Presentation is loading. Please wait.

Presentation is loading. Please wait.

6/1/2015 Smart card research: beyond OS and security an industrial perspective with a software point of view Jean-Jacques Vandewalle Systems Research Labs.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "6/1/2015 Smart card research: beyond OS and security an industrial perspective with a software point of view Jean-Jacques Vandewalle Systems Research Labs."— Presentation transcript:

1 6/1/2015 Smart card research: beyond OS and security an industrial perspective with a software point of view Jean-Jacques Vandewalle Systems Research Labs

2 2 Smart card research: beyond OS and security Goals of this talk To understand current smart card research context To motivate and highlight research perspectives that come from the evolution of smart card platforms To arouse discussions, project ideas, new applications of results, etc.

3 3 Smart card research: beyond OS and security First view on smart cards Most smart/secure/cheap/convenient...embedded devices Most constrained/particular/difficult to...embedded devices Embed fixed native functions or is an open platform (Java,.NET) enabling post-issuance of applications Realize complex operations (security-related, VM) with limited processor, few energy, and small memories Are produced by specialists because of specific chip features, addressable but slow NVM, soft and hard counter-measures to attacks, and conformance to legacy standards (ISO 7816) Though mass-produced, have a complex lifecycle from mask burning up to one-per-one personalization Interact with external devices through specific protocols

4 4 Smart card research: beyond OS and security Current research Richer OS capabilities Multithreading Automatic garbage collection Real time Power management Powerful open platforms High level language with complex runtime (JVM,.Net) Standard communication stack (TCP/IP) Validation and verification Test generation using models Provable properties (security model, applet correctness) Secure platform Code verifications (type safety) Access control (information flow) Resources usage guarantees (memory, CPU)

5 5 Smart card research: beyond OS and security Banking E-Government Mass Transit Mobile Telecommunications Public Telephony W-LAN Access control Digital Rights Management Enterprise Security Retail Current usage

6 6 Smart card research: beyond OS and security Current research targets an open platform  highly secure  embedding rich OS features  directly connectable to WAN Current usage is still limited to  user authentication and cryptographic functions  fixed functionality with few dynamic evolution  behind-the-scene network usage A paradoxical situation? …Research is in advance, or complementary research is needed?

7 7 Smart card research: beyond OS and security Second view on smart cards Secure open smart card platforms enable the usage of smart cards as portable (mobile) personal service platforms In such a perspective two issues and needs appear  What should be the platform framework? A framework to deliver services over WAN to card devices and to administer smart card platform and services  How card services should be deployed? An integration architecture to deploy smart card services within services infrastructure

8 8 Smart card research: beyond OS and security Framework requirements To allow services to be remotely delivered and administered onto (possible multi-operated) open smart cards To allow multiple services to cooperatively share a common framework and execution environment To be an OS-neutral way of delivering and administering services To be agnostic about  the model of the application implemented by a service (server, client, daemon, agent, etc.)  the policies implied in services management: for instance, the life-cycle policy or the security policy

9 9 Smart card research: beyond OS and security Framework illustrated Application services Shared Service Appli. FwAppli. Fw. Services operated by the platform Platform Framework Platform manager Framework OS Hardware platformCommunication means Platform

10 10 Smart card research: beyond OS and security Framework research Current smart card framework (JC 2.2, GP, STK) are limited to current OS capabilities and defines one way to deliver and administer card services Industry-standard framework such as OSGi (for home or vehicle gateways) targets larger platforms and does not deal with smart card specificity  complex platform life-cycle  persitent memory model Future open platforms will clearly need a framework, basic services and a platform manager  that takes benefits from improved card OS features  to support both card specificity and an unlimited variety of services

11 11 Smart card research: beyond OS and security Integration architecture (1) Smart card services are useless if they don’t participate in distributed transactions with other services in their environment Client applications Card service Backend Server Infrastructure

12 12 Smart card research: beyond OS and security Integration architecture (2) So far, card services have been deployed in controlled environment (telecom operator, bank, or government network) limiting the interest of card services within the managed environment Open services infrastructure tends to federate multiple services by supporting the discovery of, the connection to and the communication with services from client applications Open smart cards can leverage such infrastructure to deploy their services thanks to an integration architecture

