security of javacard smart card applets erik poll university of nijmegen erikpoll
TRANSCRIPT
![Page 1: Security of JavaCard smart card applets Erik Poll University of Nijmegen erikpoll](https://reader035.vdocument.in/reader035/viewer/2022062619/55175058550346ac338b49c3/html5/thumbnails/1.jpg)
Security of JavaCard smart card applets
Erik Poll
University of Nijmegen http://www.cs.kun.nl/~erikpoll
![Page 2: Security of JavaCard smart card applets Erik Poll University of Nijmegen erikpoll](https://reader035.vdocument.in/reader035/viewer/2022062619/55175058550346ac338b49c3/html5/thumbnails/2.jpg)
2
Contents
• Smart cards
• New generation smart cards– smart card applets– language level security– applet security
• Applet Security
![Page 3: Security of JavaCard smart card applets Erik Poll University of Nijmegen erikpoll](https://reader035.vdocument.in/reader035/viewer/2022062619/55175058550346ac338b49c3/html5/thumbnails/3.jpg)
SMART CARDS
![Page 4: Security of JavaCard smart card applets Erik Poll University of Nijmegen erikpoll](https://reader035.vdocument.in/reader035/viewer/2022062619/55175058550346ac338b49c3/html5/thumbnails/4.jpg)
4
Smart Cards
Card with microprocessor capable of
– storing information– processing information: en/decyption This is what makes a smart card smart; stupid cards cannot do this
Eg. bank card, mobile phone SIM
![Page 5: Security of JavaCard smart card applets Erik Poll University of Nijmegen erikpoll](https://reader035.vdocument.in/reader035/viewer/2022062619/55175058550346ac338b49c3/html5/thumbnails/5.jpg)
5
private key K CPU
challenge c
response fK(c)
Why use smart cards ?
• Private key K never leaves the card
• Card issuer does not have to trust card holder, terminal, or network
![Page 6: Security of JavaCard smart card applets Erik Poll University of Nijmegen erikpoll](https://reader035.vdocument.in/reader035/viewer/2022062619/55175058550346ac338b49c3/html5/thumbnails/6.jpg)
6
Why use smart cards ?
• send password unencrypted over net (eg. rlogin) trust network, terminal, user
• send password encrypted over net (eg. slogin) trust terminal, user
• idem, but user, not terminal, does encryption trust user
• using smart card trust no-one
![Page 7: Security of JavaCard smart card applets Erik Poll University of Nijmegen erikpoll](https://reader035.vdocument.in/reader035/viewer/2022062619/55175058550346ac338b49c3/html5/thumbnails/7.jpg)
7
NB smart card security is not perfect
Card can be physically attacked:
– Reading or writing of the chip (memory, bus)
– Analysing timing or power consumption (DPA)
![Page 8: Security of JavaCard smart card applets Erik Poll University of Nijmegen erikpoll](https://reader035.vdocument.in/reader035/viewer/2022062619/55175058550346ac338b49c3/html5/thumbnails/8.jpg)
NEW GENERATION SMART CARDS
Eg: Java Card, Windows for Smart Cards, MULTOS
![Page 9: Security of JavaCard smart card applets Erik Poll University of Nijmegen erikpoll](https://reader035.vdocument.in/reader035/viewer/2022062619/55175058550346ac338b49c3/html5/thumbnails/9.jpg)
9
Old vs new smart cards
• one program (applet)
• written in chip-
specific machine
code
• burnt into ROM
• Applet written in high-level language
• compiled into bytecode• stored in EEPROM• interpreted on card
• multi-application: several applets on one card
• post-issuance: adding or deleting applets on card
![Page 10: Security of JavaCard smart card applets Erik Poll University of Nijmegen erikpoll](https://reader035.vdocument.in/reader035/viewer/2022062619/55175058550346ac338b49c3/html5/thumbnails/10.jpg)
10
Multi-application
Several applets on one card, possibly interacting
Eg– credit card + loyalty program– access to buildings + computer networks– frequent flyer card + electronic check-in– all of the above
![Page 11: Security of JavaCard smart card applets Erik Poll University of Nijmegen erikpoll](https://reader035.vdocument.in/reader035/viewer/2022062619/55175058550346ac338b49c3/html5/thumbnails/11.jpg)
11
Post-issuance
Additional applets downloaded onto card after it has been issued, to add or upgrade services – eg. removing chipper and adding chipknip – cf. downloading applets in web-browser
Post-issuance download tightly controlled: only trusted - digitally signed - applets downloaded (using VISA Open Platform), or none at all.
