Smart Card Operating Systems Overview and Trends

Similar documents
Smart Cards. Outline. José Costa Application Domains: Smart Cards. Software for Embedded Systems

Smart Card ICs. Dr. Kaushik Saha. STMicroelectronics. CSME 2002 (Chandigarh, India) STMicroelectronics

SMART CARDS. Miguel Monteiro FEUP / DEI

Smart Cards. José Costa. Software for Embedded Systems. Departamento de Engenharia Informática (DEI) Instituto Superior Técnico

Smartcards. ISO 7816 & smartcard operating systems. Erik Poll Digital Security Radboud University Nijmegen

Smart Card Basics Smart Card Basics

JSM: A small Java Processor Core for Smart Cards and Embedded Systems

Smart cards are made of plastic, usually polyvinyl chloride. The card may embed a hologram to prevent counterfeiting. Smart cards provide strong

Secure Elements 101. Sree Swaminathan Director Product Development, First Data

SIM Smart Card Overview

The Future of Smart Cards: Bigger, Faster and More Secure

Smart card operating systems

ST Payment Secure Solution - Java Card platform with up to 90 Kbytes of user NVM for Visa, MasterCard, AMEX, Discover and Interac applications

Secure RISC-V. A FIPS140-2 Compliant Trust Module for Quad 64-bit RISC-V Core Complex

2 nd ETSI Security Workshop: Future Security. Smart Cards. Dr. Klaus Vedder. Chairman ETSI TC SCP Group Senior VP, Giesecke & Devrient

IDCore. Flexible, Trusted Open Platform. financial services & retail. Government. telecommunications. transport. Alexandra Miller

WHAT FUTURE FOR CONTACTLESS CARD SECURITY?

Mobile Station Execution Environment (MExE( MExE) Developing web applications for PDAs and Cellphones. WAP (Wireless Application Protocol)

The Open Application Platform for Secure Elements.

Java Card Technology-based Corporate Card Solutions

Payment and Identification Secure solutions

GSM Association (GSMA) Mobile Ticketing Initiative

The SIM Turns 20. Dr. Klaus Vedder. Chairman ETSI TC SCP. 3rd ETSI Security WS Sophia Antipolis, France January 2008

ST33F1M. Smartcard MCU with 32-bit ARM SecurCore SC300 CPU and 1.25 Mbytes high-density Flash memory. Features. Hardware features.

MTAT Applied Cryptography

Java Card Technology Overview

Dr. Char-Shin Miou Chunghwa Telecom. Co. April 7, 2011

Smart Payments. Generating a seamless experience in a digital world.

CREDENTSYS CARD FAMILY

Shen Sung-Shiou

STMicroelectronics Payment Solutions. December 6 th 2012

MTAT Applied Cryptography

Hitachi Releases Smart Card Microcontroller AE45X series Equipped with Contact/Contactless Dual Interface in a Single Chip

ST33F1M, ST33F1M0, ST33F896, ST33F768, ST33F640, ST33F512

Glossary. xii. Marina Yue Zhang and Mark Dodgson Downloaded from Elgar Online at 02/04/ :16:01PM via free access

SETECS OneCARD PIV II Java Card Applet. on Gemalto GemCombi'Xpresso R4 E72K PK card

Analysis of Security Models For Smart Cards

Vineet Kumar Sharma ( ) Ankit Agrawal ( )

What is Smart Cards? Korea Smart Card Co. Jae Gwan Park 0/83

Practical Java Card bytecode compression 1

Lecture (01) Introducing Embedded Systems and the Microcontrollers By: Dr. Ahmed ElShafee

Security-by-Contract for Open Multi-Application Smart Cards

Natural Security Alliance

ST Payment Secure Solution Java Card platform with up to 100 Kbytes of user NVM for AMEX payment applications

GemXpresso R4 E36/E72 PK. Security Policy

COPYRIGHTED MATERIAL. Overview of Smart Cards. Chapter Card Classification

GemClub-Memo. Technical Specifications. Version 1.0

STMicroelectronics NATIXIS Payment Solutions Conference

Java Card 3 Platform. Peter Allenbach Sun Microsystems, Inc.

