SlideShare una empresa de Scribd logo

Smart Cards, ePassports, and open source

Martijn Oostdijk
Martijn Oostdijk

Presentation on http://jmrtd.org at TkkrLab Enschede on the occasion of Hardware Freedom Day.

1 de 17
Descargar para leer sin conexión
Smart cards, ePassports, … and Open Source Martijn Oostdijk, Novay Wojciech Mostowski, UTwente
whois • Martijn Oostdijk, advisor @ Novay • Wojciech Mostowski, researcher @ Utwente • We share a history of applying formal methods to smart cards (in Nijmegen) • And as a result started some open source projects: – JMRTD.org (ePassport API & applet) – GPJ (Global Platform), ISO 18013 (eDL), PKI applet
Smart Cards • Chances are you have at least 3 smart cards on you right now… – Banking (EMV debit/credit card) – Telecom (SIM card) – Government (passport / identity card) – Public transport (“OV chipkaart”) – Access control (access key card for building) – Conditional access (card for TV decoder) • They’re EVERYWHERE!
Smart Cards • Simple computer, designed for security • Simple I/O (ISO 7816 comparable to RS 232) • With crypto processor • And security counter measures – Noise generator – Dual rail logic – Active grid • Ranging from “filesystem with access control” to “fully programmable microcontroller”
Java Card applet applet applet Java Card Java Card platform API Java Card Virtual Machine Command APDU Response APDU smart card hardware
Java Card • Higher level of abstraction than native assembly programming (but only slightly) • Published standard: JLS, JCVM • Multiple applets on one card • Use standard Java toolset to develop for JC • Simpler VM: 16 bit arithmetic, simpler API, no floats • More complex: transactions, applet firewall • Crypto API (for access to crypto processor)
ePassports
Why? Document authenticity Look-a-like fraud cheaper than document falsification Cheaper to alter genuine than to fabricate one Special paper, some stamps typewriter Watermark Polycarbonate Document with holder page public key crypto signature 10
Why? Extra info on user • Face ~ 449x599 .jpg ~ 20KB – Machine can do (reasonable) match – Human inspector gets better quality • Fingerprints ~ 35KB – Machine can do match • Signature ~ 2KB – Machine can check authenticity, based on country root certificate Compare QR code: 7KB max11
Why? ABC [Link] • ePasport == Privium for mere mortals 12
DEMO
OSS coding “in the boss’s time” • @RU 2006: BZK funded security test ePassport • @RU 2009: BZK funded security test EAC • @RU/Novay: RDW funded pilot • @Novay: NLnet funded project • @Novay: project for ScanTech-IT (Denmark)
Conclusions • Smartcard == “secure core” computer • ePassport primarily for doc authenticity, we will have to see about biometric, ABC, etc. • Academic project == good starting point OSS • Smart cards, Java Card, ePassport … small incrowd of developers & users. It’s not Linux / OpenOffice • Still, some adoption, and developers, perhaps NFC in more handsets will help
More Info • http://jmrtd.org • http://isodl.sf.net • http://javacardsign.sf.net • http://gpj.sf.net • http://martijno.blogspot.com • http://wwwhome.ewi.utwente.nl/~mostowski wi/
Smart Cards, ePassports, and open source

Recomendados

Java card technology
Java card technologyJava card technology
Java card technologyKeerthi Thomas
 
My ppt java ring
My ppt java ringMy ppt java ring
My ppt java ringarun Prabha
 
Java card
Java card Java card
Java card Naga Dinesh
 
Java Ring
Java RingJava Ring
Java RingAbhishek Abhi
 
Java Ring
Java Ring Java Ring
Java Ring Aradhya Kundu
 
ISSE 2012 Context-enhanced Authorization
ISSE 2012 Context-enhanced AuthorizationISSE 2012 Context-enhanced Authorization
ISSE 2012 Context-enhanced AuthorizationMartijn Oostdijk
 
Re-using existing PKIs for online Identity Management
Re-using existing PKIs for online Identity ManagementRe-using existing PKIs for online Identity Management
Re-using existing PKIs for online Identity ManagementMartijn Oostdijk
 
