Muhammad Wasim Raad1 Smart Cards Operating Systems أنظمة التشغيل للبطاقات الذكية By: Dr Muhammad Wasim Raad Computer Engineering Department

Muhammad Wasim Raad2 Smart Chip Co-Processor & 3-DES Engine 16/32-bit RISC Processor Contact: ISO 7816 and USB ROM (96 KB) EEPROM (64+ KB) FLASH (64 KB) Power (1.8 Volt) Ground Clock Reset ISO 7816 I/O RAM (4 KB) MMU USB I/O DPA & SPA Resistant Logic Contactless: ISO 14443

Muhammad Wasim Raad3 ماهو نظام تشغيل البطاقة الذكية What is a COS?

Muhammad Wasim Raad4 Card OS Role وظيفة نظام تشغيل البطاقة

Muhammad Wasim Raad5 Transmission Protocol

Muhammad Wasim Raad6 File Architecture

Muhammad Wasim Raad7 File Architecture(Cont)

Muhammad Wasim Raad8 Command Sets

Muhammad Wasim Raad9 ISO Command Sets

Muhammad Wasim Raad10 Protocol Application Layer APDU Format

Muhammad Wasim Raad11 Access Conditions

Muhammad Wasim Raad12 Access Conditions Examples

Muhammad Wasim Raad13 Access Conditions Examples

Muhammad Wasim Raad14 Smart Card Operating Systems Smart card operating systems (SCOS) have little resemblance to desktop OS. SCOS supports a collection of instructions on which user applications can be built. ISO standardizes a wide range of instructions in the format of APDUs. Most SMOS supports File Systems

Muhammad Wasim Raad15 Very low amount of program code: 3-30KB ROM masks for OS need weeks for correcting errors The secure state of EEPROM has noticeable influence on design of OS

Muhammad Wasim Raad16 For example all retry counters must be designed such that their maximum value corresponds to the erased state of the EEPROM If this is not the case, it would be possible to reset counter to its initial value by intentionally removing the card during transaction

Muhammad Wasim Raad17 This type of attack can be resisted by proper coding of the counter or by making the process of writing the retry counter an atomic process Trap doors must be avoided Cryptographic functions must execute in very short time

Muhammad Wasim Raad18 OS can be loaded into EEPROM, but due to expensive EEPROM most OS is in ROM Almost all OS allow program code for additional commands or special cryptographic algorithms to be loaded into EEPROM during completion

Muhammad Wasim Raad19 OS must be able to automatically recognize the size of the EEPROM Technical implementation involves OS routine reading the manufacturer’s finishing data Current Smart Card OS is not able to adapt itself to varyations in size of ROM or RAM

Muhammad Wasim Raad20 Primary tasks of Smart card OS Transferring data to and from a smart card Controlling execution of commands Managing files Managing and executing cryptographic algorithms

Muhammad Wasim Raad21 Source: Z. Chen, “ Java Card Technology for Smart Cards ” Smart Card Communication Model * The card sends out an ATR (Answer to Reset) immediately after insertion. ** APDU stands for Application Protocol Data Unit (ISO ).

Muhammad Wasim Raad22 Smart Card File System (ISO ) MF DF EF DF EF DF MF Master File (root directory, must always be present) DF Dedicated File (directory file, can contain directory and data files) EF Elementary File (data file)

Muhammad Wasim Raad23 Smart Card File Names (ISO ) Reserved FIDs 3F00 MF root directory 0000 EF PIN and PUK # EF PIN and PUK # EF application keys 0011 EF management keys 0002 EF manufacturing info 0003 EF card ID info 0004 EF card holder info 0005 EF chip info 3FFF file path selection FFFF reserved for future use MF FID File Identifier (2 bytes) DF DF Name (1-16 Bytes) usually ISO AID EFShort-FID (5bits) FID File Identifier (2 bytes)

Muhammad Wasim Raad24 EEPROM pages 100'000 write cycles 64 byte page size Smart Card Internal File Structure EF Header Body –Header: file structure info, access control rights, pointer to data body content changes never or seldom, protected from erasure –Body: data, content might change often, many write operations pointer

