UBQuards - Ubiquitous computing using Smartcards

Title and Team Overview Survey Challenges Technical Roadmap Potentials Logistics

Project report Download software Screenshot Useful weblinks Summary slide

Team

Changkyu Kim (ckkim@cs.utexas.edu)
Karthikeyan Sankaralingam (karu@cs.utexas.edu)
Youngin Shin (codeguru@cs.utexas.edu)

Overview

Web services have now become the hottest issue of the overall software market. Many software giants including Microsoft, IBM, Sun, HP, etc., are now racing with their own web service products. A web service is a type of software that runs and returns results when remote service clients access it. In most cases, web service clients are web servers, businesses and also actual users. Web services are envisioned as the future software distribution/usage model.

Service client's use different web services to provide different services. The clients could be platforms ranging from PDAs, laptops to servers. The clients could also be any kind of I/O terminal. Some web service platforms, such as Microsoft.NET, therefore supports the ability to detect the user platforms and generate best content for them.

However, there has been little attempt to use Smartcards as one of such platforms. Smartcards are mostly used to authenticate users but can now perform more functions than that. Though limited in speed and space, chips contain microprocessors, ROM and memory and run their own COS(Chip Operating System), on which various applications may execute. Hence, with this computing power, it may be possible to use Smartcards as mobile access points to web services; Smartcards can store user information, invoke web services and process temporary service results.

In this project we will look at using Smartcards as a vehicle for providing ubiquitous computing. Users, in this model, should be able to access web services from any place with their Smartcards. Furthermore, users do not require any high performance computing mobile devices such as PDA's. We provide a logical model of information sharing and communication between web service, consumer devices and users. We will then provide a full specification of how the different components should be built.

The goal of the project is to provide a comprehensive specification for a communication module which can be attached to any kind of device - ranging for photocopiers to vending machines to exercise bikes which want to access webservices. The communication module does 3 way communication - it talks to a smartcard reader, it talks to a webservice and it is connected to a computation device. The communication module and the device it is connected to are fixed. The ubiquity comes from being able to access any of these anywhere. And to be able to use a single smart card to access various kinds of these devices.

Survey

Based on their main purpose of user authentication, most kinds of Smartcard applications are related to on line Security and Payment. In the past, when memory cards were used, user keys were stored on the chip for user authentication. Later, as Smartcards began to have computing power, many small applications, starting from simple cryptography, related to payment, authentication, and banking were developed. Currently, Schlumberger, one of the largest Smartcard company, announced Javacard, which had built-in Java Virtual Machine and could run Java applets.

Smartcards have also been doubling their memory size and chip operation clock speed every year since they were introduced in 1996 -- when the chip speed was only 3MHz with 4kbytes of memory. They now operate at 50MHz with 512Kbytes of memory and are expected to run at 400MHz with 100MBytes of memory by 2006. It is also expected that more devices such as fingerprint recognizers, small display devices, and film batteries, will show up on the card. USB based smartcard like applications exist. They provide a USB interface and allow for smartcard like storage. These are typically accessed using a personal computer through the USB port running drivers and special software.

http://www.cyberflex.slb.com/ Schlumberger has announced a full Java based Smartcard called "Cyberflex", which we saw at the seminar. Several products based on this card are announced and can be found from this site. They are mainly related to cryptography implementation over these Javacards. They implmented DES/RSA crytography algorithm and some GSM, Internet Security and Banking applications suites.
http://www.acg.de/ One of the largest Smartcard company in Europe, they have been bringing products related to Communication(including Wireless), Electric Driver's license, ID & Security, Health Service, Pubilc Transportation and Logistics, and E-Payments.
Miscellaneous http://www.xiring.com/USsite/Solutions/solutionsuk.html
http://www.acismartcard.com/products/products.asp
http://www.thinkmobile.com/Resource/Top/Smartcards/Solution_Providers/
The third page contains has many URLs to various Smartcard product web sites, and most of their products are related to Banking, Financing, Simple Important Data Storage, E-Payment, Health Service, Secure User Authentication, Transportation etc.
http://www.ealaddin.com/etoken/pro/default.asp?cf= USB based smartcard like applications exist. They provide a USB interface and allow for smartcard like storage. These are typically accessed using a windows machine through the USB port running drivers and special software.
http://egov.gov/scripts/sc_viewer.asp Dept of Defense has some applications that have been putting smartcards to variety of uses. Some of them are similar to our proposal but are very restricted in scope. The list of projects can be found at: The two most relevant are the Navy Smart Card Pilot and the Automated Buying Point System. Approximately 70 employees at the Navy Chief Information Officer (CIO) office were provided with smart cards that had been loaded with personalized PKI certificates. Through the use of a commercial-off-the-shelf (COTS) application, the personnel were able to use their digital certificates to send signed email and visit secure Department of Defense web sites. The cards were also used for logical access, which enables a secure method for logging on to the LAN and for users to lock their workstations (these tasks do not require PKI). The second phase of this project will include approximately 20 users that will utilize PKI (MS Active Server with smart card) for logical access.

