1 / 41

Smart Cards Operating Systems أنظمة التشغيل للبطاقات الذكية

Smart Cards Operating Systems أنظمة التشغيل للبطاقات الذكية. By: Dr Muhammad Wasim Raad Computer Engineering Department. Smart Chip - 2001+. Power (1.8 Volt). Co-Processor & 3-DES Engine. ROM (96 KB ). Ground. RAM (4 KB). Clock. 16/32-bit RISC Processor. EEPROM (64+ KB)

guglielmo
Download Presentation

Smart Cards Operating Systems أنظمة التشغيل للبطاقات الذكية

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Smart Cards Operating Systemsأنظمة التشغيل للبطاقات الذكية By: Dr Muhammad Wasim Raad Computer Engineering Department Muhammad Wasim Raad

  2. Smart Chip - 2001+ Power (1.8 Volt) Co-Processor & 3-DES Engine ROM(96 KB) Ground RAM (4 KB) Clock 16/32-bit RISC Processor EEPROM (64+ KB) FLASH (64 KB) Reset ISO 7816 I/O Contact: ISO 7816 and USB MMU USB I/O DPA & SPA Resistant Logic Contactless: ISO 14443 Muhammad Wasim Raad

  3. ماهو نظام تشغيل البطاقة الذكيةWhat is a COS? Muhammad Wasim Raad

  4. Card OS Roleوظيفة نظام تشغيل البطاقة Muhammad Wasim Raad

  5. Transmission Protocol Muhammad Wasim Raad

  6. File Architecture Muhammad Wasim Raad

  7. File Architecture(Cont) Muhammad Wasim Raad

  8. Command Sets Muhammad Wasim Raad

  9. ISO 7816-4 Command Sets Muhammad Wasim Raad

  10. Protocol Application LayerAPDU Format Muhammad Wasim Raad

  11. Access Conditions Muhammad Wasim Raad

  12. Access Conditions Examples Muhammad Wasim Raad

  13. Access Conditions Examples Muhammad Wasim Raad

  14. Smart Card Operating Systems • Smart card operating systems (SCOS) have little resemblance to desktop OS. • SCOS supports a collection of instructions on which user applications can be built. • ISO 7816-4 standardizes a wide range of instructions in the format of APDUs. • Most SMOS supports File Systems Muhammad Wasim Raad

  15. Very low amount of program code: 3-30KB • ROM masks for OS need 10-12 weeks for correcting errors • The secure state of EEPROM has noticeable influence on design of OS Muhammad Wasim Raad

  16. For example all retry counters must be designed such that their maximum value corresponds to the erased state of the EEPROM • If this is not the case, it would be possible to reset counter to its initial value by intentionally removing the card during transaction Muhammad Wasim Raad

  17. This type of attack can be resisted by proper coding of the counter or by making the process of writing the retry counter an atomic process • Trap doors must be avoided • Cryptographic functions must execute in very short time Muhammad Wasim Raad

  18. OS can be loaded into EEPROM, but due to expensive EEPROM most OS is in ROM • Almost all OS allow program code for additional commands or special cryptographic algorithms to be loaded into EEPROM during completion Muhammad Wasim Raad

  19. OS must be able to automatically recognize the size of the EEPROM • Technical implementation involves OS routine reading the manufacturer’s finishing data • Current Smart Card OS is not able to adapt itself to varyations in size of ROM or RAM Muhammad Wasim Raad

  20. Primary tasks of Smart card OS • Transferring data to and from a smart card • Controlling execution of commands • Managing files • Managing and executing cryptographic algorithms Muhammad Wasim Raad

  21. Smart Card Communication Model * The card sends out an ATR (Answer to Reset) immediately after insertion. ** APDU stands for Application Protocol Data Unit (ISO 7816-4). Muhammad Wasim Raad Source: Z. Chen, “Java Card Technology for Smart Cards”

  22. MF DF DF DF EF EF EF EF EF EF MF Master File (root directory, must always be present) DF Dedicated File (directory file, can contain directory and data files) EF Elementary File (data file) Smart Card File System (ISO 7816-4) Muhammad Wasim Raad

  23. MF FID File Identifier (2 bytes) DF FID File Identifier (2 bytes) EF DF Name (1-16 Bytes)usually ISO 7816-5 AID Short-FID (5bits) FID File Identifier (2 bytes) Smart Card File Names (ISO 7816-4) Reserved FIDs 3F00MF root directory 0000EF PIN and PUK #10100EF PIN and PUK #2 0001EF application keys0011EF management keys 0002EF manufacturing info0003EF card ID info0004EF card holder info0005EF chip info 3FFF file path selection FFFF reserved for future use Muhammad Wasim Raad

