1 / 46

TPR 3211 Project 1

TPR 3211 Project 1. Project Title: AES in Javacard Project ID: 221 Supervisor: Mr. Safi Uddin Moderator: Mr. Murugadoss. Introduction. Introduction. Introduction. Introduction. One word: CHANGE. Introduction. Moore’s Law:

nuru
Download Presentation

TPR 3211 Project 1

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. TPR 3211 Project 1 Project Title: AES in Javacard Project ID: 221 Supervisor: Mr. Safi Uddin Moderator: Mr. Murugadoss

  2. Introduction

  3. Introduction

  4. Introduction

  5. Introduction One word: CHANGE

  6. Introduction Moore’s Law: “The number of transistors that can fit in a specific area doubles every 18 months.”

  7. Introduction • DES (Data Encryption Standard) • First cracked in 1997 • Record held at present is 22 hours • Replaced by AES (Advanced Encryption Standard) in 2001

  8. AES • Advanced Encryption Standard • Originally called Rijndael • Symmetric block cipher that encrypts and decrypts data in blocks of 128 bits • Specifies 3 key sizes: 128, 196 and 256 bits

  9. AES • In decimal terms, this means that there are approximately: 3.4 x 1038 possible 128-bit keys;6.2 x 1057 possible 192-bit keys; and1.1 x 1077 possible 256-bit keys.

  10. AES • DES key are 56 bits long • There are approximately 7.2 x 1016 possible DES keys • There are on the order of 1021 times more AES 128-bit keys than DES 56-bit keys

  11. AES - Cipher • Pseudocode for cipher: Cipher(byte in[4 * Nb], byte out[4 * Nb], word w[Nb * (Nr + 1)]) begin byte state[4,Nb] state = in AddRoundKey(state, w) for round = 1 step 1 to Nr – 1 SubBytes(state) ShiftRows(state) MixColumns(state) AddRoundKey(state, w + round * Nb) end for SubBytes(state) ShiftRows(state) AddRoundKey(state, w + Nr * Nb) out = state end

  12. S-Box AES – SubBytes(state) • Non linear byte substitution

  13. AES – SubBytes(state) • For example, if s1,1 = {53}, s’1,1= {ed}

  14. AES – ShiftRows(state) • Cyclic shift of bytes in rows

  15. AES – MixColumns(state) • Columns are treated as 4 term polynomial • Matrix multiplication with a fixed polynomial

  16. AES – Inverse Cipher • Pseudocode for inverse cipher: InvCipher(byte in[4 * Nb], byte out[4 * Nb], word w[Nb * (Nr + 1)]) begin byte state[4,Nb] state = in AddRoundKey(state, w + Nr * Nb) // See Sec. 5.1.4 for round = Nr - 1 step -1 to 1 InvShiftRows(state) // See Sec. 5.3.1 InvSubBytes(state) // See Sec. 5.3.2 AddRoundKey(state, w + round * Nb) InvMixColumns(state) // See Sec. 5.3.3 end for InvShiftRows(state) InvSubBytes(state) AddRoundKey(state, w) out = state end

  17. AES – InvShiftRows(state) • Cyclic shift of bytes in rows

  18. S-Box AES – InvSubBytes(state) • Non linear byte substitution

  19. AES – InvMixColumns(state) • Columns are treated as 4 term polynomial • Matrix multiplication with a fixed polynomial

  20. Must communicate with a device to gain access to a display device or network Can be plugged into a reader (card terminal) or operate using radio frequencies A smartcard is a “credit card” with a “brain” in it Smartcard vs Javacard

  21. Smartcard vs Javacard A Javacard is a smartcard, a smartcard is not a Javacard

  22. Javacard • There is an estimated 3 billion smartcards in the world at the present moment, and all the major smartcard players have licensed Javacard • Javacard is a smart card that is capable of running programs written in Java • It is designed to run on 8-bit microprocessors with as little as 256 bytes of RAM (no, I didn’t leave out the K!) and 14 kilobytes of ROM • It enables the first true multi-application cards, it speeds and simplifies application development in very small memory environments

