Transcript Smart card - Faculty Personal Homepage

Smart Cards Operating
Systems ‫أنظمة التشغيل للبطاقات‬
‫الذكية‬
By: Dr Muhammad Wasim Raad
Computer Engineering Department
Muhammad Wasim Raad
1
Power
(1.8 Volt)
Smart Chip 2001+
Co-Processor
Ground
& 3-DES Engine
Clock
16/32-bit RISC
Processor
Reset
ISO
7816 I/O
USB I/O
ROM (96 KB)
RAM (4 KB)
Contact:
ISO 7816
and USB
EEPROM
(64+ KB)
FLASH
(64 KB)
MMU
Contactless: ISO 14443
Muhammad Wasim Raad
DPA & SPA
Resistant Logic
2
‫ماهو نظام تشغيل‬
‫البطاقة الذكية‬
What is a COS?
Muhammad Wasim Raad
3
Card OS Role‫وظيفة نظام تشغيل البطاقة‬
Muhammad Wasim Raad
4
Transmission Protocol
Muhammad Wasim Raad
5
File Architecture
Muhammad Wasim Raad
6
File Architecture(Cont)
Muhammad Wasim Raad
7
Command Sets
Muhammad Wasim Raad
8
ISO 7816-4 Command
Sets
Muhammad Wasim Raad
9
Protocol Application Layer
APDU Format
Muhammad Wasim Raad
10
Access Conditions
Muhammad Wasim Raad
11
Access Conditions
Examples
Muhammad Wasim Raad
12
Access Conditions
Examples
Muhammad Wasim Raad
13
Smart Card Operating
Systems
• Smart card operating systems (SCOS) have
little resemblance to desktop OS.
• SCOS supports a collection of instructions on
which user applications can be built.
• ISO 7816-4 standardizes a wide range of
instructions in the format of APDUs.
• Most SMOS supports File Systems
Muhammad Wasim Raad
14
• Very low amount of program code:
3-30KB
• ROM masks for OS need 10-12
weeks for correcting errors
• The secure state of EEPROM has
noticeable influence on design of OS
Muhammad Wasim Raad
15
• For example all retry counters must be
designed such that their maximum value
corresponds to the erased state of the
EEPROM
• If this is not the case, it would be
possible to reset counter to its initial
value by intentionally removing the card
during transaction
Muhammad Wasim Raad
16
• This type of attack can be resisted by
proper coding of the counter or by
making the process of writing the retry
counter an atomic process
• Trap doors must be avoided
• Cryptographic functions must execute in
very short time
Muhammad Wasim Raad
17
• OS can be loaded into EEPROM, but
due to expensive EEPROM most OS is
in ROM
• Almost all OS allow program code for
additional commands or special
cryptographic algorithms to be loaded
into EEPROM during completion
Muhammad Wasim Raad
18
• OS must be able to automatically
recognize the size of the EEPROM
• Technical implementation involves OS
routine reading the manufacturer’s
finishing data
• Current Smart Card OS is not able to
adapt itself to varyations in size of
ROM or RAM
Muhammad Wasim Raad
19
Primary tasks of Smart
card OS
• Transferring data to and from a
smart card
• Controlling execution of commands
• Managing files
• Managing and executing
cryptographic algorithms
Muhammad Wasim Raad
20
Smart Card Communication Model
* The card sends out an ATR (Answer to Reset) immediately after insertion
** APDU stands for Application Protocol Data Unit (ISO 7816-4).
Muhammad Wasim Raad
Source: Z. Chen, “Java Card Technology for Smart Cards”
21
Smart Card File System
(ISO 7816-4)
MF
DF
DF
EF
DF
EF
MF Master File
EF
EF
EF
EF
(root directory, must always be present)
DF Dedicated File (directory file, can contain directory and data files)
EF Elementary File (data file)
Muhammad Wasim Raad
22
Smart Card File Names
MF
(ISO 7816-4)
Reserved FIDs
FID File Identifier (2 bytes)
0000 EF PIN and PUK #1
0100 EF PIN and PUK #2
DF
FID File Identifier (2 bytes)
DF Name (1-16 Bytes)
usually ISO 7816-5 AID
EF
3F00 MF root directory
Short-FID (5bits)
FID File Identifier (2 bytes)
0001 EF application keys
0011 EF management keys
0002
0003
0004
0005
EF
EF
EF
EF
manufacturing info
card ID info
card holder info
chip info
3FFF file path selection
FFFF reserved for future use
Muhammad Wasim Raad
23
Smart Card Internal File
EEPROM pages
Header
Structure
pointer
100'000 write cycles
64 byte page size
EF
Body
– Header: file structure info, access control
rights, pointer to data body
content changes never or seldom,
Muhammad Wasim Raad
protected from erasure
24
Muhammad Wasim Raad
25
MULTOS
• A high security architecture
– Apps needing high security can reside next to
apps needing low security
• Co-residence of multiple, inter-operable,
platform independent applications
• Dynamic remote loading and deletion of
applications over the lifetime of a card
– Achieved using the language MEL (MULTOS
Executable Language)
Muhammad Wasim Raad
26
PC/SC
• Architecture designed to ensure the
following work together even if made by
different manufacturers:
– smart cards
– smart card readers
– computers
• Differs from OpenCard because it offers
API interoperability rather than uniform
API
• Designed for Windows environment with
development in Visual C++
Muhammad Wasim Raad
27
Java card
• The Java Card specifications enable Java
technology to run on smart cards and
other devices
• Multi-Application Capable
- Java Card technology enables multiple
applications to co-exist securely on a
single smart card
• Dynamic:
Muhammad
Wasim Raad securely
- New applications can
be installed
28
Java Card
• Platform
independent
• Does not support
issuer control
• Not secure enough
for finantial
applications
Muhammad Wasim Raad
29
Java Card Architecture
Components
Muhammad Wasim Raad
30
Muhammad Wasim Raad
31
Muhammad Wasim Raad
32
applet
applet
applet
Java Card I/O with APDUs
Java Card platform
OS selects
applet
command
APDU,
Applet
sends
appletits
and incl.
invokes
applet
ID
response
APDU
executes
process
method
smartcard hardware
Muhammad Wasim Raad
terminal
33
How can the SMART card help in
new channels?
To Managing Finances Entertainment on
Securely and
Demand
Conveniently
To store
personal data
for
covenience
on-line
Earning and
redeeming
rewards with
Virtual
Merchants
To Secure Virtual World
Shopping with Credit (Chip
SecureCode) or e-Cash
Virtual Health,
Govt or other
Services
Muhammad Wasim Raad
34
Proprietary Smart Card
Operating Systems
Chip Hardware A
Data
Native
Native
EMV
EMV
Code
Code
Native
Loyalty
Code
Proprietary OS B
Chip Hardware B
ROM
Proprietary OS A
Data
E2
Native
Loyalty
Code
ROM
Native
EMV
Code
Data
E2
Data
Proprietary Chip OS developed in
“native” code - specific to underlying
silicon - to access chip functions.
OS often dedicated to performing a
single specific function – e.g. EMV

