Proof of concept implementation of an API for a Java Card based Cryptographic Service Provider (CSP).
This project consists of two executable parts that may be run on a Java Card or an appropriate simulator thereof:
- CryptoServiceProvider:
- A rudimentary Java Card CSP implementation providing cryptographic services via shared interface objects (SIO) to other applets (Client Applications). The CSP implementation is for demonstration purposes only and in no way meant to be hardened against attacks.
- Example Applet
- An example of a Client Application requesting a signature of provided input data after authorization, utilizing the CSP API to access the cryptographic services of the CSP (SignatureApplet).
However, the main purpose of this project is to present the feasibility of implementing the main principles of the CSP architecture on a Java Card platform:
- Full separation of the crypto implementation (CSP) and the use-case implementation (Client Application).
- Confinement of sensitive cryptographic assets into abstract CSP Resources with attached security attributes defining their behaviour and life cycle as well as enforcing access restrictions.
- Management of the CSP and configuration of CSP Resources via a dedicated secure channel independent of the Client Application.
- Use of abstract CSP Resources in cryptographic services provided by the CSP, easing the Client Application from complex and error prone cryptocraphic tasks.
The CSP-API defined and used in this project is closely aligned with CSP standardization at GlobalPlatform, specifically the corresponding Card Specification Amendment N - Cryptographic Service Provider. However, this project does not claim compatability to or full coverage of this specification.
This project was implented by achelos GmbH and is further maintained by BSI.
The Cryptograhic Service Provider aims to tackle two problems typically encountered during the realiziation of a new business case:
- How to implement the needed cryptography in a secure way?
- How to certify the product (or update of a product) so that it can be deployed on different platforms without requiring an extensive, time consuming and tedious composite certification?
Both problems are tackled technically as well as by organizational means that are shortly introduced here. For more in depth information please refer to the sources meantioned below.
The main architectural concept is to separate the business logic and the cryptographic functionality to execute this business logic into two separate components.
The cryptographic needs of most use-cases include a common set of features, protocols and algorithms (which might be covered by a suitable cryptographic software library). However, those features typically need to be extended with additional logic regarding access control, life cycle considerations, management capabilities and additional advanced features. The CSP is a dedicated component to offer those extended cryptographic features as self-contained, secure-to-use, securely implemented and isolated services.
This strict separation relief the developer of the business logic from the pitfalls that implementing secure modern cryptography brings, but also allows for independent development, evaluation and certification of the CSP and its consuming Client Applications. Even more, the Client Application might even be evaluated against a lower assurance level, e.g., EAL 2+, while still profiting from the EAL 4+ AVA_VAN.5 certification of the CSP, maintaining a resistance against attackers with a 'high' attack potential for the combined product.
The foundation of this approach is a clearly and unambigously defined interface between the Client Application and the CSP. Any CSP in fact, as such a standardized interface allows for interchangeable CSP components.
The generic approach of separating business logic and cryptography in two distinct (logical) components is very useful in a wide range of different contexts. Thus, the CSP approach provides advantages for most use cases that use dedicated security platforms, such as security controllers or (embedded) SecureElements, to account for the need for high assurance security evaluations.
However, as specific protocols and cryptographic services had to be chosen to define the scope of the CSP with limited resources in mind, the current selection clearly aims at use-cases in the context of electronic identification and authentification.
The CSP is actively used as the cryptographic core component of the security system for cash registers in the german market, protecting fiscal transaction data against manipulation. The CSP is also used in the proof of concept for the german national eID on mobile devices (smart eID).
Ongoing development and standardization activities aim to fit the CSP to:
- international/european eID use cases such as electronic passports, ID cards and identity wallets e.g., the EUDI-Wallet
- authentication token, such as FIDO/FIDO2/Passkey authenticators
- hardware root of trust for mobile devices and embedded systems
- use-cases requiring protection of very sensitive data, such as personal health records
- ...
BSI publications regarding the CSP can be found via the CSP landing page, including:
- The CSP white paper
- Technical Guideline TR-03181 CSP2
- Protection Profile PP-CSP (EAL4+)
- Protection Profile PP-CSPL (EAL2+)
The CSP is subject to ongoing development and active standardization in numerous organizations such as ENISA, EU, JIL and GlobalPlatform. Keep an eye on articles and new submissions regarding the CSP also from those contributors when they become available.
Feel free to contact us via csp@bsi.bund.de for all questions regarding the CSP.
To come in touch with the developers at achelos please refer to their website.
-
JDK
- Download an appropriate Java Development Kit, e.g jdk8.
- Run JDK installer (jdk-8u202-windows-x64.exe) and use default locations.
- Add Java/bin directory to PATH environment variable and set JAVA_HOME to the JDK folder.
-
Java Card Development Kit
- Download an appropriate Java Card Development Kit with version number at least JC v3.1.0
- Unzip to javacard_kit
-
Build
- We provide a script for test purpose which uses ant-javacard to build all caps
- Download from github and store in the tools/ folder
- Run the build.xml script
The following AIDs were used during develpment of the CryptoServiceProvider
| Entity | AID |
|---|---|
| org.globalplatform.csp.time | 0c0000000004 |
| org.globalplatform.csp.resources | 0c0000000001 |
| org.globalplatform.csp.services | 0c0000000002 |
| org.globalplatform.csp | 0c0000000003 |
| de.bsi.csp.config | f1f2f3f4f50d |
| de.bsi.csp.internal | f1f2f3f4f504 |
| de.bsi.csp.resources | f1f2f3f4f501 |
| de.bsi.csp.crypto | f1f2f3f4f508 |
| de.bsi.csp.tools | f1f2f3f4f50c |
| de.bsi.csp.protocol.general | f1f2f3f4f509 |
| de.bsi.csp.protocol.io | f1f2f3f4f50a |
| de.bsi.csp.protocol.commands | f1f2f3f4f50b |
| de.bsi.csp.services | f1f2f3f4f502 |
| de.bsi.csp.api | f1f2f3f4f500 |
| de.bsi.csp.api.CryptographicServiceProvider | f1f2f3f4f50001 |
| de.bsi.csp.admin | f1f2f3f4f507 |
| de.bsi.csp.admin.ApplicationAdmin | f1f2f3f4f50702 |
| de.bsi.csp.example.signature | f1f2f3f4f603 |
| de.bsi.csp.example.signature.SignatureApplet | f1f2f3f4f60301 |
| de.bsi.csp.example.time | f1f2f3f4f602 |
| de.bsi.csp.example.time.TimeApplication | f1f2f3f4f60201 |