Muhammad Wasim Raad25

Muhammad Wasim Raad26 MULTOS A high security architecture –Apps needing high security can reside next to apps needing low security Co-residence of multiple, inter-operable, platform independent applications Dynamic remote loading and deletion of applications over the lifetime of a card –Achieved using the language MEL (MULTOS Executable Language)

Muhammad Wasim Raad27 PC/SC Architecture designed to ensure the following work together even if made by different manufacturers: –smart cards –smart card readers –computers Differs from OpenCard because it offers API interoperability rather than uniform API Designed for Windows environment with development in Visual C++

Muhammad Wasim Raad28 Java card The Java Card specifications enable Java technology to run on smart cards and other devices Multi-Application Capable - Java Card technology enables multiple applications to co-exist securely on a single smart card Dynamic: - New applications can be installed securely Secure: - relies on the inherent security of the Java programming language to provide a secure execution environment. - platform's proven industry deployments and security evaluations ensure that card issuers benefit from the most capable and secure technology available today.

Muhammad Wasim Raad29 Java Card Platform independent Does not support issuer control Not secure enough for finantial applications

Muhammad Wasim Raad30 Java Card Architecture Components

Muhammad Wasim Raad31

Muhammad Wasim Raad32

Muhammad Wasim Raad33 applet Java Card I/O with APDUs Java Card platform applet terminal smartcard hardware command APDU, incl. applet ID OS selects applet and invokes its process method Applet sends response APDU applet executes

Muhammad Wasim Raad34 How can the SMART card help in new channels? Earning and redeeming rewards with Virtual Merchants To store personal data for covenience on-line To Secure Virtual World Shopping with Credit (Chip SecureCode) or e-Cash To Managing Finances Securely and Conveniently Virtual Health, Govt or other Services Entertainment on Demand

Muhammad Wasim Raad35 Proprietary Smart Card Operating Systems Chip Hardware B Chip Hardware A Proprietary OS A Proprietary OS B Native EMV Code Native Loyalty Code Data ROM E2 Native EMV Code Native EMV Code Native Loyalty Code Data ROM E2 l Proprietary Chip OS developed in “native” code - specific to underlying silicon - to access chip functions. OS often dedicated to performing a single specific function – e.g. EMV l OS code is fixed in the ROM of the chip, and cannot be changed after the chip is made. l Limited number of programmers able to make adaptations to proprietary OS – impact on time to market if changes / new functions required. l In order to multi-source silicon, native code must be redeveloped from scratch for new chip. Chip Hardware B Chip Hardware A

Muhammad Wasim Raad36 KILLER Applications

Muhammad Wasim Raad37 MULTOS The only OS obtaining ITSEC(E6) Very secure Multi-application support Requires Coprocessor for RSA makes it expensive

Muhammad Wasim Raad MULTOS VM MULTOS API MULTOS: The OPEN STANDARD smart card operating system Infineon Silicon ROM MULTOS VM MULTOS API Renesas Silicon ROM C Compiler Java Compiler / Translator MEL Editor  MULTOS defines a standard CHIP HARDWARE INDEPENDENT Smart Card Operating System:  Portable:  Develop applications ONCE and run on ANY MULTOS chip.  Open:  Develop in C or Java and Compile. API FREELY available. EMV PKI Application A E2PROM EMV PKI Application A E2PROM  Highest Hardware and OS Security Assurance:  ITSEC E6 High evaluated  MULTOS SCHEME facilitates management of multiple applications  Advanced Asymmetric Cryptographic mechanism

Muhammad Wasim Raad39 Open Platform (Card Manager & Security Domain) API Windows for Smart Card by Microsoft and Global Platform Java Card by Sun Micro and Global Platform Multos Credit/Debit WIMSIM Logical & Physical Access LoyaltyE-Purse oror Operating System Options MULTOS by Mondex International and MAOSCO Council

Muhammad Wasim Raad40

Muhammad Wasim Raad41