RVS Seminar Deployment and Performance Analysis of JavaCards in a Heterogenous Environment. Carolin Latze University of Berne

Similar documents

Smart Card. Smart Card applications

MUSCLE Cryptographic Card Edge Definition for Java 1 Enabled Smartcards

Java Card. Smartcards. Demos. . p.1/30

JavaCard. Java Card - old vs new

Smart Card Application Development Using the Java Card Technology

Smart Cards a(s) Safety Critical Systems

Java Card TM Open Platform for Smart Cards

Java Applet and Terminal Application for Financial transactions

eid Security Frank Cornelis Architect eid fedict All rights reserved

Smart Card Based User Authentication

Introducing etoken. What is etoken?

Secure Over the Air (OTA) Management Of Mobile Applications

Smart Cards and their Operating Systems

ETSI TS V1.2.1 ( )

An evaluation of the Java Card environment

Exercise 1: Set up the Environment

The Implementation of Signing e-document by Using the Wireless Identity Module in Cellular Phone

Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc.

Reverse engineering smart cards

Measurement and Analysis Introduction of ISO7816 (Smart Card)

CHAPTER 5 SMART CARD TECHNOLOGY

Smart Card Technology Capabilities

Overview of Contactless Payment Cards. Peter Fillmore. July 20, 2015

Smart Card Application Standard Draft

Northrop Grumman M5 Network Security SCS Linux Kernel Cryptographic Services. FIPS Security Policy Version

MDG. MULTOS Developer's Guide. MAO-DOC-TEC-005 v MAOSCO Limited. MULTOS is a registered trademark of MULTOS Limited.

ZEN NETWORKS 3300 PERFORMANCE BENCHMARK SOFINTEL IT ENGINEERING, S.L.

SecureDoc Disk Encryption Cryptographic Engine

Athena Smartcard Inc. IDProtect Key with LASER PKI FIPS Cryptographic Module Security Policy. Document Version: 1.0 Date: April 25, 2012

3GPP TSG SA WG3 Security S3#30 S October 2003 Povoa de Varzim, Portugal. Abstract

Java Smart Cards as a Platform for Electronic Commerce

Strong Authentication Protocol using PIV Card with Mobile Devices

1. Product Overview 2. Product Features 3. Comparison Chart 4. Product Applications 5. Order Information 6. Q & A

Developing secure Java Card applications

The OpenEapSmartcard platform. Pr Pascal Urien ENST Paris

Issues in Smart Card Development

Test vehicle tool to assess candidate ITSEF s competency

High Speed Software Driven AES Algorithm on IC Smartcards

Using BroadSAFE TM Technology 07/18/05

Gemalto Mifare 1K Datasheet

IBM i Encryption in a Snap! Implement IBM FIELDPROC with a simple to use GUI and a few clicks of your mouse.

EXPLORING SMARTCARDS: AN INDEPENDENT LOOK TO TECHNOLOGIES AND MARKET

[SMO-SFO-ICO-PE-046-GU-

Configuring and Tuning SSH/SFTP on z/os

AN2598 Application note

Evaluating Elliptic Curve Cryptography for Use on Java Card

The Ultimate Authentication Technology

Banking. Extending Value to Customers. KONA Banking product matrix. is leading the next generation of payment solutions.

Topics. Introduction. Java History CS 146. Introduction to Programming and Algorithms Module 1. Module Objectives

ZVA64EE PERFORMANCE BENCHMARK SOFINTEL IT ENGINEERING, S.L.

Developing and Investigation of a New Technique Combining Message Authentication and Encryption

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

ETSI TS V8.1.0 ( ) Technical Specification. Smart Cards; Secure channel between a UICC and an end-point terminal (Release 8)

Open Mobile API Test Specification for Transport API

Side-Channel Monitoring of Contactless Java Cards

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

MOTOROLA MESSAGING SERVER SERVER AND MOTOROLA MYMAIL DESKTOP PLUS MODULE OVERVIEW. Security Policy REV 1.3, 10/2002

INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER

Getting to know your card: Reverse-Engineering the Smart-Card Application Protocol Data Unit for PKCS#11 Functions

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Pulse Secure, LLC. January 9, 2015

Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms

Draft Middleware Specification. Version X.X MM/DD/YYYY

Security Analysis of PLAID

JCCM : Flexible Certificates for smartcards with Java Card

A Survey of Electronic Signature Development in Mobile Devices

UM0586 User manual. STM32 Cryptographic Library. Introduction

SkyRecon Cryptographic Module (SCM)

The Belgian e-id: hacker vs developer

Information and Communications Technology Courses at a Glance

Embedded Java & Secure Element for high security in IoT systems

DoD CAC Middleware Requirements Release 4.0

SOSSE. Matthias Brüstle Simple Operating System for Smartcard Education. Kommunikationsnetz Franken e.v.

Smartcards with Webservice Interface

AQA GCSE in Computer Science Computer Science Microsoft IT Academy Mapping

CA DLP. Release Notes for Advanced Encryption. r12.0

BroadSAFE Enhanced IP Phone Networks

ST19NP18-TPM-I2C. Trusted Platform Module (TPM) with I²C Interface. Features

Cryptographic and Security Testing Laboratory. Deputy Laboratory Director, CST Laboratory Manager

Effective Java Programming. efficient software development

KonyOne Server Installer - Linux Release Notes

OPERATING SYSTEM SERVICES

Memory Basics. SRAM/DRAM Basics

Secure Network Communications FIPS Non Proprietary Security Policy

OpenADR 2.0 Security. Jim Zuber, CTO QualityLogic, Inc.