13 13 Smart card research: beyond OS and security Integration illustrated with Web Intranet Smart Card Card Service Card Framework Card Intermediary Agent Applet Proxy + Servlet Deploy Get / Post Messages Service Object Enterprise Application Server Service Descriptions Service Agents Back-end Server Service Agent Service Agents Servlet Bundle Messages Appli. Application or Web Browser Client Machine CMS

14 14 Smart card research: beyond OS and security Integration illustrated with Jini Jini Appli. Application or Jini Finder Client Machine Smart Card Card Service Card Framework Card Intermediary Agent Service Proxy + Service Object Join Lookup Messages Service Object Lookup Service Service Descriptions Service Agents CMS Back-end Server Service Agent Applet Agents Service Object

15 15 Smart card research: beyond OS and security Integration research Previous illustrations are just example of deployment schemes for dynamic announcement of legacy smart card services  Simpler schemes might be investigated with card services globally reachable or directly accessible without intermediary  More complex schemes might be investigated taking into account federation of multiple services transactional context, security requirements, etc…

16 16 Smart card research: beyond OS and security Third view on smart cards Smart cards are either Open platform Native platform secure post-issuance confined pre-issuance generic card OS all-in-one OS and applis application server-like romized applications portability and interop. ad-hoc specifications rapid developmentlong development cycle The two alternatives are costly  Open cards requires big chip and complex OS  Native cards require to redevelop the OS along with applications Native cards are still necessary to provide the “right platform at the right price” to customers saying: “I don’t need an open platform with post-issuance, GC, rich APIs etc. I don’t want to pay the price for those things!”

17 17 Smart card research: beyond OS and security Open platform adaptation The idea consists in leveraging on the full-fledged open platform to produce “custom” smart card editions thanks to an automated process Platform adaptation requirements  A careful platform design with adaptation in mind Uniformity at the basics, (un)pluggable components, generative programming, A/S-OP for platform code,…  Instrumentation techniques to produce a custom edition with the only required system data and code for running the targeted applications Code specialization, romization, memory initialization, conditional compilation,…  Relevant data analysis to feed the automated adaptation process with right inputs

18 18 Smart card research: beyond OS and security Platform adaptation illustrated Serialize application fw libraries & application codes Tweak the platform components ROMize all the codes and data Apply drastic static optimizations Classes Repository Loader Converter Linker Code Optimizer Execution Engine (De-)Serializer ROMizer Memory management Hardware Support Core & System ClassesShell Scheduler Communication Stack Debugger Standalone Application Model 1Model 2Model 3 Application Development Developer edition Win/Linux platform(s) Develop, debug, optimize, and test applications Experiment different application framework Benefits from full-fledged platform Appli. Mgt Classes Repository Loader Converter Linker Code Optimizer Execution Engine Serializer ROMizer Memory management Hardware Suppott Core & System ClassesShell Scheduler Communication Stack Pre-issued Application Classes Pilot/Real Deployment Post-issuance edition high-end cards Deploy, connect, comm- unicate with applications Keep the full-fledged platform framework Allow patches and removal/additions of codes Appli. Mgt Classes Repository Loader Converter Linker Code Optimizer Execution Engine Serializer ROMizer Memory management Hardware Support Core & System ClassesShell Scheduler Communication Stack Application Classes Real Deployment Minimal edition low-end cards Produce, initialize, personalize card & applications Keep only the platform manager part that allow to monitor the card (e.g.) Appli. Mgt

19 19 Smart card research: beyond OS and security What we have seen Current smart card research focuses on  Rich operating system features in small devices  High level of confidence on the card platform thanks to security, validation, and verification techniques To provide their full potential (and meet business applications?), such secure open card platforms might be complemented by research initiatives targeting  A platform framework to operate multiple services  Integration architectures to deploy card services in services infrastructure  Adaptation techniques for producing an optimized application-specific system from an open system

20 20 Smart card research: beyond OS and security Final view on smart cards The position of future open smart cards is between  High-end electronic consumer products embedding An operating system kernel (Symbian, Embedded Linux,.Net kernel, etc.)  Generally proprietary and sometimes real-time A well-defined and runtime edition (J2ME CLDC/CDC,.Net compact) on top of an underlying operating system  Generally over-sized and difficult to optimize  With network connectivity capabilities Some dedicated profiles (APIs and application models)  Targeting dedicated markets (mobile phone, terminals, etc.)  Low-end embedded consumer products with No general-purpose operating system Closed framework and poor (no) connectivity Ad hoc hand-written functionality

