The Detailed Performance Analysis of Javacard Cryptographic Smartcards

The Detailed Performance Analysis of Javacard Cryptographic Smartcards

Masaryk University Faculty of Informatics The detailed performance analysis of JavaCard cryptographic smartcards Bachelor’s Thesis Rudolf Kvašňovský Brno, Spring 2016 Replace this page with a copy of the official signed thesis assignment and the copy of the Statement of an Author. Declaration Hereby I declare that this paper is my original authorial work, which I have worked out on my own. All sources, references, and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source. Rudolf Kvašňovský Advisor: RNDr. Petr Švenda Ph.D. Acknowledgement Thank you all who stand beside me. Mainly to my fiancée, family and supportive friends. Many thanks to Petr Švenda, for an inspiration, motivation and assistance. It was worth it! i Abstract This thesis explores performance measuring of smart cards running the JavaCard platform. It presents JCAlgTest tool which measures various smart card attributes. Thesis brings new types of result pre- sentation for a better card comparison. They are described together with the performance analysis of 20 different Java cards from 7 manu- facturers. Analysis of RSA keys generated on-card with the focus on properties of factors of p − 1 and p + 1 is presented at the end. ii Keywords smart card, javacard, performance testing, jcalgtest, rsa factorization iii Contents 1 Introduction ............................1 2 JavaCard platform ........................2 2.1 Smart cards ..........................2 2.2 JavaCard Specifications ....................3 2.2.1 JavaCard limitations . .3 2.2.2 Applet development and communication . .4 2.3 Cryptography provided by JavaCard .............4 2.3.1 Random data . .5 2.3.2 Hash functions . .5 2.3.3 Symmetric cryptography . .5 2.3.4 Asymmetric cryptography . .5 3 Measuring the performance of JavaCard ...........6 3.1 Performance testing ......................6 3.2 Purpose of measurement ...................7 3.3 Related Work .........................8 3.4 Measuring the execution time - Power analysis .......9 3.5 Measuring the execution time - Averaging results ...... 11 4 JCAlgTest ............................. 13 4.1 Project overview ........................ 14 4.1.1 History . 14 4.1.2 Current state and plans . 14 4.2 Algorithm support – JCSupport ............... 15 4.2.1 List of tested properties . 16 4.3 Performance testing – JCAlgTest ............... 16 5 Performance analysis ....................... 19 5.1 List of measured Java cards .................. 20 5.2 Development ......................... 21 5.3 Run time information tables ................. 21 5.3.1 Number of executed tests . 22 5.4 Comparative table ....................... 23 5.5 Overall performance visualisation .............. 24 5.5.1 Overall performance comparison . 24 5.6 Data length dependency graph ................ 26 5.7 Performance similarity table ................. 26 5.8 Conclusions and recommendations .............. 28 iv 6 RSA key analysis ......................... 30 6.1 Factorization of p-1 ...................... 30 6.2 Factorization of p+1 ...................... 32 7 Summary .............................. 34 7.1 Proposed future work ..................... 34 Bibliography . 35 Index . 38 A Data attachment .......................... 38 v 1 Introduction At the first glance, smart cards look like inconspicuous simple objects. Actually, they contain an integrated circuit - chip that can securely store and process data in different ways. They have a broad range of applications, wherever the authentication, secure data storage or digital signatures are required. Smart cards vary according to the purpose for which they were made. They can differ in an algorithm support and in performance, in the same way as standard computers. The JavaCard platform is one of the operating systems which con- trols the run of application on a smart card. We introduce the JavaCard Specifications in Chapter 2 with a summary of platform limitations, smart card communication and a coverage of cryptographic algo- rithms. Performance is a relevant aspect while choosing a suitable smart card. Chapter 3 contains information about JavaCard performance measuring. We specify issues connected to this topic and describe two possible solutions how to measure the operation time of particular algorithm executed on card. JCAlgTest project is extended as a part of this thesis. This tool can gather various properties from smart cards and execute perfor- mance testing. Project overview, current state, future plans and detail information are described in Chapter 4. Performance analysis, the main aim of this thesis, discusses the per- formance of 20 different cards from 7 manufacturers. We implement new performance results presentation and demonstrate it in Chapter 5. The outcome allows comparing the cards performance from several perspectives. The second part of the work considers RSA keys analysis. We focus on attributes of p − 1 and p + 1 factors of generated key pairs on a card. We reveal which cards meet recommendations about RSA key generation defined by standards FIPS 186-4 [1] or ANSI X9.31 [2]. Observations are available in Chapter 6. 