to perform perturbation attack because he(or she)
can read easily victim’s private information of the MRTD booklet.
When attacker doesn’t have a victims’ MRTD,
The attacker can’t operate BAC mechanism because he(or she) doesn’t know
MRZ information.
Although the attacker know MRZ information, it is unfeasible for the attacker
to perform perturbation attack on victims’ MRTD in real environment (e.g.
immigration inspection in the airport)
In conclusion, application developers don’t need to apply the
countermeasure against a perturbation attack on 3DES.
11
Problems - #2
Generally platform TOE includes software libraries related to
cryptographic functions. Composite product evaluator shall
confirm platform TOE’s integrity about that certified configuration
is not modified.
However, there is not proper method to verify an integrity of the
software libraries.
- Composite documents provide only version number of the
software libraries
- Version number is not sufficient to confirm that certified
platform TOE’s configuration is not modified
Improvement
13
Improvement
For improving the problem #1
It is inappropriate that the composition documents specify all
possible exceptions. But, if following information is included in
the SAN, it could be very helpful to application developers.
Application Note:
Application developer could determine whether to apply the
countermeasure as an attack potential in composite product’s
operational environment.
1. Necessity of perturbation attack
2. Possibility for an attacker to operate TOE’s security features
3. Exploitability of obtained secret information, if 2nd step is possible
14
Improvement
For improving the problem #2
Most of software products provide a verification method of its
integrity. (e.g. checksum or hash value of original image file)
To verify an integrity of the IC chip’s software libraries,
composition documents (ETR_COMP) should provide
checksum(or hash) value and calculation method.
(Example)
Checksum:
85FF1D426F37C1B6067DBE834A2A76B543E5CA87617F395B
428B1DFB1B761C47
Calculation method: SHA256
References & Bio
16
References
[01] Doc9303 “Machine Readable Travel Documents” Part1 “Machine
Readable Passports” Volume 2 “Specification for Electronically
Enabled Passports with Biometric Identification Capability” Sixth
Edition, International Civil Aviation Organization(ICAO), August 2006
[02] Composite product evaluation for Smartcards and similar devices
Version 1.2, CCDB-2012-04-01, April 2012
[03] Application of Attack Potential to Smartcard Version 2.8, CCDB-
2012-04-002, April 2012
17
Bio
Jeonghoon Han
E-mail: jhhan@tta.or.kr
Jeonghoon Han received his B.S. (2007), M.S. (2009) in computer engineering from Sungkyunkwan University (SKKU) in Korea.
After MS degree, He had worked at Korea Internet & Security Agency (KISA) from 2009 to 2011. At present, He is working for
Telecommunications Technology Association (TTA) as CC evaluator and studying for information assurance under PhD course at
Center for Information Security Technologies (CIST) of Korea University (KU). His research interests include side channel
analysis, reverse engineering and information assurance.
Seungjoo Kim (Corresponding Author)
E-mail: skim71@korea.ac.kr
Homepage: www.kimlab.net
Facebook, Twitter: @skim71
Prof. Seungjoo Kim received his B.S. (1994), M.S. (1996), and Ph.D. (1999) in information engineering from Sungkyunkwan
University (SKKU) in Korea. Prior to joining the faculty at Korea University (KU) in 2011, He served as Assistant & Associate
Professor of School of Information and Communication Engineering at SKKU for 7 years. Before that, He served as Director of
the Cryptographic Technology Team and the (CC-based) IT Security Evaluation Team of the Korea Information Security Agency
(KISA) for 5 years. Now he is Full Professor of Graduate School of Information Security at KU, and a member of KU's Center for
Information Security Technologies (CIST). Also, He has served as an executive committee member of Korean E-Government,
and advisory committee members of several public and private organizations such as National Intelligence Service of Korea,
Digital Investigation Advisory Committee of Supreme Prosecutors' Office, Ministry of Justice, The Bank of Korea, ETRI(Electronic
and Telecommunication Research Institute), and KISA, etc. His research interests include cryptography, information security and
information assurance.
Problem and Improvement of the Composition Documents for Smart Card Composed Product Evaluation

More Related Content

What's hot

Survey of Clustering Based Detection using IDS Technique
Survey of Clustering Based Detection using   IDS Technique Survey of Clustering Based Detection using   IDS Technique
Survey of Clustering Based Detection using IDS Technique IRJET Journal
 
IRJET- Secure Online Payment with Facial Recognition using CNN
IRJET-  	  Secure Online Payment with Facial Recognition using CNNIRJET-  	  Secure Online Payment with Facial Recognition using CNN
IRJET- Secure Online Payment with Facial Recognition using CNNIRJET Journal
 
Analysis of network_security_threats_and_vulnerabilities_by_development__impl...
Analysis of network_security_threats_and_vulnerabilities_by_development__impl...Analysis of network_security_threats_and_vulnerabilities_by_development__impl...
Analysis of network_security_threats_and_vulnerabilities_by_development__impl...Tương Hoàng
 
IDS - Fact, Challenges and Future
IDS - Fact, Challenges and FutureIDS - Fact, Challenges and Future
IDS - Fact, Challenges and Futureamiable_indian
 
Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5madunix
 
An intrusion detection system for packet and flow based networks using deep n...
An intrusion detection system for packet and flow based networks using deep n...An intrusion detection system for packet and flow based networks using deep n...
An intrusion detection system for packet and flow based networks using deep n...IJECEIAES
 
AI for Cybersecurity Innovation
AI for Cybersecurity InnovationAI for Cybersecurity Innovation
AI for Cybersecurity InnovationPete Burnap
 
Utilizing Data Mining Approches in the Detection of Intrusion in IPv6 Network...
Utilizing Data Mining Approches in the Detection of Intrusion in IPv6 Network...Utilizing Data Mining Approches in the Detection of Intrusion in IPv6 Network...
Utilizing Data Mining Approches in the Detection of Intrusion in IPv6 Network...IDES Editor
 
NETWORK INTRUSION DATASETS USED IN NETWORK SECURITY EDUCATION
NETWORK INTRUSION DATASETS USED IN NETWORK SECURITY EDUCATIONNETWORK INTRUSION DATASETS USED IN NETWORK SECURITY EDUCATION
NETWORK INTRUSION DATASETS USED IN NETWORK SECURITY EDUCATIONIJITE
 
Audio Steganography java project
Audio Steganography java projectAudio Steganography java project
Audio Steganography java projectTutorial Learners
 