Govcert2011 - Context-enhanced Authorization
Govcert2011 - Context-enhanced AuthorizationGovcert2011 - Context-enhanced Authorization
Govcert2011 - Context-enhanced AuthorizationMartijn Oostdijk
 

Recomendados

Java card technology
Java card technologyJava card technology
Java card technologyKeerthi Thomas
 
My ppt java ring
My ppt java ringMy ppt java ring
My ppt java ringarun Prabha
 
Java card
Java card Java card
Java card Naga Dinesh
 
Java Ring
Java RingJava Ring
Java RingAbhishek Abhi
 
Java Ring
Java Ring Java Ring
Java Ring Aradhya Kundu
 
ISSE 2012 Context-enhanced Authorization
ISSE 2012 Context-enhanced AuthorizationISSE 2012 Context-enhanced Authorization
ISSE 2012 Context-enhanced AuthorizationMartijn Oostdijk
 
Re-using existing PKIs for online Identity Management
Re-using existing PKIs for online Identity ManagementRe-using existing PKIs for online Identity Management
Re-using existing PKIs for online Identity ManagementMartijn Oostdijk
 
Govcert2011 - Context-enhanced Authorization
Govcert2011 - Context-enhanced AuthorizationGovcert2011 - Context-enhanced Authorization
Govcert2011 - Context-enhanced AuthorizationMartijn Oostdijk
 
Electric Imp - Hackathon Intro
Electric Imp - Hackathon IntroElectric Imp - Hackathon Intro
Electric Imp - Hackathon IntroMatt Haines
 
Security's Once and Future King
Security's Once and Future KingSecurity's Once and Future King
Security's Once and Future KingKapil Sachdeva
 
Java card technology
Java card technologyJava card technology
Java card technologyAmol Kamble
 
jCardSim – Java Card is simple!
jCardSim – Java Card is simple!jCardSim – Java Card is simple!
jCardSim – Java Card is simple!Mikhail Dudarev
 
Inside .NET Smart Card Operating System
Inside .NET Smart Card Operating SystemInside .NET Smart Card Operating System
Inside .NET Smart Card Operating SystemSensePost
 
One library for all Java encryption
One library for all Java encryptionOne library for all Java encryption
One library for all Java encryptionDan Cvrcek
 
JavaCard development Quickstart
JavaCard development QuickstartJavaCard development Quickstart
JavaCard development QuickstartMartin Paljak
 
Using Java Script and COMPOSE to build cool IoT applications, SenZations 2015
Using Java Script and COMPOSE to build cool IoT applications, SenZations 2015Using Java Script and COMPOSE to build cool IoT applications, SenZations 2015
Using Java Script and COMPOSE to build cool IoT applications, SenZations 2015SenZations Summer School
 
Smart shopping cart (using RFID)
Smart shopping cart (using RFID)Smart shopping cart (using RFID)
Smart shopping cart (using RFID)Majurageerthan Arumugathasan
 
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source softwareOpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source softwareMartin Paljak
 
Javacardtech
JavacardtechJavacardtech
JavacardtechVivek Bajpai
 
Internet of Things Conference - Bogor city
Internet of Things Conference - Bogor cityInternet of Things Conference - Bogor city
Internet of Things Conference - Bogor cityAndri Yadi
 
Architectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsArchitectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsRoshan Kulkarni
 
Taller IoT en la Actualidad
Taller IoT en la ActualidadTaller IoT en la Actualidad
Taller IoT en la ActualidadLaurence HR
 
Internet of things (IoT) with Azure
Internet of things (IoT) with AzureInternet of things (IoT) with Azure
Internet of things (IoT) with AzureVinoth Rajagopalan
 
Devoxx 2013 io t
Devoxx 2013 io tDevoxx 2013 io t
Devoxx 2013 io tJava-Embedded
 
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...Sergey Gordeychik
 
eSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalitieseSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalitiesYiannis Hatzopoulos
 
API Design Concepts for Device Programming
API Design Concepts for Device ProgrammingAPI Design Concepts for Device Programming
API Design Concepts for Device ProgrammingKaminda Dimunge
 
