C&ESAR 2008

I was present only at the last day of this conference. It recently changed its name from former “Journées du CELAR”. It remains mostly a French conference. What did I prefer in this day:

  • A very good introduction to contactless cards (smart card and RFID tags) with a nice list of threats and some countermeasures. The presentation was not highly technical but nevertheless complete. In the future of countermeasures, I loved the idea to embed micro batteries for having some margins for security measures. This will help in solving atomicity problems (a nightmare when designing a secure implementation of communication protocols).
  • LANET (University of Limoges) presented a detailed attack on JavaCard bypassing the sandboxing to dump instructions. Nice work, although not applicable to modern cards
  • DCSSI presented their preferred solution for electronic vote. The speaker clearly stated that he would rather not use electronic vote because it will never be 100% secure. Political pressures require such solutions.

I always thought that security people would be paranoid. It seems I am wrong. As usual in conferences, people use their laptops even to do sometimes mail. I was surprised of the number of people who do not use a confidentiality filter. My direct neighbors were from DGA (Direction Générale de l’Armement). They openly shoulder surfed the mails of person before them. He was not from the DGA. Companies should be default equip the computers from their travelers with such filters. I must confess that THOMSON does not. You have to ask for one.

Leave a Reply

Your email address will not be published. Required fields are marked *