Slide 1
Slide 1 text
The world of Java Card
builderscon tokyo 2018
@moznion
Slide 2
Slide 2 text
@moznion
Software engineer
Favorite Java's class:
CompletableFuture
Slide 3
Slide 3 text
GOAL: օ͞ΜJava Card Applet͕ॻ͚ΔΑ͏ʹͳΔ
Slide 4
Slide 4 text
No content
Slide 5
Slide 5 text
No content
Slide 6
Slide 6 text
No content
Slide 7
Slide 7 text
ۙͳJava Card
- ΫϨδοτΧʔυ
- SIMΧʔυ
- ͳͲͳͲ
Slide 8
Slide 8 text
ۙͳJava Card
- ΫϨδοτΧʔυ
- SIMΧʔυ
- ͳͲͳͲ
Slide 9
Slide 9 text
The world of Java Card
The world of SIM Card?
builderscon tokyo 2018
@moznion
Slide 10
Slide 10 text
ͨͷ͍͠Java (Card) or Not JavaΫΠζ
Slide 11
Slide 11 text
No content
Slide 12
Slide 12 text
C
Slide 13
Slide 13 text
No content
Slide 14
Slide 14 text
Java Card
Slide 15
Slide 15 text
؆୯Ͱ͢Ͷʁ
Slide 16
Slide 16 text
No content
Slide 17
Slide 17 text
Not Java Card (C)
Slide 18
Slide 18 text
Not Java Card (C)
Java CardfloatΛѻ͑·ͤΜ
Slide 19
Slide 19 text
No content
Slide 20
Slide 20 text
Not Java Card (C)
Slide 21
Slide 21 text
Not Java Card (C)
Java CardcharΛѻ͑·ͤΜ
Slide 22
Slide 22 text
No content
Slide 23
Slide 23 text
Java Card
Slide 24
Slide 24 text
Java Card
Java CardbyteͩͬͨΒѻ͑Δ
Slide 25
Slide 25 text
No content
Slide 26
Slide 26 text
Θ͔Γ·͔ͨ͠ʁ
Slide 27
Slide 27 text
Θ͔Γ·ͨ͠Ͷ
Slide 28
Slide 28 text
Smart Card
Slide 29
Slide 29 text
Smart Card
- ISO 7816 Ͱఆٛ͞Ε͍ͯΔ
- λΠϓ2छྨ
- Intelligent Smart Card
- Memory Card
- Java Card Intelligent Smart Card
Slide 30
Slide 30 text
Smart Card Memory
- Card্ʹ3λΠϓͷϝϞϦ͕͍ͬͯΔ
- Persistent Immutable Memory: ROM
- Persistent Mutable Memory: EPROM
- Non-Persistent Mutable Memory: RAM
Slide 31
Slide 31 text
Smart Card Interface
- ֎քͱCard Acceptance Device (CAD) ͱ
Card্ͷContact PointsΛհͯ͠ߦ͏
- Card֎ͷੈքͱಠࣗͷϓϩτίϧʹ
ΑΓσʔλͷΓऔΓΛߦ͏ => APDU
Slide 32
Slide 32 text
APDU
Slide 33
Slide 33 text
APDU
- APDU: Application Protocol Data Units
- Smart CardAPDUʹΑͬͯ
ίϛϡχέʔγϣϯΛ
ߦ͏͜ͱ͕Ͱ͖Δ
OFCOM: Reprogrammable SIMs: Technology,
Evolution and Implications
Slide 34
Slide 34 text
APDU
- APDUجຊతʹରʹͳ͍ͬͯΔ
- Command (Request) APDU
- Response APDU
- CommandResponseͷৄࡉΛ͍ͬͯΔඞཁ͕͋Δ
Slide 35
Slide 35 text
Command APDU
Mandatory Header Optional body