IoT Intro and Demo
IoT Intro and DemoIoT Intro and Demo
IoT Intro and DemoAlbert Suwandhi
 

Más contenido relacionado

Similar a Smart Cards, ePassports, and open source

Electric Imp - Hackathon Intro
Electric Imp - Hackathon IntroElectric Imp - Hackathon Intro
Electric Imp - Hackathon IntroMatt Haines
 
Security's Once and Future King
Security's Once and Future KingSecurity's Once and Future King
Security's Once and Future KingKapil Sachdeva
 
Java card technology
Java card technologyJava card technology
Java card technologyAmol Kamble
 
jCardSim – Java Card is simple!
jCardSim – Java Card is simple!jCardSim – Java Card is simple!
jCardSim – Java Card is simple!Mikhail Dudarev
 
Inside .NET Smart Card Operating System
Inside .NET Smart Card Operating SystemInside .NET Smart Card Operating System
Inside .NET Smart Card Operating SystemSensePost
 
One library for all Java encryption
One library for all Java encryptionOne library for all Java encryption
One library for all Java encryptionDan Cvrcek
 
JavaCard development Quickstart
JavaCard development QuickstartJavaCard development Quickstart
JavaCard development QuickstartMartin Paljak
 
Using Java Script and COMPOSE to build cool IoT applications, SenZations 2015
Using Java Script and COMPOSE to build cool IoT applications, SenZations 2015Using Java Script and COMPOSE to build cool IoT applications, SenZations 2015
Using Java Script and COMPOSE to build cool IoT applications, SenZations 2015SenZations Summer School
 
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source softwareOpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source softwareMartin Paljak
 
Internet of Things Conference - Bogor city
Internet of Things Conference - Bogor cityInternet of Things Conference - Bogor city
Internet of Things Conference - Bogor cityAndri Yadi
 
Architectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsArchitectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsRoshan Kulkarni
 
Taller IoT en la Actualidad
Taller IoT en la ActualidadTaller IoT en la Actualidad
Taller IoT en la ActualidadLaurence HR
 
Internet of things (IoT) with Azure
Internet of things (IoT) with AzureInternet of things (IoT) with Azure
Internet of things (IoT) with AzureVinoth Rajagopalan
 
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...Sergey Gordeychik
 
eSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalitieseSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalitiesYiannis Hatzopoulos
 
API Design Concepts for Device Programming
API Design Concepts for Device ProgrammingAPI Design Concepts for Device Programming
API Design Concepts for Device ProgrammingKaminda Dimunge
 

Similar a Smart Cards, ePassports, and open source (20)

Electric Imp - Hackathon Intro
Electric Imp - Hackathon IntroElectric Imp - Hackathon Intro
Electric Imp - Hackathon Intro
 
Security's Once and Future King
Security's Once and Future KingSecurity's Once and Future King
Security's Once and Future King
 
Java card technology
Java card technologyJava card technology
Java card technology
 
jCardSim – Java Card is simple!
jCardSim – Java Card is simple!jCardSim – Java Card is simple!
jCardSim – Java Card is simple!
 
Inside .NET Smart Card Operating System
Inside .NET Smart Card Operating SystemInside .NET Smart Card Operating System
Inside .NET Smart Card Operating System
 
One library for all Java encryption
One library for all Java encryptionOne library for all Java encryption
One library for all Java encryption
 
JavaCard development Quickstart
JavaCard development QuickstartJavaCard development Quickstart
JavaCard development Quickstart
 
Using Java Script and COMPOSE to build cool IoT applications, SenZations 2015
Using Java Script and COMPOSE to build cool IoT applications, SenZations 2015Using Java Script and COMPOSE to build cool IoT applications, SenZations 2015
Using Java Script and COMPOSE to build cool IoT applications, SenZations 2015
 
Smart shopping cart (using RFID)
Smart shopping cart (using RFID)Smart shopping cart (using RFID)
Smart shopping cart (using RFID)
 
OpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source softwareOpenSC: eID interoperability through open source software
OpenSC: eID interoperability through open source software
 
