Download - Java Card, 15 years later
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 1
Java Card, 15 Years Later
Eric Vétillard, Oracle
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 2
10,000,000,000
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 3
10,000,000,000 + 2,000,000,000 per year
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 4
10,000,000,000 + 2,000,000,000 per year
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 5 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 16
Program Agenda
1996-1998: The early years
1999-2002: The SIM Toolkit explosion
2003-2009: Java Card 3 Connected
2000-2012: Security certification
2007-2012: The NFC promise
2012-2027: The next 15 years
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 6
1996: Java on a Smart Card
At that time, there were many battles around card VM’s
– SIM Toolkit applications were starting to appear
– Every vendor was proposing its own architecture
Schlumberger proposed to use Java
– Crazy idea coming from their advanced R&D lab
– Cyberflex demonstrated that Java could run on a smart card
Cyberflex
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 7
1996: Java on a Smart Card
At that time, there were many battles around card VM’s
– SIM Toolkit applications were starting to appear
– Every vendor was proposing its own architecture
Schlumberger proposed to use Java
– Crazy idea coming from their advanced R&D lab
– Cyberflex demonstrated that Java could run on a smart card
Cyberflex
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 8
1997: From scripts to objects
The Java Card Forum forms in April, 1997
– Work starts immediately with aggressive schedule
– The Java Card 2.0 specification is issued in October, 1997
– Data is stored in objects, not in a traditional file system
Two products (research prototypes?) are shown at Cartes’1997
– Cyberflex, now with some experience
– A brand new GemXpresso, with Java Card 2.0
– Cyberflex rightfully gets the Sesames award
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 9
1997: From scripts to objects
The Java Card Forum forms in April, 1997
– Work starts immediately with aggressive schedule
– The Java Card 2.0 specification is issued in October, 1997
– Data is stored in objects, not in a traditional file system
Two products (research prototypes?) are shown at Cartes’1997
– Cyberflex, now with some experience
– A brand new GemXpresso, with Java Card 2.0
– Cyberflex rightfully gets the Sesames award
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 10
1998: OpenPlatform is created
Java Card specification addresses programming
– Building a portable Java Card application
– Running the application on several platforms
OpenPlatform focuses on deployment
– Loading an installing applications
– Defining actors, roles, and tasks
Became the very strong GlobalPlatform organization
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 11
1998: OpenPlatform is created
Java Card specification addresses programming
– Building a portable Java Card application
– Running the application on several platforms
OpenPlatform focuses on deployment
– Loading an installing applications
– Defining actors, roles, and tasks
Became the very strong GlobalPlatform organization
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 12
1999: Java Card 2.1 and interoperability
Binary-level interoperability
– Java Card 2.1 will have a binary format for cards
– Endless discussions on the card format
Settled on the CAP file and export file
Complex features now stabilized
– Memory management, including transient objects
– Inter-applet communication, with sharing
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 13
1999: Java Card 2.1 and interoperability
Binary-level interoperability
– Java Card 2.1 will have a binary format for cards
– Endless discussions on the card format
Settled on the CAP file and export file
Complex features now stabilized
– Memory management, including transient objects
– Inter-applet communication, with sharing
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 14
1999: The SIM Toolkit API is released
ETSI defines a specification “for Java Card”
– Access to the GSM file system
– Definition of SIM Toolkit applications
– Mostly an API
Unleashed Java Card in the mobile market
– APIs still exists, being revised regularly
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 15
1999: The SIM Toolkit API is released
ETSI defines a specification “for Java Card”
– Access to the GSM file system
– Definition of SIM Toolkit applications
– Mostly an API
Unleashed Java Card in the mobile market
– APIs still exists, being revised regularly
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 16
2001: SIMAlliance Interop Stepping Stones
SIM Alliance is formed by a group of SIM vendors
– Focus on easing the use of SIM cards
Interoperability stepping stones a complement of ETSI specifications
– Provides detailed tips about difficult-to-use features
– Refines specifications where they are unclear
– Provides examples and good usage guidelines
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 17
2001: SIMAlliance Interop Stepping Stones
SIM Alliance is formed by a group of SIM vendors
– Focus on easing the use of SIM cards
Interoperability stepping stones a complement of ETSI specifications
– Provides detailed tips about difficult-to-use features
– Refines specifications where they are unclear
– Provides examples and good usage guidelines
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 18
2002: Java Card 2.2 and RMI
RMI was a symbol of Java Card 2.2
– Introduced by Gemplus in 1997, following Corba work
– Adopted by Schlumberger and part of Java Card in 2002
The vision of RMI
– APDU’s are an anachronistic feature of the past
– Cards need to be easier to use
– RMI is an up-to-date technology for using cards
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 19
2002: Java Card 2.2 and RMI
RMI was a symbol of Java Card 2.2
– Introduced by Gemplus in 1997, following Corba work
– Adopted by Schlumberger and part of Java Card in 2002
The vision of RMI
– APDU’s are an anachronistic feature of the past
