1 / 19

Jason

Jason. Javacards as secure objects network. by Richard Brinkman. Javacards as secure objects network. Compare to other chip cards Memory cards Smart cards Characteristics: Tamper proof 5 MHz processor 16 kB memory Multi-application Object Oriented. Applet. Applet. Applet. Loader.

cilicia-romeo
Télécharger la présentation

Jason

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Jason Javacards as secure objects network by Richard Brinkman

  2. Javacards as secureobjects network • Compare to other chip cards • Memory cards • Smart cards • Characteristics: • Tamper proof • 5 MHz processor • 16 kB memory • Multi-application • Object Oriented

  3. Applet Applet Applet Loader Libraries Javacard Virtual machine Card Hardware Javacards as secureobjects network

  4. Javacards as secureobjects network javac compiler .java files .class files .cap file scriptgen converter .scr file apdutool smart card

  5. Internet Javacards as secureobjects network

  6. Javacards as secureobjects network • Requirements: • Simple to use • Separation of concerns • Lightweight • Authenticity • Confidentiality • Role-based access control

  7. Javacards as secureobjects network • Implementation public class PurseImpl implements Purse { private short balance; public PurseImpl() { balance = 0; } public short getBalance() { return balance; } public void decreaseBalance(short amount) balance -= amount; } public void increaseBalance(short amount) balance += amount; } }

  8. Javacards as secureobjects network • Java Interface File public interface Purse { public short getBalance(); public void decreaseBalance( short amount); public void increaseBalance( short amount); }

  9. Javacards as secureobjects network • Jason Definition File public interface Purse { roles MERCHANT, BANK, OWNER; accessible to OWNER, BANK public short getBalance(); accessible to MERCHANT public void decreaseBalance( authentic short amount); accessible to BANK public void increaseBalance( confidential authentic short amount); }

  10. Javacards as secureobjects network • Client application public class Client { public static void main(String[] args) { KeyStore keyStore = ... Ans ans = new Ans(keyStore); Purse purse = (Purse) ans.getApplet(“example.purse.Purse”, Purse.ROLE_BANK); System.out.println(“Balance: ” + purse.getBalance()); purse.increaseBalance((short) 25); System.out.println(“Balance after increase: ” + purse.getBalance()); purse.decreaseBalance((short) 10); //Illegal!!! } }

  11. Internet Javacards as secureobjects network Application Applet’s implementation Key Store Key Store Stub Skeleton

  12. Select APDU Select response Client random + role Card random + {Client random}Kcard-1 {Card random}Krole-1 {Session key}Krole Javacards as secureobjects network Log in

  13. Header Parameters Freshness counter Signature SW Return value Freshness counter Signature Javacards as secureobjects network Method Invocation

  14. PP1 CP1 CP2 ACP1 ACP2 AP1 AP2 PP1 Javacards as secureobjects network ACP1 CP1 PP1 CP2 AP1 ACP2 AP2

  15. Javacards as secureobjects network ACP1 CP1 PP1 CP2 AP1 ACP2 AP2 PP1 CP1 CP2 ACP1 ACP2 AP1 AP2 CP1 CP2 ACP1 ACP2 Padding PP1 Confidential

  16. Javacards as secureobjects network ACP1 CP1 PP1 CP2 AP1 ACP2 AP2 PP1 CP1 CP2 ACP1 ACP2 AP1 AP2 PP1 Confidential AP1 AP2

  17. Header Parameters Counter Javacards as secureobjects network ACP1 CP1 PP1 CP2 AP1 ACP2 AP2 PP1 CP1 CP2 ACP1 ACP2 AP1 AP2 Header Counter ACP1 ACP2 AP1 AP2 PP1 Confidential AP1 AP2 Sign

  18. Conclusion • Simple to use • Concentrate on functionality • Security has only to be verified once

  19. Questions?

More Related