CLA INS P1 P2 Lc Data field Le
- CLA (1 byte): class (application) ͷࣝผࢠ
- INS (1 byte): ໋ྩίʔυɽ͜ΕͰಈ࡞Λସ
- P1/P2 (1 byte/1 byte): ໋ྩύϥϝʔλ
- Lc (1 byte): Data fieldͷόΠτ
- Data field (Lc byte): ҙͷόΠτྻ
- Le (1 byte): ϨεϙϯεͷData fieldʹڐ͞ΕΔ࠷େόΠτ
Slide 36
Slide 36 text
Response APDU
Optional body Mandatory trailer
Data field SW1 SW2
- Data field(Le bytes): ϨεϙϯεσʔλͷόΠτྻ
- SW1/SW2 (1 byte/1 byte): εςʔλεϫʔυ
Slide 37
Slide 37 text
UICC
(Universal Integrated Circuit Card)
Slide 38
Slide 38 text
UICC (Universal Integrated Circuit Card)
- Intelligent Smart CardͷҰछ
- ͋Δఔͷԋࢉॲཧ͕Մೳ
- Java Card (3.0.1Ҏ߱) ͷ࣮ߦج൫
Slide 39
Slide 39 text
UICC (Universal Integrated Circuit Card)
- CPU 32bit
- ిؾಛੑ: 1.8 / 3 / 5V
- ΫϩοΫ: 1~5MHz
- ROM: 16KB~
- EEPROM 8KB~
- RAM: 256B~
Slide 40
Slide 40 text
UICC Architecture
OFCOM: Reprogrammable SIMs: Technology,
Evolution and Implications
Slide 41
Slide 41 text
Core O.S
UICC
Card Manager
and Security
domains
Remote Applet
Management
Core
Applications
(USIM)
File System
servers
Toolkit and Javacard runtime
environment
Javacard
packages
Javacard
Applet
UICC API and
USIM API
Javacard
Toolkit Applet
UICC Architecture
Slide 42
Slide 42 text
Java Card
Slide 43
Slide 43 text
Java Card ∈ Smart Card
Slide 44
Slide 44 text
Java Cardͷྺ࢙
https://en.wikipedia.org/wiki/Java_Card
Version 2.1
(07.06.1999)
Version 2.1.1
(18.05.2000)
Version 2.2
(11.2002)
Version 2.2.1
(10.2003)
Version 2.2.2
(03.2006)
Version 3.0.1
(15.06.2009)
Version 3.0.4
(06.08.2011)
Version 3.0.5
(03.06.2015)
-RSA without padding.
-AES cryptography key encapsulation
-CRC algorithms,
-ECC key encapsulation,
-Diffie-Hellman key exchange
- Improved Logical Channels support (20)
- SHA-256, SHA-384, SHA-512
- ISO9796-2,
- HMAC,
- Korean SEED MAC NOPAD,
- Korean SEED NOPAD
-Classic and Connected editions
-SHA-224, SHA-2 for all signature
algorithms
-DES MAC8 ISO9797.
- Diffie-Hellman modular
exponentiation
- Domain Data
Conservation for Diffie-
Hellman
- Elliptic Curve and DSA
keys,
- RSA-3072
- SHA3
- plain ECDSA
- AES CMAC
- AES CTR.
- Added
the AppletEvent interface
with the uninstall method.
