Section 1 -- Java Security Goes Both Ways|
There are a large and growing number of Java systems running the gamut from Java gizmos such as Java rings, through smart cards with built-in Java interpreters (the subject of this chapter), to complete Java Development Kits and Integrated Development Environments (IDEs). Java is simultaneously making in-roads on many fronts. In distributed systems, Java-based servers and servlets are becoming as common as Java clients. As with any platform meant to interact in a networked world, there are security concerns with each flavor of Java. These concerns take on a new urgency when it comes to e-commerce. When electronic blips are money, the stakes change considerably. It may be an inconvenience to lose a Web server that amounts to fancy brochureware; it is something else entirely if the Web server and its associated backend perform all customer transactions. The security concerns raised by e-commerce are a large enough topic in their own right that there is no way we can do them justice here. Of course, because Java is commonly used at all levels in e-commerce systems, the risks we identify have serious e-commerce implications. This is especially true for Java cards. Counterintuitively, Java is both growing and shrinking at the same time. On one hand, the JDK, now up to Java 2, is doubling in size with each major release. Just to complicate matters, at the same time as the explosive growth of the code base is occurring, the security architecture is undergoing major reorganization. Chapter 2, "The Base Java Security Model: The Original Applet Sandbox," and Chapter 3, "Beyond the Sandbox: Signed Code and Java 2," detail the new model. On the other hand, embedded Java systems like Card Java 2.x strip Java functionality down to bare bones. The security model is not immune to this effect and has been deeply affected by Java's migration to smart cards. These two diverse directions both have important security implications. Java 2 involves fundamental changes to the Java security model as the Java sandbox metamorphoses itself into a trust-based system built on code signing. Card Java 2.x removes much of the sandbox, leaving smart card applets more room to misbehave. Section 2 -- What Is a Smart Card?| |
A smart card looks just like a credit card, only with a chip embedded in its plastic. Imagine replacing the hologram on a standard credit card with a similarly thin chip and you get the idea. Most smart card chips are about the size of a dime (only thinner) and can be recognized by their distinctive gold terminals. Figure 8.1 shows a Visa smart card. Figure 8.1 Visa has been active in the development of the Java Card. Visa's Open Platform classes interact with Java Card to provide a secure framework for which to develop smart card applications. (This figure used by permission from Visa.)| A smart card chip is actually a complete little computer with nonvolatile memory, storage, a card operating system (COS), and accompanying communication protocols. The most advanced smart cards on the market have the processing power once found in an IBM-XT (with less memory, of course). There are many different uses for smart cards. Smart cards can serve as: * Security cards that are able to identify the carrier using advanced authentication algorithms and can safely store secrets like private keys * Electronic wallet cards that use several different approaches to store value and provide a kind of electronic cash * Transaction cards that take over the role once played by the magnetic stripe commonly found on the back of credit cards * Processor cards that carry out proprietary calculations in a black box fashion * Memory cards that act as highly portable databases
* Cards with Virtual Machines that run Java applets
Unlike traditional computers, smart cards are not delivered with a built-in power supply, a keyboard, or a display...