![Page 12: Security of JavaCard smart card applets Erik Poll University of Nijmegen erikpoll](https://reader035.vdocument.in/reader035/viewer/2022062619/55175058550346ac338b49c3/html5/thumbnails/12.jpg)
12
Java Card
A subset of Java– no threads, no doubles, no strings, gc
optional ...
with some extras– persistent and transient objects– transaction mechanism
and increased language-level security– standard sandbox (cf. web-browsers)– plus firewall between applets
![Page 13: Security of JavaCard smart card applets Erik Poll University of Nijmegen erikpoll](https://reader035.vdocument.in/reader035/viewer/2022062619/55175058550346ac338b49c3/html5/thumbnails/13.jpg)
13
Java Card platformJava Card platform
Java Card smart card
smart card hardwaresmart card hardware
ap
ple
tap
ple
t
ap
ple
tap
ple
t
ap
ple
tap
ple
t
Java CardVirtual Machine
Java Card API(mini OS)
![Page 14: Security of JavaCard smart card applets Erik Poll University of Nijmegen erikpoll](https://reader035.vdocument.in/reader035/viewer/2022062619/55175058550346ac338b49c3/html5/thumbnails/14.jpg)
14
ap
ple
tap
ple
tap
ple
tap
ple
t
Java Card smart card
Java Card platformJava Card platformap
ple
tap
ple
t
ap
ple
tap
ple
t
terminalterminal
smart card hardwaresmart card hardware
![Page 15: Security of JavaCard smart card applets Erik Poll University of Nijmegen erikpoll](https://reader035.vdocument.in/reader035/viewer/2022062619/55175058550346ac338b49c3/html5/thumbnails/15.jpg)
15
Advantages of new generation
• easier development of applications– faster and cheaper– high-level language– independent of underlying hardware
• more flexibility– multi-application– post-issuance download ?
![Page 16: Security of JavaCard smart card applets Erik Poll University of Nijmegen erikpoll](https://reader035.vdocument.in/reader035/viewer/2022062619/55175058550346ac338b49c3/html5/thumbnails/16.jpg)
16
DisadvantageDisadvantage: Security
• incorrect or malicious applet may interfere with other applets or platform– Eg a virus on a credit card or mobile phone
• platform can provide basic security against illegal operations
• applet should take care to provide any additional security it requires
![Page 17: Security of JavaCard smart card applets Erik Poll University of Nijmegen erikpoll](https://reader035.vdocument.in/reader035/viewer/2022062619/55175058550346ac338b49c3/html5/thumbnails/17.jpg)
17
Platform level security (platform = VM+OS)
• language level security byte code verification
• OS security firewall
Applet security• anything beyond this
Interesting problems for formal methods...
![Page 18: Security of JavaCard smart card applets Erik Poll University of Nijmegen erikpoll](https://reader035.vdocument.in/reader035/viewer/2022062619/55175058550346ac338b49c3/html5/thumbnails/18.jpg)
APPLET SECURITY
![Page 19: Security of JavaCard smart card applets Erik Poll University of Nijmegen erikpoll](https://reader035.vdocument.in/reader035/viewer/2022062619/55175058550346ac338b49c3/html5/thumbnails/19.jpg)
19
Context of this work
Verification of JML-annotated Java code, eg public int squareRoot(int i); //@ pre true; //@ post \result^2 <= i && i < (\result+1)^2; //@ signals (SomeException) i < 0;
using the LOOP tool as front end for the PVS theorem prover.
What can we do for applets with this approach ?
![Page 20: Security of JavaCard smart card applets Erik Poll University of Nijmegen erikpoll](https://reader035.vdocument.in/reader035/viewer/2022062619/55175058550346ac338b49c3/html5/thumbnails/20.jpg)
20
Towards applet security
How to specify applet “security” ?1. Applet correctness
method does what it should do
2. Applet security policy: access controlmethod/data only accessed when allowed
3. Secure information flowmethod does not leak information
......
