java card forum webinar
TRANSCRIPT
Dr. Ullrich MartiniProduct ManagementGiesecke + Devrient Mobile Security GmbH25th November 2020
Java Card Forum Webinar
Secure Personalization of Java Card and Applications in the Operational Phase
Overview
− Requirements and Problem Statement
− Related Specifications
o JavaCard
o GlobalPlatform
− Solution
− Implementation
− Examples
2020-11-25JCF Webinar 2020 2
Life Cycle of a Security/IoT Device
3
Development Operating
System and Applications
Chip-Initialisation
Javacard-OS +Application
ManufactureSecurity /IoT
Device
Trustedpersonalize
of IoTdevice
Usagephase
Security IoT Device
Update and extend
functionality ofthe Device
RemovalDestruction
Personalization
2020-11-25JCF Webinar 2020
pre-personalization bythe chip manufacturer
delivery to User
personalisation in thehands of the user
Requirements for Flexible Production
42020-11-25JCF Webinar 2020
Key Material
PersonalizationData
ApplicationSecurity
Monetization
Identity
Requirements for Secure Personalization
52020-11-25JCF Webinar 2020
Basic Requirement: Implemented Java Card Features
Cryptography:
− Elliptic Curve Signatue (ECDSA)
− Elliptic Curve Key Agreement (ECKA)
− (Optionally) RSA (variant of key generation)
− AES
Applet-to-Applet Communication:
− Communication between Security Domain and CASD
→ CASD will generate a key set for this instance
− Communication between Applet and its (associated) Security Domain
→ Applet will use its associated Security Domain to verify and decrypt personalization commands
62020-11-25JCF Webinar 2020
Solution for Flexible and Secure Personalization: Overview
7
GP Specifications offers extensions of Java Cards:
Amendment A: Confidential Card Content Management
Amendment F: Secure Channel Protocol '11'
Amendment I : Secure Element Management Service
In the factory:
Install JavaCard operating system and applet packages
Create Issuer Security Domain
Create Controlling Authority Security Domain (CASD)
Pre-Personalizing
In the field:
Apply Secure Channels
Provide Key Generation
Perform Applet-Loading/-Personalization
2020-11-25JCF Webinar 2020
Relevant Entities in the Java Card/GP Architecture
− Java Card OS
− GlobalPlatform Framework
− Security Domains
→manage keys for their associated applications
− Specific Security Domains
→Issuer Security Domain
→Controlling Authority Security Domain
− Contactless Registry
8
Java Card OS
2020-11-25JCF Webinar 2020
What is needed for Secure Personalisation
− Pre-defined Security Domain
− Pre-defined Controlling Authority Security Domain (Amendment A)
→required for key generation in the field
− Set-Up of a Secure Channel
→ Secure Channel Protocol 11 (Amendment F)
o Elliptic curve key agreement
o Elliptic curve signature
o establish AES keys for Authentiation / Encryption of Secured Command Sequences (CMAC) acc. Secure Channel Protocol 03
→ Subsequent commands secured commands using AES/SCP03
− Contactless Registry (for contactless applet registration)
92020-11-25JCF Webinar 2020
Preparation of Secure Personalisation in field
10
External Data
Generation
Pre-
Personalisation of
ISD/CASD Data
in each chip
Generation of
− Public Key Pair
− Certificates
CA hierarchy for
Application
Providers
Application
Provider’s
certificates
2020-11-25JCF Webinar 2020
Secure APDU Sequence Generation
11
Data
Gen
„Script of APDU“
Generation
OEMIssuerApplication
Provider
Authorize AP
CERT.SD.ECKA
Secured Commands
(“Script”)
Security
Domain
Data
Public Key of Security Domain
Preparation for personalization scripts in Usage Phase
Certificate
Authority
Public key
CA key used in pre-personalization
2020-11-25JCF Webinar 2020
Personalize applet in the field
12
Application
ProviderISD CASDAPSD
(1) certificate
(2) ephemeral key
(3) Generate SCP03
keys
(4) APDUs: create APSD, generate keys
Key
generation(5) Key Recovery
(6) Personalization
Applet
(7) decrypt
2020-11-25JCF Webinar 2020
STORE DATA
MUTUAL
AUTHENTICATE
GP commands to
create APSD
Application
Provider sends
personalization
Personalization
Details of Secured Comand Sequence APDUs
− First APDU
o Certificate that identifies the Application Provider
o Certificate may contain information about allowed commands
− Second APDU
o Ephemeral key of Application Provider
o No ephemeral key of Security Domain
o Key Agreement performed and SCP03 opened
− Following Commands
o SCP03 security as specified by Global Platform
132020-11-25JCF Webinar 2020
Personalization in Field: Swatch Pay!
14
Issuing Bank
G+D
Wearable
Personalization
Service
Token Service Provider
SwatchPay
Companion AppSwatchPay
Perso-Box
Swatch with eSE
Secured
Personalization
Scripts
2020-11-25JCF Webinar 2020
Example 1: Payment Function for Wearable Devices
Users have a companion app for their wearable device
− User Interface
o Personalization
o Management
− Distribution of APDU sequences („Scripts“) via Google Firebase
− Connect wearable device to Token Requestor
− Management of tokens
o Set preferred card directly
o Suspend, unsuspend, delete, view transactionsvia the Token Requestor
Wearable can be used like a contactless card in theshop
152020-11-25JCF Webinar 2020
Example 2: IoT device managed in field
Remote Management for an Excavator Machine
− Machine prepared for remote maintenance
− When setting up a new excavator machine owner will:
o Update the machine to install owner‘s keys.
o Initialize a remote maintenance application.
o Make remote management secure.
Owner now can access remote maintenance
162020-11-25JCF Webinar 2020