Presentation is loading. Please wait.

Presentation is loading. Please wait.

University of Nijmegen Jaap-Henk Hoepman Department of Computer Science University of Nijmegen, the Netherlands Secure.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "University of Nijmegen Jaap-Henk Hoepman Department of Computer Science University of Nijmegen, the Netherlands Secure."— Presentation transcript:

1 University of Nijmegen Jaap-Henk Hoepman Department of Computer Science University of Nijmegen, the Netherlands jhh@cs.kun.nl www.cs.kun.nl/~jhh Secure Method Invocation in JASON

2 21-11-2002J.H. Hoepman Secure Method Invocation in JASON 2 ContentsContents  JavaCard: Promises and Problems  JASON vision  JASON secure method invocation  Discussion

3 21-11-2002J.H. Hoepman Secure Method Invocation in JASON 3 JavaCard: Promises and Problems  Promises  Object oriented programming of smart card applications  Better chance of application separation through Java Virtual Machine  Problems  Object orientation invisible outside smart card. Still the same paradigm: Select application Send APDU command

4 21-11-2002J.H. Hoepman Secure Method Invocation in JASON 4 JASON Vision  Objectives  Viewing a smart card system as a collection of named, networked, objects  Truly object-oriented smart card programming  Automatically enforce security requirements at method granularity as specified by programmer “Javacards As Secure Objects Network” …towards a smart card OS…

5 21-11-2002J.H. Hoepman Secure Method Invocation in JASON 5 Related work  JCCAP (VandeWalle)  Capability based access control  VISA Open Platform Specification  Secure loading, installation and deletion of smart card applications  PC/SC / OpenCard  Transparently handle multiple smart cards  JiniCard  Download terminal plugins to accept any smart card

6 21-11-2002J.H. Hoepman Secure Method Invocation in JASON 6 JASON Secure Method Invocation  Role based access control  Independent, per method  Role = ownership of key  Protecting parameters and results  Confidentiality  Authenticity Integrity no-replay

7 21-11-2002J.H. Hoepman Secure Method Invocation in JASON 7 JASON Architecture dispatcher APDU dispatcher terminalcard keys skel capplet stub

8 21-11-2002J.H. Hoepman Secure Method Invocation in JASON 8 Generating stubs/skeleton  JASON Definition File  JAVA Interface  Specify roles at start of class file  Extra keywords accessible to authentic confidential “ JASON definition file JASON definition file compiler java stub java stub java skeleton java skeleton

9 21-11-2002J.H. Hoepman Secure Method Invocation in JASON 9 Example: specifying a purse public interface Purse { roles: BANK, MERCHANT, OWNER ; accessible to ALL: confidential authentic short getBalance () ; accessible to MERCHANT authentic void decreaseBalance ( authentic short amount ) ; accessible to BANK authentic void increaseBalance ( confidential authentic short amount ) ; }

10 21-11-2002J.H. Hoepman Secure Method Invocation in JASON 10 The authentic keyword  Guarantees  Authenticity  Integrity  Freshness No replay  For results  It guarantees that the called method was actually executed at this time in the proper way with the intended side effect cf. a decrease purse command

11 21-11-2002J.H. Hoepman Secure Method Invocation in JASON 11 Example: calling a purse try { Purse purse = (Purse) SMINaming.connect("smi://smartcard/Purse", Purse.MERCHANT, purseKeyStore) ; try { purse.decreaseBalance(10); System.out.println("You have paid"); } catch (UserException ue) { System.out.println ("Transaction failed. You have not paid."); } catch (RemoteException re) { System.out.println("Failed to connect to service."); }

12 21-11-2002J.H. Hoepman Secure Method Invocation in JASON 12 Behind the scenes (1)  Connect(, )  Negotiate ciphers  Authenticate caller role  Establish authenticated caller/callee id’s  Exchange session keys privately  Return handle of skeleton

13 21-11-2002J.H. Hoepman Secure Method Invocation in JASON 13 Behind the scenes (2)  Method call  stub converts call to secured APDU stream (only when necessary) Using session keys and message counters  Dispatcher forwards APDU stream to skeleton  skeleton verifies/decrypts parameters and calls method

14 21-11-2002J.H. Hoepman Secure Method Invocation in JASON 14 Behind the scenes (3)  Cryptography  Keys in separate key file  Authentication based on Public key crypto (Diversified) symmetric key crypto Determined by key type in key file  Symmetric session keys

