Upload
ledat
View
220
Download
5
Embed Size (px)
Citation preview
Bringing Smart Cards into 2015, whether they like it or not!
KTH Wireless Seminar
13th February 2015
© Fidesmo AB 2015 | Page 2
Overview
› Fidesmo is doing to Smart Cards what Apple and Google have done to Smartphones
– Connectivity
– App store
– Usability for consumers
– Simple SDK for developers
› We want to achieve this while keeping all the original strong points of Smart Cards
– Secure
– Cheap
– Durable
– Passive (no internal power source)
© Fidesmo AB 2015 | Page 3
Part One: Background – What is a Smart Card?
– Communication tru APDUs
– MIFARE Classic
– JavaCard
– GlobalPlatform
– Mobile NFC
Agenda
Part Two: Enter Fidesmo – The Fidesmo Card
– Architecture
– Fidesmo App Store
– Fidesmo Cardapp concept
– Service Example
– Service Delivery concept
– SDK
© Fidesmo AB 2015 | Page 5
› A Smart Card is a low power CPU connected to a small amount of RAM and a slightly larger amount of EEPROM. An example:
› 3.5 KB RAM
› 40 KB EEPROM
› 200 KB ROM
› The hardware architecture is secured against external tampering
› Communication with the outside world is done via a so-called chip contact (ISO 7816) and/or an induction antenna (ISO 14443).
– The second method is often referred to as “contactless” and it is part of what is called NFC or RFID
What is a Smart Card?
68K-based microcontroller
Smart card with randomized glue logic obfuscating layout
© Fidesmo AB 2015 | Page 6
› Application Protocol Data Unit
› Communication unit between a Smart Card and the outside world
› Request-Response protocol, like HTTP
Smart Card Communication: APDU
CLA INS P1, P2 Le Lc Data
Request APDU
Command Class
Instruction Parameters Length of data
Expected length of response
SW1, SW2 Response Data
Response APDU
Status Bytes
© Fidesmo AB 2015 | Page 7
› MIFARE Classic was one of the first “secure” RFID cards – It was later shown to be fairly easy to hack due to a predictable
random number generator
› MIFARE Classic is one of the most widespread Smart Cards in use
MIFARE Classic
Sec
tors
#1
- #31
Block #0
Block #1
Block #2
Trailer
16 bytes of user data
16 bytes of user data
16 bytes of user data
Key A (6 bytes) Access bits (4 bytes) Key B (6 bytes)
© Fidesmo AB 2015 | Page 8
JavaCard
applet space
system space
context 1
applet A
applet B
context 2
applet A
applet B
Package A Package B
JavaCard RE Context
applet firewall
© Fidesmo AB 2015 | Page 9
› Started out as OpenPlatform, driven by the payments industry (VISA and MasterCard)
› It is a set of standardized commands to install, manage and delete applications
› It is also a set of security protocols for issuing these commands in an authenticated and confidential manner
– SCP02 based on 3DES
– SCP03 based on AES
GlobalPlatform
© Fidesmo AB 2015 | Page 10
› State of the art – JavaCard
› Java based application development tools (in theory)
› Multi-application execution environment
– GlobalPlatform
› Current pain points – Application management after card issuance
– Card connectivity
– Development tools
Wrapping Up Part One
© Fidesmo AB 2015 | Page 12
The Fidesmo Card
› JavaCard capable Smart Card bundled with MIFARE Classic
– 7.5 KB RAM
– 144 KB EEPROM
› One of the most advanced Smart Cards on the market (the most advanced having MIFARE Classic)
› 100% off-the-shelf certified components – Common Criteria EAL 5+
© Fidesmo AB 2015 | Page 13
Architecture
Service Provider
Fidesmo Backend Server
Smartphone
Fidesmo App
Fidesmo
APIs
Fidesmo Card
Mobile App
© Fidesmo AB 2015 | Page 15
Fidesmo Cardapp Concept
Cardapp
JavaCard Applet#1
JavaCard Applet#2
JavaCard Applet#N
…
MIFARE Classic
© Fidesmo AB 2015 | Page 16
› Service Delivery enables the App developer to bundle up several API operations into a single service, for example:
– Install several JavaCard applets
– Upload content, e.g. a ticket
› Service Delivery is tightly coupled to service payment – During Service Delivery, payment is reserved
– When the service is successfully delivered, the service provider effectuates the payment
– Solves business logic problems, such as the user trying to by a service, let's say a monthly pass, that can not be purchased due to the user already having an active monthly pass
Service Delivery Concept
© Fidesmo AB 2015 | Page 17
Service Example
{ ! "title": "Top up", ! "price": { ! "total": 99.00 ! } !} !
© Fidesmo AB 2015 | Page 18
Service Delivery Flow
Service Provider
Fidesmo Backend Server
Fidesmo App
ServiceDelivery Request See service
description, approve payment
ServiceOperation Request
ServiceOperation Result
Repeat as
needed
ServiceDelivery Completed
Show new status
ServiceOperation Request
ServiceOperation Result
© Fidesmo AB 2015 | Page 19
› Our Software Development Kit is based on the popular Java build tool Gradle
– Also used by Google for their Android SDK
› It is open source and can also be used for generic JavaCard development
JavaCard SDK
Local development environment
Java bytecode
gradle
Fidesmo gradle-javacard plugin
Java Card bytecode: CAP file
gradle
Fidesmo gradle-fidesmo plugin
Fidesmo Backend
CAP file
Fidesmo Card
Cardapp Contactless Reader
© Fidesmo AB 2015 | Page 20
Conclusions
Service Provider
Fidesmo Backend Server
Smartphone
Fidesmo App
Fidesmo
APIs
Fidesmo Card
Advanced chip
SDK
Application management after card issuance via Service Delivery SaaS
Consumer-friendly packaging of card
applications via App Store
Card connected via smartphone
© Fidesmo AB 2015 | Page 21
› Sign up at our developer portal where you will find a lot of documentation, tutorials and examples to get you started
https://developer.fidesmo.com We will send you a free Fidesmo Card!
› Our APIs are available at
https://developer.fidesmo.com/api
› SDK can be found at
https://github.com/fidesmo/gradle-fidesmo
Learn More