IRJET- Security in Ad-Hoc Network using Encrypted Data Transmission and S...
IRJET-  	  Security in Ad-Hoc Network using Encrypted Data Transmission and S...IRJET-  	  Security in Ad-Hoc Network using Encrypted Data Transmission and S...
IRJET- Security in Ad-Hoc Network using Encrypted Data Transmission and S...IRJET Journal
 
A comparitive analysis of wireless security protocols (wep and wpa2)
A comparitive analysis of wireless security protocols (wep and wpa2)A comparitive analysis of wireless security protocols (wep and wpa2)
A comparitive analysis of wireless security protocols (wep and wpa2)pijans
 
The Challenges, Gaps and Future Trends: Network Security
The Challenges, Gaps and Future Trends: Network SecurityThe Challenges, Gaps and Future Trends: Network Security
The Challenges, Gaps and Future Trends: Network SecurityDeris Stiawan
 
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...IRJET Journal
 
IRJET- - Implementation of a Secured Approach using Dynamic Key Managemen...
IRJET- -  	  Implementation of a Secured Approach using Dynamic Key Managemen...IRJET- -  	  Implementation of a Secured Approach using Dynamic Key Managemen...
IRJET- - Implementation of a Secured Approach using Dynamic Key Managemen...IRJET Journal
 
IRJET- Implementation of Artificial Intelligence Methods to Curb Cyber Assaul...
IRJET- Implementation of Artificial Intelligence Methods to Curb Cyber Assaul...IRJET- Implementation of Artificial Intelligence Methods to Curb Cyber Assaul...
IRJET- Implementation of Artificial Intelligence Methods to Curb Cyber Assaul...IRJET Journal
 
Slide Deck CISSP Class Session 7
Slide Deck CISSP Class Session 7Slide Deck CISSP Class Session 7
Slide Deck CISSP Class Session 7FRSecure
 
Cloud Data Security using Elliptic Curve Cryptography
Cloud Data Security using Elliptic Curve CryptographyCloud Data Security using Elliptic Curve Cryptography
Cloud Data Security using Elliptic Curve CryptographyIRJET Journal
 

What's hot (20)

Survey of Clustering Based Detection using IDS Technique
Survey of Clustering Based Detection using   IDS Technique Survey of Clustering Based Detection using   IDS Technique
Survey of Clustering Based Detection using IDS Technique
 
IRJET- Secure Online Payment with Facial Recognition using CNN
IRJET-  	  Secure Online Payment with Facial Recognition using CNNIRJET-  	  Secure Online Payment with Facial Recognition using CNN
IRJET- Secure Online Payment with Facial Recognition using CNN
 
Analysis of network_security_threats_and_vulnerabilities_by_development__impl...
Analysis of network_security_threats_and_vulnerabilities_by_development__impl...Analysis of network_security_threats_and_vulnerabilities_by_development__impl...
Analysis of network_security_threats_and_vulnerabilities_by_development__impl...
 
IDS - Fact, Challenges and Future
IDS - Fact, Challenges and FutureIDS - Fact, Challenges and Future
IDS - Fact, Challenges and Future
 
Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5
 
An intrusion detection system for packet and flow based networks using deep n...
An intrusion detection system for packet and flow based networks using deep n...An intrusion detection system for packet and flow based networks using deep n...
An intrusion detection system for packet and flow based networks using deep n...
 
AI for Cybersecurity Innovation
AI for Cybersecurity InnovationAI for Cybersecurity Innovation
AI for Cybersecurity Innovation
 
Utilizing Data Mining Approches in the Detection of Intrusion in IPv6 Network...
Utilizing Data Mining Approches in the Detection of Intrusion in IPv6 Network...Utilizing Data Mining Approches in the Detection of Intrusion in IPv6 Network...
Utilizing Data Mining Approches in the Detection of Intrusion in IPv6 Network...
 
NETWORK INTRUSION DATASETS USED IN NETWORK SECURITY EDUCATION
NETWORK INTRUSION DATASETS USED IN NETWORK SECURITY EDUCATIONNETWORK INTRUSION DATASETS USED IN NETWORK SECURITY EDUCATION
NETWORK INTRUSION DATASETS USED IN NETWORK SECURITY EDUCATION
 
Audio Steganography java project
Audio Steganography java projectAudio Steganography java project
Audio Steganography java project
 
IRJET- Security in Ad-Hoc Network using Encrypted Data Transmission and S...
IRJET-  	  Security in Ad-Hoc Network using Encrypted Data Transmission and S...IRJET-  	  Security in Ad-Hoc Network using Encrypted Data Transmission and S...
IRJET- Security in Ad-Hoc Network using Encrypted Data Transmission and S...
 
A comparitive analysis of wireless security protocols (wep and wpa2)
A comparitive analysis of wireless security protocols (wep and wpa2)A comparitive analysis of wireless security protocols (wep and wpa2)
A comparitive analysis of wireless security protocols (wep and wpa2)
 
V6 v4-threats
V6 v4-threatsV6 v4-threats
V6 v4-threats
 
The Challenges, Gaps and Future Trends: Network Security
The Challenges, Gaps and Future Trends: Network SecurityThe Challenges, Gaps and Future Trends: Network Security
The Challenges, Gaps and Future Trends: Network Security
 
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
IRJET- Review on Intrusion Detection System using Recurrent Neural Network wi...
 
IRJET- - Implementation of a Secured Approach using Dynamic Key Managemen...
IRJET- -  	  Implementation of a Secured Approach using Dynamic Key Managemen...IRJET- -  	  Implementation of a Secured Approach using Dynamic Key Managemen...
IRJET- - Implementation of a Secured Approach using Dynamic Key Managemen...
 
IRJET- Implementation of Artificial Intelligence Methods to Curb Cyber Assaul...
IRJET- Implementation of Artificial Intelligence Methods to Curb Cyber Assaul...IRJET- Implementation of Artificial Intelligence Methods to Curb Cyber Assaul...
IRJET- Implementation of Artificial Intelligence Methods to Curb Cyber Assaul...
 
