Reputation: 1
Javacard applet integrity verification
I developed a javacard applet, but I will not distribute the card; that's another person's job.
I haven't yet found a way to verify my applet's code (or compiled .cap file) after the card distributor burns the applet into the card. Customers should be able to verify the applet's code integrity once they have the card, ensuring no supply chain attacks were made to the applet.
At first, I thought about DAP verification, signing the .cap file with my private key (offline), but I think that is a deprecated method of the GlobalPlatformPro tool (as the --dap-sign parameter doesn't exist anymore).
I also thought about hashing the applet's source code and sign it off-card with a private key, then storing the hash and the hash signature in the applet. Clients would ask the card to return the hash and hash signature and verify the signature with the public key. But I think this should be easily overridable by the card distributor if they become evil.
Upvotes: 0
Views: 67
Answers (1)
Reputation: 8116
(Wanted to write a comment, but it got quite long...)
You have to trust your card personalization provider (as well as your card manufacturer, toolchain supplier, HSM manufacturer, certification bodies, etc.).
As far as I know there is no way how to defend against a malicious personalization provider, that is completely initializing the card (ISD, SSDs, etc.).
Global Platform provides mechanisms that allow more control over card content management when multiple parties are involved (including load file integrity).
DAP Verification, citing GP 2.3 (emphasis mine):
An Application Provider may require that their Application code to be loaded on the card shall be checked for integrity and authenticity. The DAP Verification privilege of the Application Provider’s Security Domain detailed in this Specification provides this service on behalf of an Application Provider.
A Verification Authority may require that all Application code to be loaded onto the card shall be checked for integrity and authenticity. The Mandated DAP Verification privilege of the Verification Authority’s Security Domain detailed in this Specification provides this service on behalf of the Verification Authority.
The key and algorithm to be used for DAP Verification or Mandated DAP Verification are implicitly known by the corresponding Security Domain.
The caveat is that you need to trust the party that is loading the verification keys onto the card.
The latest GlobalPlatformPro release contains "enhanced support for Delegated Management and DAP keys" (see release notes).
There are options --dap-domain and --dap-key/--dap-signature that look promising.
Some additional notes:
Delegated Management with tokens is probably not applicable for your situation.
I am not aware of any way how to actually verify the value of DAP Verification key stored in SD (e.g. using
GET DATA).DAP Verification does not prevent from applet downgrade.
Disclaimer: This answer is based on my point of view, please do validate my thoughts.
Upvotes: 0
Related Questions
- What are the correct steps to have a supplementary security domain with DAP verification?
- What is the correct approach to make a JavaCard applet updatable?
- Allow only signed applets to be installed on a JavaCard managed by GlobalPlatform 2.2.1
- How to initialize a EC key pair with an existing key pair in JavaCard?
- Javacard - Signining and verifying
- Verify SHA1withECDSA signature on javacard
- Installing applet in javacard
- Java Card - Transfering ec public key from offcard to java card Applet