Jason Javacards as secure objects network by Richard Brinkman
Javacards as secure objects network Compare to other chip cards Memory cards Smart cards Characteristics: Tamper proof 5 MHz processor 16 kB memory Multi-application Object Oriented
Javacards as secure objects network Card Hardware Javacard Virtual machine Libraries Applet Loader
Javacards as secure objects network.java files javac compiler.class files converter.cap file scriptgen.scr file apdutool smart card
Javacards as secure objects network Internet
Javacards as secure objects network Requirements: Simple to use Separation of concerns Lightweight Authenticity Confidentiality Role-based access control
Javacards as secure objects network Implementation public class PurseImpl implements Purse { private short balance; public PurseImpl() { balance = 0; } public short getBalance() { return balance; } public void decreaseBalance(short amount) balance -= amount; } public void increaseBalance(short amount) balance += amount; } public class PurseImpl implements Purse { private short balance; public PurseImpl() { balance = 0; } public short getBalance() { return balance; } public void decreaseBalance(short amount) balance -= amount; } public void increaseBalance(short amount) balance += amount; }
Javacards as secure objects network Java Interface File public interface Purse { public short getBalance(); public void decreaseBalance( short amount); public void increaseBalance( short amount); } public interface Purse { public short getBalance(); public void decreaseBalance( short amount); public void increaseBalance( short amount); }
Javacards as secure objects network Jason Definition File public interface Purse { roles MERCHANT, BANK, OWNER; accessible to OWNER, BANK public short getBalance(); accessible to MERCHANT public void decreaseBalance( authentic short amount); accessible to BANK public void increaseBalance( confidential authentic short amount); } public interface Purse { roles MERCHANT, BANK, OWNER; accessible to OWNER, BANK public short getBalance(); accessible to MERCHANT public void decreaseBalance( authentic short amount); accessible to BANK public void increaseBalance( confidential authentic short amount); }
Javacards as secure objects network Client application public class Client { public static void main(String[] args) { KeyStore keyStore =... Ans ans = new Ans(keyStore); Purse purse = (Purse) ans.getApplet(“example.purse.Purse”, Purse.ROLE_BANK); System.out.println(“Balance: ” + purse.getBalance()); purse.increaseBalance((short) 25); System.out.println(“Balance after increase: ” + purse.getBalance()); purse.decreaseBalance((short) 10); //Illegal!!! } public class Client { public static void main(String[] args) { KeyStore keyStore =... Ans ans = new Ans(keyStore); Purse purse = (Purse) ans.getApplet(“example.purse.Purse”, Purse.ROLE_BANK); System.out.println(“Balance: ” + purse.getBalance()); purse.increaseBalance((short) 25); System.out.println(“Balance after increase: ” + purse.getBalance()); purse.decreaseBalance((short) 10); //Illegal!!! }
Javacards as secure objects network Applet’s implementation Skeleton Key Store Application Stub Key Store Internet
Javacards as secure objects network Log in Select APDU Select response Client random + role Card random + {Client random} Kcard -1 {Card random} Krole -1 {Session key} Krole
Javacards as secure objects network Method Invocation SW Return value Freshness counter Signature Header Parameters Freshness counter Signature
Javacards as secure objects network ACP 1 ACP 2 PP 1 CP 2 AP 1 CP 1 AP 2 PP 1 CP 1 CP 2 ACP 1 ACP 2 AP 1 AP 2 PP 1
Javacards as secure objects network ACP 1 ACP 2 PP 1 CP 2 AP 1 CP 1 AP 2 PP 1 CP 1 CP 2 ACP 1 ACP 2 AP 1 AP 2 CP 1 CP 2 ACP 1 ACP 2 Padding ConfidentialPP 1
Javacards as secure objects network ACP 1 ACP 2 PP 1 CP 2 AP 1 CP 1 AP 2 PP 1 CP 1 CP 2 ACP 1 ACP 2 AP 1 AP 2 ConfidentialPP 1 AP 1 AP 2
Javacards as secure objects network ACP 1 ACP 2 PP 1 CP 2 AP 1 CP 1 AP 2 PP 1 CP 1 CP 2 ACP 1 ACP 2 AP 1 AP 2 ConfidentialPP 1 AP 1 AP 2 HeaderCounterParameters HeaderCounter Sign ACP 1 ACP 2 AP 1 AP 2
Conclusion Simple to use Concentrate on functionality Security has only to be verified once
Questions?