Ijetr012045
Ijetr012045Ijetr012045
Ijetr012045
 
Slide Deck CISSP Class Session 7
Slide Deck CISSP Class Session 7Slide Deck CISSP Class Session 7
Slide Deck CISSP Class Session 7
 
Cloud Data Security using Elliptic Curve Cryptography
Cloud Data Security using Elliptic Curve CryptographyCloud Data Security using Elliptic Curve Cryptography
Cloud Data Security using Elliptic Curve Cryptography
 

Viewers also liked

DDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT DevicesDDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT DevicesSeungjoo Kim
 
How the CC Harmonizes with Secure Software Development Lifecycle
How the CC Harmonizes with Secure Software Development LifecycleHow the CC Harmonizes with Secure Software Development Lifecycle
How the CC Harmonizes with Secure Software Development LifecycleSeungjoo Kim
 
Smart TV Security - #1984 in 21st century -
Smart TV Security - #1984 in 21st century -Smart TV Security - #1984 in 21st century -
Smart TV Security - #1984 in 21st century -Seungjoo Kim
 
성균인으로 사는 법 - 방황하고 있는 후배님들께 -
성균인으로 사는 법 - 방황하고 있는 후배님들께 -성균인으로 사는 법 - 방황하고 있는 후배님들께 -
성균인으로 사는 법 - 방황하고 있는 후배님들께 -Seungjoo Kim
 
보안실무, 어디까지가실무일까? @ 보안대첩 (2014.10.31)
보안실무, 어디까지가실무일까? @ 보안대첩 (2014.10.31)보안실무, 어디까지가실무일까? @ 보안대첩 (2014.10.31)
보안실무, 어디까지가실무일까? @ 보안대첩 (2014.10.31)Seungjoo Kim
 
Developing a Protection Profile for Smart TV
Developing a Protection Profile for Smart TVDeveloping a Protection Profile for Smart TV
Developing a Protection Profile for Smart TVSeungjoo Kim
 
PP for E-Certificate Issuance System
PP for E-Certificate Issuance SystemPP for E-Certificate Issuance System
PP for E-Certificate Issuance SystemSeungjoo Kim
 
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...Seungjoo Kim
 
Hacking, Surveilling, and Deceiving Victims on Smart TV
Hacking, Surveilling, and Deceiving Victims on Smart TVHacking, Surveilling, and Deceiving Victims on Smart TV
Hacking, Surveilling, and Deceiving Victims on Smart TVSeungjoo Kim
 
Исполнение бюджета Гапкинского сельского поселения за 1 полугодие 2016 года
Исполнение бюджета Гапкинского сельского поселения за 1 полугодие  2016 годаИсполнение бюджета Гапкинского сельского поселения за 1 полугодие  2016 года
Исполнение бюджета Гапкинского сельского поселения за 1 полугодие 2016 годаАлексей Арешев
 
Исполнение бюджета Гапкинского сельского поселения за 1 квартал 2016 года
Исполнение бюджета Гапкинского сельского поселения за 1 квартал  2016 годаИсполнение бюджета Гапкинского сельского поселения за 1 квартал  2016 года
Исполнение бюджета Гапкинского сельского поселения за 1 квартал 2016 годаАлексей Арешев
 
Writing the report for doctoral confirmation at Massey University, New Zealand
Writing the report for doctoral confirmation at Massey University, New ZealandWriting the report for doctoral confirmation at Massey University, New Zealand
Writing the report for doctoral confirmation at Massey University, New ZealandMartin McMorrow
 
Bitcoin, Blockchain, and IoT
Bitcoin, Blockchain, and IoTBitcoin, Blockchain, and IoT
Bitcoin, Blockchain, and IoTRobin Teigland
 
Blockchain in IoT and Other Considerations by Dinis Guarda
Blockchain in IoT and Other Considerations by Dinis GuardaBlockchain in IoT and Other Considerations by Dinis Guarda
Blockchain in IoT and Other Considerations by Dinis GuardaDinis Guarda
 

Viewers also liked (17)

DDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT DevicesDDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT Devices
 
How the CC Harmonizes with Secure Software Development Lifecycle
How the CC Harmonizes with Secure Software Development LifecycleHow the CC Harmonizes with Secure Software Development Lifecycle
How the CC Harmonizes with Secure Software Development Lifecycle
 
Smart TV Security - #1984 in 21st century -
Smart TV Security - #1984 in 21st century -Smart TV Security - #1984 in 21st century -
Smart TV Security - #1984 in 21st century -
 
성균인으로 사는 법 - 방황하고 있는 후배님들께 -
성균인으로 사는 법 - 방황하고 있는 후배님들께 -성균인으로 사는 법 - 방황하고 있는 후배님들께 -
성균인으로 사는 법 - 방황하고 있는 후배님들께 -
 
보안실무, 어디까지가실무일까? @ 보안대첩 (2014.10.31)
보안실무, 어디까지가실무일까? @ 보안대첩 (2014.10.31)보안실무, 어디까지가실무일까? @ 보안대첩 (2014.10.31)
보안실무, 어디까지가실무일까? @ 보안대첩 (2014.10.31)
 
Developing a Protection Profile for Smart TV
Developing a Protection Profile for Smart TVDeveloping a Protection Profile for Smart TV
Developing a Protection Profile for Smart TV
 
PP for E-Certificate Issuance System
PP for E-Certificate Issuance SystemPP for E-Certificate Issuance System
PP for E-Certificate Issuance System
 
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...
 
Hacking, Surveilling, and Deceiving Victims on Smart TV
Hacking, Surveilling, and Deceiving Victims on Smart TVHacking, Surveilling, and Deceiving Victims on Smart TV
Hacking, Surveilling, and Deceiving Victims on Smart TV
 
Исполнение бюджета Гапкинского сельского поселения за 1 полугодие 2016 года
Исполнение бюджета Гапкинского сельского поселения за 1 полугодие  2016 годаИсполнение бюджета Гапкинского сельского поселения за 1 полугодие  2016 года
Исполнение бюджета Гапкинского сельского поселения за 1 полугодие 2016 года
 
Исполнение бюджета Гапкинского сельского поселения за 1 квартал 2016 года
Исполнение бюджета Гапкинского сельского поселения за 1 квартал  2016 годаИсполнение бюджета Гапкинского сельского поселения за 1 квартал  2016 года
Исполнение бюджета Гапкинского сельского поселения за 1 квартал 2016 года
 
Sketch root locus
Sketch root locusSketch root locus
Sketch root locus
 
Writing the report for doctoral confirmation at Massey University, New Zealand
Writing the report for doctoral confirmation at Massey University, New ZealandWriting the report for doctoral confirmation at Massey University, New Zealand
Writing the report for doctoral confirmation at Massey University, New Zealand
 