- Added
the isAppletActive method to
the JCSystem class
Slide 45
Slide 45 text
- UICC্Ͱಈ͘JavaͷϥϯλΠϜ: JCRE
- Java Card্Ͱಈ࡞͢ΔόΠτίʔυ
͍ΘΏΔ௨ৗͷJVMόΠτίʔυͷαϒηοτ
- => ͭ·Γػೳ੍͕ݶ͞Ε͍ͯΔ
Java Card
Slide 46
Slide 46 text
- ੍ݶ͞Ε͍ͯΔػೳͷྫ
- Dynamic class loading
- Security Manager
- Thread
- Object cloning
- Finalization
- Large primitive data types
- جຊతʹ16bitΛ্ݶͱͯ͠ಈ࡞͢Δ (ྫ֎͋Γ)
- primitive type
- native methods
Java Card Restrictions
Slide 47
Slide 47 text
- มϦϑΝϨϯε͞Εͳ͘ͳͬͨΒ
ແ͘ͳΔ (lost) ͔GC͞ΕΔ
- GC͕͋Δ͔Ͳ͏͔Χʔυͷ࣮࣍ୈ
Java Card Memory Lifecycle
Slide 48
Slide 48 text
- αϯυϘοΫεػೳ
- Java CardͷϑΝΠΞΥʔϧ1ͭͷΧʔυ্Ͱಈ࡞͍ͯ͠
ΔappletͷڥΛ͢Δ
- ·ͨ͋ΔappletͷΦϒδΣΫτΛଞͷappletʹ໌ࣔతʹڞ༗
͢Δ͜ͱͰ͖Δ
- capability control
- εϚʔτΧʔυ্ͰͷηΩϡΞͳಈ࡞ͷͨΊ
- e.g. memory, CPU
Java Card Security Functions
Slide 49
Slide 49 text
- Smart Card༷Ͳ͓Γ3λΠϓͷϝϞϦ͕
͋Δ
- ROM
- EEPROM
- RAM
Java Card Memory
Slide 50
Slide 50 text
جຊతʹΠϯελϯεมͯ͢
EEPROMʹॻ͖ࠐ·Ε·͢ʂʂʂʂ
Java Card Memory
Slide 51
Slide 51 text
- ͭ·Γʁ
- ిݯ͕ΕͯΠϯελϯεมͷσʔλΓ·͢ʂ
- ਖ਼֬ʹݴ͏ͱిݯ͕ΕͯJVMࢭ·Βͳ͍
- Πϯελϯεมʹॻ͖ࠐΈ·͘ΔͱΧʔυ͕
յΕ·͢ʂʂʂʂʂ
- (ޙड़͢ΔςΫχοΫΛͬͯؤுΔඞཁ͕͋Δ)
Java Card Memory
Slide 52
Slide 52 text
- RAMʁ
- RAM͋Δʹ͋Δ͕ඇৗʹখ͍͞
- ୣ͍߹͍͕ى͜Δ (ྫ֎͕ग़Δ)
- ຊʹҰ࣌తͳσʔλຊʹηϯγςΟϒͳ
σʔλΛೖΕΔͱ͖ʹ͚ͩ͏
Java Card Memory
Slide 53
Slide 53 text
- Java Card JVM͜ͷੈʹੜΛड͚ΔͱҰੜಈ͖ଓ͚Δ
- shutdownͷ֓೦͕ͳ͍
- ిݯڙڅ͕ͳ͍߹ʮແݶͷΫϩοΫαΠΫϧʯͱ
Έͳ͍ͯ͠Δ
Java Card JVM Lifecycle
Slide 54
Slide 54 text
- Initialization phase
- Immutable memory (ROM) ྖҬʹॻ͖ࠐΉ
- e.g. ൃߦऀ໊, ऀ໊ͳͲ
- Personalization phase
- Immutable memory (ROM) ྖҬʹॻ͖ࠐΉ
- e.g. Ϣʔβʔ໊, 伴, PINͳͲ
- ੜΧʔυΛߪೖͨ͠ࡍinitialization phase·ͰࡁΜͰ͍Δ͜ͱ͕ଟ͍
Java Card Lifecycle
Slide 55
Slide 55 text
Core O.S
UICC
Card Manager
and Security
domains
Remote Applet
Management
Core
Applications
(USIM)
File System
servers
Toolkit and Javacard runtime
environment
Javacard
packages
Javacard
Applet
UICC API and
USIM API
Javacard
Toolkit Applet
UICC Architecture
Slide 56
Slide 56 text
Core O.S
UICC
Card Manager
and Security
domains
Remote Applet
Management
Core
Applications
(USIM)
File System
servers
Toolkit and Javacard runtime
environment
Javacard
packages
Javacard
Applet
UICC API and
USIM API
Javacard
Toolkit Applet
UICC Architecture
Slide 57
Slide 57 text
Applet!!!