Challenges

The key challenge is that no one has done this before and what we are proposing is a model for using smart cards for ubiquitous computing.

The novel ideas we hope to come up with are:

A full specification for using smartcards as the device for making webservices ubiquitous.
A full specification for a communication module that allows to communicate through TCP/IP, serial cable or USB (for communicting with the card reader) and a third data channel. The data channel is used for interfacing this communication module to any consumer device. We need to evaluate different interfaces to see what is best. There are other important power, performance and cost trade-offs. The functions of the communication module are:
1. All of the TCP/IP stack
2. Reasonable part of HTTP and maybe XML (to communicate with web service)
3. Interface to the smart card reader.
The smartcard is used to store user state information so that all web services can be stateless. The key challenge here is to develop a specification that is light weight (in terms of computation power) and expressiveness enough to represent this state information. An example is a user device that uses webservice A,B,C and D serially. If the user leaves in the middle during the execution of C, this state information should be saved on the smartcard and on resumption only C and D should be executed. There are other complex cases where the state information could involve some data.
Is it possible to make this state information itself a web service?
Software needs to be written for smartcards that lets them read and write such state information. The encoding of the information should be simple - because smartcards do not have very high computing power.

Roadmap

Project roadmap and schedule listed below.

Develop a strawman design for the communication module.

Develop a specification for the module and motivate how it can be tied to different kinds of devices. We need to examine:

Different hardware TCP/IP implementations
What are the embedded OSs available and which are capable of handling HTTP/XML
What kind of computation/storage is required for the module.
Survey different interfaces to see what is the best for user devices.

We will study each of these components in detail and describe the tradeoffs using simple models.

Develop the software required to run in the smart card. We need to look at what card reader is available. Look at the smartcard specification and then see how it can be programmed. Since programs are typically burned once on a smartcard, we will be running on a simulator/emulator.
Javacards is one alternative for progamming. These can be programmed with java byte codes instead of assembly. They run a stripped down JVM and JRE (runtime environment). Sun provides a development toolkit.

Potential

We believe there is significant commercial value in such a device. The communication module is a general device to which any device can be plugged and made webservice and smartcard ready. We envision this as a very generic piece of hardware.

The specification is the first one to use smartcards for doing ubiquitous computing and should be attrative to smart card companies!

Logistics

We need to see what are the capabilites of the card reader and if we can get it to work with linux drivers or in Windows.

We then need to get a smartcard emulator to test out our "program". The other alternative is to use the Javacard API in which we could execute in the virtual machine and see what the performance requirements are.

For interfacing with the card reader and storing records on the card, we hope to the use the Linux drivers
Smartcard file systems already have the capability for read, write, delete of "records" in a file. We will be use these calls for reading and writing to the card.

Project report

Smart cards for Ubiquitous Web Services - Changkyu Kim, Karthikeyan Sankaralingam, Youngin Shin. ps, pdf

Download software

As mentioned in the report 5 separate pieces of software was developed. Source for all of these are downloadable. We have mentioned the hardware/software requirement for each piece.

Smart card cardlet interpreter. Runs on Schlumberger cyberflex 32K card. Cardlet written in Java. You need a JDK 1.2 java compiler. You then need to convert the class files into a cap (converted application file) and finally write this cap file into the smart card and instantiate it. We used the Schlumberger SDK 4.1 running on Windows2000 for creating the cap file and loading it into the card. We used Visual J++ for compiling the cardlet. In the tgz you will find a Visual J++ project file which you can open and compile. Also in the tgz is the final .class file in the directory Smart compiled as a package.
Step by step instructions on compiling and loading the cardlet into the smart card.
Smart card reader application. This is the smart card reader application that sends and receives commands to/from the smart card. This is written in Java and uses the Java interoperability layer provided by Schlumberger along with the SDK. At this point we are not sure about what the distribution policy for the dll is. Send me mail if you are interested. The source was compiled using Visual J++. We provide everything apart from the DLL for download. The Visual J++ project file is provided in the distribution.
Communication module. This is the communication module which transfers messages from the card reader application to web services and the device. Written in Visual C++. Use the Visual C++ project file for building.
Device module. This is the Device module. Written in Visual C++. Use the Visual C++ project file for building.
Example web services. Written in C#. We have installed the webservices at http://codeguru.csres.utexas.edu:8080. Please see our report for details for connecting and using web services. Microsoft has a good tutorial and the downloadable .NET SDK.

Screenshot

Screen shot of all the applications in action. Click on image for a larger image.

Useful web links

Web services - the web's next revolution
Schlumberger Javacard
How to turn GSM SIM into a Web Server, EURESCOM P1005 Project Internal Result
Ubicom
Web services description language
See our reference in the report also.

Last modified: Sun May 5 15:43:43 CDT 2002