jason javacards as secure objects network by richard brinkman

Jason

Javacards as secure objects network

by Richard Brinkman

Javacards as secureobjects network

Compare to other chip cards• Memory cards• Smart cards

Characteristics:• Tamper proof• 5 MHz processor• 16 kB memory• Multi-application• Object Oriented

Javacards as secureobjects network

Card Hardware

Javacard Virtual machineLibraries

Applet Applet Applet Loader

Javacards as secureobjects network

.java files javac compiler

.class files

converter.cap filescriptgen

.scr file apdutool smart card

Javacards as secureobjects network

Internet

Javacards as secureobjects network

Requirements:• Simple to use• Separation of concerns• Lightweight• Authenticity• Confidentiality• Role-based access control

Javacards as secureobjects network

Implementationpublic class PurseImpl implements Purse { private short balance;

public PurseImpl() { balance = 0; }

public short getBalance() { return balance; }

public void decreaseBalance(short amount) balance -= amount; } public void increaseBalance(short amount) balance += amount; }}

public class PurseImpl implements Purse { private short balance;

public PurseImpl() { balance = 0; }

public short getBalance() { return balance; }

public void decreaseBalance(short amount) balance -= amount; } public void increaseBalance(short amount) balance += amount; }}

Javacards as secureobjects network

Java Interface Filepublic interface Purse {

public short getBalance();

public void decreaseBalance( short amount);

public void increaseBalance( short amount); }

public interface Purse {

public short getBalance();

public void decreaseBalance( short amount);

public void increaseBalance( short amount); }

Javacards as secureobjects network

Jason Definition Filepublic interface Purse { roles MERCHANT, BANK, OWNER;

accessible to OWNER, BANK public short getBalance();

accessible to MERCHANT public void decreaseBalance( authentic short amount);

accessible to BANK public void increaseBalance( confidential authentic short amount); }

public interface Purse { roles MERCHANT, BANK, OWNER;

accessible to OWNER, BANK public short getBalance();

accessible to MERCHANT public void decreaseBalance( authentic short amount);

accessible to BANK public void increaseBalance( confidential authentic short amount); }

Javacards as secureobjects network

Client applicationpublic class Client { public static void main(String[] args) { KeyStore keyStore = ... Ans ans = new Ans(keyStore); Purse purse = (Purse) ans.getApplet(“example.purse.Purse”, Purse.ROLE_BANK); System.out.println(“Balance: ” + purse.getBalance()); purse.increaseBalance((short) 25); System.out.println(“Balance after increase: ” + purse.getBalance()); purse.decreaseBalance((short) 10); //Illegal!!! }}

public class Client { public static void main(String[] args) { KeyStore keyStore = ... Ans ans = new Ans(keyStore); Purse purse = (Purse) ans.getApplet(“example.purse.Purse”, Purse.ROLE_BANK); System.out.println(“Balance: ” + purse.getBalance()); purse.increaseBalance((short) 25); System.out.println(“Balance after increase: ” + purse.getBalance()); purse.decreaseBalance((short) 10); //Illegal!!! }}

Javacards as secureobjects network

Applet’simplementation

SkeletonKey Store

Application

StubKey Store

Internet

Javacards as secureobjects network

Log inSelect APDU

Select responseClient random + role

Card random + {Client random}Kcard

-1{Card random}Krole-1

{Session key}Krole

Javacards as secureobjects networkMethod Invocation

SWReturn valueFreshness counterSignature

HeaderParametersFreshness counterSignature

Javacards as secureobjects network

ACP1 ACP2PP1 CP2 AP1CP1 AP2

PP1 CP1 CP2 ACP1 ACP2 AP1 AP2

PP1

Javacards as secureobjects network

ACP1 ACP2PP1 CP2 AP1CP1 AP2

PP1 CP1 CP2 ACP1 ACP2 AP1 AP2

CP1 CP2 ACP1 ACP2 Padding

ConfidentialPP1

Javacards as secureobjects network

ACP1 ACP2PP1 CP2 AP1CP1 AP2

PP1 CP1 CP2 ACP1 ACP2 AP1 AP2

ConfidentialPP1 AP1 AP2

Javacards as secureobjects network

ACP1 ACP2PP1 CP2 AP1CP1 AP2

PP1 CP1 CP2 ACP1 ACP2 AP1 AP2

ConfidentialPP1 AP1 AP2

Header CounterParameters

Header Counter

Sign

ACP1 ACP2 AP1 AP2

Conclusion

Simple to use

Concentrate on functionality

Security has only to be verified once

Questions?