іс тәжірибе
іс тәжірибеіс тәжірибе
іс тәжірибе
 
алгебра 8 (рабочая тетрадь)
алгебра 8 (рабочая тетрадь)алгебра 8 (рабочая тетрадь)
алгебра 8 (рабочая тетрадь)
 
Bitcoin, Blockchain, and IoT
Bitcoin, Blockchain, and IoTBitcoin, Blockchain, and IoT
Bitcoin, Blockchain, and IoT
 
Blockchain in IoT and Other Considerations by Dinis Guarda
Blockchain in IoT and Other Considerations by Dinis GuardaBlockchain in IoT and Other Considerations by Dinis Guarda
Blockchain in IoT and Other Considerations by Dinis Guarda
 

Similar to Problem and Improvement of the Composition Documents for Smart Card Composed Product Evaluation

Michael_Joshua_Validation
Michael_Joshua_ValidationMichael_Joshua_Validation
Michael_Joshua_ValidationMichaelJoshua
 
Schematic and PCB Design Using Eagle
Schematic and PCB Design Using EagleSchematic and PCB Design Using Eagle
Schematic and PCB Design Using EagleMoe Moe Myint
 
A SURVEY OF VIRTUAL PROTOTYPING TECHNIQUES FOR SYSTEM DEVELOPMENT AND VALIDATION
A SURVEY OF VIRTUAL PROTOTYPING TECHNIQUES FOR SYSTEM DEVELOPMENT AND VALIDATIONA SURVEY OF VIRTUAL PROTOTYPING TECHNIQUES FOR SYSTEM DEVELOPMENT AND VALIDATION
A SURVEY OF VIRTUAL PROTOTYPING TECHNIQUES FOR SYSTEM DEVELOPMENT AND VALIDATIONIJCSES Journal
 
Tsmc us recruitment fresh final copy
Tsmc us recruitment fresh final copyTsmc us recruitment fresh final copy
Tsmc us recruitment fresh final copyUiuc Tsa
 
LTTS_Dinesh Prasath_Resume
LTTS_Dinesh Prasath_ResumeLTTS_Dinesh Prasath_Resume
LTTS_Dinesh Prasath_ResumeDinesh Prasath
 
SECURITY V/S QOS FOR LTE AUTHENTICATION AND KEY AGREEMENT PROTOCOL
SECURITY V/S QOS FOR LTE AUTHENTICATION AND KEY AGREEMENT PROTOCOLSECURITY V/S QOS FOR LTE AUTHENTICATION AND KEY AGREEMENT PROTOCOL
SECURITY V/S QOS FOR LTE AUTHENTICATION AND KEY AGREEMENT PROTOCOLIJNSA Journal
 
Resume digital
Resume digitalResume digital
Resume digitaltarora1
 
Resume digital
Resume digitalResume digital
Resume digitaltarora1
 
Qiang Yu Resume
Qiang Yu Resume Qiang Yu Resume
Qiang Yu Resume Qiang Yu
 
Architecture & data acquisition by embedded systems in automobiles seminar re...
Architecture & data acquisition by embedded systems in automobiles seminar re...Architecture & data acquisition by embedded systems in automobiles seminar re...
Architecture & data acquisition by embedded systems in automobiles seminar re...Ankit Kaul
 
Graphical password minor report
Graphical password minor reportGraphical password minor report
Graphical password minor reportLove Kothari
 
santoskumaarResume - updated
santoskumaarResume - updatedsantoskumaarResume - updated
santoskumaarResume - updatedSantos Kumaar.S
 

Similar to Problem and Improvement of the Composition Documents for Smart Card Composed Product Evaluation (20)

Michael_Joshua_Validation
Michael_Joshua_ValidationMichael_Joshua_Validation
Michael_Joshua_Validation
 
Arjun CV_7 Aug 2015
Arjun CV_7 Aug 2015Arjun CV_7 Aug 2015
Arjun CV_7 Aug 2015
 
Arjun CV_12
Arjun CV_12Arjun CV_12
Arjun CV_12
 
Schematic and PCB Design Using Eagle
Schematic and PCB Design Using EagleSchematic and PCB Design Using Eagle
Schematic and PCB Design Using Eagle
 
Surya resume
Surya resumeSurya resume
Surya resume
 
A SURVEY OF VIRTUAL PROTOTYPING TECHNIQUES FOR SYSTEM DEVELOPMENT AND VALIDATION
A SURVEY OF VIRTUAL PROTOTYPING TECHNIQUES FOR SYSTEM DEVELOPMENT AND VALIDATIONA SURVEY OF VIRTUAL PROTOTYPING TECHNIQUES FOR SYSTEM DEVELOPMENT AND VALIDATION
A SURVEY OF VIRTUAL PROTOTYPING TECHNIQUES FOR SYSTEM DEVELOPMENT AND VALIDATION
 
Penglun_Li
Penglun_LiPenglun_Li
Penglun_Li
 
Tsmc us recruitment fresh final copy
Tsmc us recruitment fresh final copyTsmc us recruitment fresh final copy
Tsmc us recruitment fresh final copy
 
LTTS_Dinesh Prasath_Resume
LTTS_Dinesh Prasath_ResumeLTTS_Dinesh Prasath_Resume
LTTS_Dinesh Prasath_Resume
 
SECURITY V/S QOS FOR LTE AUTHENTICATION AND KEY AGREEMENT PROTOCOL
SECURITY V/S QOS FOR LTE AUTHENTICATION AND KEY AGREEMENT PROTOCOLSECURITY V/S QOS FOR LTE AUTHENTICATION AND KEY AGREEMENT PROTOCOL
SECURITY V/S QOS FOR LTE AUTHENTICATION AND KEY AGREEMENT PROTOCOL
 
Sourav_Das
Sourav_DasSourav_Das
Sourav_Das
 
Resume digital
Resume digitalResume digital
Resume digital
 
Resume digital
Resume digitalResume digital
Resume digital
 
Sr Full Stack Developer
Sr Full Stack DeveloperSr Full Stack Developer
Sr Full Stack Developer
 
Rathinasabapathy
RathinasabapathyRathinasabapathy
Rathinasabapathy
 
Qiang Yu Resume
Qiang Yu Resume Qiang Yu Resume
Qiang Yu Resume
 
Architecture & data acquisition by embedded systems in automobiles seminar re...
Architecture & data acquisition by embedded systems in automobiles seminar re...Architecture & data acquisition by embedded systems in automobiles seminar re...
Architecture & data acquisition by embedded systems in automobiles seminar re...
 
