Talha Bin Tariq

Another series of pictures I took on my last visit to London. More pictures can be found here.

After almost one year after the announcement of the Java Card 3.0, Sun finally releases it!
Java Card technology enables smart cards and other devices with very limited memory to run small applications, that employ Java technology. It provides smart card manufacturers with a secure and interoperable execution platform that can store and update multiple applications on a single device.

Deployed in markets as diverse as Telecommunications (SIM applications), Finance (EMV) and Citizen ID (Passports and ID Cards), Java Card technology is the most pervasive open platform for secure devices, with over 3.5 Billion Java Powered smart cards deployed worldwide.

Sun Microsystems has now released the latest specifications of its market leading Java Card technology, and industry experts believe it will revolutionize the way smart card services are conceived and deployed.

Next Generation Java Card technology will be available in two separate, yet coherent editions.

Java Card technology, Classic Edition is based on an evolution of the Java Card Platform, Version 2.2.2 and targets more resource-constrained devices that support traditional applet-based applications. It introduces several incremental changes to the previous version to ensure alignment with smart card and security standards.

Java Card technology, Connected Edition features a significantly enhanced execution environment and a new virtual machine. It includes new network-oriented features, such as support for web applications, and support for applets with extended and advanced capabilities.

Both Editions are compatible with applications written for previous versions. They also share key security features and build on the trust and expertise derived from ten years of deploying secure Java Card products.

The specifications can be downloaded from here.

Thanks to global warming even in april there is quite a heavy snowfall in surrey. I took a few pictures in the campus today. You can see from the picture of my shoes how deep the snow is.

Workstation 6.5 and ACE 2.5 beta are out and available for download. The most interesting feature added for me is the Support for Smart Cards and Smart Card Readers. Also an interesting new feature is the “Unity” that integrates applications on guest to be controlled from the host. Not sure at the moment how will it effect the debate on testing / debugging malware in a Virtual envrironment.

Surrey’s climate is really unpredictable. It is shiny one day and the same night it snows. Yea even in late March when Founders is full of daffodils we got ocassional pour down of snow. Not to mention whenever Im out without my umbrella it starts raining. A took some pictures of a whole lovely bunch of daisy’s and daffodils at the back of Founders Building. One with an ancient touch is below.

If you are interested in robotics, wireless sensors, java, or embedded systems programming and you have not heard of SunSPOTs yet, you really live somewhere on Mars.

Sun SPOT (stands for Small Programmable Object Technology) are very powerful and sophisticated little devices, perfect for sensor-based applications, and pervasive computing.

It is a battery-operated (USB charged) platform for development of radio-controlled sensor networks, robotics, and personal consumer electronics. Each kit comes with a base station and two Spot devices, each of which, in turn, includes a processor, a radio, a sensor board, and battery. You can also add servo motors and your own sensors on top of the acceleration, temperature, and light sensors that come with each Spot. You program and build the Java VM-based Spots to do whatever it is you want to build; examples of Spot applications developed so far include microwave detection, robotic-arm control, and slot-car control.

Technically a Sun SPOT has the following:

• a 3-axis accelerometer (with two range settings: 2G or 6G)
• a temperature sensor
• a light sensor
• 8 tri-color LEDs
• 6 analog inputs readable by an ADC
• 2 momentary switches
• 5 general purpose I/O pins and 4 high current output pins

Sun has also introduced a Sun SPOT Open Grant Program and a Request for Proposal is currently open. For details go here.

Sun Labs staff engineer, David G. Simmons, has an extremely helpful Sun SPOT blog that is worth checking out. And even YouTube has some 40 Sun SPOT videos with slot cars, a pumpkin that screams and talks when shaken, video games and more to check out. Also, for more on Sun SPOTs check out Roger Meike’s blog; he’s senior director of area 51 and director of operations at Sun Labs.

Portable applications are useful. You do not need to install them, carry them along with all the settings, forget about platforms, configurations, settings and most important liscencing.

There are a number of techniques to make portable apps. Thinstall uses an Application Virtualization Technique to achive that purpose. VMWare recently acquired it and the application is now available as freeware (for the time being atleast) under the name of Project North Star.

