Cryptographic smart cards Multi-application cryptographic smart cards and their practical security Petr Švenda [email protected] Faculty of Informatics, Masaryk University
May 08, 2020
Cryptographic smart cards
Multi-application cryptographic smart cards and their practical security
Petr Švenda [email protected]
Faculty of Informatics, Masaryk University
Outline
• Short intro to smart cards
• Typical usage scenarios
• Multi-application smart cards (JavaCard)
• Platform performance and capabilities
• Attacks against smart cards
2 | Crypto smartcards - Eset 3.10.2014
Centre for Research on Cryptography and Security
• Formerly Laboratory of Security and Applied
Cryptography (Labak)
• Established 2006 at the Faculty of Informatics of the
Masaryk University, Brno
• Security-related university courses
• Laboratory for students
• Applied research with commercial partners
3 | Crypto smartcards - Eset 3.10.2014
Something about me...
| Crypto smartcards - Eset 3.10.2014
+
⇒Genetic programming
Secrecy amplification protocols for WSNRandom distinguisher for crypto fncs
Distributed computing
4
| Crypto smartcards - Eset 3.10.2014
Power analysis
Security programming
5
Something about me...
| Crypto smartcards - Eset 3.10.2014
http://astrolight.cz
6
INTRO TO SMART CARDS
7 | Crypto smartcards - Eset 3.10.2014
Basic types of (smart) cards
• Contactless “barcode”
– Fixed identification string (RFID, < 5 cents)
• Simple memory cards (magnetic stripe, RFID)
– Small write memory (< 1KB) for data, (~10 cents)
• Memory cards with PIN protection
– Memory (< 5KB), simple protection logic (<$1)
| Crypto smartcards - Eset 3.10.20148
Basic types of (smart) cards (2)
• Cryptographic smart cards
– Support for (real) cryptographic algorithms
– Mifare Classic ($1), Mifare DESFire ($3)
• User-programmable smart cards
– Java cards, .NET cards, MULTOS cards ($10-$30)
| Crypto smartcards - Eset 3.10.20149
Cryptographic smart cards
• SC is quite powerful device
– 8-32 bit procesors @ 5-20MHz
– persistent memory 32-100kB (EEPROM)
– volatile fast RAM, usually <<10kB
– truly random generator
– cryptographic coprocessor (3DES, RSA-2048,...)
• 8.05 billion units shipped in 2013 (ABI Research)
– mostly smart cards
– telco, payment and loyalty...
| Crypto smartcards - Eset 3.10.2014
EEPROM
CPU
CRYPTO
SRAM
ROM
RNG
chip
10
Smart cards forms
• Many possible forms
– ISO 7816 standard
– SIM size, USB dongles, Java rings…
• Contact(-less), hybrid/dual interface
– contact physical interface
– contact-less interface
• chip powered by current induced on antenna by reader
• reader→chip communication - relatively easy
• chip→ reader – dedicated circuits are charged, more power
consumed, fluctuation detected by reader
– hybrid card – separate logics on single card
– dual interface – same chip accessible contact & c-less
| Crypto smartcards - Eset 3.10.201411
Main advantages of crypto smart cards
• High-level of security (CC EAL4 and higher)
• Fast cryptographic coprocessor
• Programmable secure execution environment
• Secure memory and storage
• On-card asymmetric key generation
• High-quality and very fast RNG
• Possibility for secure remote card control
| Crypto smartcards - Eset 3.10.201412
MODES OF USAGE
| Crypto smartcards - Eset 3.10.201413
Smart card carries fixed information
• Fixed information ID transmitted, no secure channel
• Low cost solution (nothing “smart” needed)
• Problem: Attacker can eavesdrop and clone chip
| Crypto smartcards - Eset 3.10.201414
Smart card as a secure carrier
• Key(s) stored on a card, loaded to a PC before
encryption/signing/authentication, then erased
• High speed usage of key possible (>>MB/sec)
• Attacker with an access to PC during operation will
obtain the key
– key protected for transport, but not during the usage
| Crypto smartcards - Eset 3.10.201415
Smart card as encryption/signing device
• PC just sends data for encryption/signing…
• Key never leaves the card
– personalized in secure environment
– protected during transport and usage
• Attacker must attack the smart card
– or wait until card is inserted and PIN entered!
