Eric Vétillard of Trusted Labs - JavaOne 2007 Luminary

Print-friendly Version

Q. How did you get started in the Java Card market?
In the 90's, I had been working on the implementation of virtual machines, around constraint logic programming. In 1997, I joined the Gemplus research lab, because virtual machines were a hot topic. A few months before, Schlumberger had released the first Cyberflex, so my first assignment was to look at Java Card technology.

Q. Do you participate in the standardization of Java Card technology?
Yes. I started participating to the Java Card Forum at its first meeting in April 1997, just 10 years ago. I represented Gemplus for three exciting years, during which we contributed to the elaboration of Java Card technology version 2.0 and 2.1. I then moved to Trusted Logic, and worked with Sun as a consultant on security aspects of Java Card 2.2. After a few years without Java Card, I came back a few years ago, this time as a Trusted Logic representative.

Q. What is your role with the Java Card Forum?
I have been designated Chairman of the JCF's Technical Committee. My role is to work with Sun and make sure that the next version of the Java Card specification takes into account the requirements of the smart card industry, represented by the Java Card Forum.

Q. What is your role at Trusted Labs?
My day job, as CTO of Trusted Labs, is double. First, I oversee Trusted Labs' security evaluation activities, in particular those related to Java Card technology. Then, I try with our customers to work on tomorrow's security architectures, mostly in the mobile telephony sector. And of course, I try my best to foster innovation in our company, and I communicate on behalf of Trusted Labs in conferences like the JavaOne Conference.

Q. For those unfamiliar with Smart Card technology could you describe it?
A smart card is a small system-on-chip, dedicated to security. It includes a CPU, some ROM, a little RAM, some persistent memory, flash or EEPROM, and usually a crypto co-processor. It also includes all kinds of security sensors, in order to make it tamper-resistant, at least against casual attackers.

Q. What is Java Card?
Java Card is the Java technology designed for smart cards. It defines a subset of the language and of the virtual machine, together with a specific runtime environment.

Q. How does Java Card relate to Smart Card?
Java Card technology has been adapted to smart cards. For instance, objects can be persistent, because there is not enough RAM, and they need to be stored in persistent memory. It also includes very specific APIs, which deal with APDUs (the command/responses used by cards to communicate with the outside world), with persistence, or with cryptography.

Q. How will Java Card change with the release of Next Generation Java Card technology?
The next release of the Java Card platform will be a major shift. Smart cards have evolved greatly in the recent years: They are connected to computers and phones with high-speed interfaces, they include more memory, and they can be connected to the Internet. This next release will therefore include a virtual machine with CLDC-level capability, a servlet application model, and a more sophisticated security model. But I guess that the best way to learn about that is to attend our session.

Q. How has Java Card impacted the Smart Card market?
Tremendously, and far more than we first expected. Today, a vast majority of the SIM cards in use are powered by Java Card, and the trend continues. I've lost track of the number of issued Java Cards, but you now have to count them in billions.

Q. You were interviewed for the 2005 JavaOne Conference. What changes have you seen in the Mobile and Embedded space since that time?
Yes, the market has evolved quite significantly. One of the main changes has been the addition of a contactless interface to mobile phones, allowing them to handle transport and financial transactions. It seems that this small evolution has triggered something, and all actors are now scrambling to get to mobile payment or mobile ticketing. In particular, different issuers are finally talking to each other, trying to figure out new business models. And from my point of view, the exciting thing is to turn these business models into security models.

Q. Europe appears to lead in the Java Card space, any explanation?
No, not a single one. The U.S. has made different technological choices, with on-line payment validation and SIM-less mobile phones, hence restricting their interior market. In addition, I believe that American engineers are better at designing new systems, and European engineers are better at getting an in-depth understanding of small systems. Since smart cards are small, Europe is there. These days, Asia is also very active; they are at the forefront of contactless deployments using mobile phones.

Q. Governments and mobile carriers have led the way with Java Card deployment, is the market changing?
Yes and no. Mobile carriers, as owner of the SIM cards, will keep their role, but they will also need to get alliances with other application providers. Similarly, governmental and private identity applications may open the way on PCs and workstations, leading to more applications. But here, I will remain very careful, since the smart card industry has been saying that for many years.

Q. What do you need to start developing Java Card applications?
You need some knowledge of Java development, some knowledge of security, and a good idea. Java technology is easy, but the rest is difficult. The kind of security we are talking about here is not the kind we see on servers, so it takes a while to adapt. However, if your mind is open to security issues, it is not a problem. The idea is even more difficult; in the history of smart cards, there have not been that many killer apps. You can try to get the next one, but this takes some learning about these small, secure, personal servers.

Q. How do you test and deploy applications?
We develop applications in an IDE, using a card simulator. We then have to test them on real cards, at least to get a feeling of the performance. For deployment, cards are not like PCs or mobile phones: They are owned by their issuer, so a deal with the issuer is mandatory. Among them, some mobile carriers have deployed many applications developed by third parties.

Q. Are there security attacks on Java Card?
Yes and no. There are security attacks on smart cards, and these attacks can be applied to a card that uses Java Card. The most common attacks are side-channel attacks (observing the side effects of computations to guess confidential data), and fault induction attacks (inducing a fault at a critical time in order to make the application misbehave in an "interesting" way). These attacks have been used on Java Card applications, but they seldom target Java Card specifically. However, if the protection of applications becomes sufficiently good, this is the next step.

Q. How does the developer safeguard applications?
The first thing to do is to choose an appropriate platform, for instance a platform whose security has been certified by many issuers. Next, the developer needs to perform a security analysis of the application, first identifying its sensitive assets, and then implementing the appropriate countermeasures to protect them.

Q. Can Java Card applications be certified as secure?
Yes, and this is one of Trusted Labs' activities. In-depth certification is required before deployment for the most sensitive applications, and a simpler certification is required by some issuers for all applications that go on their card, usually to check that the application follows their security policy.

Q. Sony Ericsson has already announced the Z750, their first MSA device. What kind of impact will we see now that JSR 177 / SATSA is part of JSR 248 / MSA?
This is a very nice first step. Now, the issuers will know that there exists a way to access their cards (SIM or other) from a MIDP application, and standardization may lead them to use the feature for their applications, and later to allow others to use it.

Q. Where do you see Java Card growth in the next few years?
The market for the current version of Java Card is mature, and it should continue its growth over the coming years, pushed by things like mobile payment. In parallel, the next release of Java Card will open a new market for more powerful cards, with new services, which could really become your personal, secure server; and this time, it will be available on your browser. We will need some time to figure out the appropriate application and business models, but that's where the growth challenge is for Java Card.

Remember to reserve 9:35am on Wednesday to attend Eric's presentation "TS-5686 - Next Generation Java Card Technology for Secure Mobile Applications" for the latest on Java Card technology.