TPR 3211 Project 1

1
TPR 3211 Project 1

• Project Title AES in Javacard
• Project ID 221
• Supervisor Mr. Safi Uddin
• Moderator Mr. Murugadoss

2
Introduction
3
Introduction
4
Introduction
5
Introduction

• One word
• CHANGE

6
Introduction

• Moores Law
• The number of transistors that can fit in a
  specific area doubles every 18 months.

7
Introduction

• DES (Data Encryption Standard)
• First cracked in 1997
• Record held at present is 22 hours
• Replaced by AES (Advanced Encryption Standard) in
  2001

8
AES

• Advanced Encryption Standard
• Originally called Rijndael
• Symmetric block cipher that encrypts and decrypts
  data in blocks of 128 bits
• Specifies 3 key sizes 128, 196 and 256 bits

9
AES

• In decimal terms, this means that there are
  approximately
• 3.4 x 1038 possible 128-bit keys6.2 x 1057
  possible 192-bit keys and1.1 x 1077 possible
  256-bit keys.

10
AES

• DES key are 56 bits long
• There are approximately 7.2 x 1016 possible DES
  keys
• There are on the order of 1021 times more AES
  128-bit keys than DES 56-bit keys

11
AES - Cipher

• Pseudocode for cipher
• Cipher(byte in4 Nb, byte out4 Nb, word
  wNb (Nr 1))
• begin
• byte state4,Nb
• state in
• AddRoundKey(state, w)
• for round 1 step 1 to Nr 1
• SubBytes(state)
• ShiftRows(state)
• MixColumns(state)
• AddRoundKey(state, w round Nb)
• end for
• SubBytes(state)
• ShiftRows(state)
• AddRoundKey(state, w Nr Nb)
• out state
• end

12
AES SubBytes(state)

• Non linear byte substitution

13
AES SubBytes(state)

• For example, if s1,1 53, s1,1 ed

14
AES ShiftRows(state)

• Cyclic shift of bytes in rows

15
AES MixColumns(state)

• Columns are treated as 4 term polynomial
• Matrix multiplication with a fixed polynomial

16
AES Inverse Cipher

• Pseudocode for inverse cipher
• InvCipher(byte in4 Nb, byte out4 Nb, word
  wNb (Nr 1))
• begin
• byte state4,Nb
• state in
• AddRoundKey(state, w Nr Nb) // See Sec.
  5.1.4
• for round Nr - 1 step -1 to 1
• InvShiftRows(state) // See Sec. 5.3.1
• InvSubBytes(state) // See Sec. 5.3.2
• AddRoundKey(state, w round Nb)
• InvMixColumns(state) // See Sec. 5.3.3
• end for
• InvShiftRows(state)
• InvSubBytes(state)
• AddRoundKey(state, w)
• out state
• end

17
AES InvShiftRows(state)

• Cyclic shift of bytes in rows

18
AES InvSubBytes(state)

• Non linear byte substitution

19
AES InvMixColumns(state)

• Columns are treated as 4 term polynomial
• Matrix multiplication with a fixed polynomial

20
Smartcard vs Javacard

• A smartcard is a credit card with a brain in
  it

• Must communicate with a device to gain access to
  a display device or network
• Can be plugged into a reader (card terminal) or
  operate using radio frequencies

21
Smartcard vs Javacard

• A Javacard is a smartcard,
• a smartcard is not a Javacard

22
Javacard

• There is an estimated 3 billion smartcards in the
  world at the present moment, and all the major
  smartcard players have licensed Javacard
• Javacard is a smart card that is capable of
  running programs written in Java
• It is designed to run on 8-bit microprocessors
  with as little as 256 bytes of RAM (no, I didnt
  leave out the K!) and 14 kilobytes of ROM
• It enables the first true multi-application
  cards, it speeds and simplifies application
  development in very small memory environments

23
Javacard
24
Javacard

• Javacard Virtual Machine
• Due to limited memory resources, it is not
  possible to fit the JVM into Javacard
• 3 strategies
• Small JVM is introduced
• Javacard API is deprecated from Java API
• No threads, security manager, synchronization,
  multi-dimensional arrays, large primitive data
  types
• Split architecture
• Bytecode at both ends card terminal end and
  Javacard end