Graphical password minor report
Graphical password minor reportGraphical password minor report
Graphical password minor report
 
santoskumaarResume - updated
santoskumaarResume - updatedsantoskumaarResume - updated
santoskumaarResume - updated
 
RESUMAD2015-RIGHT1201
RESUMAD2015-RIGHT1201RESUMAD2015-RIGHT1201
RESUMAD2015-RIGHT1201
 

More from Seungjoo Kim

블록체인의 본질과 동작 원리
블록체인의 본질과 동작 원리블록체인의 본질과 동작 원리
블록체인의 본질과 동작 원리Seungjoo Kim
 
[Blockchain and Cryptocurrency] 01. Syllabus
[Blockchain and Cryptocurrency] 01. Syllabus[Blockchain and Cryptocurrency] 01. Syllabus
[Blockchain and Cryptocurrency] 01. SyllabusSeungjoo Kim
 
[Blockchain and Cryptocurrency] 02. Blockchain Overview and Introduction - Te...
[Blockchain and Cryptocurrency] 02. Blockchain Overview and Introduction - Te...[Blockchain and Cryptocurrency] 02. Blockchain Overview and Introduction - Te...
[Blockchain and Cryptocurrency] 02. Blockchain Overview and Introduction - Te...Seungjoo Kim
 
[Blockchain and Cryptocurrency] 03. Blockchain's Theoretical Foundation, Cryp...
[Blockchain and Cryptocurrency] 03. Blockchain's Theoretical Foundation, Cryp...[Blockchain and Cryptocurrency] 03. Blockchain's Theoretical Foundation, Cryp...
[Blockchain and Cryptocurrency] 03. Blockchain's Theoretical Foundation, Cryp...Seungjoo Kim
 
[Blockchain and Cryptocurrency] 04. Bitcoin and Nakamoto Blockchain
[Blockchain and Cryptocurrency] 04. Bitcoin and Nakamoto Blockchain[Blockchain and Cryptocurrency] 04. Bitcoin and Nakamoto Blockchain
[Blockchain and Cryptocurrency] 04. Bitcoin and Nakamoto BlockchainSeungjoo Kim
 
[Blockchain and Cryptocurrency] 05. Ethereum and Smart Contract
[Blockchain and Cryptocurrency] 05. Ethereum and Smart Contract[Blockchain and Cryptocurrency] 05. Ethereum and Smart Contract
[Blockchain and Cryptocurrency] 05. Ethereum and Smart ContractSeungjoo Kim
 
[Blockchain and Cryptocurrency] 06. NFT and Metaverse
[Blockchain and Cryptocurrency] 06. NFT and Metaverse[Blockchain and Cryptocurrency] 06. NFT and Metaverse
[Blockchain and Cryptocurrency] 06. NFT and MetaverseSeungjoo Kim
 
[Blockchain and Cryptocurrency] 07. Cardano(ADA) and Other Altcoins
[Blockchain and Cryptocurrency] 07. Cardano(ADA) and Other Altcoins[Blockchain and Cryptocurrency] 07. Cardano(ADA) and Other Altcoins
[Blockchain and Cryptocurrency] 07. Cardano(ADA) and Other AltcoinsSeungjoo Kim
 
[Blockchain and Cryptocurrency] 08. Dark Coins
[Blockchain and Cryptocurrency] 08. Dark Coins[Blockchain and Cryptocurrency] 08. Dark Coins
[Blockchain and Cryptocurrency] 08. Dark CoinsSeungjoo Kim
 
[Blockchain and Cryptocurrency] 09. Blockchain Usage Beyond Currency - Way to...
[Blockchain and Cryptocurrency] 09. Blockchain Usage Beyond Currency - Way to...[Blockchain and Cryptocurrency] 09. Blockchain Usage Beyond Currency - Way to...
[Blockchain and Cryptocurrency] 09. Blockchain Usage Beyond Currency - Way to...Seungjoo Kim
 
Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)
Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)
Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)Seungjoo Kim
 
Kid Blockchain - Everything You Need to Know - (Part 2)
Kid Blockchain - Everything You Need to Know - (Part 2)Kid Blockchain - Everything You Need to Know - (Part 2)
Kid Blockchain - Everything You Need to Know - (Part 2)Seungjoo Kim
 
Kid Blockchain - Everything You Need to Know - (Part 1)
Kid Blockchain - Everything You Need to Know - (Part 1)Kid Blockchain - Everything You Need to Know - (Part 1)
Kid Blockchain - Everything You Need to Know - (Part 1)Seungjoo Kim
 
Application of the Common Criteria to Building Trustworthy Automotive SDLC
Application of the Common Criteria to Building Trustworthy Automotive SDLCApplication of the Common Criteria to Building Trustworthy Automotive SDLC
Application of the Common Criteria to Building Trustworthy Automotive SDLCSeungjoo Kim
 
Assurance-Level Driven Method for Integrating Security into SDLC Process
Assurance-Level Driven Method for Integrating Security into SDLC ProcessAssurance-Level Driven Method for Integrating Security into SDLC Process
Assurance-Level Driven Method for Integrating Security into SDLC ProcessSeungjoo Kim
 
How South Korea Is Fighting North Korea's Cyber Threats
How South Korea Is Fighting North Korea's Cyber ThreatsHow South Korea Is Fighting North Korea's Cyber Threats
How South Korea Is Fighting North Korea's Cyber ThreatsSeungjoo Kim
 
Blockchain for Cyber Defense: Will It Be As Good As You Think?
Blockchain for Cyber Defense: Will It Be As Good As You Think?Blockchain for Cyber Defense: Will It Be As Good As You Think?
Blockchain for Cyber Defense: Will It Be As Good As You Think?Seungjoo Kim
 
Post-Coronavirus 시대 보안 패러다임의 변화
Post-Coronavirus 시대 보안 패러다임의 변화Post-Coronavirus 시대 보안 패러다임의 변화
Post-Coronavirus 시대 보안 패러다임의 변화Seungjoo Kim
 
