High Performance Java Card Operating System

2008

Smart cards are used extensively for data security and authentication purposes in various id card based applications. The data security in smart card is provided by access control based on passwords and cryptographic techniques. The smart card chip carries an operating system which implements cryptography and provides secure storage of data for application for interacting with the smart card. IIT Kanpur along with Government of India developed an application-independent smart card operating system standard known as SCOSTA-CL. SCOSTA-CL provides inter-operable command set for interaction between smart card data and applications. In this thesis, we focus on the implementation of a SCOSTA-CL based Smart Card Operating System known as (SCSOS). The SCSOS implements contact and contact-less mode of communication with the smart card reader. The communication can be protected against eavesdropping through secure messaging. SCSOS implements symmetric key cryptography and has its own security architecture for the protection of resources such as data and commands. Along with resource protection, it also allows applications to perform cryptographic operations such as encryption, decryption, checksum computation and verification etc. The SCSOS has been developed in a generic manner so as to support multiple applications on a single smart card. The modular design of SCSOS allows development and integration of new features with little effort. The developed operating system has been ported to the various existing smart card processors and rigorously tested for reliability and robustness. iii Acknowledgments I take this opportunity to express my sincere gratitude towards my supervisor Prof. Dr. Rajat Moona for his valuable guidance. I am grateful to him for his constant motivation, support and ideas that he gave throughout the year for my thesis. This work would not have been possible without his guidance. The flexible meeting hours with sir even on weekends really helped in the continuous progress of work. Overall, it has been great learning experience and I consider myself extremely fortunate that I got a chance to work under his guidance. I would like to thank Ministry of Information System, Government of India for sponsoring this project. I would like to thank my colleague Aditi Gupta for the discussion that we had during my thesis work. I would also like to thank Srishti Srivastava who helped me during the testing phase of my project work. I thank my classmates and friends for helping me during writing my thesis especially Anirudh, Vishal and Riyaz. I thank CSE faculty and department for their support to provide all the necessary resources required for my thesis. I immensely thank my family for their moral support during my work. 1. The smart card reader sends a command to the card operating system. 2. The smart card operating system receives command via serial I/O interface.

1996

The operating system of an IC card should provide an appropriate interface to applications using IC cards. An incorrect choice of operations and data renders the card inef cient and cumbersome. The design principles of the UNIX operating system are most appropriate for IC card operating system design. The actual design that we recognise as UNIX (or any other current operating system for that matter) is not appropriate for IC cards.

2002

We describe the current work to extend our Java processor Java Silicon Machine (JSM) for embedded system applications. The JSM is a Javacard processor supporting all Javacard bytecodes. The JSM is a fully synthesizable 32bit processor soft core with a very small footprint. The processor requires 20 percent of a Xilinx Virtex 1000E FPGA area.

2006

The work presented in this paper is part of the Java Card TM1 Grid project 2 carried out at LaBRI, Laboratoire Bordelais de Recherche en Informatique. The aim of this project is to build a hardware platform and the associated software components to experiment on the security features of distributed applications. To achieve this goal we use the hardware components that offer the highest security level: smart cards. We do not pretend that the resulting platform can compare to a real grid in terms of computational power, but it serves as a proof of concept for what a grid with secure processors could be and could do. As of writing, the hardware platform comprises 32 card readers and two PCs to manage them. The applications that we run on our platform are applications that require a high level of confidentiality regarding their own binary code, the input data that they handle, and the results that they produce. Even though we know that we cannot expect our grid to achieve high speed computation, we believe that it is a good testbed to experiment on the security features that one would require in a real grid environment. This paper focuses on the software infrastructure that we have set up to manage the platform and on the framework that we have designed and implemented to develop real applications on top of it.

2006

The Java Card TM1 Grid 2 platform is a project carried out at LaBRI, Laboratoire Bordelais de Recherche en Informatique. It consists in setting up a platform composed of a large number of smart cards connected together by USB hubs and driven by PCs. The Java Card readers are assembled in a wall mount rack and are organized in a cluster-like architecture. The goal of the Java Card Grid project is to provide a hardware and software environment to experiment on security demanding applications and thereafter to propose innovative high level security solutions for distributed applications. This original Java Card Grid can be seen as a proof of concept (even if it is much more than that and can be used as is). Other platforms based on it are now being investigated among which:

14th International Workshop on Database and Expert Systems Applications, 2003. Proceedings., 2003

This paper presents an open protocol for interoperability across multi-vendor programmable smart cards. It allows exposition of on-card storage and cryptographic services to host applications in a unified, card-independent way. Its design, inspired by the standardization of on-card Java language and cryptographic API, has been kept as generic and modular as possible. The protocol security model has been designed with the aim of allowing multiple applications to use the services exposed by a same card, with either a cooperative or a no-interference approach, depending on application requirements.

1996

Sun Microsystems defined a set of specifications for a subset of Java technology to create applications for them, Java Card applets. A device that supports these specifications is referred to as a Java Card platform. On a Java Card platform, multiple applications from different vendors can coexist securely. The Java Card platform is the tiniest of Java targeted for embedded devices. It is an open, interoperable platform for smart cards and secure tokens. The technology is widely used in SIM cards (it's used in GSM mobile phones) and ATM cards. Java Card gives users the ability to program a device and make it application specific and lets smart card developers use a common card platform. Smart cards, unlike magnetic stripe cards, can carry all necessary functions and information on the card; therefore, they do not require access to remote databases at the time of the transaction. Keywords: Java, object, application, programming, SIM.

Computer Systems: Science & Engineering, 2005

This paper presents an open and modular middleware for smart cards, providing a simple abstraction of the device to application developers. The software is interoperable across multiple card devices, and portable across various open platforms. The architectural design is centred around the definition of a new API that allows protected access to the storage and cryptographic facilities of a smart card. In the envisioned architecture, a smart card driver architecture is partitioned into a lower card-dependent component, that formats and exchanges APDUs with the external device, and a higher cardindependent component, that implements more sophisticated services and interfaces, such as the well known PKCS-11 standard. Each layer can focus on a smaller set of functionality, thus reducing the effort required for the development as well as the testing and maintenance of each component. The proposed architecture, along with a set of pilot applications such as secure remote shell, secure web services, local login and digital signature, has been developed and tested on various platforms, including Open BSD, Linux, Solaris and Mac OS X, proving effectiveness of the new approach.

… (ICDEW), 2011 IEEE …, 2011

Systems need to be updated in order to correct vulnerabilities, fix bugs but also to enhance functionalities. Traditional software update mechanisms usually stop the software that need to be updated, apply the update then restart the system. However, this approach is not appropriate in critical systems such as banking or telecommunications.