  24. EEPROM pages100'000 write cycles64 byte page size Header pointer EF Body Smart Card Internal File Structure • Header: file structure info, access control rights, pointer to data body content changes never or seldom, protected from erasure • Body: data, content might change often, many write operations Muhammad Wasim Raad

  25. Muhammad Wasim Raad

  26. MULTOS • A high security architecture • Apps needing high security can reside next to apps needing low security • Co-residence of multiple, inter-operable, platform independent applications • Dynamic remote loading and deletion of applications over the lifetime of a card • Achieved using the language MEL (MULTOS Executable Language) Muhammad Wasim Raad

  27. PC/SC • Architecture designed to ensure the following work together even if made by different manufacturers: • smart cards • smart card readers • computers • Differs from OpenCard because it offers API interoperability rather than uniform API • Designed for Windows environment with development in Visual C++ Muhammad Wasim Raad

  28. Java card • The Java Card specifications enable Java technology to run on smart cards and other devices • Multi-Application Capable - Java Card technology enables multiple applications to co-exist securely on a single smart card • Dynamic: - New applications can be installed securely • Secure: - relies on the inherent security of the Java programming language to provide a secure execution environment. - platform's proven industry deployments and security evaluations ensure that card issuers benefit from the most capable and secure technology available today. Muhammad Wasim Raad

  29. Java Card • Platform independent • Does not support issuer control • Not secure enough for finantial applications Muhammad Wasim Raad

  30. Java Card Architecture Components Muhammad Wasim Raad

  31. Muhammad Wasim Raad

  32. Muhammad Wasim Raad

  33. Java Card I/O with APDUs OS selects applet and invokes its process method commandAPDU, incl. applet ID applet applet applet applet Applet sends response APDU applet executes Java Cardplatform terminal smartcard hardware Muhammad Wasim Raad

  34. To Managing Finances Securely and Conveniently Entertainment on Demand Earning and redeeming rewards with Virtual Merchants To store personal data for covenience on-line Virtual Health, Govt or other Services To Secure Virtual World Shopping with Credit (Chip SecureCode) or e-Cash How can the SMART card help in new channels? Muhammad Wasim Raad

  35. Native EMV Code Native Loyalty Code Native EMV Code Native EMV Code Native Loyalty Code Proprietary OS A Proprietary OS B Proprietary Smart Card Operating Systems • Proprietary Chip OS developed in “native” code - specific to underlying silicon - to access chip functions. OS often dedicated to performing a single specific function – e.g. EMV Data Data Data Data E2 E2 ROM ROM • OS code is fixed in the ROM of the chip, and cannot be changed after the chip is made. Chip Hardware A Chip Hardware B • Limited number of programmers able to make adaptations to proprietary OS – impact on time to market if changes / new functions required. • In order to multi-source silicon, native code must be redeveloped from scratch for new chip. Muhammad Wasim Raad Chip Hardware A Chip Hardware B

  36. KILLER Applications Muhammad Wasim Raad

  37. MULTOS • The only OS obtaining ITSEC(E6) Very secure • Multi-application support • Requires Coprocessor for RSA makes it expensive Muhammad Wasim Raad

  38. MULTOS: The OPEN STANDARD smart card operating system • MULTOS defines a standard CHIP HARDWARE INDEPENDENT Smart CardOperating System: • Portable: • Develop applications ONCE and run on ANY MULTOS chip. • Open: • Develop in C or Java and Compile. API FREELY available. MEL Editor C Compiler Java Compiler / Translator EMV EMV • Highest Hardware and OS Security Assurance: • ITSEC E6 High evaluated • MULTOS SCHEME facilitates management of multiple applications • Advanced Asymmetric Cryptographic mechanism PKI Application A PKI Application A E2PROM E2PROM MULTOS API MULTOS API MULTOS VM MULTOS VM ROM ROM Infineon Silicon Renesas Silicon Muhammad Wasim Raad

  39. Operating System Options Logical & Physical Access WIM SIM Loyalty E-Purse Credit/Debit Open Platform (Card Manager & Security Domain) API MULTOS by Mondex International and MAOSCO Council Windows for Smart Card by Microsoft and Global Platform Java Card by Sun Micro and Global Platform or or Multos Muhammad Wasim Raad

  40. Muhammad Wasim Raad

  41. Muhammad Wasim Raad

More Related