Vous êtes sur la page 1sur 19

Matthias Brstle Smart Cards mit SOSSE sind lecker

SOSSE
Simple Operating System for Smartcard Education

Matthias Brstle
<m@mbsks.franken.de>

Kommunikationsnetz Franken e.V.

Matthias Brstle Smart Cards mit SOSSE sind lecker

Overview
"

Smart Card Operating System

"

Open Source GPLed

"

Runs on easily available hardware

"

Suitable for education

"

Not suitable for security applications

Matthias Brstle Smart Cards mit SOSSE sind lecker

Why?
"

Open Source PC operating systems: */Linux,


*BSD

"

No equivalent for smart cards

"

Only cards with VMs (Java, MEL, Basic)

"

Therefore no tinkering on OS level

"

"

No easy way to learn smart card OS


programming
And not promotion of pay TV cracking!

Matthias Brstle Smart Cards mit SOSSE sind lecker

Smart Card Hardware


"

"

"

AVR commercialoftheshelf controller:

AT90S8515/35: 512B RAM, 8kB Flash, 512B


EEPROM

ATmega161: 1kB TAM, 16kB Flash, 512B


EEPROM

Packaged as smart card from satellite shops


(Funcard)
Card flashing devices

Matthias Brstle Smart Cards mit SOSSE sind lecker

InSystem Programming
"

Flash and EEPROM writeable with special


protocol

Matthias Brstle Smart Cards mit SOSSE sind lecker

Design of SOSSE
"

Similar to commercial systems

"

Based on ISO/IEC 7816

Reduced functionality because of small code


space:

8kB 16kB Flash

Commercial 6kB 300kB

Flair of phase 1 GSM SIM

Matthias Brstle Smart Cards mit SOSSE sind lecker

Design of SOSSE
"

"

Modular

Unneeded parts can be omitted

Frees code space for own code

Implemented in C

Easier to understand

Portable

Modern card operating systems are also


developed in C

Matthias Brstle Smart Cards mit SOSSE sind lecker

Development Software
"

"

GNU C Compiler for the AVR


Small code size even compared to
commercial compilers

GCC 3.0.2 for classic AVR: 486 bytes

SDCC 2.3.0 for classic AVR: 1030 bytes

Code Vision AVR 1.0.2.1b for classic AVR: 476


bytes

Keil C51 6.11d for 8051 (compact memory


model): 377 bytes

Matthias Brstle Smart Cards mit SOSSE sind lecker

Development Software (cont.)


"

Software for writing binary to card:

PonyProg

TwoProg

...

Matthias Brstle Smart Cards mit SOSSE sind lecker

Building Blocks
"

Hardware Abstraction Layer

"

Filesystem

"

Transactions

Streams

Access Control

"

Cryptography

Commands

10

Matthias Brstle Smart Cards mit SOSSE sind lecker

Hardware Abstraction Layer


"

Improves portability

"

Provided functions:

"

Initialization of hardware

I/O: with T=0 error recovery

EEPROM: Continuous address space for all


EEPROMs

RNG: True or pseudo random number generator

11

Matthias Brstle Smart Cards mit SOSSE sind lecker

Hardware Abstraction Layer


(cont.)
"

Supported Systems:

AVR
"

Internal and external EEPROM

Unix (*/Linux)
"

No T=0 error recovery

12

Matthias Brstle Smart Cards mit SOSSE sind lecker

File System
"

"

"

Very simple to reduce code size


MF, DFs and transparent (plain) EFs
supported
6byte file header:
Size
FID
Type
AC

2
2
1
1

bytes
bytes
byte
byte

File body length


File ID
File type (DF, tr. EF)
Access contr (PIN/Key)

13

Matthias Brstle Smart Cards mit SOSSE sind lecker

Cryptography
"

Small code size

"

Doesnt have to be very strong

"

TEA fits well on AVR architecture

"

658 bytes on AVR

Over 1kB on other 8bitarchitectures

Standard authentication commands

External Authenticate

Internal Authenticate

14

Matthias Brstle Smart Cards mit SOSSE sind lecker

Commands
"

Create / Delete

"

Select

"

Read / Update Binary

"

External Authenticate / Get Challenge

"

Internal Authenticate

"

Change / Unblock / Verify PIN

"

Get Response

"

Read / Write EEPROM

15

Matthias Brstle Smart Cards mit SOSSE sind lecker

Development Aids
"

"

Doxygen documentation

User manual

Source documentation

CTAPI library with virtual reader and card

Development and testing without AVR hardware

Easy debugging

16

Matthias Brstle Smart Cards mit SOSSE sind lecker

Project Suggestions
"

Encryption of external EEPROM with system


key

"

Encryption of total EEPROM with user key

"

Card intrusion detection

"

Mobile firmware storage

"

Remotely keyed encryption system

"

Elliptic Curve Cryptography (ATmega)

17

Matthias Brstle Smart Cards mit SOSSE sind lecker

Links
"

"

"

"

"

SOSSE: http://www.mbsks.franken.de/sosse/
AVR: http://www.atmel.com/atmel/products/
prod23.html
GCC: http://combio.de/avr/
TEA: http://www.cl.cam.ac.uk/ftp/users/djw3/
tea.ps
Rankl, W.; Effing, W. Handbuch der
Chipkarten, 4. Aufl.; Hanser: 2002

18

Matthias Brstle Smart Cards mit SOSSE sind lecker

Mahlzeit

Matthias Brstle
m@mbsks.franken.de
ftp://ftp.franken.de/pub/crypt/chipcards/

19