  23. Javacard

  24. Javacard • Javacard Virtual Machine • Due to limited memory resources, it is not possible to fit the JVM into Javacard • 3 strategies: • Small JVM is introduced • Javacard API is deprecated from Java API • No threads, security manager, synchronization, multi-dimensional arrays, large primitive data types • Split architecture • Bytecode at both ends – card terminal end and Javacard end

  25. Javacard • Communication with the outside world: • Application Protocol Data Unit • Data package (maximum size is 255 bytes) • A Javacard always waits for “Command APDU” from the reader (card terminal software) • Responds with “Response APDU”

  26. Javacard • Javacard Runtime Environment • Contains API classes and the JVM • Responsible for: • applet installation and initialisation • selection and deselection • APDU dispatching • transaction management • catching unchecked exceptions • assigns AID for each applet

  27. Javacard • How does it work? • Java data is compiled into bytecode and sent to card reader (card terminal driver) • Reader converts bytecode into card bytecode • Wraps card bytecode into data package “Select APDU” to tell the Javacard to let go of current active applet and select the new current applet • JCRE in Javacard will assign new applet AID • Communication by “Command APDU” and “Response APDU”

  28. AES in Javacard • Why Javacard? • Smart cards provide a secure, portable platform for "any time, anywhere" computing that can carry and manipulate substantial amounts of data, especially an individual's personal digital identity • The Java Card API allows applications written for one card to be downloaded "in place" into any other card • The Java Card thus allows smart cards to become a general-purpose computing platform and creates a potentially huge market for application software and development -- especially for financial, telecommunications, television, and security applications

  29. AES in Javacard • Why AES in Javacard? • Increasingly, physical keys are being replaced by cryptographic keys, which are typically a thousand bits in size • Modern smart cards are the ideal carriers for such keys, because they have enough computing power to do the necessary encryption or decryption on-card, so that the secret key never has to leave the card • One of the reasons Rijndael was chosen as AES was because of its efficiency in low memory environments

  30. AES in Javacard • Hardware Specifications:

  31. AES in Javacard • Hardware Specifications: • GemPC-410 card reader • GemXpresso RAD III PK IS Javacard • USB to Serial converter

  32. AES in Javacard GUI Card Terminal Application Gemplus GemPC-410 Card Terminal Driver Gemplus GemXpresso RAD III PK IS Kernel Ocean SDK (optional) AES Javacard applet Windows 98 JDK 1.2.2 Inprise JBuilder 3.5 Card Terminal Application

  33. AES in Javacard Software Specifications: • Windows 98 • JDK1.2.2 • Inprise JBuilder 3.5 • Gemplus GemXpresso RAD III PK IS Kernel • Gemplus GemPC-410 Card terminal driver (OCF with PC/SC bridge)

  34. AES in Javacard • Solution methods: • Research into the protocols, standards involved in project • Implementation of an AES applet model on a Java platform • Design and coding of a Javacard applet, test run on a simulation environment (Gemplus Simulation Environment) • Design and coding of card terminal application • Test run both Javacard applet and card terminal application

  35. AES in Javacard • Prototype development phase 1: • Tested applet security sandbox with an applet to read c:\autoexec.bat

  36. AES in Javacard • After creating keystore, signing applet and specifying permission in policy file, applet can be run

  37. AES in Javacard • Prototype development phase II: Figure: splash screen of prototype

  38. AES in Javacard Figure: encryption screen 1 of prototype

  39. AES in Javacard Figure: encryption screen 2 of prototype

  40. AES in Javacard Figure: decryption screen 1 of prototype

  41. AES in Javacard Figure: decryption screen 2 of prototype

  42. AES in Javacard • Prototype behaviour: • Encryption longer than decryption

  43. AES in Javacard • Implementation plan for coming trimester: • Choose between OCF and PC/SC • Develop Javacard applet • Run Javacard applet using GSE (Gemplus Simulation Environment) simulator to determine memory requirement, implementation errors, flow of communication, etc. • Develop Card Terminal Application using OCF or PC/SC platform.

  44. AES in Javacard • Conclusion: • AES in Javacard is a new platform, a new method, a new thinking.

  45. AES in Javacard

  46. THE END Thank you for your attention

More Related