OS code is fixed in the ROM of the
chip, and cannot be changed after
the chip is made.

Limited number of programmers
able to make adaptations to
proprietary OS – impact on time to
market if changes / new functions
required.
 In order to multi-source silicon,
native code must be redeveloped
from scratch for new chip.

Muhammad Wasim Raad
Chip Hardware A
Chip Hardware B
35
KILLER Applications
Muhammad Wasim Raad
36
MULTOS
• The only OS
obtaining
ITSEC(E6)
Very secure
• Multi-application
support
• Requires
Coprocessor for
RSA makes it
expensive
Muhammad Wasim Raad
37
MULTOS: The OPEN STANDARD
smart card operating system

MULTOS defines a standard
CHIP HARDWARE INDEPENDENT
Smart Card Operating System:
 Portable:
 Develop applications ONCE
and run on ANY MULTOS chip.
 Open:
 Develop in C or Java and
Compile. API FREELY
available.
MEL Editor
C Compiler
/ Translator
EMV
EMV
Application
A
PKI
Application
A
MULTOS API
MULTOS API
MULTOS VM
MULTOS VM
ROM
ROM
Infineon Silicon
Muhammad Wasim Raad
E2PROM
PKI
E2PROM
 Highest Hardware and OS
Security Assurance:
 ITSEC E6 High
evaluated
 MULTOS SCHEME
facilitates management of
multiple applications
 Advanced Asymmetric
Cryptographic mechanism
Java Compiler
Renesas Silicon
Operating System
Options
Logical &
Physical
Access
WIM
SIM
Credit/Debit
Loyalty
E-Purse
Open Platform (Card Manager & Security Domain) API
Java Card
by
Sun Micro
and
Global
Platform
or
Windows
for
Smart Card
by
Microsoft
and
Global
Platform
or
Muhammad Wasim Raad
MULTOS
by
Mondex
International
Multos
and
MAOSCO
Council
39
Muhammad Wasim Raad
40
Muhammad Wasim Raad
41