21 21 Smart card research: beyond OS and security Platform outcomes A deployed platform for open and connected “in-the- middle” embedded devices  E.g., next-generation smart cards, smart toys, automotive, operated appliances,...  Benefits: rich and secure OS for small device with an open platform framework and integration architecture A production platform to produce dedicated “Software System on Chip”  With all-in-one OS and applications code produced from the full-fledged platform, then optimized and adapted from applications requirements and to chip characteristics  E.g., native smart cards, traditional appliances,...  Benefits: huge market, alternative to hand-written code

22 22 Smart card research: beyond OS and security Conclusion Smart card researches are at the forefront of research to design computing platforms in very small devices Ambiant computing relies on a connected network of small computing devices providing services that are federated to work together for a given purpose Smart cards can be an interesting research test bed to work on some of the required technologies for ambiant computing  Secure powerful open platform, generated application-specific platforms  Framework for operated devices  Integration architecture in services infrastructures Personal computing M2M H2M interfaces Embedded systems network

23 6/1/2015 Thank you! Any question? www.gemplus.com jean-jacques.vandewalle@research.gemplus.com

Download ppt "6/1/2015 Smart card research: beyond OS and security an industrial perspective with a software point of view Jean-Jacques Vandewalle Systems Research Labs."

Similar presentations

Operating Systems Components of OS

Operating Systems Components of OS
Embedded System Lab. What is an embedded systems? An embedded system is a computer system designed for specific control functions within a larger system,

Embedded System Lab. What is an embedded systems? An embedded system is a computer system designed for specific control functions within a larger system,
© 2014 Cognizant 4 th March 2015 MBaaS: Mobile Backend as a Service Pablo Gutiérrez / Senior Mobility developer.

© 2014 Cognizant 4 th March 2015 MBaaS: Mobile Backend as a Service Pablo Gutiérrez / Senior Mobility developer.
Gemplus and OSGI Benjamin Maury 10.23.03. Gemplus Introduction  World Leader for Smart Card Solutions  Smart Solutions in Telecommunications  Beyond.

Gemplus and OSGI Benjamin Maury Gemplus Introduction  World Leader for Smart Card Solutions  Smart Solutions in Telecommunications  Beyond.
Clouds C. Vuerli Contributed by Zsolt Nemeth. As it started.

Clouds C. Vuerli Contributed by Zsolt Nemeth. As it started.
A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.

A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.
The road to reliable, autonomous distributed systems

The road to reliable, autonomous distributed systems
Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.

Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.
Chapter 17: Client/Server Computing Business Data Communications, 4e.

Chapter 17: Client/Server Computing Business Data Communications, 4e.
JAVA Technology. Java Technology Java technology is a portfolio of products that are based on the power of networks and the idea that the same software.

JAVA Technology. Java Technology Java technology is a portfolio of products that are based on the power of networks and the idea that the same software.
1 Pertemuan 13 Servers for E-Business Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi: >

1 Pertemuan 13 Servers for E-Business Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi: >
OSGi: Open Services Gateway Initiative Richard Chapman 5 Sept. 2002.

OSGi: Open Services Gateway Initiative Richard Chapman 5 Sept
Chapter 6 SECURE WIRELESS PERSONAL NETWORKS: HOME EXTENDED TO ANYWHERE.

Chapter 6 SECURE WIRELESS PERSONAL NETWORKS: HOME EXTENDED TO ANYWHERE.
Chapter 13 Embedded Systems

Chapter 13 Embedded Systems
Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System architectures Updated: November 2014.

Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System architectures Updated: November 2014.
V1.00 © 2009 Research In Motion Limited Introduction to Mobile Device Web Development Trainer name Date.

V1.00 © 2009 Research In Motion Limited Introduction to Mobile Device Web Development Trainer name Date.
The Architecture of Transaction Processing Systems

The Architecture of Transaction Processing Systems
Cambodia-India Entrepreneurship Development Centre - : :.... :-:-

Cambodia-India Entrepreneurship Development Centre - : :.... :-:-
2° cycle degree programme (lm) in Telecommunications Engineering Principles Models and Applications for Distributed Systems Prof. Maurelio Boari

2° cycle degree programme (lm) in Telecommunications Engineering Principles Models and Applications for Distributed Systems Prof. Maurelio Boari
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 12 Slide 1 Distributed Systems Design 1.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 12 Slide 1 Distributed Systems Design 1.

Similar presentations

Ads by Google