APG8205 OTP Generator

ST19WR08 Dual Contactless Smartcard MCU With RF UART, IART & 8 Kbytes EEPROM Features Contactless specific features

ACR880 GPRS Portable Smart Card Terminal

Managing an NFC Ecosystem

Rajat Moona j CSE, IIT Kanpur October 11, Reach IIT K

OpenCrypto. Unchaining the JavaCard Ecosystem

NFC embedded microsd smart Card - Mobile ticketing opportunities in Transit

APG8202 PINhandy 2 OTP Generator

SHORT FORM SPECIFICATION

SIM Evolution. Klaus Vedder. Presented by: 10 July 2018 ETSI th Sigos Conference

Secure Microcontrollers for Smart Cards. AT90SC Summary

Grcard SIM Card. Specification

Press Conference. Dr. Wolfgang Ziebart. New Delhi, March 28, President and CEO

Real-time for Windows NT

Design and Implementation of a Mobile Transactions Client System: Secure UICC Mobile Wallet

Tamper Resistance - a Cautionary Note Ross Anderson Markus Kuhn

Security Policy for Schlumberger Cyberflex Access 32K Smart Card with ActivCard Applets

NFC is the double click in the internet of the things

PGT302 Embedded Software Technology. PGT302 Embedded Software Technology

MTAT Applied Cryptography

e-pg Pathshala Subject: Computer Science Paper: Embedded System Module: Embedded System Design Case Study-Part I Module No: CS/ES/39 Quadrant 1 e-text

CALYPSO FUNCTIONAL SPECIFICATION. CNA Calypso rev 3.1 Applet Presentation

Datenblatt / Specifications. ACR880 GPRS Portable Smart Card Terminal. idvation GmbH

APPLICATION NOTE. TDA8020HL/C2 Dual Smart Card Interface AN10232

LECTURE 5: MEMORY HIERARCHY DESIGN

ACR89 Handheld Smart Card Reader Technical Specifications. Datenblatt / Specifications

Gemalto: a leader in Digital security. L. Manteau, Gemalto Industrial relations

eh880 Secure Smart Card Terminal

Computer Architecture A Quantitative Approach, Fifth Edition. Chapter 2. Memory Hierarchy Design. Copyright 2012, Elsevier Inc. All rights reserved.

Copyright 2012, Elsevier Inc. All rights reserved.

Computer Architecture. A Quantitative Approach, Fifth Edition. Chapter 2. Memory Hierarchy Design. Copyright 2012, Elsevier Inc. All rights reserved.

IFX Day Secure Mobile Solutions. Dominik Bilo CMO Secure Mobile Solutions Business Group. November 16, Munich. IFX Day 2004.

ARM Processors for Embedded Applications

When Worlds Collide Payments meet mobile Osman Inegol, Mobile Business Unit

Copyright 2012, Elsevier Inc. All rights reserved.

Smart Cards. Tim Hogan, Practice Director, Unisys

ACR880 GPRS Portable Smart Card Terminal

Preface. Structure of the Book

Mobile NFC Services Opportunities & Challenges. NGUYEN Anh Ton VNTelecom Conference 31/10/2010

Smart cards and smart objects communication protocols: Looking to the future. ABSTRACT KEYWORDS

Secure Over-The-Air Services in NFC Ecosystems

The Transition to Multi-application Smart Cards with Post Issuance Personalization Capabilities

APG8201 PINhandy 1. Technical Specifications. Subject to change without prior notice

Leadership, Education and Advancement Program (LEAP) CERTIFIED SMART CARD INDUSTRY PROFESSIONAL (CSCIP) LEAP PROGRAM MANUAL TERMS AND CONDITIONS

MDES to support converged wallets CEESCA 2015 Dubrovnik

Mobile Identity Management

Practical Attack Scenarios on Secure Element-enabled Mobile Devices

Agenda. Smart-card market at a glance Smart card technology roadmap Future needs. Examples. Conclusion

Memory Layout for a Simple Batch System

Secure Element APIs and Practical Attacks on Secure Element-enabled Mobile Devices

Zatara Series ARM ASSP High-Performance 32-bit Solution for Secure Transactions

Transcription:

Smart Card Operating Systems Overview and Trends Pierre.Paradinas@gemplus.com Gemplus Labs Smart card A piece of plastic with a chip that contains: CPU, memories and programs SC is your personal information system, your wallet, your e-key, your cell phone subscriber identification (GSM) 1

Agenda Smart card industry and application Smart card embeds computing power Smart card OS & Software Issue in SC software Q/A Smart card industry and application First SC were produced 2O years ago After a French industry, it becomes a more European industry (80% of the market share) Large worldwide business with revenues of 2,2 billion $: GSM Payment/e-purse (Blue Card, EMV, ) E-security (logical access, Pay-TV, ) 2

SC industry and application (Cont d) From analysts: 2000 628 Mu are shipped [chip cards = 1 700 Mu] (Gartner Inc) 2006 2 300 Mu [chip cards = 4 100Mu] (Datamonitor) New applications will appear: WAP, UMTS, 3G-Network, Deployment of payment card (Visa, Amex, ) M-commerce Access control based on SC: part of Wins and Solaris distribution SC industry and application (Cont d) Our industry is based on : Plastic and secure printing Silicon and packaging Software and application Software is part of our expertise but its role is more and more crucial 3

SC Application Architecture Durable smart card benefits Card software is part of the application Processing and data will be shared along the chain Security will be shared by each part of the chain Personal repository of data & services The supervisor of your services Provides and controls a personalized view of the system 4

Vcc The platform: single chip GND RST Vpp CLK I/O < 6,45mm RFU RFU < 4,17mm RAM CPU I/O ROM E²PROM The platform: performances 8 Bit microprocessor (8051 or 6805) 3,57 Mhz (w or w/o multiplier) Cryptographic coprocessor: e n for PK on large number (1024 bits) Security features address line scrambled, physical sensors, others... Only one communication line (half duplex) Small & specific memories RAM < 0,5 K ROM < 64 K (OS & Programs) Non Volatile Memory (EEPROM or Flash) < 32/64 K Write latency = 2-10ms and memory stress issue 5

Platform constraints No internal clock and power supply But Tamper responsive Size of the chip: the card is in your pocket Chip cost is directly related to the size Consumption Handset, small SC reader, Heat of the CPU Some cards are contactless New platforms 32 bit arrives More memory: Ram: 1 to 4 (8) Rom: ~128K NVM: ~64k (128k) Always co-processor 6

Card Software: Agenda First software generation Open OS Java Card Research issues in SC-OS Security, Portability, Sharing, Integration in IT First generation software Applications are developed by the card provider in a secure environment with assembler or C Drawbacks: costly poor flexibility time to market Responses Application Operating System Chip Commands 7

From proprietary to Open OS Responses/ Commands Application Download Data Instructions Open API Application 1 Secure Virtual Machine Operating System Chip Open Card Applications developed by: the customer any application provider Dynamically downloaded through a network The card life cycle is changed 8

Smart Card Lifetime (1/2) Manufacturing Application masked in the ROM OS libraries and command dispatcher, Application routines. Card serial number and issuer references Initialization Writing in EEPROM application data Secret key and object attributes (r,w,rw,...) Personalization Writing in EEPROM card holder data Graphical (picture, logo, hologram ) Smart Card Lifetime (2/2) Usage Process APDU command from a reader Send back a response APDU or an error APDU For open card only: application downloading End Deactivation (unauthorized action), memory overhead, loss, theft, 9

Candidate Platforms Multos (from Mastercard) W4SC (Microsoft) Java Card 2.1 (Sun) Introduction to the Java card The Java Card The JCVM architecture The security procedures 10

What is a Java Card? The Java Card a smart card dedicated to Java applications a platform with highly limited resources a dedicated Java language a multi-application device a specific Java Card Virtual Machine (JCVM) architecture. A subset of Java A single thread virtual machine Unsupported features Dynamic class loading String and Thread classes Double, float, char types Multiple dimension arrays Java.lang.System class Garbage collection Security manager The Applet Firewall Programming limitations 11