– Cards need to be easier to use
– RMI is an up-to-date technology for using cards
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 20
2009: Java Card 3.0, Connected Edition
The future of Java card, as seen in 2002
– Much bigger chips
– Better connectivity
Major improvement of the technology
– Virtual machine inspired from mobile technology
– Embedded Web server
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 21
2009: Java Card 3.0, Connected Edition
The future of Java card, as seen in 2002
– Much bigger chips
– Better connectivity
Major improvement of the technology
– Virtual machine inspired from mobile technology
– Embedded Web server
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 22
2001: First CC certificate
The Vocable project
– EAL1+
– Gemplus, Oberthur, Trusted Logic and Serma for Carte Bleue
One of the first Common Criteria certifications
– Mostly an experiment
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 23
2001: First CC certificate
The Vocable project
– EAL1+
– Gemplus, Oberthur, Trusted Logic and Serma for Carte Bleue
One of the first Common Criteria certifications
– Mostly an experiment
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 24
2003: The Java Card Protection Profile
A common base for the certification of Java Card products
– Defining a security model for Java Card
– Defining the main security functions of Java Card
PP has been certified, and revised several times
– Used in many certifications every year
– Complemented by work performed in JHAS on logical attacks
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 25
2003: The Java Card Protection Profile
A common base for the certification of Java Card products
– Defining a security model for Java Card
– Defining the main security functions of Java Card
PP has been certified, and revised several times
– Used in many certifications every year
– Complemented by work performed in JHAS on logical attacks
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 26
2010: First Platform certified by EMVCo
EMVCo security certifications have existed for a long time
– Managed individually by Visa, MasterCard, …
– Targeting a single payment application, regardless of platform
With NFC, EMVCo has started evaluating platforms
– Based on a set of security guidelines issued by EMVCo
– Without direct references to payment applications
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 27
2010: First Platform certified by EMVCo
EMVCo security certifications have existed for a long time
– Managed individually by Visa, MasterCard, …
– Targeting a single payment application, regardless of platform
With NFC, EMVCo has started evaluating platforms
– Based on a set of security guidelines issued by EMVCo
– Without direct references to payment applications
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 28
2009: Java Card Supports NFC Wallets
Java Card at the heart of NFC secure elements
– Mandated by both Google and Isis for their wallets
– Only technology recognized in France by AFSCM
– Similar decisions in many countries
Application providers are also using Java Card
– Visa is providing a Java reference implementation for payment
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 29
2009: Java Card Supports NFC Wallets
Java Card at the heart of NFC secure elements
– Mandated by both Google and Isis for their wallets
– Only technology recognized in France by AFSCM
– Similar decisions in many countries
Application providers are also using Java Card
– Visa is providing a Java reference implementation for payment
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 30
2012: Embedding the card?
In NFC, SWP SIM vs. eSE
– Power struggle of operators vs. wallet providers
In M2M, embedded formats are becoming common
– Addresses issues with vibrations and more
Strong debate around embedded UICC
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 31
2012: Embedding the card?
In NFC, SWP SIM vs. eSE
– Power struggle of operators vs. wallet providers
In M2M, embedded formats are becoming common
– Addresses issues with vibrations and more
Strong debate around embedded UICC
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 32
2015: Securing the Internet of Things
A piece in the end-to-end security story
– Most devices are a front-end to the cloud
– Device security is becoming important
Think of PCI, HIPAA, etc.
Java Card has a lot of potential
– Most recognized security platform
– A cousin of Java SE Embedded
– Not linked to a single technology
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 33
2015: Securing the Internet of Things
A piece in the end-to-end security story
– Most devices are a front-end to the cloud
– Device security is becoming important
Think of PCI, HIPAA, etc.
Java Card has a lot of potential
– Most recognized security platform
– A cousin of Java SE Embedded
– Not linked to a single technology
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 34
2020 and beyond: The Security Subsystem
From factor undecided
– Separate hardware? In the chipset? Software?
– Most likely, all of the above
Key features are not there
– Assurance level is the key
– Provability likely to become more and more important
– Main reason to keep a smaller and simpler security subsystem
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 35
2020 and beyond: The Security Subsystem
From factor undecided
– Separate hardware? In the chipset? Software?
– Most likely, all of the above
Key features are not there
– Assurance level is the key
– Provability likely to become more and more important
– Main reason to keep a smaller and simpler security subsystem
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 36
So, what is happening?
Some interesting R&D work about Java Card security
– Recently, Ph.D. thesis from Guillaume Barbu
– More research work at Limoges, Nijmegen, Royal Holloway, …
Lots of work on security evaluation of applets
– Talks from Jean-Baptiste Machemie and Emilie Faugeron
Java Card very present around NFC
– Enabling many models throughout yesterday’s NFC talks
Making it happen really