180 likes | 323 Views
Secure Method Invocation in JASON. Contents. JavaCard: Promises and Problems JASON vision JASON secure method invocation Discussion. JavaCard: Promises and Problems. Promises Object oriented programming of smart card applications
E N D
Contents • JavaCard: Promises and Problems • JASON vision • JASON secure method invocation • Discussion J.H. Hoepman Secure Method Invocation in JASON
JavaCard: Promises and Problems • Promises • Object oriented programming of smart card applications • Better chance of application separation through Java Virtual Machine • Problems • Object orientation invisible outside smart card. Still the same paradigm: • Select application • Send APDU command J.H. Hoepman Secure Method Invocation in JASON
JASON Vision “Javacards As Secure Objects Network” • Objectives • Viewing a smart card system as a collection of named, networked, objects • Truly object-oriented smart card programming • Automatically enforce security requirements at method granularity as specified by programmer …towards a smart card OS… J.H. Hoepman Secure Method Invocation in JASON
Related work • JCCAP (VandeWalle) • Capability based access control • VISA Open Platform Specification • Secure loading, installation and deletion of smart card applications • PC/SC / OpenCard • Transparently handle multiple smart cards • JiniCard • Download terminal plugins to accept any smart card J.H. Hoepman Secure Method Invocation in JASON
JASON Secure Method Invocation • Role based access control • Independent, per method • Role = ownership of key • Protecting parameters and results • Confidentiality • Authenticity • Integrity • no-replay J.H. Hoepman Secure Method Invocation in JASON
JASON Architecture terminal card capplet keys stub skel dispatcher dispatcher APDU J.H. Hoepman Secure Method Invocation in JASON
Generating stubs/skeleton • JASON Definition File • JAVA Interface • Specify roles at start of class file • Extra keywords • accessible to <roles> • authentic <respar> • confidential “ java skeleton JASON definition file compiler java stub J.H. Hoepman Secure Method Invocation in JASON
Example: specifying a purse public interface Purse {roles: BANK, MERCHANT, OWNER ; accessible to ALL: confidential authentic short getBalance () ; accessible to MERCHANT authentic void decreaseBalance ( authentic short amount ) ; accessible to BANK authentic void increaseBalance ( confidential authentic short amount ) ; } J.H. Hoepman Secure Method Invocation in JASON
The authentic keyword • Guarantees • Authenticity • Integrity • Freshness • No replay • For results • It guarantees that the called method was actually executed at this time in the proper way with the intended side effect • cf. a decrease purse command J.H. Hoepman Secure Method Invocation in JASON
Example: calling a purse try { Purse purse = (Purse) SMINaming.connect("smi://smartcard/Purse" , Purse.MERCHANT, purseKeyStore) ; try { purse.decreaseBalance(10); System.out.println("You have paid"); } catch (UserException ue) { System.out.println ("Transaction failed. You have not paid."); } } catch (RemoteException re) { System.out.println("Failed to connect to service."); } J.H. Hoepman Secure Method Invocation in JASON
Behind the scenes (1) • Connect(<servicename>,<role>) • Negotiate ciphers • Authenticate caller role • Establish authenticated caller/callee id’s • Exchange session keys privately • Return handle of skeleton J.H. Hoepman Secure Method Invocation in JASON
Behind the scenes (2) • Method call • stub converts call to secured APDU stream (only when necessary) • Using session keys and message counters • Dispatcher forwards APDU stream to skeleton • skeleton verifies/decrypts parameters and calls method J.H. Hoepman Secure Method Invocation in JASON
Behind the scenes (3) • Cryptography • Keys in separate key file • Authentication based on • Public key crypto • (Diversified) symmetric key crypto • Determined by key type in key file • Symmetric session keys J.H. Hoepman Secure Method Invocation in JASON
Behind the scenes (4) • Efficient protection by reshuffling J.H. Hoepman Secure Method Invocation in JASON
SMI vs RMI… stub SMI stub or RMI RMI stub or SMI RMI SMI J.H. Hoepman Secure Method Invocation in JASON
Discussion • SMI Extensions • Transaction support • Transaction tickets • Logging & auditing • Naming and brokerage • Not finalised yet • Multi-threading method calls • Outbound calls too • JASON not limited to smart cards • Client-server • Embedded/Ambient systems J.H. Hoepman Secure Method Invocation in JASON
Closing remarks http://www.cs.kun.nl/~jhh/jason.html J.H. Hoepman Secure Method Invocation in JASON