Slide 58
Slide 58 text
Applet...?
Slide 59
Slide 59 text
Applet...?
No!
Slide 60
Slide 60 text
- ͍ΘΏΔJava AppletͰͳ͍
- Java Card RuntimeͰಈ͔͢ΞϓϦέʔγϣϯͷ୯Ґ
- Java Card্ʹෳͷAppletΛ֨ೲͰ͖Δ
- ෳͷAppletΛಉ࣌ʹ࣮ߦ͢Δ͜ͱͰ͖ͳ͍
- select()/deselect()Ͱಈ͔͢appletΛΓସ͑Δ
Applet
Slide 61
Slide 61 text
Java Card Development
Slide 62
Slide 62 text
Extreme Environment
- int͕͑Δͷඇৗʹݶఆతͳঢ়گͷΈ
- Java Card 3.0Ҏ߱ (ClassicͰ͑ͳ͍)
- ಛघͳࣄ͕ͳ͍ݶΓshortΛ͏
- floatdouble͑·ͤΜ
- String͑·ͤΜ
- (࣮ϞμϯͳJava Cardڥͩͱ͑Δ)
- ΘΓʹόΠτྻ (byte[]) Λ͏
- ଟ࣍ݩྻ͑·ͤΜ
Slide 63
Slide 63 text
Extreme Environment
- ΠϯελϯεมEEPROMʹอଘ͞ΕΔ
- EEPROMͷण໋͍͍ͩͨ100,000 writes
- ॻ͖ࠐΈ·͘ΔͱͿͬյΕ·͢
- ϩʔΧϧมRAMʹอଘ͞ΕΔ
- ͨͩ͠native typeʹݶΔ
- Ͳ͏ͯ͠RAMʹอଘ͍ͨ͠ͱ͖ʁ
- transient arrayΛ͏
- JCSystem.makeTransientByteArray((short)255,JCSystem.CLEAR_ON_RESET);
- ͜ΕΛEEPROMʹ͢͜ͱͰ͖ͳ͍
Slide 64
Slide 64 text
Compilation and bytecode conversion
class
.exp
COMPILE
.java
CONVERT .cap
.jca
Slide 65
Slide 65 text
Compilation and bytecode conversion
class
.exp
COMPILE
.java
CONVERT .cap
.jca
͍ΘΏΔී௨ͷJDK
(1.6͕҆ఆ͍ͯ͠Δ……)
Slide 66
Slide 66 text
Compilation and bytecode conversion
class
.exp
COMPILE
.java
CONVERT .cap
.jca
Java Card Development Kit
όΠτίʔυΛม͢Δ
Slide 67
Slide 67 text
Tool chain
- IDE: Eclipse
- javacard plugin͕͋Δ།ҰͷIDE?
- JDK: JDK 1.6 (or later?)
- JCDK: Java Card Development Kit
(JCDKJava Cardͷόʔδϣϯʹ߹ΘͤΔ)
Slide 68
Slide 68 text
Tool chain
- Loading onto card: Smart Card Reader Writer
- Live testing: NomadLAB Contact Spy, etc...
Slide 69
Slide 69 text
Appletͷجຊಈ࡞
Slide 70
Slide 70 text
Appletͷجຊಈ࡞
͜ΕΛ࣮͢Δ
javacard.framework.AppletͰ
ఆٛ͞Ε͍ͯΔ
Slide 71
Slide 71 text
Source Code Sample:
https://gist.github.com/moznion/
3bfbc5121afceaebcc77964b4b94517a
Slide 72
Slide 72 text
·ͱΊ
Slide 73
Slide 73 text
·ͱΊ
- Smart Card͕Θ͔Γ·ͨ͠
- APDU͕Θ͔Γ·ͨ͠
- Java Card͕Θ͔Γ·ͨ͠
- Java Card (JCRE) Ͱಈ࡞͢ΔAppletΛॻ͚Δ
Α͏ʹͳΓ·ͨ͠
Slide 74
Slide 74 text
However...