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...Seungjoo Kim
 
Verification of IVI Over-The-Air using UML/OCL
Verification of IVI Over-The-Air using UML/OCLVerification of IVI Over-The-Air using UML/OCL
Verification of IVI Over-The-Air using UML/OCLSeungjoo Kim
 

More from Seungjoo Kim (20)

블록체인의 본질과 동작 원리
블록체인의 본질과 동작 원리블록체인의 본질과 동작 원리
블록체인의 본질과 동작 원리
 
[Blockchain and Cryptocurrency] 01. Syllabus
[Blockchain and Cryptocurrency] 01. Syllabus[Blockchain and Cryptocurrency] 01. Syllabus
[Blockchain and Cryptocurrency] 01. Syllabus
 
[Blockchain and Cryptocurrency] 02. Blockchain Overview and Introduction - Te...
[Blockchain and Cryptocurrency] 02. Blockchain Overview and Introduction - Te...[Blockchain and Cryptocurrency] 02. Blockchain Overview and Introduction - Te...
[Blockchain and Cryptocurrency] 02. Blockchain Overview and Introduction - Te...
 
[Blockchain and Cryptocurrency] 03. Blockchain's Theoretical Foundation, Cryp...
[Blockchain and Cryptocurrency] 03. Blockchain's Theoretical Foundation, Cryp...[Blockchain and Cryptocurrency] 03. Blockchain's Theoretical Foundation, Cryp...
[Blockchain and Cryptocurrency] 03. Blockchain's Theoretical Foundation, Cryp...
 
[Blockchain and Cryptocurrency] 04. Bitcoin and Nakamoto Blockchain
[Blockchain and Cryptocurrency] 04. Bitcoin and Nakamoto Blockchain[Blockchain and Cryptocurrency] 04. Bitcoin and Nakamoto Blockchain
[Blockchain and Cryptocurrency] 04. Bitcoin and Nakamoto Blockchain
 
[Blockchain and Cryptocurrency] 05. Ethereum and Smart Contract
[Blockchain and Cryptocurrency] 05. Ethereum and Smart Contract[Blockchain and Cryptocurrency] 05. Ethereum and Smart Contract
[Blockchain and Cryptocurrency] 05. Ethereum and Smart Contract
 
[Blockchain and Cryptocurrency] 06. NFT and Metaverse
[Blockchain and Cryptocurrency] 06. NFT and Metaverse[Blockchain and Cryptocurrency] 06. NFT and Metaverse
[Blockchain and Cryptocurrency] 06. NFT and Metaverse
 
[Blockchain and Cryptocurrency] 07. Cardano(ADA) and Other Altcoins
[Blockchain and Cryptocurrency] 07. Cardano(ADA) and Other Altcoins[Blockchain and Cryptocurrency] 07. Cardano(ADA) and Other Altcoins
[Blockchain and Cryptocurrency] 07. Cardano(ADA) and Other Altcoins
 
[Blockchain and Cryptocurrency] 08. Dark Coins
[Blockchain and Cryptocurrency] 08. Dark Coins[Blockchain and Cryptocurrency] 08. Dark Coins
[Blockchain and Cryptocurrency] 08. Dark Coins
 
[Blockchain and Cryptocurrency] 09. Blockchain Usage Beyond Currency - Way to...
[Blockchain and Cryptocurrency] 09. Blockchain Usage Beyond Currency - Way to...[Blockchain and Cryptocurrency] 09. Blockchain Usage Beyond Currency - Way to...
[Blockchain and Cryptocurrency] 09. Blockchain Usage Beyond Currency - Way to...
 
Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)
Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)
Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)
 
Kid Blockchain - Everything You Need to Know - (Part 2)
Kid Blockchain - Everything You Need to Know - (Part 2)Kid Blockchain - Everything You Need to Know - (Part 2)
Kid Blockchain - Everything You Need to Know - (Part 2)
 
Kid Blockchain - Everything You Need to Know - (Part 1)
Kid Blockchain - Everything You Need to Know - (Part 1)Kid Blockchain - Everything You Need to Know - (Part 1)
Kid Blockchain - Everything You Need to Know - (Part 1)
 
Application of the Common Criteria to Building Trustworthy Automotive SDLC
Application of the Common Criteria to Building Trustworthy Automotive SDLCApplication of the Common Criteria to Building Trustworthy Automotive SDLC
Application of the Common Criteria to Building Trustworthy Automotive SDLC
 
Assurance-Level Driven Method for Integrating Security into SDLC Process
Assurance-Level Driven Method for Integrating Security into SDLC ProcessAssurance-Level Driven Method for Integrating Security into SDLC Process
Assurance-Level Driven Method for Integrating Security into SDLC Process
 
How South Korea Is Fighting North Korea's Cyber Threats
How South Korea Is Fighting North Korea's Cyber ThreatsHow South Korea Is Fighting North Korea's Cyber Threats
How South Korea Is Fighting North Korea's Cyber Threats
 
Blockchain for Cyber Defense: Will It Be As Good As You Think?
Blockchain for Cyber Defense: Will It Be As Good As You Think?Blockchain for Cyber Defense: Will It Be As Good As You Think?
Blockchain for Cyber Defense: Will It Be As Good As You Think?
 
Post-Coronavirus 시대 보안 패러다임의 변화
Post-Coronavirus 시대 보안 패러다임의 변화Post-Coronavirus 시대 보안 패러다임의 변화
Post-Coronavirus 시대 보안 패러다임의 변화
 
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
 
Verification of IVI Over-The-Air using UML/OCL
Verification of IVI Over-The-Air using UML/OCLVerification of IVI Over-The-Air using UML/OCL
Verification of IVI Over-The-Air using UML/OCL
 

Recently uploaded

Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...121011101441
 
Earthing details of Electrical Substation
Earthing details of Electrical SubstationEarthing details of Electrical Substation
Earthing details of Electrical Substationstephanwindworld
 
Immutable Image-Based Operating Systems - EW2024.pdf
Immutable Image-Based Operating Systems - EW2024.pdfImmutable Image-Based Operating Systems - EW2024.pdf
Immutable Image-Based Operating Systems - EW2024.pdfDrew Moseley
 
"Exploring the Essential Functions and Design Considerations of Spillways in ...
"Exploring the Essential Functions and Design Considerations of Spillways in ..."Exploring the Essential Functions and Design Considerations of Spillways in ...
"Exploring the Essential Functions and Design Considerations of Spillways in ...Erbil Polytechnic University
 
Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...
Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...
Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...Sumanth A
 
US Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of ActionUS Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of ActionMebane Rash
 
chpater16.pptxMMMMMMMMMMMMMMMMMMMMMMMMMMM
chpater16.pptxMMMMMMMMMMMMMMMMMMMMMMMMMMMchpater16.pptxMMMMMMMMMMMMMMMMMMMMMMMMMMM
chpater16.pptxMMMMMMMMMMMMMMMMMMMMMMMMMMMNanaAgyeman13
 
Katarzyna Lipka-Sidor - BIM School Course
Katarzyna Lipka-Sidor - BIM School CourseKatarzyna Lipka-Sidor - BIM School Course
Katarzyna Lipka-Sidor - BIM School Coursebim.edu.pl
 
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTION
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTIONTHE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTION
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTIONjhunlian
 
List of Accredited Concrete Batching Plant.pdf
List of Accredited Concrete Batching Plant.pdfList of Accredited Concrete Batching Plant.pdf
List of Accredited Concrete Batching Plant.pdfisabel213075
 
BSNL Internship Training presentation.pptx
BSNL Internship Training presentation.pptxBSNL Internship Training presentation.pptx
BSNL Internship Training presentation.pptxNiranjanYadav41
 
Indian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.pptIndian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.pptMadan Karki
 
Gravity concentration_MI20612MI_________
Gravity concentration_MI20612MI_________Gravity concentration_MI20612MI_________
Gravity concentration_MI20612MI_________Romil Mishra
 
Mine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptxMine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptxRomil Mishra
 
Comparative study of High-rise Building Using ETABS,SAP200 and SAFE., SAFE an...
Comparative study of High-rise Building Using ETABS,SAP200 and SAFE., SAFE an...Comparative study of High-rise Building Using ETABS,SAP200 and SAFE., SAFE an...
Comparative study of High-rise Building Using ETABS,SAP200 and SAFE., SAFE an...Erbil Polytechnic University
 
Engineering Drawing section of solid
Engineering Drawing     section of solidEngineering Drawing     section of solid
Engineering Drawing section of solidnamansinghjarodiya
 
Crushers to screens in aggregate production
Crushers to screens in aggregate productionCrushers to screens in aggregate production
Crushers to screens in aggregate productionChinnuNinan
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AIabhishek36461
 

Recently uploaded (20)

Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...
 
Earthing details of Electrical Substation
Earthing details of Electrical SubstationEarthing details of Electrical Substation
Earthing details of Electrical Substation
 
Immutable Image-Based Operating Systems - EW2024.pdf
Immutable Image-Based Operating Systems - EW2024.pdfImmutable Image-Based Operating Systems - EW2024.pdf
Immutable Image-Based Operating Systems - EW2024.pdf
 
"Exploring the Essential Functions and Design Considerations of Spillways in ...
"Exploring the Essential Functions and Design Considerations of Spillways in ..."Exploring the Essential Functions and Design Considerations of Spillways in ...
"Exploring the Essential Functions and Design Considerations of Spillways in ...
 
Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...
Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...
Robotics-Asimov's Laws, Mechanical Subsystems, Robot Kinematics, Robot Dynami...
 
US Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of ActionUS Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of Action
 
Designing pile caps according to ACI 318-19.pptx
Designing pile caps according to ACI 318-19.pptxDesigning pile caps according to ACI 318-19.pptx
Designing pile caps according to ACI 318-19.pptx
 
chpater16.pptxMMMMMMMMMMMMMMMMMMMMMMMMMMM
chpater16.pptxMMMMMMMMMMMMMMMMMMMMMMMMMMMchpater16.pptxMMMMMMMMMMMMMMMMMMMMMMMMMMM
chpater16.pptxMMMMMMMMMMMMMMMMMMMMMMMMMMM
 
Katarzyna Lipka-Sidor - BIM School Course
Katarzyna Lipka-Sidor - BIM School CourseKatarzyna Lipka-Sidor - BIM School Course
Katarzyna Lipka-Sidor - BIM School Course
 
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTION
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTIONTHE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTION
THE SENDAI FRAMEWORK FOR DISASTER RISK REDUCTION
 
List of Accredited Concrete Batching Plant.pdf
List of Accredited Concrete Batching Plant.pdfList of Accredited Concrete Batching Plant.pdf
List of Accredited Concrete Batching Plant.pdf
 
BSNL Internship Training presentation.pptx
BSNL Internship Training presentation.pptxBSNL Internship Training presentation.pptx
BSNL Internship Training presentation.pptx
 
Indian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.pptIndian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.ppt
 
young call girls in Green Park🔝 9953056974 🔝 escort Service
young call girls in Green Park🔝 9953056974 🔝 escort Serviceyoung call girls in Green Park🔝 9953056974 🔝 escort Service
young call girls in Green Park🔝 9953056974 🔝 escort Service
 
Gravity concentration_MI20612MI_________
Gravity concentration_MI20612MI_________Gravity concentration_MI20612MI_________
Gravity concentration_MI20612MI_________
 
Mine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptxMine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptx
 
Comparative study of High-rise Building Using ETABS,SAP200 and SAFE., SAFE an...
Comparative study of High-rise Building Using ETABS,SAP200 and SAFE., SAFE an...Comparative study of High-rise Building Using ETABS,SAP200 and SAFE., SAFE an...
Comparative study of High-rise Building Using ETABS,SAP200 and SAFE., SAFE an...
 
Engineering Drawing section of solid
Engineering Drawing     section of solidEngineering Drawing     section of solid
Engineering Drawing section of solid
 
Crushers to screens in aggregate production
Crushers to screens in aggregate productionCrushers to screens in aggregate production
Crushers to screens in aggregate production
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AI
 

Problem and Improvement of the Composition Documents for Smart Card Composed Product Evaluation