1 2 JavaCard platform Before the occurrence of multi-application smart cards, each applica- tion was written for a card-specific operating system and burned into read-only memory. There was almost no flexibility to change any of these components without new software or hardware implementation. Smart cards were, therefore, inflexible and difficult to program for. Multi-application platforms with portable binaries has provided a solution. JavaCard1 is being one of these. 2.1 Smart cards Smart cards, tiny devices with embedded integrated circuits, have a wide range of application, wherever the authentication, secure data storage or application processing are necessary. ISO 7816 standard describes smart cards in overall from physical properties to communi- cation protocol [3]. Tamper-resistant smart card contains following components: ∙ Processor – from 8 to 32-bit, running usually at 5 – 30 MHz. ∙ Cryptographic co-processor – optional component, provides support for fast execution of cryptographic algorithms. ∙ Read Only Memory (ROM) – contains the Chip Operating Sys- tem (COS), permanently burned by manufacturer. ∙ Random Access Memory (RAM) – volatile type of memory, size is only few bytes (< 10 kB). ∙ Application Memory – stores information in EEPROM or FLASH memory on the card (mostly 20 – 200 kB). ∙ Random generator – a fast source of truly random data. The communication is ensured by contact or contact-less interface (can be combined). Data processing is ensured by operating system of a smart card. MultOS and JavaCard are currently two operating systems notable on the market. This thesis focuses on JavaCard platform. 1. Expression "JavaCard" claims to a software platform, by "Java card" we mean physical hardware device. 2 2. JavaCard platform 2.2 JavaCard Specifications JavaCard refers to a software technology that allows Java-based appli- cations (applets) to be run on smart cards. It provides cross-platform and cross-vendor applet interoperability. The first Java card was in- troduced in 1996 by Schlumberger’s card division [4]. The JavaCard Platform specifications were developed by Sun Microsystems, nowa- days maintained by Oracle [5]. From version 3.0 it consists of two editions: Classic and Connected. We focused only on the Classic Edi- tion. The JavaCard Runtime Environment (RE) is significantly limited version of full Java RE, including two parts: ∙ The JavaCard Virtual Machine (JCVM) - an isolated environ- ment where applications are being executed separately from the underlying operating system and hardware. ∙ The JavaCard API - the core framework which allows to extend Java packages and classes for smart-card applications. 2.2.1 JavaCard limitations JavaCard should be capable of running Java applications. Unfortu- nately, there are significant limitations, mainly due to smart card hard- ware restrictions and missing standard library packages what requires changes during applet development. Developer cannot use standard Java functionalities such as threads, dynamic class loading, object cloning or annotations. Security Man- ager (java.lang.SecurityManager) from standard Java platform is also unavailable. Supported primitive types are boolean, byte, short, int (optional). There are no char, double, f loat or long types, nor multidi- mensional arrays. JavaCard contains Exception handling and simple Garbage collection (implementation is manufacturers choice). JCVM restricts a maximal number of class implemented interfaces (15) or class implemented methods (128). Since smart cards depend on a power supply, the memory management also requires a different atti- tude of usage. We have mentioned only main restrictions. The full list is available in the JCVM Specification [6]. 3 2. JavaCard platform 2.2.2 Applet development and communication Most JavaCard implementations rely on GlobalPlatform [7] which handles the applet management on a smart card. It is implemented by a card manufacturer during production. Asynchronous communication between the card and a reader is built upon the Application protocol data unit (APDU). Data transfer is always initiated by the reader (command APDU), the card only answers (response APDU) [8]. When we want to run an applet on a smart card, subsequent nec- essary steps have to be completed. 1. Class Javacard. f ramework.Applet is extended. Methods install, register, select and process should

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    46 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us