Slide 75
Slide 75 text
Applet Write
Slide 76
Slide 76 text
Applet Write
❌
Slide 77
Slide 77 text
Applet Write
❌
Why????
Slide 78
Slide 78 text
Applet Write
Slide 79
Slide 79 text
Cardͷॻ͖ࠐΈʹ伴͕ඞཁ
- ೝূػ͔ؔΒ͍ग़͞ΕΔ伴͕ඞཁ
- গͳ͘ͱझຯͷൣғͰ伴
खʹೖΒͳ͍……ʢͱࢥΘΕΔʣ
Slide 80
Slide 80 text
Applet Write
AID
Slide 81
Slide 81 text
Cardͷ࣮ߦʹAIDඞཁ
- AppletͷregisterʹAID (Application Identifier) ͕ඞཁ
- AIDʹISOͰཧ͞Ε͍ͯΔRIDؚ͕·Ε͍ͯΔ
- झຯͷൣғͰRIDΒ͑ͳ͍ (ͱࢥΘΕΔ……)
Slide 82
Slide 82 text
ॻ͖ࠐΊͳ͍͡ΌΜʂʂʂʂʂ
Slide 83
Slide 83 text
Q?
Slide 84
Slide 84 text
Referenced docs
- ISO 7816-4
- https://www.iso.org/standard/54550.html
- Java Card Platform Specification
- https://docs.oracle.com/javacard
- How to write a Java Card applet: A developer's guide
- https://www.javaworld.com/article/2076450/client-side-java/
how-to-write-a-java-card-applet--a-developer-s-guide.html
Slide 85
Slide 85 text
ͨͷ͍͠;Ζ͘
Java CardͬͯͲ͜Ͱങ͑Δͷ
Slide 86
Slide 86 text
Java CardΛങ͏
- AmazonݟʹߦͬͨΒചͬͯͨ……
Slide 87
Slide 87 text
Java CardΛങ͏
- AliexpressݟʹߦͬͨΒചͬͯͨ……
Slide 88
Slide 88 text
Java CardΛങ͏
- ͠ࣄͰങ͏ͷͰ͋Εઐͷϕϯμʔ͔Β
ങ͏͜ͱʹͳΔͰ͠ΐ͏
- Gemalto
- IDEMIA
- ͳͲͳͲ
Slide 89
Slide 89 text
ͨͷ͍͠;Ζ͘
Java CardͷςετͬͯͲ͏Δͷ
Slide 90
Slide 90 text
Java Cardͷςετ
- ιʔείʔυ͔ΒόΠτίʔυʹ
ίϯύΠϧ͢Δ෦ී௨ͷJDK
- ී௨ʹJavaΛॻ͍ͯςετΛ͢Εྑ͍
Slide 91
Slide 91 text
Java Cardͷςετ
- ADPUΛ࣮ࡍʹྲྀ͠ࠐΉςετͰ͖Δ
- offlineςετͱݺΜͰ͍·͢ʢҰൠతʁʣ
- ΧʔυϦʔμʹͭͳ͍Ͱম͍ͯAPDUΛྲྀ͠ࠐΉ
- responseͷAPDUΛςετ͢Δײ͡
Slide 92
Slide 92 text
Java Cardͷςετ
- Production ReadyͳCardͷAPDUΛԣऔΓͯ͠
σόοά͢ΔࣄͰ͖Δ
- ͋·ͭ͑͞ແઢ͕ਧ͚Δͷ͋Δ
- NomadLAB Contact Spyͱ͔Λ͏
- ΊͬͪΌߴ͍Ͱ͢
Slide 93
Slide 93 text
ͨͷ͍͠;Ζ͘
Java CardʹσΟϨΫτϦߏ͋Δ
Slide 94
Slide 94 text
Java CardͷσΟϨΫτϦߏ
- APDUͰಡΈॻ͖Մೳ