Summary of Results. NGINX SSL Performance

ETSI TS V9.2.0 ( ) Technical Specification. Smart Cards; Remote APDU structure for UICC based applications (Release 9)

Microsoft Identity Lifecycle Manager & Gemalto.NET Solutions. Jan 23 rd, 2007

SLE66CX322P or SLE66CX642P / CardOS V4.2B FIPS with Application for Digital Signature

Storing Encrypted Plain Text Files Using Google Android

Smart Card HOWTO. Tolga KILIÇLI. Copyright 2001 by Tolga KILIÇLI

Specifications for the Smart-Card Operating System for Transport Applications (SCOSTA)

jcardsim Java Card is simple!

Is Your SSL Website and Mobile App Really Secure?

M-Shield mobile security technology

First Semester Examinations 2011/12 INTERNET PRINCIPLES

Government Smart Card Interoperability Specification

EUROPEAN CARD FOR e-services

Web Security. Mahalingam Ramkumar

Transcription:

RVS Seminar Deployment and Performance Analysis of JavaCards in a Heterogenous Environment Carolin Latze University of Berne

Table of contents > Introduction Smartcards > Deployment Overview Linux Windows JavaCard Applet Client Application > Measurements Scenarios Comparison Communication Protocol > Conclusion 2

Smartcards > Provide dual factor authentication > Storage of additional keys > Consist of a CPU, ROM, RAM, I/O unit and EEPROM > Transmission protocol: Application Protocol Data Units (APDUs) over Transmission Protocol Data Units (TPDUs) Command APDU: CLA INS P1 P2 Lc Data Le Response APDU: Data SW1 SW2 3

Smartcards by Schlumberger > Cryptoflex Cards Minimal fs Standart set of commands RSA, DES, T-DES, SHA-1 > Cyberflex Access e- gate32k Programmable using JavaCard RSA, DES, T-DES, SHA-1 > Compliant to ISO7816 which is the standard for SmartCards 4

Overview Client App Middleware Applet Client Machine Smartcard 5

Deployment under Linux > MuscleCard Framework Middleware to communicate and work with the card > Completely open source > Works fine with Cryptoflex Cards and older Cyberflex Cards Client App Middleware Applet 6

Deployment under Windows > SDK provided by Schlumberger > Can be used as client to test an applet > Provides libraries to communicate with the card Client App Middleware Applet 7

JavaCard > Subset of Java -> no garbage collection!!! > A JavaCard Applet has to implement the following functions: install(), select(), process() > Additional requirements: Specification of the CLA and INS Bytes: final static byte MY_PROJECT_CLA = (byte)0x90; final byte PIN_CHECK = (byte)0x10; final byte RSA = (byte)0x20; final byte DES3 = (byte)0x30; final byte DES = (byte)0x40; final byte SHA = (byte)0x50; final byte SIGN_TEXT = (byte)0xa0; Client App Middleware Applet 8

JavaCard Applet Control Flow Select APDU APD U 0x9000 (3) (7) process() (10) JCRE (6) true (5) select (1) install() Applet (8) works (4) looks for the AID (2) register() DB (9) returns control Client App Middleware Applet 9

Our JavaCard Applet > Provides the following cryptographic functions: RSA using a 1024 bit key DES T-DES SHA-1 Verify method of SHA-1 had to be implemented by ourselfes Message signing and ciphering using SHA-1 and RSA Client App Middleware Applet 10

Client Application > We decided to implement the client in Java Easiest way Speed is negligible > Required functions are provided by the slb.iop library Client App Middleware Applet 11

Measurements - Scenarios > Scenario 1 (DES, T-DES): 8 Bytes long input (randomly generated) 50 times encoding and decoding > Scenario 2 (RSA, SHA-1): Encoding: Different input lengths (50 times each) Decoding: Valid input required Middleware expects the number of bytes in the response APDU 12

Measurements - Encodings 550 500 450 Time needed in ms 400 350 300 250 200 150 100 50 DES T-DES RSA SHA-1 Message 0 0 3 6 9 12 15 18 21 24 27 30 33 36 Number of Repetition 39 42 45 48 Algorithm Mean Value (ms) Deviation (ms) DES 59.02 16.14 T-DES 49.8 19.78 Message 478.02 6.8 RSA 417.14 6.62 SHA-1 70.44 10.1 13

Measurements - Decodings 1500 1400 1300 1200 Time needed in ms 1100 1000 900 800 700 600 500 400 DES T-DES RSA SHA-1 Message 300 200 100 0 0 3 6 9 12 15 18 21 24 27 30 33 36 Number of Repetition 39 42 45 48 Algorithm Mean Value (ms) Deviation (ms) DES 47.42 6.39 T-DES 47.4 7.77 Message 1430.42 9.29 RSA 91.72 7.57 SHA-1 741.82 7.14 14

Measurements Communication Protocol 375 350 325 300 Time needed in ms 275 250 225 200 175 150 125 100 Sending and Receiving an APDU Resetting the card 75 50 25 0 1 4 7 10 13 16 19 22 25 28 31 34 37 40 43 46 49 Number of Repetition 15

Measurements Stress Test > Stress Test: 1) RSA (9*50 + 50) times 2) DES 100 times 3) T-DES 100 times 4) SHA-1 (9*50 + 46) times => ERROR 5) Message 9*50 times => ERROR => Reset is needed after each type of ciphering! 16

Conclusions > Issues: Bad documentation Meaningless error messages (6F00) Required memory has to be allocated before usage Different number representations Platform dependent Not compliant to the newest JavaCard specifications 17

Questions Thanks for your attention ;-) 18