Download presentation
Presentation is loading. Please wait.
1
Jason Javacards as secure objects network by Richard Brinkman
2
Javacards as secure objects network Compare to other chip cards Memory cards Smart cards Characteristics: Tamper proof 5 MHz processor 16 kB memory Multi-application Object Oriented
3
Javacards as secure objects network Card Hardware Javacard Virtual machine Libraries Applet Loader
4
Javacards as secure objects network.java files javac compiler.class files converter.cap file scriptgen.scr file apdutool smart card
5
Javacards as secure objects network Internet
6
Javacards as secure objects network Requirements: Simple to use Separation of concerns Lightweight Authenticity Confidentiality Role-based access control
7
Javacards as secure objects network Implementation public class PurseImpl implements Purse { private short balance; public PurseImpl() { balance = 0; } public short getBalance() { return balance; } public void decreaseBalance(short amount) balance -= amount; } public void increaseBalance(short amount) balance += amount; } public class PurseImpl implements Purse { private short balance; public PurseImpl() { balance = 0; } public short getBalance() { return balance; } public void decreaseBalance(short amount) balance -= amount; } public void increaseBalance(short amount) balance += amount; }
8
Javacards as secure objects network Java Interface File public interface Purse { public short getBalance(); public void decreaseBalance( short amount); public void increaseBalance( short amount); } public interface Purse { public short getBalance(); public void decreaseBalance( short amount); public void increaseBalance( short amount); }
9
Javacards as secure objects network Jason Definition File public interface Purse { roles MERCHANT, BANK, OWNER; accessible to OWNER, BANK public short getBalance(); accessible to MERCHANT public void decreaseBalance( authentic short amount); accessible to BANK public void increaseBalance( confidential authentic short amount); } public interface Purse { roles MERCHANT, BANK, OWNER; accessible to OWNER, BANK public short getBalance(); accessible to MERCHANT public void decreaseBalance( authentic short amount); accessible to BANK public void increaseBalance( confidential authentic short amount); }
10
Javacards as secure objects network Client application public class Client { public static void main(String[] args) { KeyStore keyStore =... Ans ans = new Ans(keyStore); Purse purse = (Purse) ans.getApplet(“example.purse.Purse”, Purse.ROLE_BANK); System.out.println(“Balance: ” + purse.getBalance()); purse.increaseBalance((short) 25); System.out.println(“Balance after increase: ” + purse.getBalance()); purse.decreaseBalance((short) 10); //Illegal!!! } public class Client { public static void main(String[] args) { KeyStore keyStore =... Ans ans = new Ans(keyStore); Purse purse = (Purse) ans.getApplet(“example.purse.Purse”, Purse.ROLE_BANK); System.out.println(“Balance: ” + purse.getBalance()); purse.increaseBalance((short) 25); System.out.println(“Balance after increase: ” + purse.getBalance()); purse.decreaseBalance((short) 10); //Illegal!!! }
![Javacards as secure objects network Client application public class Client { public static void main(String[] args) { KeyStore keyStore =...](http://images.slideplayer.com./16/4942728/slides/slide_10.jpg "Ans ans = new Ans(keyStore); Purse purse = (Purse) ans.getApplet( example.purse.Purse , Purse.ROLE_BANK); System.out.println( Balance: + purse.getBalance()); purse.increaseBalance((short) 25); System.out.println( Balance after increase: + purse.getBalance()); purse.decreaseBalance((short) 10); //Illegal!!. } public class Client { public static void main(String[] args) { KeyStore keyStore =... Ans ans = new Ans(keyStore); Purse purse = (Purse) ans.getApplet( example.purse.Purse , Purse.ROLE_BANK); System.out.println( Balance: + purse.getBalance()); purse.increaseBalance((short) 25); System.out.println( Balance after increase: + purse.getBalance()); purse.decreaseBalance((short) 10); //Illegal!!. }.")
11
Javacards as secure objects network Applet’s implementation Skeleton Key Store Application Stub Key Store Internet
12
Javacards as secure objects network Log in Select APDU Select response Client random + role Card random + {Client random} Kcard -1 {Card random} Krole -1 {Session key} Krole
13
Javacards as secure objects network Method Invocation SW Return value Freshness counter Signature Header Parameters Freshness counter Signature
14
Javacards as secure objects network ACP 1 ACP 2 PP 1 CP 2 AP 1 CP 1 AP 2 PP 1 CP 1 CP 2 ACP 1 ACP 2 AP 1 AP 2 PP 1
15
Javacards as secure objects network ACP 1 ACP 2 PP 1 CP 2 AP 1 CP 1 AP 2 PP 1 CP 1 CP 2 ACP 1 ACP 2 AP 1 AP 2 CP 1 CP 2 ACP 1 ACP 2 Padding ConfidentialPP 1
16
Javacards as secure objects network ACP 1 ACP 2 PP 1 CP 2 AP 1 CP 1 AP 2 PP 1 CP 1 CP 2 ACP 1 ACP 2 AP 1 AP 2 ConfidentialPP 1 AP 1 AP 2
17
Javacards as secure objects network ACP 1 ACP 2 PP 1 CP 2 AP 1 CP 1 AP 2 PP 1 CP 1 CP 2 ACP 1 ACP 2 AP 1 AP 2 ConfidentialPP 1 AP 1 AP 2 HeaderCounterParameters HeaderCounter Sign ACP 1 ACP 2 AP 1 AP 2
18
Conclusion Simple to use Concentrate on functionality Security has only to be verified once
19
Questions?
Similar presentations