The application usage is as simple as running the installer of an application first. NorthStar will trace all the exe’s, dlls, registry changes, filesystem changes, policy changes and package them all into one installer or exe with optional separate configuration that you could then run directly into any other platform.

If you also have some applications that are incompatible with Vista, you could install them under XP and using NorthStar you could run them under Vista (since it is virtualization).

A nice beginner tutorial is on youtube here.
Another video for how to run different versions of Internet Explorer on the same desktop machine can be found here.

Usenix, the advanced computing systems association, has today announced open public access to all of its conference proceedings.

This is quite relevant to us (both students and professionals) working in Information Security, as Usenix Security Symposiums have been among the best technical conferences on the topic anywhere in the world. Unfortunately, most of the published material has only been accessible to Usenix members but that changed today.

All Usenix conference proceedings can be found at:
http://www.usenix.org/publications/library/proceedings/

 And specifically all security proceedings can be accessed from:
Usenix Security Symposium 2007 proceedings
Usenix Security Symposium 2006 proceedings
Usenix Security Symposium 2005 proceedings
Usenix Security Symposium 2004 proceedings
Usenix Security Symposium 2003 proceedings
Usenix Security Symposium 2002 proceedings
Usenix Security Symposium 2001 proceedings
Usenix Security Symposium 2000 proceedings
Usenix Security Symposium 1999 proceedings
Usenix Security Symposium 1998 proceedings
Usenix Security Symposium 1996 proceedings

For all *nix freaks who use windows for some reason or another, KDE has been ported to Windows and can be downloaded from here.

Blogged with Flock

Trying to search for a decent smart card reader seemed to be a much difficult task than i originally anticipated. Online shops from Hongkong and China are full of a range of both contact and contactless (rfid) card readers. Most of them however do not support the wide range of ISO standards (14443 A / B) and only work with a specific set of cards. Not to mention the trouble of proprietary buggy drivers (that too provided only for windows).

It came to me, however, as a pleasant surprise a few “open” projects which I would like to mention below and might be of interest to people doing any project in the related area.

OpenPCD: a free hardware design for Proximity Coupling Devices (PCD) based on 13.56MHz communication. This device is able to screen informations from Proximity Integrated Circuit Cards (PICC) conforming to vendor-independent standards such as ISO 14443, ISO 15693 as well as proprietary protocols such as Mifare Classic (specifically what I wanted). Contactless cards like these are for example used in the new electronic passports in European countries like Belgium.

The intention of the OpenPCD project is to offer the users full hardware control of the RFID signal and to provide different output signals for screening the communication. For instance, it is possible to program and replace the firmware with your own and a lot of good help and beginner tutorials are provided.

Cost around 119 Euros.

You will offcourse need a few cards (or RFID tags / chips) to test and develop. Cards and Tags come in different shapes and sizes and buying different categories of tags from one place is quite difficult and ordering a lot of tags from different places could be quite expensive (specially if you are a poor student like me). OpenPICC, Open Proximity Integrated Circuit Cards (PICC) is the counterpart to OpenPCD. It is a device that emulates 13.56MHz based RFID transponders / smartcards. OpenPICC can be used to e.g. simulate ISO 14443 or ISO 15693 transponders, such as those being used in biometric passports, Oyster Cards and Football tickets in UK.

Like OpenPCD, the hardware design and software are available under Free Licenses from here.

The biggest advantage of using a device like OpenPICC as a card / tag is that:

1. It is also equipped with a USB interface, so you can trace in realtime what the card reader is emitting.

2. Since Radio waves travel in open, you can also trace (sniff) the traffic between another card and reader which makes your research more powerful and stealthy.

Not to mention like the OpenPCD, OpenPICC is completely programmable with open source software and since all the design and ICs are public, you can replace them if they get damaged. In other card readers even a small damage would mean a complete replacement for your card reader.

Open Beacon: is a free design for an active RFID device which operates in the 2.4GHz ISM band. The device contains a unique serial number, but may have other information. OpenBeacon can be used as a transceiver device and therefore both transmits and receives radio waves. The project is to offer a wide range of use cases such as visitor or item tracking and wireless remote control with a free self-contained and low-cost RFID design.

Cost: around 85 Euros.

Blogged with Flock