170 likes | 370 Views
Java Card Introduction. Pieter Hartel. (Read: Z. Chen, Java Card Technology for Smart Cards, Ch 3&9, Addison Wesley, Reading, Massachusetts, 2000). Overview. Java Java Card. Java. High-level OO language Designed for mobility Large footprint Good tools, APIs. Balance: Feb 3: $8.00
E N D
Java Card Introduction Pieter Hartel (Read: Z. Chen, Java Card Technology for Smart Cards, Ch 3&9, Addison Wesley, Reading, Massachusetts, 2000)
Overview • Java • Java Card
Java • High-level OO language • Designed for mobility • Large footprint • Good tools, APIs
Balance: Feb 3: $8.00 Feb 4: $2.00 Feb 6: $7.00- What is Java Safety? • Definition: nothing bad will happen • Type safety • Memory safety • Java safety is limited
What is Java Security? • Definition: controlled access to resources • Security policy • Security mechanisms • Trust requires auditing
Parsing Type checking Code generation Class loading Byte code verification Execution How is Java implemented? Java program Byte code class file compiler interpreter
Nothing here Arbitrary instructions here Java and JVM security differ Java: Point p = new Point (1,0); JVM: 0 new Point 3 dup 4 iconst_1 5 iconst_0 6 invokespecial Point(int,int)
Supported Java Features Small primitive data types: bool, byte, short One-dimensional arrays Java packages, classes, interfaces, exceptions Java object-oriented features: inheritance, virtual methods, overloading, dynamic object creation, etc. The int keyword and 32-bit integer data type support are optional. Unsupported Java Features Large primitive data types: long, double, float Characters and strings Multidimensional arrays Dynamic class loading Security manager Garbage collection and finalization Threads Object serialization Object cloning Differences Java and Java card
Class loading Byte code verification CAP file generation Digital signature Class loading Signature verification Execution How is Java Card implemented? Byte code class file ‘Byte codes’ Cap file converter installer
Life cycle • JCRE never stops • APDU determines applet
Features • Persistent and transient objects • Transactions • Applet firewall and controlled object sharing • Cryptography
4 public void process(APDU apdu){ 6 byte[] buffer = apdu.getBuffer(); 7 byte cla = buffer[ISO7816.OFFSET_CLA]; 8 byte ins = buffer[ISO7816.OFFSET_INS]; 12 short bytesLeft = (short) (buffer[ISO7816.OFFSET_LC] & 0x00FF); 13 if(bytesLeft < (short)55) ISOException.throwIt( ISO7816.SW_WRONG_LENGTH ); 15 short readCount = apdu.setIncomingAndReceive(); 16 while(bytesLeft > 0){ 18 bytesLeft -= readCount; 19 readCount = apdu.receiveBytes (ISO7816.OFFSET_CDATA); 20 } 29 short le = apdu.setOutgoing(); 30 if(le < (short)2) ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); 31 apdu.setOutgoingLength( (short)3 ); 34 buffer[0] = (byte)1; buffer[1] = (byte)2; buffer[3] = (byte)3; 35 apdu.sendBytes ( (short)0 , (short)3 ); 37 } apdu.cla(); throw new WrongLength(); 2 Do not alter the buffer! Process Method
Applet firewall Context switch
Conclusions • High-level • Smart card limitations visible • Widely supported