1 / 18

Secure Method Invocation in JASON

Secure Method Invocation in JASON. Contents. JavaCard: Promises and Problems JASON vision JASON secure method invocation Discussion. JavaCard: Promises and Problems. Promises Object oriented programming of smart card applications

piera
Download Presentation

Secure Method Invocation in JASON

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Method Invocation in JASON

  2. Contents • JavaCard: Promises and Problems • JASON vision • JASON secure method invocation • Discussion J.H. Hoepman Secure Method Invocation in JASON

  3. JavaCard: Promises and Problems • Promises • Object oriented programming of smart card applications • Better chance of application separation through Java Virtual Machine • Problems • Object orientation invisible outside smart card. Still the same paradigm: • Select application • Send APDU command J.H. Hoepman Secure Method Invocation in JASON

  4. JASON Vision “Javacards As Secure Objects Network” • Objectives • Viewing a smart card system as a collection of named, networked, objects • Truly object-oriented smart card programming • Automatically enforce security requirements at method granularity as specified by programmer …towards a smart card OS… J.H. Hoepman Secure Method Invocation in JASON

  5. Related work • JCCAP (VandeWalle) • Capability based access control • VISA Open Platform Specification • Secure loading, installation and deletion of smart card applications • PC/SC / OpenCard • Transparently handle multiple smart cards • JiniCard • Download terminal plugins to accept any smart card J.H. Hoepman Secure Method Invocation in JASON

  6. JASON Secure Method Invocation • Role based access control • Independent, per method • Role = ownership of key • Protecting parameters and results • Confidentiality • Authenticity • Integrity • no-replay J.H. Hoepman Secure Method Invocation in JASON

  7. JASON Architecture terminal card capplet keys stub skel dispatcher dispatcher APDU J.H. Hoepman Secure Method Invocation in JASON

  8. Generating stubs/skeleton • JASON Definition File • JAVA Interface • Specify roles at start of class file • Extra keywords • accessible to <roles> • authentic <respar> • confidential “ java skeleton JASON definition file compiler java stub J.H. Hoepman Secure Method Invocation in JASON

  9. Example: specifying a purse public interface Purse {roles: BANK, MERCHANT, OWNER ; accessible to ALL: confidential authentic short getBalance () ; accessible to MERCHANT authentic void decreaseBalance ( authentic short amount ) ; accessible to BANK authentic void increaseBalance ( confidential authentic short amount ) ; } J.H. Hoepman Secure Method Invocation in JASON

  10. The authentic keyword • Guarantees • Authenticity • Integrity • Freshness • No replay • For results • It guarantees that the called method was actually executed at this time in the proper way with the intended side effect • cf. a decrease purse command J.H. Hoepman Secure Method Invocation in JASON

  11. Example: calling a purse try { Purse purse = (Purse) SMINaming.connect("smi://smartcard/Purse" , Purse.MERCHANT, purseKeyStore) ; try { purse.decreaseBalance(10); System.out.println("You have paid"); } catch (UserException ue) { System.out.println ("Transaction failed. You have not paid."); } } catch (RemoteException re) { System.out.println("Failed to connect to service."); } J.H. Hoepman Secure Method Invocation in JASON

  12. Behind the scenes (1) • Connect(<servicename>,<role>) • Negotiate ciphers • Authenticate caller role • Establish authenticated caller/callee id’s • Exchange session keys privately • Return handle of skeleton J.H. Hoepman Secure Method Invocation in JASON

  13. Behind the scenes (2) • Method call • stub converts call to secured APDU stream (only when necessary) • Using session keys and message counters • Dispatcher forwards APDU stream to skeleton • skeleton verifies/decrypts parameters and calls method J.H. Hoepman Secure Method Invocation in JASON

  14. Behind the scenes (3) • Cryptography • Keys in separate key file • Authentication based on • Public key crypto • (Diversified) symmetric key crypto • Determined by key type in key file • Symmetric session keys J.H. Hoepman Secure Method Invocation in JASON

  15. Behind the scenes (4) • Efficient protection by reshuffling J.H. Hoepman Secure Method Invocation in JASON

  16. SMI vs RMI… stub SMI stub or RMI RMI stub or SMI RMI SMI J.H. Hoepman Secure Method Invocation in JASON

  17. Discussion • SMI Extensions • Transaction support • Transaction tickets • Logging & auditing • Naming and brokerage • Not finalised yet • Multi-threading method calls • Outbound calls too • JASON not limited to smart cards • Client-server • Embedded/Ambient systems J.H. Hoepman Secure Method Invocation in JASON

  18. Closing remarks http://www.cs.kun.nl/~jhh/jason.html J.H. Hoepman Secure Method Invocation in JASON

More Related