Java Card Environment Code source Java Class File Java Java Compiler Bytecode verifier and Converter *.java On Card Firewall Dynamic Security *.class Java Card Files Off Card Linker Loader First static *.cap Other embedded security tests Static checks and resolutions Java Card Security Chain Applet.java.class.cap Verifier Sign/Enc Loader Virtual Machine Java Card Applet Applet Applet Loader Linker JC API JVM OS Chip OP CM 12

Java Card Security Chain Applet Security Policy Java Card Applet Applet Applet Verifier Sign/Enc Loader Loader Linker JC API JVM OS Chip OP CM Virtual Machine Trusted Computing Based With Java Card Smart Card enters in Open world API s is public, new comers for SC applications Smart Cards use «standard language» We have to break others frontier Security is not only support by the card itself Others features are required It s why we invest in OS for SC 13

Research issues in SC-OS How to secure the code down loading Portability Extensibility Object sharing Two security levels Applications are no more developed under card issuer control Platform security Traditional means Use of formal methods => Models of the platform security modules Application security There is a need for a global security policy Flow control (data and/or code sharing) Resources consumption (memory, CPU, method calls...) => Static & dynamic analysis of applet configurations (part of the CMS) 14

How to secure code down loading Code Safety Techniques Address-based Techniques Language-Based Techniques MMU SFI Capabilities Types Portability Applications Loader/Linker Appli A Converter JavaCard Appli B Compiler MEL Appli C Component ODBC Off Card Open OS Smart Card Chip JCVM Multos CQL ARM AVR 6805 In Card 15

Extensibility No dynamic class loading Changing applications requirements various and growing E.g: the Java Card dilemma JC JC Light- JC JC JC JC Java+ Optimize the most crucial parts Increase functionality Objects Sharing For example: a purse and a loyalty applet can share methods and/or objects, A share with B a method B share with C a method Purse Applet Log Log.getTransactiongetTransaction Applet Provider A Loyalty Applet Buffer Buffer.reSellreSell Applet Provider B Open OS Hostile Applet Buffer Applet Provider C 16

FACADE-OS (G. Grimaud) Compiled Code Java-BC Adapter Camille Card Loader Prouver Java FACADE FACADE Code Loader Optimizer Off Card Open OS Camille Chip In Card FACADE-OS (G. Grimaud) Compiled Code Java-BC Camille Adapter Card Loader Prouver Java FACADE FACADE Code Loader Optimizer Off Card Open OS Camille Chip In Card 17

Facade figures Based on AVR (8 bits RISC, RAM 1536 Octets, ROM 32 Ko and Flash 64 Ko) Classes Type Inference Code Generation Total CardKernel 2670 CardByte 540 900 1460 CardShort 70 46 116 CardBool 70 62 132 CardBxxx 300 800 1100 I/O, MM, 3900 Total 3690 9074 17748 Integration/Interoperability J-J Vandewalle defines a Corba Object Adaptor in his PhD (1997) In the new Java Card version RMI mechanism will be integrated SC have to deal with high level objects or services 18

Trends. Communication model (TCP/IP, ) Card as a Web Server! Multi-tasking Payment and Telecom services at the same time Security model with criteria on the availability of resources Sharing and managing of resources (CPU, I/O, memories) Q/A http://www.gemplus.com Pierre.Paradinas@gemplus.com 19

Historical account 1967: First idea on the use of electronic component in credit card (Europe, US, Japan). 1974: Roland Morenos patents 1979: First Bull CP8 card prototype 1982-1984: First experimentation in France 1987-1989: ISO standard 1990-1999: Applications French Carte Bleue for banking European mobile phone with GSM/SIM cards Health insurance, e-purse, 1997: First Java based open card Smart Cards Standards (1/2) ISO 7816-1 Physical characteristic, constraints, size ISO 7816-2 Dimension and location of the contacts ISO 7816-3 Electric signal and transmission protocols Card Answer to Reset: information about card characteristic T=0; T=1 20

Smart Cards Standards (2/2) ISO 7816-4 Structure of the exchanged messages of command -response APDU Application Protocol Data Unit. ISO 7816-5 Application identifiers ISO 7816-6 Data element of interchange ETSI GSM 11.1: Command messages for SIM cards EMV: Command messages for payment cards JC 2.1... 21

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback