OASIS Isabelle Attali - Merida Venezuela - 2002 Security on Smart Cards Isabelle Attali 1. Generalities on Cards 2. What is Java Card ? 3. A Formal Semantics at the source level 4. Testing before loading on the card 5. Static Analysis for object sharing
36
Embed
Security on Smart Cards Isabelle Attali - Inria · OASIS Isabelle Attali - Merida Venezuela - 2002 W hat is a Smart Card ? • A plastic card, credit-card format, with an integrated
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
OASIS
Isabelle Attali - Merida Venezuela - 2002
Security on Smart CardsIsabelle Attali
1. Generalities on Cards
2. What is Java Card ?
3. A Formal Semantics at the source level
4. Testing before loading on the card
5. Static Analysis for object sharing
OASIS
Isabelle Attali - Merida Venezuela - 2002
• Memory cards– Telecartes : magnetic tape, no security
• Smart Cards– memory + treatment + security
– bank, medical, transport, gsm, pay-tv
– normative approach (as an insurance forthe future)
Two kinds of cards
OASIS
Isabelle Attali - Merida Venezuela - 2002
What is a Smart Card ?
• A plastic card, credit-card format, with anintegrated micro-controller.
• Standard with ISO 7816
• used for:
– Mobile phones: sim cards
– loyalty applications
– bank : credit-card or electronic purse
OASIS
Isabelle Attali - Merida Venezuela - 2002
• Mono-applicative Smart Cards– replacement of assemply language by a
high-level language
– Java Card, Multos, Windows forSmartCards
Today
OASIS
Isabelle Attali - Merida Venezuela - 2002
• Multi-applicative Smart Cards– write once , run everywhere
– independently of the platform
– one card for all needs but security issues
• Strong effort on Java Card– Java Card Forum (card builders, Sun and
JavaSoft, Visa)
– Standard for Java Card APIs and bytecode
Tomorrow
OASIS
Isabelle Attali - Merida Venezuela - 2002
Smart Card Architecture• A small computer:
– 8-bits microcontroller– Memory
• 200 KO ROM Read Only Memory
• 64 KO EEPROM Electrically Erasable Programmable Memory
• 4 KO RAM Random Access Memory
• ISO7816 is a standard for:
– position and dimension of electric contacts
– data exchange protocol with the card
– security
OASIS
Isabelle Attali - Merida Venezuela - 2002
What is a Java Card ?
• A smart card:
– Java Virtual Machine for running bytecode
• the standard is given by the Java Card Forum
– applications are applets
– standard library
– applets can be loaded on any standard JavaCard.
OASIS
Isabelle Attali - Merida Venezuela - 2002
Java Card Architecture
Physical level
OS OS
JCVM Native methods
JCRE API
applet applet applet
OASIS
Isabelle Attali - Merida Venezuela - 2002
Why not running Java on cards ?
• Physical constraints– less base types– simplified data structures
– jcwde: simulate the javacard– apdutool: simulates the terminal
OASIS
Isabelle Attali - Merida Venezuela - 2002
What is Java Card ?
• Java Card ��Java– No Thread ⇒ Synchronized– No float, double, long, transient, volatile– One Dimension Array– No Garbage Collector, no dynamic loading, usual APIs