英文:
Protecting JavaCard application and data memory
问题
可以保护JavaCard应用程序防止从一张卡复制到另一张卡吗?另外,是否可以以某种方式访问JavaCard上的数据并损坏它们?
英文:
Is it possible to protect JavaCard application against program copying from one card to another? Also is it possible somehow access data on JavaCard and damage them?
答案1
得分: 1
确实,通常情况下,你无法检索Java Card应用程序。你可以使用Global Platform (GP) LOAD命令加载它们,然后使用INSTALL命令安装它们。据我所知,没有检索命令,也没有必要。如果有的话,你仍然需要GP密钥集才能安装它们。如果你有一张带有默认密钥集的卡片,那么你可以在安全的(预)个性化环境中在加载应用程序之前或之后替换密钥。
通常,芯片受到保护,例如使用硬件网格和/或类似的被动和主动保护措施,以防止使用硬件进行提取。但最终,你应该以这样一种方式使用应用程序,即使知道代码,攻击者也很难获取信息(例如,使用派生的、卡片特定的密钥,在(预)个性化过程中计算或加载)。
好的卡片通常会进行Common Criteria等测试。CC会发布报告,应该在相关产品页面上引用。当然,这并不意味着它们永远不会被入侵 - 毕竟,对手可能直接访问硬件,但它确实提供了一定程度的最低安全水平。
英文:
Sure, generally you cannot retrieve Java Card applets at all. You can load them using Global Platform (GP) LOAD commands and install them using INSTALL. There are however no retrieve commands as far as I know, nor are they necessary. If they were present then you'd still need the GP key set to install them. If you have a card with a default key set then you can replace the keys before or after loading the applet in your secure (pre-)personalization environment.
Usually the chips are protected e.g. using a hardware mesh and / or similar passive & active protections to avoid extraction using hardware. In the end though you should use the applets in such a way that an attacker would have a hard time getting information out even if the code is known (using derived, card specific keys for instance, calculated or loaded during (pre-)personalization).
Good cards are tested against e.g. Common Criteria. CC does publish reports and those should be referenced by the relevant product pages. Of course, that doesn't mean that they will never be hacked - the adversary may have direct access to the hardware after all, but it does provide a minimum level of security.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论