  • 1. Problem and Improvement of the Composition Documents for Smart Card Composed Product Evaluation September 10, 2013 Jeonghoon Han (1st Author) TTA (Telecommunications Technology Association), CIST (Center for Information Security Technologies) of Korea University jhhan@tta.or.kr Seungjoo Kim (Corresponding Author) CIST (Center for Information Security Technologies) of Korea University skim71@korea.ac.kr
  • 4. 4 Introduction About me… Senior Research Engineer (jhhan@tta.or.kr) Information Security Evaluation Department, Software Testing & Certification Laboratory TTA (Telecommunications Technology Association) PhD Course (xbtion4ever@korea.ac.kr) CIST (Center for Information Security Technology), Korea University Corresponding Author (Professor. Seungjoo Kim, skim71@korea.ac.kr) CIST (Center for Information Security Technology), Korea University
  • 6. 6 Introduction About presentation… Problems(difficulties) in composite documents Insufficient information… - No exceptional cases of mandatory implementation requirements - No way to verify integrity of certified platform TOE’s software library Improving problems of composite documents Need to provide information about exceptional cases and integrity… - To avoid applying unnecessary countermeasures of crypto functions - To confirm that certified platform TOE’s configuration is not modified
  • 8. 8 Problems - #1 ETR_COMP (from the platform TOE evaluation facility) SAN (Security Application Note, from the platform TOE manufacturer) Above composite documents enforce to apply the following countermeasure against perturbation attack on DES. “It is MANDATORY to perform DES decryption after DES encryption (or DES encryption after DES decryption) and to compare the result with initial data before sending the result out in order to ensure that no error occurred during the encryption (or decryption)” If application developer can analyze attack potential about perturbation attack, it is easy to determine whether to apply the countermeasure. However, unfortunately, most developers can not do that. So when evaluating smart card composite product, we have some difficulties. In next slide, let me show you a case of the BAC mechanism in MRTD.
  • 9. 9 Problems - #1 Inspection System (IFD, InterFace Device) e-Passport (ICC, Integrated Circuit Card) GET CHALLENGE Generate RND.ICC RND.ICC Generate RND.IFD, K.IFD S = RND.IFD || RND.ICC || K.IFD E_IFD = EK_ENC(S) M_IFD = MACK_MAC(E_IFD) MUTUAL AUTHENTICATION (E_IFD || M_IFD) Verify MAC (M_IFD) Decrypt E_IFD → Verify RND.ICC Generate K.ICC R = RND.ICC || RND.IFD || K.ICC E_ICC = EK_ENC(R) M_ICC = MACK_MAC(E_ICC) E_ICC || M_ICC Verify MAC (M_ICC) Decrypt E_ICC → Verify RND.IFD Authentication and Key Establishment (ISO/IEC 11770-2 Key Establishment Mechanism 6 using 3DES) Key Derivation Mechanism (Doc 9303 MRTD Part 1 - APPENDIX 5, 6) K_ENC (c=‘00000001’) K_MAC (c=‘00000002’)
  • 10. 10 Problems - #1 When attacker has a victims’ MRTD, The attacker doesn’t need to perform perturbation attack because he(or she) can read easily victim’s private information of the MRTD booklet. When attacker doesn’t have a victims’ MRTD, The attacker can’t operate BAC mechanism because he(or she) doesn’t know MRZ information. Although the attacker know MRZ information, it is unfeasible for the attacker to perform perturbation attack on victims’ MRTD in real environment (e.g. immigration inspection in the airport) In conclusion, application developers don’t need to apply the countermeasure against a perturbation attack on 3DES.
  • 11. 11 Problems - #2 Generally platform TOE includes software libraries related to cryptographic functions. Composite product evaluator shall confirm platform TOE’s integrity about that certified configuration is not modified. However, there is not proper method to verify an integrity of the software libraries. - Composite documents provide only version number of the software libraries - Version number is not sufficient to confirm that certified platform TOE’s configuration is not modified
  • 13. 13 Improvement For improving the problem #1 It is inappropriate that the composition documents specify all possible exceptions. But, if following information is included in the SAN, it could be very helpful to application developers. Application Note: Application developer could determine whether to apply the countermeasure as an attack potential in composite product’s operational environment. 1. Necessity of perturbation attack 2. Possibility for an attacker to operate TOE’s security features 3. Exploitability of obtained secret information, if 2nd step is possible
  • 14. 14 Improvement For improving the problem #2 Most of software products provide a verification method of its integrity. (e.g. checksum or hash value of original image file) To verify an integrity of the IC chip’s software libraries, composition documents (ETR_COMP) should provide checksum(or hash) value and calculation method. (Example) Checksum: 85FF1D426F37C1B6067DBE834A2A76B543E5CA87617F395B 428B1DFB1B761C47 Calculation method: SHA256
  • 16. 16 References [01] Doc9303 “Machine Readable Travel Documents” Part1 “Machine Readable Passports” Volume 2 “Specification for Electronically Enabled Passports with Biometric Identification Capability” Sixth Edition, International Civil Aviation Organization(ICAO), August 2006 [02] Composite product evaluation for Smartcards and similar devices Version 1.2, CCDB-2012-04-01, April 2012 [03] Application of Attack Potential to Smartcard Version 2.8, CCDB- 2012-04-002, April 2012
  • 17. 17 Bio Jeonghoon Han E-mail: jhhan@tta.or.kr Jeonghoon Han received his B.S. (2007), M.S. (2009) in computer engineering from Sungkyunkwan University (SKKU) in Korea. After MS degree, He had worked at Korea Internet & Security Agency (KISA) from 2009 to 2011. At present, He is working for Telecommunications Technology Association (TTA) as CC evaluator and studying for information assurance under PhD course at Center for Information Security Technologies (CIST) of Korea University (KU). His research interests include side channel analysis, reverse engineering and information assurance. Seungjoo Kim (Corresponding Author) E-mail: skim71@korea.ac.kr Homepage: www.kimlab.net Facebook, Twitter: @skim71 Prof. Seungjoo Kim received his B.S. (1994), M.S. (1996), and Ph.D. (1999) in information engineering from Sungkyunkwan University (SKKU) in Korea. Prior to joining the faculty at Korea University (KU) in 2011, He served as Assistant & Associate Professor of School of Information and Communication Engineering at SKKU for 7 years. Before that, He served as Director of the Cryptographic Technology Team and the (CC-based) IT Security Evaluation Team of the Korea Information Security Agency (KISA) for 5 years. Now he is Full Professor of Graduate School of Information Security at KU, and a member of KU's Center for Information Security Technologies (CIST). Also, He has served as an executive committee member of Korean E-Government, and advisory committee members of several public and private organizations such as National Intelligence Service of Korea, Digital Investigation Advisory Committee of Supreme Prosecutors' Office, Ministry of Justice, The Bank of Korea, ETRI(Electronic and Telecommunication Research Institute), and KISA, etc. His research interests include cryptography, information security and information assurance.