Jason Javacards as secure objects network by Richard Brinkman

Javacards as secure objects network Compare to other chip cards Memory cards Smart cards Characteristics: Tamper proof 5 MHz processor 16 kB memory Multi-application Object Oriented

Javacards as secure objects network Card Hardware Javacard Virtual machine Libraries Applet Loader

Javacards as secure objects network.java files javac compiler.class files converter.cap file scriptgen.scr file apdutool smart card

Javacards as secure objects network Internet

Javacards as secure objects network Requirements: Simple to use Separation of concerns Lightweight Authenticity Confidentiality Role-based access control

Javacards as secure objects network Implementation public class PurseImpl implements Purse { private short balance; public PurseImpl() { balance = 0; } public short getBalance() { return balance; } public void decreaseBalance(short amount) balance -= amount; } public void increaseBalance(short amount) balance += amount; } public class PurseImpl implements Purse { private short balance; public PurseImpl() { balance = 0; } public short getBalance() { return balance; } public void decreaseBalance(short amount) balance -= amount; } public void increaseBalance(short amount) balance += amount; }

Javacards as secure objects network Java Interface File public interface Purse { public short getBalance(); public void decreaseBalance( short amount); public void increaseBalance( short amount); } public interface Purse { public short getBalance(); public void decreaseBalance( short amount); public void increaseBalance( short amount); }

Javacards as secure objects network Jason Definition File public interface Purse { roles MERCHANT, BANK, OWNER; accessible to OWNER, BANK public short getBalance(); accessible to MERCHANT public void decreaseBalance( authentic short amount); accessible to BANK public void increaseBalance( confidential authentic short amount); } public interface Purse { roles MERCHANT, BANK, OWNER; accessible to OWNER, BANK public short getBalance(); accessible to MERCHANT public void decreaseBalance( authentic short amount); accessible to BANK public void increaseBalance( confidential authentic short amount); }

Javacards as secure objects network Client application public class Client { public static void main(String[] args) { KeyStore keyStore =... Ans ans = new Ans(keyStore); Purse purse = (Purse) ans.getApplet(“example.purse.Purse”, Purse.ROLE_BANK); System.out.println(“Balance: ” + purse.getBalance()); purse.increaseBalance((short) 25); System.out.println(“Balance after increase: ” + purse.getBalance()); purse.decreaseBalance((short) 10); //Illegal!!! } public class Client { public static void main(String[] args) { KeyStore keyStore =... Ans ans = new Ans(keyStore); Purse purse = (Purse) ans.getApplet(“example.purse.Purse”, Purse.ROLE_BANK); System.out.println(“Balance: ” + purse.getBalance()); purse.increaseBalance((short) 25); System.out.println(“Balance after increase: ” + purse.getBalance()); purse.decreaseBalance((short) 10); //Illegal!!! }

Javacards as secure objects network Applet’s implementation Skeleton Key Store Application Stub Key Store Internet

Javacards as secure objects network Log in Select APDU Select response Client random + role Card random + {Client random} Kcard -1 {Card random} Krole -1 {Session key} Krole

Javacards as secure objects network Method Invocation SW Return value Freshness counter Signature Header Parameters Freshness counter Signature

Javacards as secure objects network ACP 1 ACP 2 PP 1 CP 2 AP 1 CP 1 AP 2 PP 1 CP 1 CP 2 ACP 1 ACP 2 AP 1 AP 2 PP 1

Javacards as secure objects network ACP 1 ACP 2 PP 1 CP 2 AP 1 CP 1 AP 2 PP 1 CP 1 CP 2 ACP 1 ACP 2 AP 1 AP 2 CP 1 CP 2 ACP 1 ACP 2 Padding ConfidentialPP 1

Javacards as secure objects network ACP 1 ACP 2 PP 1 CP 2 AP 1 CP 1 AP 2 PP 1 CP 1 CP 2 ACP 1 ACP 2 AP 1 AP 2 ConfidentialPP 1 AP 1 AP 2

Javacards as secure objects network ACP 1 ACP 2 PP 1 CP 2 AP 1 CP 1 AP 2 PP 1 CP 1 CP 2 ACP 1 ACP 2 AP 1 AP 2 ConfidentialPP 1 AP 1 AP 2 HeaderCounterParameters HeaderCounter Sign ACP 1 ACP 2 AP 1 AP 2

Conclusion Simple to use Concentrate on functionality Security has only to be verified once

Questions?