230 likes | 339 Vues
Smart card research: beyond OS and security an industrial perspective with a software point of view. Jean-Jacques Vandewalle Systems Research Labs. Goals of this talk. To understand current smart card research context
E N D
Smart card research: beyond OS and securityan industrial perspective with a software point of view Jean-Jacques VandewalleSystems Research Labs
Goals of this talk • To understand current smart card research context • To motivate and highlight research perspectives that come from the evolution of smart card platforms • To arouse discussions, project ideas, new applications of results, etc. Smart card research: beyond OS and security
First view on smart cards • Most smart/secure/cheap/convenient...embedded devices • Most constrained/particular/difficult to...embedded devices • Embed fixed native functions or is an open platform (Java, .NET) enabling post-issuance of applications • Realize complex operations (security-related, VM) with limited processor, few energy, and small memories • Are produced by specialists because of specific chip features, addressable but slow NVM, soft and hard counter-measures to attacks, and conformance to legacy standards (ISO 7816) • Though mass-produced, have a complex lifecycle from mask burning up to one-per-one personalization • Interact with external devices through specific protocols Smart card research: beyond OS and security
Current research • Richer OS capabilities • Multithreading • Automatic garbage collection • Real time • Power management • Powerful open platforms • High level language with complex runtime (JVM, .Net) • Standard communication stack (TCP/IP) • Validation and verification • Test generation using models • Provable properties (security model, applet correctness) • Secure platform • Code verifications (type safety) • Access control (information flow) • Resources usage guarantees (memory, CPU) Smart card research: beyond OS and security
E-Government Public Telephony Banking Mass Transit Mobile Telecommunications W-LAN Retail Enterprise Security Digital Rights Management Access control Current usage Smart card research: beyond OS and security
A paradoxical situation? • Current research targets an open platform • highly secure • embedding rich OS features • directly connectable to WAN • Current usage is still limited to • user authentication and cryptographic functions • fixed functionality with few dynamic evolution • behind-the-scene network usage …Research is in advance, or complementary research is needed? Smart card research: beyond OS and security
Second view on smart cards • Secure open smart card platforms enable the usage of smart cards as portable (mobile) personal service platforms • In such a perspective two issues and needs appear • What should be the platform framework? • A framework to deliver services over WAN to card devices and to administer smart card platform and services • How card services should be deployed? • An integration architecture to deploy smart card services within services infrastructure Smart card research: beyond OS and security
Framework requirements • To allow services to be remotely delivered and administered onto (possible multi-operated) open smart cards • To allow multiple services to cooperatively share a common framework and execution environment • To be an OS-neutral way of delivering and administering services • To be agnostic about • the model of the application implemented by a service (server, client, daemon, agent, etc.) • the policies implied in services management: for instance, the life-cycle policy or the security policy Smart card research: beyond OS and security
Application services Framework Shared Service Appli. Fw Appli. Fw. Appli. Fw. Services operated by the platform Platform Framework Platform manager Platform OS Hardware platform Communication means Framework illustrated Smart card research: beyond OS and security
Framework research • Current smart card framework (JC 2.2, GP, STK) are limited to current OS capabilities and defines one way to deliver and administer card services • Industry-standard framework such as OSGi (for home or vehicle gateways) targets larger platforms and does not deal with smart card specificity • complex platform life-cycle • persitent memory model • Future open platforms will clearly need a framework, basic services and a platform manager • that takes benefits from improved card OS features • to support both card specificity and an unlimited variety of services Smart card research: beyond OS and security
Card service Backend Server Client applications Integration architecture (1) • Smart card services are useless if they don’t participate in distributed transactions with other services in their environment Infrastructure Smart card research: beyond OS and security
Integration architecture (2) • So far, card services have been deployed in controlled environment (telecom operator, bank, or government network) limiting the interest of card services within the managed environment • Open services infrastructure tends to federate multiple services by supporting the discovery of, the connection to and the communication with services from client applications • Open smart cards can leverage such infrastructure to deploy their services thanks to an integration architecture Smart card research: beyond OS and security
Client Machine Card Intermediary Smart Card ServiceDescriptions ServiceDescriptions ServiceAgents ServiceAgents Appli. Application or Web Browser Agent Card Framework Applet Proxy + Servlet Messages Card Service Get / Post Deploy Messages Back-end Server CMS ServiceAgent Integration illustrated with Web ServiceObject Intranet Enterprise Application Server ServletBundle Smart card research: beyond OS and security
Client Machine Card Intermediary Smart Card ServiceDescriptions ServiceDescriptions AppletAgents ServiceAgents Appli. Application or Jini Finder Agent Card Framework Messages Service Proxy + Service Object Messages Card Service Join Lookup Back-end Server CMS ServiceAgent Integration illustrated with Jini ServiceObject Jini Lookup Service ServiceObject Smart card research: beyond OS and security