Javacardtech
JavacardtechJavacardtech
Javacardtech
 
Internet of Things Conference - Bogor city
Internet of Things Conference - Bogor cityInternet of Things Conference - Bogor city
Internet of Things Conference - Bogor city
 
Architectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud PlatformsArchitectural Patterns in IoT Cloud Platforms
Architectural Patterns in IoT Cloud Platforms
 
Taller IoT en la Actualidad
Taller IoT en la ActualidadTaller IoT en la Actualidad
Taller IoT en la Actualidad
 
Internet of things (IoT) with Azure
Internet of things (IoT) with AzureInternet of things (IoT) with Azure
Internet of things (IoT) with Azure
 
Devoxx 2013 io t
Devoxx 2013 io tDevoxx 2013 io t
Devoxx 2013 io t
 
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
 
eSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalitieseSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalities
 
API Design Concepts for Device Programming
API Design Concepts for Device ProgrammingAPI Design Concepts for Device Programming
API Design Concepts for Device Programming
 
IoT Intro and Demo
IoT Intro and DemoIoT Intro and Demo
IoT Intro and Demo
 

Smart Cards, ePassports, and open source

  • 1. Smart cards, ePassports, … and Open Source Martijn Oostdijk, Novay Wojciech Mostowski, UTwente
  • 2. whois • Martijn Oostdijk, advisor @ Novay • Wojciech Mostowski, researcher @ Utwente • We share a history of applying formal methods to smart cards (in Nijmegen) • And as a result started some open source projects: – JMRTD.org (ePassport API & applet) – GPJ (Global Platform), ISO 18013 (eDL), PKI applet
  • 3. Smart Cards • Chances are you have at least 3 smart cards on you right now… – Banking (EMV debit/credit card) – Telecom (SIM card) – Government (passport / identity card) – Public transport (“OV chipkaart”) – Access control (access key card for building) – Conditional access (card for TV decoder) • They’re EVERYWHERE!
  • 4. Smart Cards • Simple computer, designed for security • Simple I/O (ISO 7816 comparable to RS 232) • With crypto processor • And security counter measures – Noise generator – Dual rail logic – Active grid • Ranging from “filesystem with access control” to “fully programmable microcontroller”
  • 5.
  • 6. Java Card applet applet applet Java Card Java Card platform API Java Card Virtual Machine Command APDU Response APDU smart card hardware
  • 7. Java Card • Higher level of abstraction than native assembly programming (but only slightly) • Published standard: JLS, JCVM • Multiple applets on one card • Use standard Java toolset to develop for JC • Simpler VM: 16 bit arithmetic, simpler API, no floats • More complex: transactions, applet firewall • Crypto API (for access to crypto processor)
  • 9.
  • 10. Why? Document authenticity Look-a-like fraud cheaper than document falsification Cheaper to alter genuine than to fabricate one Special paper, some stamps typewriter Watermark Polycarbonate Document with holder page public key crypto signature 10
  • 11. Why? Extra info on user • Face ~ 449x599 .jpg ~ 20KB – Machine can do (reasonable) match – Human inspector gets better quality • Fingerprints ~ 35KB – Machine can do match • Signature ~ 2KB – Machine can check authenticity, based on country root certificate Compare QR code: 7KB max11
  • 12. Why? ABC [Link] • ePasport == Privium for mere mortals 12
  • 13. DEMO
  • 14. OSS coding “in the boss’s time” • @RU 2006: BZK funded security test ePassport • @RU 2009: BZK funded security test EAC • @RU/Novay: RDW funded pilot • @Novay: NLnet funded project • @Novay: project for ScanTech-IT (Denmark)
  • 15. Conclusions • Smartcard == “secure core” computer • ePassport primarily for doc authenticity, we will have to see about biometric, ABC, etc. • Academic project == good starting point OSS • Smart cards, Java Card, ePassport … small incrowd of developers & users. It’s not Linux / OpenOffice • Still, some adoption, and developers, perhaps NFC in more handsets will help
  • 16. More Info • http://jmrtd.org • http://isodl.sf.net • http://javacardsign.sf.net • http://gpj.sf.net • http://martijno.blogspot.com • http://wwwhome.ewi.utwente.nl/~mostowski wi/