jason javacards as secure objects network by richard brinkman
Post on 19-Dec-2015
223 views
TRANSCRIPT
Jason
Javacards as secure objects network
by Richard Brinkman
Javacards as secureobjects network
Compare to other chip cards• Memory cards• Smart cards
Characteristics:• Tamper proof• 5 MHz processor• 16 kB memory• Multi-application• Object Oriented
Javacards as secureobjects network
Card Hardware
Javacard Virtual machineLibraries
Applet Applet Applet Loader
Javacards as secureobjects network
.java files javac compiler
.class files
converter.cap filescriptgen
.scr file apdutool smart card
Javacards as secureobjects network
Internet
Javacards as secureobjects network
Requirements:• Simple to use• Separation of concerns• Lightweight• Authenticity• Confidentiality• Role-based access control
Javacards as secureobjects network
Implementationpublic class PurseImpl implements Purse { private short balance;
public PurseImpl() { balance = 0; }
public short getBalance() { return balance; }
public void decreaseBalance(short amount) balance -= amount; } public void increaseBalance(short amount) balance += amount; }}
public class PurseImpl implements Purse { private short balance;
public PurseImpl() { balance = 0; }
public short getBalance() { return balance; }
public void decreaseBalance(short amount) balance -= amount; } public void increaseBalance(short amount) balance += amount; }}
Javacards as secureobjects network
Java Interface Filepublic interface Purse {
public short getBalance();
public void decreaseBalance( short amount);
public void increaseBalance( short amount); }
public interface Purse {
public short getBalance();
public void decreaseBalance( short amount);
public void increaseBalance( short amount); }
Javacards as secureobjects network
Jason Definition Filepublic interface Purse { roles MERCHANT, BANK, OWNER;
accessible to OWNER, BANK public short getBalance();
accessible to MERCHANT public void decreaseBalance( authentic short amount);
accessible to BANK public void increaseBalance( confidential authentic short amount); }
public interface Purse { roles MERCHANT, BANK, OWNER;
accessible to OWNER, BANK public short getBalance();
accessible to MERCHANT public void decreaseBalance( authentic short amount);
accessible to BANK public void increaseBalance( confidential authentic short amount); }
Javacards as secureobjects network
Client applicationpublic class Client { public static void main(String[] args) { KeyStore keyStore = ... Ans ans = new Ans(keyStore); Purse purse = (Purse) ans.getApplet(“example.purse.Purse”, Purse.ROLE_BANK); System.out.println(“Balance: ” + purse.getBalance()); purse.increaseBalance((short) 25); System.out.println(“Balance after increase: ” + purse.getBalance()); purse.decreaseBalance((short) 10); //Illegal!!! }}
public class Client { public static void main(String[] args) { KeyStore keyStore = ... Ans ans = new Ans(keyStore); Purse purse = (Purse) ans.getApplet(“example.purse.Purse”, Purse.ROLE_BANK); System.out.println(“Balance: ” + purse.getBalance()); purse.increaseBalance((short) 25); System.out.println(“Balance after increase: ” + purse.getBalance()); purse.decreaseBalance((short) 10); //Illegal!!! }}
Javacards as secureobjects network
Applet’simplementation
SkeletonKey Store
Application
StubKey Store
Internet
Javacards as secureobjects network
Log inSelect APDU
Select responseClient random + role
Card random + {Client random}Kcard
-1{Card random}Krole-1
{Session key}Krole
Javacards as secureobjects networkMethod Invocation
SWReturn valueFreshness counterSignature
HeaderParametersFreshness counterSignature
Javacards as secureobjects network
ACP1 ACP2PP1 CP2 AP1CP1 AP2
PP1 CP1 CP2 ACP1 ACP2 AP1 AP2
PP1
Javacards as secureobjects network
ACP1 ACP2PP1 CP2 AP1CP1 AP2
PP1 CP1 CP2 ACP1 ACP2 AP1 AP2
CP1 CP2 ACP1 ACP2 Padding
ConfidentialPP1
Javacards as secureobjects network
ACP1 ACP2PP1 CP2 AP1CP1 AP2
PP1 CP1 CP2 ACP1 ACP2 AP1 AP2
ConfidentialPP1 AP1 AP2
Javacards as secureobjects network
ACP1 ACP2PP1 CP2 AP1CP1 AP2
PP1 CP1 CP2 ACP1 ACP2 AP1 AP2
ConfidentialPP1 AP1 AP2
Header CounterParameters
Header Counter
Sign
ACP1 ACP2 AP1 AP2
Conclusion
Simple to use
Concentrate on functionality
Security has only to be verified once
Questions?