P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\titulka.jpg
PV204 Security technologies
Labs: JavaCard platform
•Petr Švenda svenda@fi.muni.cz
•Faculty of Informatics, Masaryk University
D:\Documents\Obrázky\services_icon_full_bw5.jpg

P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
Laboratory
•Programming basic JavaCard 2.x applet (JavaCard)
–Netbeans environment, JavaCard convertor
–jcardsim.org simulator
•Pre-prepared simple communication application
–Java javax.smartcardio.*;
–Used during labs last week
| PV204 Security technologies - Labs
2

P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
Setup updated SimpleAPDU (NetBeans)
•Applets/SimpleApplet.java
•Libraries®Add JAR ® lib\jcardsim-2.2.2-all.jar
•Project should now compile
•Run in debug mode
–Should breakpoint also inside applet code
| PV204 Security technologies - Labs
3

P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
Extend SimpleAPDU and SimpleApplet
1.Try to send create and send command (any)
2.Try to generate random data (INS_RANDOM)
–Parse and print response, generate different amount of data (inspect SimpleApplet for what to set)
3.Try to encrypt supplied data
–Prepare input data and parse output
4.Try to decrypt data received in step 3.
–Compare with original input data
•
•
| PV204 Security technologies - Labs
4

P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
Troubleshooting – jcardsim simulator
•Don’t forget jcardsim-2.2.2-all.jar in classpath
–-cp jcardsim-2.2.2-all.jar
•Use debugger – insert breakpoint directly into applet’s method
•Local vs. remote simulator jcardsim
–Only single card can be simulated as local one (CAD.getCardInterface())
–We will use and debug only one card (so local is fine)
–Multiple cards can be used as remote simulators (sockets)
•
| PV204 Security technologies - Labs
5

P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
Working with real card - compilation
•AppletPlayground (https://github.com/martinpaljak/AppletPlayground)
–Copy your source code into SimpleApplet folder
•Run ‘ant simpleapplet’ to compile and convert
–simpleapplet.cap is produced (binary for real card)
–
| PV204 Security technologies - Labs
6

P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
Working with real card - upload
•GlobalPlatformPro (http://github.com/martinpaljak/GlobalPlatformPro)
•Remove previous installation of applet
–If exists (use gp --list to obtain list of cards)
–gp -delete 010203040506 -deletedeps -verbose -all
•Upload applet to real card
–gp -install simpleapplet.cap --param 00 -verbose
•
•
•
| PV204 Security technologies - Labs
7

P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
Homework – Secure signature card
•Create secure signature applet and PC application
–Signature key (RSA-1024b) is generated on-card
–Applet will sign data only after PIN verification (OwnerPIN)
–Data for signature are provided in single APDU command
–Generated signature is returned back to user application
•Produce short (1xA4) text description of solution
•Measure speed of signature
–On simulator
–On real card
•Submit before: 18.3. 6am (full number of points)
–Every additional started day (24h) means 3 points penalization
–
–
| PV204 Security technologies - Labs
8

P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
Homework – bonus
•Bonus (up to +5 points):
–implement bulk encryption with AES and on-card key
–Key is generated randomly (separate command)
–Data send in/out (APDU)
–Encrypted/decrypted by AES in CBC mode (enc/dec mode specified in P1 parameter)
–Measure speed you can achieve (compare with https://www.fi.muni.cz/~xsvenda/jcalgtest/)
–Which optimization had biggest speed impact?
•Submit before: 25.3. 6am (hard deadline for bonus part)
•
| PV204 Security technologies - Labs
9