Jason

Jason Javacards as secure objects network by Richard Brinkman

Javacards as secureobjects network • Compare to other chip cards • Memory cards • Smart cards • Characteristics: • Tamper proof • 5 MHz processor • 16 kB memory • Multi-application • Object Oriented

Applet Applet Applet Loader Libraries Javacard Virtual machine Card Hardware Javacards as secureobjects network

Javacards as secureobjects network javac compiler .java files .class files .cap file scriptgen converter .scr file apdutool smart card

Internet Javacards as secureobjects network

Javacards as secureobjects network • Requirements: • Simple to use • Separation of concerns • Lightweight • Authenticity • Confidentiality • Role-based access control

Javacards as secureobjects network • Implementation public class PurseImpl implements Purse { private short balance; public PurseImpl() { balance = 0; } public short getBalance() { return balance; } public void decreaseBalance(short amount) balance -= amount; } public void increaseBalance(short amount) balance += amount; } }

Javacards as secureobjects network • Java Interface File public interface Purse { public short getBalance(); public void decreaseBalance( short amount); public void increaseBalance( short amount); }

Javacards as secureobjects network • Jason Definition File public interface Purse { roles MERCHANT, BANK, OWNER; accessible to OWNER, BANK public short getBalance(); accessible to MERCHANT public void decreaseBalance( authentic short amount); accessible to BANK public void increaseBalance( confidential authentic short amount); }

Javacards as secureobjects network • Client application public class Client { public static void main(String[] args) { KeyStore keyStore = ... Ans ans = new Ans(keyStore); Purse purse = (Purse) ans.getApplet(“example.purse.Purse”, Purse.ROLE_BANK); System.out.println(“Balance: ” + purse.getBalance()); purse.increaseBalance((short) 25); System.out.println(“Balance after increase: ” + purse.getBalance()); purse.decreaseBalance((short) 10); //Illegal!!! } }

Internet Javacards as secureobjects network Application Applet’s implementation Key Store Key Store Stub Skeleton

Select APDU Select response Client random + role Card random + {Client random}Kcard-1 {Card random}Krole-1 {Session key}Krole Javacards as secureobjects network Log in

Header Parameters Freshness counter Signature SW Return value Freshness counter Signature Javacards as secureobjects network Method Invocation

PP1 CP1 CP2 ACP1 ACP2 AP1 AP2 PP1 Javacards as secureobjects network ACP1 CP1 PP1 CP2 AP1 ACP2 AP2

Javacards as secureobjects network ACP1 CP1 PP1 CP2 AP1 ACP2 AP2 PP1 CP1 CP2 ACP1 ACP2 AP1 AP2 CP1 CP2 ACP1 ACP2 Padding PP1 Confidential

Javacards as secureobjects network ACP1 CP1 PP1 CP2 AP1 ACP2 AP2 PP1 CP1 CP2 ACP1 ACP2 AP1 AP2 PP1 Confidential AP1 AP2

Header Parameters Counter Javacards as secureobjects network ACP1 CP1 PP1 CP2 AP1 ACP2 AP2 PP1 CP1 CP2 ACP1 ACP2 AP1 AP2 Header Counter ACP1 ACP2 AP1 AP2 PP1 Confidential AP1 AP2 Sign

Conclusion • Simple to use • Concentrate on functionality • Security has only to be verified once

Questions?

Jason

Jason

Presentation Transcript

JASON MASTERS

Jason Grill

Jason Kaufman

Jason Godfrey

Jason Krieg

By Jason

Jason Aldean

Jason Donehower

Jason Wallace

Jason Mraz

Jason Renner

By: Jason

JASON CHEN

Jason Hutchens

Jason Wong

Jason

Jason Mirtl

Jason Linnell

By: Jason

Jason Wilson

Jason Clark (jason@essentialmath)