![Page 21: Security of JavaCard smart card applets Erik Poll University of Nijmegen erikpoll](https://reader035.vdocument.in/reader035/viewer/2022062619/55175058550346ac338b49c3/html5/thumbnails/21.jpg)
21
1. Applet correctness
ie. verify that applet satisfies pre- postconditions and invariants, eg
//@ invariant 0<= balance && balance <= MAX;
This can be done using JML to specify and LOOP/PVS to verify
![Page 22: Security of JavaCard smart card applets Erik Poll University of Nijmegen erikpoll](https://reader035.vdocument.in/reader035/viewer/2022062619/55175058550346ac338b49c3/html5/thumbnails/22.jpg)
22
1. Applet correctness
But: correctness security?Maybe not, but correctness security
In any case: no assumptions on incoming data!
![Page 23: Security of JavaCard smart card applets Erik Poll University of Nijmegen erikpoll](https://reader035.vdocument.in/reader035/viewer/2022062619/55175058550346ac338b49c3/html5/thumbnails/23.jpg)
23
2. Applet security policy
Access control for methods– who may invoke which method when in
the smartcard/applet life cycle
and for data– confidentiality: who may access data– integrity - preventing corruption of data:
modification by authorised party, with correct (digitally signed) value
![Page 24: Security of JavaCard smart card applets Erik Poll University of Nijmegen erikpoll](https://reader035.vdocument.in/reader035/viewer/2022062619/55175058550346ac338b49c3/html5/thumbnails/24.jpg)
24
Distinguish states in smartcard/applet life cycle
Specify who may do what in which state
This can be specified in JML, eg //@ assert state == blocked && user == admin;
2. Method access control
personalised
blockedinstalled
init block
“normal operations” inspect
![Page 25: Security of JavaCard smart card applets Erik Poll University of Nijmegen erikpoll](https://reader035.vdocument.in/reader035/viewer/2022062619/55175058550346ac338b49c3/html5/thumbnails/25.jpg)
25
2. Method access control
• Method access control method invoked when allowed
complements correctness method does what it should do
• Maybe temporal logic specifications better for expressing (il)legal access control ?
![Page 26: Security of JavaCard smart card applets Erik Poll University of Nijmegen erikpoll](https://reader035.vdocument.in/reader035/viewer/2022062619/55175058550346ac338b49c3/html5/thumbnails/26.jpg)
26
2. Data access control
Annotate any data access with checks
... //@ assert: state == admin; PIN = newPIN; ...
verify that these conditions are met
![Page 27: Security of JavaCard smart card applets Erik Poll University of Nijmegen erikpoll](https://reader035.vdocument.in/reader035/viewer/2022062619/55175058550346ac338b49c3/html5/thumbnails/27.jpg)
27
2. Data access control
• Maybe data access already shows up in the pre- and postconditions of methods ?
![Page 28: Security of JavaCard smart card applets Erik Poll University of Nijmegen erikpoll](https://reader035.vdocument.in/reader035/viewer/2022062619/55175058550346ac338b49c3/html5/thumbnails/28.jpg)
28
3. Secure information flow
No sensitive information may be leaked
Traditional approach to information flow:– distinguish high and low security level variables– forbid assignments of high to low cq.
dependencies of low on high level– check this by
•static analysis/type checking, or•model checking
![Page 29: Security of JavaCard smart card applets Erik Poll University of Nijmegen erikpoll](https://reader035.vdocument.in/reader035/viewer/2022062619/55175058550346ac338b49c3/html5/thumbnails/29.jpg)
29
3. Secure information flow
Information flow using pre/postconditions:
public int m(int i); //@ post \result == f(i,low level variables); //@ signals (Exception) P(i,low level vars);
for some f and P means that no high security level values are leaked.
Practical in real examples ?
![Page 30: Security of JavaCard smart card applets Erik Poll University of Nijmegen erikpoll](https://reader035.vdocument.in/reader035/viewer/2022062619/55175058550346ac338b49c3/html5/thumbnails/30.jpg)
30
Conclusion
Security of a smartcard application relies on– Hardware security– Platform security– Applet security – Use scenario
Software
How to specify security ? Correctness security ?
Ongoing work: applet case study using JML