Integration research • Previous illustrations are just example of deployment schemes for dynamic announcement of legacy smart card services • Simpler schemes might be investigated with card services globally reachable or directly accessible without intermediary • More complex schemes might be investigated taking into account federation of multiple services transactional context, security requirements, etc… Smart card research: beyond OS and security
Third view on smart cards • Smart cards are either Open platform Native platform secure post-issuance confined pre-issuance generic card OS all-in-one OS and applis application server-like romized applications portability and interop. ad-hoc specifications rapid development long development cycle • The two alternatives are costly • Open cards requires big chip and complex OS • Native cards require to redevelop the OS along with applications • Native cards are still necessary to provide the “right platform at the right price” to customers saying: “I don’t need an open platform with post-issuance, GC, rich APIs etc. I don’t want to pay the price for those things!” Smart card research: beyond OS and security
Open platform adaptation • The idea consists in leveraging on the full-fledged open platform to produce “custom” smart card editions thanks to an automated process • Platform adaptation requirements • A careful platform design with adaptation in mind • Uniformity at the basics, (un)pluggable components, generative programming, A/S-OP for platform code,… • Instrumentation techniques to produce a custom edition with the only required system data and code for running the targeted applications • Code specialization, romization, memory initialization, conditional compilation,… • Relevant data analysis to feed the automated adaptation process with right inputs Smart card research: beyond OS and security
Serialize application fw libraries & application codes Tweak the platform components ROMize all the codes and data Apply drastic static optimizations Application Classes Shell Core & System Classes Pre-issued Application Classes Appli. Mgt Appli. Mgt Appli. Mgt Shell Core & System Classes Shell Core & System Classes ROMizer Classes Code Execution Scheduler Standalone Application Classes Code Execution ROMizer Scheduler Classes Code Execution ROMizer Scheduler Repository Optimizer Engine Repository Optimizer Engine Repository Optimizer Engine Loader Loader Communication (De-)Serializer Serializer Communication Debugger Converter Converter Stack Stack Linker Model 1 Model 2 Model 3 Linker Loader Communication Serializer Converter Memory management Hardware Support Memory management Hardware Suppott Stack Linker Application Development Developer edition Win/Linux platform(s) Pilot/Real Deployment Post-issuance edition high-end cards Real Deployment Minimal edition low-end cards Memory management Hardware Support • Produce, initialize, personalize card & applications • Keep only the platform manager part that allow to monitor the card (e.g.) • Develop, debug, optimize, and test applications • Experiment different application framework • Benefits from full-fledged platform • Deploy, connect, comm-unicate with applications • Keep the full-fledged platform framework • Allow patches and removal/additions of codes Platform adaptation illustrated Smart card research: beyond OS and security
What we have seen • Current smart card research focuses on • Rich operating system features in small devices • High level of confidence on the card platform thanks to security, validation, and verification techniques • To provide their full potential (and meet business applications?), such secure open card platforms might be complemented by research initiatives targeting • A platform framework to operate multiple services • Integration architectures to deploy card services in services infrastructure • Adaptation techniques for producing an optimized application-specific system from an open system Smart card research: beyond OS and security
Final view on smart cards • The position of future open smart cards is between • High-end electronic consumer products embedding • An operating system kernel (Symbian, Embedded Linux, .Net kernel, etc.) • Generally proprietary and sometimes real-time • A well-defined and runtime edition (J2ME CLDC/CDC, .Net compact) on top of an underlying operating system • Generally over-sized and difficult to optimize • With network connectivity capabilities • Some dedicated profiles (APIs and application models) • Targeting dedicated markets (mobile phone, terminals, etc.) • Low-end embedded consumer products with • No general-purpose operating system • Closed framework and poor (no) connectivity • Ad hoc hand-written functionality Smart card research: beyond OS and security
Platform outcomes • A deployed platform for open and connected “in-the-middle” embedded devices • E.g., next-generation smart cards, smart toys, automotive, operated appliances, ... • Benefits: rich and secure OS for small device with an open platform framework and integration architecture • A production platform to produce dedicated “Software System on Chip” • With all-in-one OS and applications code produced from the full-fledged platform, then optimized and adapted from applications requirements and to chip characteristics • E.g., native smart cards, traditional appliances, ... • Benefits: huge market, alternative to hand-written code Smart card research: beyond OS and security
Personal computing network M2M H2M interfaces Embedded systems Conclusion • Smart card researches are at the forefront of research to design computing platforms in very small devices • Ambiant computing relies on a connected network of small computing devices providing services that are federated to work together for a given purpose • Smart cards can be an interesting research test bed to work on some of the required technologies for ambiant computing • Secure powerful open platform, generated application-specific platforms • Framework for operated devices • Integration architecture in services infrastructures Smart card research: beyond OS and security
Thank you!Any question? www.gemplus.com jean-jacques.vandewalle@research.gemplus.com