JavaCard as Secure Object Store

Download Report

Transcript JavaCard as Secure Object Store 

University
of
Nijmegen
Secure Method Invocation in
JASON
Jaap-Henk Hoepman
Department of Computer Science
University of Nijmegen, the
Netherlands
[email protected]
www.cs.kun.nl/~jhh
Contents




2
JavaCard: Promises and Problems
JASON vision
JASON secure method invocation
Discussion
J.H. Hoepman Secure Method Invocation in JASON
21-11-2002
JavaCard: Promises and
Problems

Promises



Problems

3
Object oriented programming of
smart card applications
Better chance of application
separation through Java Virtual
Machine
Object orientation invisible outside
smart card. Still the same paradigm:
 Select application
 Send APDU command
J.H. Hoepman Secure Method Invocation in JASON
21-11-2002
JASON Vision
“Javacards As Secure Objects Network”

Objectives



Viewing a smart card system as a
collection of named, networked,
objects
Truly object-oriented smart card
programming
Automatically enforce security
requirements at method granularity
as specified by programmer
…towards a smart card OS…
4
J.H. Hoepman Secure Method Invocation in JASON
21-11-2002
Related work

JCCAP (VandeWalle)


VISA Open Platform Specification


Transparently handle multiple smart
cards
JiniCard

5
Secure loading, installation and
deletion of smart card applications
PC/SC / OpenCard


Capability based access control
Download terminal plugins to accept
any smart card
J.H. Hoepman Secure Method Invocation in JASON
21-11-2002
JASON Secure Method Invocation

Role based access control



Protecting parameters and results


6
Independent, per method
Role = ownership of key
Confidentiality
Authenticity
 Integrity
 no-replay
J.H. Hoepman Secure Method Invocation in JASON
21-11-2002
JASON Architecture
terminal
card
dispatcher
7
APDU
J.H. Hoepman Secure Method Invocation in JASON
keys
skel
stub
capplet
dispatcher
21-11-2002
Generating stubs/skeleton

JASON Definition File



JASON
definition
file
8
JAVA Interface
Specify roles at start of class file
Extra keywords
 accessible to <roles>
 authentic <respar>
 confidential “
java
skeleton
compiler
J.H. Hoepman Secure Method Invocation in JASON
java
stub
21-11-2002
Example: specifying a purse
public interface Purse
{ roles: BANK, MERCHANT, OWNER ;
accessible to ALL:
confidential authentic short getBalance () ;
accessible to MERCHANT
authentic void decreaseBalance
( authentic short amount ) ;
accessible to BANK
authentic void increaseBalance
( confidential authentic short amount ) ;
}
9
J.H. Hoepman Secure Method Invocation in JASON
21-11-2002
The authentic keyword

Guarantees




For results

10
Authenticity
Integrity
Freshness
 No replay
It guarantees that the called method
was actually executed at this time in
the proper way with the intended
side effect
 cf. a decrease purse command
J.H. Hoepman Secure Method Invocation in JASON
21-11-2002
Example: calling a purse
try {
Purse purse = (Purse)
SMINaming.connect("smi://smartcard/Purse"
, Purse.MERCHANT, purseKeyStore) ;
try {
purse.decreaseBalance(10);
System.out.println("You have paid");
}
catch (UserException ue) {
System.out.println
("Transaction failed. You have not paid.");
}
}
catch (RemoteException re) {
System.out.println("Failed to connect to service.");
}
11
J.H. Hoepman Secure Method Invocation in JASON
21-11-2002
Behind the scenes (1)

Connect(<servicename>,<role>)





12
Negotiate ciphers
Authenticate caller role
Establish authenticated caller/callee
id’s
Exchange session keys privately
Return handle of skeleton
J.H. Hoepman Secure Method Invocation in JASON
21-11-2002
Behind the scenes (2)

Method call



13
stub converts call to secured APDU
stream (only when necessary)
 Using session keys and message
counters
Dispatcher forwards APDU stream to
skeleton
skeleton verifies/decrypts
parameters and calls method
J.H. Hoepman Secure Method Invocation in JASON
21-11-2002
Behind the scenes (3)

Cryptography



14
Keys in separate key file
Authentication based on
 Public key crypto
 (Diversified) symmetric key crypto
 Determined by key type in key file
Symmetric session keys
J.H. Hoepman Secure Method Invocation in JASON
21-11-2002
Behind the scenes (4)

Efficient protection by reshuffling
authentic parameters
method
confidential parameters
legend:
15
MAC over indicated bytes
and message count using k
J.H. Hoepman Secure Method Invocation in JASON
Bytes encrypted using k
21-11-2002
SMI vs RMI…
stub
SMI
RMI
or
stub
RMI
SMI
or
stub
J.H. Hoepman Secure Method Invocation in JASON
SMI
RMI
16
21-11-2002
Discussion

SMI Extensions




Naming and brokerage


Outbound calls too
JASON not limited to smart cards


17
Not finalised yet
Multi-threading method calls


Transaction support
Transaction tickets
Logging & auditing
Client-server
Embedded/Ambient systems
J.H. Hoepman Secure Method Invocation in JASON
21-11-2002
Closing remarks

http://www.cs.kun.nl/~jhh/jason.ht
ml
18
J.H. Hoepman Secure Method Invocation in JASON
21-11-2002