15 21-11-2002J.H. Hoepman Secure Method Invocation in JASON 15 Behind the scenes (4)  Efficient protection by reshuffling

16 21-11-2002J.H. Hoepman Secure Method Invocation in JASON 16 SMI vs RMI… SMI RMI SMI stub RMISMI stub or

17 21-11-2002J.H. Hoepman Secure Method Invocation in JASON 17 DiscussionDiscussion  SMI Extensions  Transaction support  Transaction tickets  Logging & auditing  Naming and brokerage  Not finalised yet  Multi-threading method calls  Outbound calls too  JASON not limited to smart cards  Client-server  Embedded/Ambient systems

18 21-11-2002J.H. Hoepman Secure Method Invocation in JASON 18 Closing remarks  http://www.cs.kun.nl/~jhh/jason.ht ml

Download ppt "University of Nijmegen Jaap-Henk Hoepman Department of Computer Science University of Nijmegen, the Netherlands Secure."

Similar presentations

RPC Robert Grimm New York University Remote Procedure Calls.

RPC Robert Grimm New York University Remote Procedure Calls.
Java Card Technology Ch07: Applet Instructors: Fu-Chiung Cheng ( 鄭福炯 ) Associate Professor Computer Science & Engineering Computer Science & Engineering.

Java Card Technology Ch07: Applet Instructors: Fu-Chiung Cheng ( 鄭福炯 ) Associate Professor Computer Science & Engineering Computer Science & Engineering.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Cryptography and Network Security

Cryptography and Network Security
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts Amherst Operating Systems CMPSCI 377 Lecture.

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts Amherst Operating Systems CMPSCI 377 Lecture.
Copyright © 2001 Qusay H. Mahmoud RMI – Remote Method Invocation Introduction What is RMI? RMI System Architecture How does RMI work? Distributed Garbage.

Copyright © 2001 Qusay H. Mahmoud RMI – Remote Method Invocation Introduction What is RMI? RMI System Architecture How does RMI work? Distributed Garbage.
15-May-15 RMI Remote Method Invocation. 2 “The network is the computer” Consider the following program organization: If the network is the computer, we.

15-May-15 RMI Remote Method Invocation. 2 “The network is the computer” Consider the following program organization: If the network is the computer, we.
What iS RMI? Remote Method Invocation. It is an approach where a method on a remote machine invokes another method on another machine to perform some computation.

What iS RMI? Remote Method Invocation. It is an approach where a method on a remote machine invokes another method on another machine to perform some computation.
Java Remote Method Invocation (RMI) In Java we implement object systems: O1O2 O3 thread 1thread 2 execution scheme JVM 1JVM 2 distribution scheme.

Java Remote Method Invocation (RMI) In Java we implement object systems: O1O2 O3 thread 1thread 2 execution scheme JVM 1JVM 2 distribution scheme.
Java Remote Object Invocation (RMI) Overview of RMI Java RMI allowed programmer to execute remote function class using the same semantics as local functions.

Java Remote Object Invocation (RMI) Overview of RMI Java RMI allowed programmer to execute remote function class using the same semantics as local functions.
Remote Method Invocation

Remote Method Invocation
Remote Object Invocation Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Remote Object Invocation Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Jason Javacards as secure objects network by Richard Brinkman.

Jason Javacards as secure objects network by Richard Brinkman.
Remote Method Invocation Chin-Chih Chang. Java Remote Object Invocation In Java, the object is serialized before being passed as a parameter to an RMI.

Remote Method Invocation Chin-Chih Chang. Java Remote Object Invocation In Java, the object is serialized before being passed as a parameter to an RMI.
Java RMI. What is RMI? RMI is an RPC system for an object based language. Objects provide a natural granularity for the binding of functions. –RMI allows.

Java RMI. What is RMI? RMI is an RPC system for an object based language. Objects provide a natural granularity for the binding of functions. –RMI allows.
Advanced Java Class Network Programming. Network Protocols Overview Levels of Abstraction –HTTP protocol: spoken by Web Servers and Web Clients –TCP/IP:

Advanced Java Class Network Programming. Network Protocols Overview Levels of Abstraction –HTTP protocol: spoken by Web Servers and Web Clients –TCP/IP:
EEC-681/781 Distributed Computing Systems Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC-681/781 Distributed Computing Systems Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Introduction to Remote Method Invocation (RMI)

Introduction to Remote Method Invocation (RMI)

Similar presentations

Ads by Google