25
Javacard

• Communication with the outside world
• Application Protocol Data Unit
• Data package (maximum size is 255 bytes)
• A Javacard always waits for Command APDU from
  the reader (card terminal software)
• Responds with Response APDU

26
Javacard

• Javacard Runtime Environment
• Contains API classes and the JVM
• Responsible for
• applet installation and initialisation
• selection and deselection
• APDU dispatching
• transaction management
• catching unchecked exceptions
• assigns AID for each applet

27
Javacard

• How does it work?
• Java data is compiled into bytecode and sent to
  card reader (card terminal driver)
• Reader converts bytecode into card bytecode
• Wraps card bytecode into data package Select
  APDU to tell the Javacard to let go of current
  active applet and select the new current applet
• JCRE in Javacard will assign new applet AID
• Communication by Command APDU and Response
  APDU

28
AES in Javacard

• Why Javacard?
• Smart cards provide a secure, portable platform
  for "any time, anywhere" computing that can carry
  and manipulate substantial amounts of data,
  especially an individual's personal digital
  identity
• The Java Card API allows applications written for
  one card to be downloaded "in place" into any
  other card
• The Java Card thus allows smart cards to become a
  general-purpose computing platform and creates a
  potentially huge market for application software
  and development -- especially for financial,
  telecommunications, television, and security
  applications

29
AES in Javacard

• Why AES in Javacard?
• Increasingly, physical keys are being replaced by
  cryptographic keys, which are typically a
  thousand bits in size
• Modern smart cards are the ideal carriers for
  such keys, because they have enough computing
  power to do the necessary encryption or
  decryption on-card, so that the secret key never
  has to leave the card
• One of the reasons Rijndael was chosen as AES was
  because of its efficiency in low memory
  environments

30
AES in Javacard

• Hardware Specifications

31
AES in Javacard

• Hardware Specifications
• GemPC-410 card reader
• GemXpresso RAD III PK IS Javacard
• USB to Serial converter

32
AES in Javacard
GUI Card Terminal Application
Gemplus GemPC-410 Card Terminal Driver
Gemplus GemXpresso RAD III PK IS Kernel
Ocean SDK (optional)
AES Javacard applet
Windows 98 JDK 1.2.2 Inprise JBuilder 3.5 Card
Terminal Application
33
AES in Javacard

• Software Specifications
• Windows 98
• JDK1.2.2
• Inprise JBuilder 3.5
• Gemplus GemXpresso RAD III PK IS Kernel
• Gemplus GemPC-410 Card terminal driver (OCF with
  PC/SC bridge)

34
AES in Javacard

• Solution methods
• Research into the protocols, standards involved
  in project
• Implementation of an AES applet model on a Java
  platform
• Design and coding of a Javacard applet, test run
  on a simulation environment (Gemplus Simulation
  Environment)
• Design and coding of card terminal application
• Test run both Javacard applet and card terminal
  application

35
AES in Javacard

• Prototype development phase 1
• Tested applet security sandbox with an applet to
  read c\autoexec.bat

36
AES in Javacard

• After creating keystore, signing applet and
  specifying permission in policy file, applet can
  be run

37
AES in Javacard

• Prototype development phase II

Figure splash screen of prototype
38
AES in Javacard
Figure encryption screen 1 of prototype
39
AES in Javacard
Figure encryption screen 2 of prototype
40
AES in Javacard
Figure decryption screen 1 of prototype
41
AES in Javacard
Figure decryption screen 2 of prototype
42
AES in Javacard

• Prototype behaviour
• Encryption longer than decryption

43
AES in Javacard

• Implementation plan for coming trimester
• Choose between OCF and PC/SC
• Develop Javacard applet
• Run Javacard applet using GSE (Gemplus Simulation
  Environment) simulator to determine memory
  requirement, implementation errors, flow of
  communication, etc.
• Develop Card Terminal Application using OCF or
  PC/SC platform.

44
AES in Javacard

• Conclusion
• AES in Javacard is a new platform, a new method,
  a new thinking.

45
AES in Javacard
46
THE END

• Thank you for your attention