• Low speed encryption (~kB/sec)
– low communication speed / limited card performance
| Crypto smartcards - Eset 3.10.201416
Smart card as computational device
• PC just sends input for application on smart card
• Application code & keys never leave the card
– smart card can do complicated programmable actions
– can open secure channels to other entity
• secure server, trusted time service…
• PC act as a transparent relay only (no access to data)
• Attacker must attack the smart card or input
| Crypto smartcards - Eset 3.10.201417
Smart card as root of trust (TPM)
• Secure boot process, remote attestation
• Smart card provides robust store with integrity
• Application can verify before pass control
(measured boot)
• Computer can authenticate with remote entity…
| Crypto smartcards - Eset 3.10.201418
19 | Crypto smartcards - Eset 3.10.2014
http://technet.microsoft.com/en-US/windows/dn168167.aspx
Author: Guillaume Piolle
Smart cards are used for…
• SIM modules (GSM)
• On-card digital signatures (OpenPGP)
• Bank payment card (EMV standard)
• System authentication (PKCS#11, Radius…)
• Operations authorizations (electronic banking)
• ePassports (ICAO BAC/EAC)
• Multimedia distribution (DRM)
• Secure storage and encryption device (certificates…)
• Secure boot (TPM)
• …
| Crypto smartcards - Eset 3.10.201420
MULTI-APP PLATFORMS
Multi-application platforms (JavaCard, .NET, MULTOS)
21 | Crypto smartcards - Eset 3.10.2014
Main standards
• ISO7816
– card physical properties
– physical layer communication protocol
– packet format (APDU)
• PC/SC, PKCS#11
– standardized interface on host side
– card can be proprietary
• GlobalPlatform
– remote card management interface
– secure installation of applications
22 | Crypto smartcards - Eset 3.10.2014
User application
Card OS
Card application
Card I/O manager
contact(less)transmission
OS smart card API
smart card reader
Multi-application platforms
• MultOS
– multi-languages programming, native
compilation
– high security certifications, often bank cards
• Java Card
– open programming platform from Sun
– applets portable between cards
• Microsoft .NET for smartcards
– similar to Java Card, relatively new
– applications portable between cards
| Crypto smartcards - Eset 3.10.2014
User application
Card OS
Card application
Card I/O manager
contact(less)transmission
OS smart card API
smart card reader
23
PKCS#11
• Standardized interface of security-related functions
– vendor-specific library in OS, often paid
– communication library→card proprietary interface
• Functionality cover
– slot and token management
– session management
– management of objects in smartcard memory
– encryption/decryption functions
– message digest
– creation/verification of digital signature
– random number generation
– PIN management
| Crypto smartcards - Eset 3.10.2014
User Application
Vendor library
Smartcard
PKCS#11 interface
proprietary interface
CardEdge applet (PKCS#15)
OpenSC library (PKCS#11)
24
Old vs. multi-application smart cards
• One program only
• Stored persistently in
ROM o EEPROM
• Written in machine
code
– chip specific
• Multiple applications at
the same time
• Stored in EEPROM
• Written in high-level
language
• Interpreted from
bytecode
• Application can be later
managed (remotely)
25 | Crypto smartcards - Eset 3.10.2014
Java Card basics
26 | Crypto smartcards - Eset 3.10.2014
JavaCard specification (1996)
• Maintained by Sun Microsystems (Oracle)
• Cross-platform and cross-vendor applet interoperability
• Freely available specifications and development kits
– http://www.oracle.com/technetwork/java/javacard/index.html
• Java Card applet is Java-like application
– uploaded to a smart card
– executed by the Java Card Virtual Machine
27 | Crypto smartcards - Eset 3.10.2014
User Application
PC/SC library
Applet1Applet2
JCVM
Java Card applets
• Writing in restricted Java syntax
– byte/short (int) only, missing most of Java objects
• Compiled using standard Java compiler
• Converted using Java Card converter
– check bytecode for restrictions
– can be signed, encrypted…
• Uploaded and installed into smartcard
– executed in JC Virtual Machine
• Communication using APDU commands
– small packets with header
28 | Crypto smartcards - Eset 3.10.2014
JavaCard API versions
• Java Card 2.1.x/2.2.x
– widely supported versions
– basic symmetric and asymmetric cryptography algorithms
– PIN, hash functions, random number generation
– transactions, utility functions
• Java Card 2.2.2
– last version from 2.x series
– significantly extended support for algorithms and new concepts
• long “extended” APDUs, BigNumber support
• biometric capability
• external memory usage, fast array manipulation methods…
• JavaCard 3.x
29 | Crypto smartcards - Eset 3.10.2014
Java Card 3.x
• Recent major release of Java Card specification
– significant changes in development logic
– two separate branches – Classic and Connected edition
• Java Card Classic Edition
– legacy version, extended JC 2.x
– APDU-oriented communication
• Java Card Connected Edition
– smart card perceived as web server (Servlet API)
– TCP/IP network capability, HTTP(s), TLS
– supports Java 6 language features (generics, annotations…)
– move towards more powerful target devices
– focused on different segment then classic smart cards
30 | Crypto smartcards - Eset 3.10.2014
DEVELOPING JAVACARD APPS
31 | Crypto smartcards - Eset 3.10.2014
Necessary tools
• Several tool chains available
– both commercial (RADIII, JCOPTools, G&D JCS Suite)
– and free (Sun JC SDK, Eclipse JC plugin…)
• We prepared tutorial and VM – try it!
– NetBeans 6.8 or later
– Java Standard Edition Development Kit 1.3 or later
– Apache Ant 1.7 or later, GPShell 1.4.2
– Java Card Development Kit 2.1.2
– Java Card Ant Tasks (from JC SDK 2.2.2)
• https://minotaur.fi.muni.cz:8443/~xsvenda/docuwiki/doku.php
?id=public:smartcard:javacardcompilation
32 | Crypto smartcards - Eset 3.10.2014
JC development process
33 | Crypto smartcards - Eset 3.10.2014
6. Write user Java app (javax.smartcardio.*)
1. Subclass javacard.framework.Applet
2. Compile Java→*.class (Java 1.3 binary format)
3. Convert *.class→*.jar/cap (Java Card Convertor)
4. Upload *.jar/cap→ smart card (GPShell)
5. Install applet (GPShell)
7. Use applet on smart card (APDU)
JavaCard application running model
1. Uploaded package – application binary
2. Installed applet from package – running application
3. Applet is running until deleted from card
4. Applet is suspended when power is lost
– Transient data inside RAM are erased
– Persistent data inside EEPROM remain
– Currently executed method is interrupted
5. When power is resumed
– Unfinished transactions are rolled back
– Applet continues to run with the same persistent state
– Applet waits for new command
6. Applet is deleted by service command
34 | Crypto smartcards - Eset 3.10.2014
ALGORITHMS, PERFORMANCE
Algorithms offered, performance of the current hardware
35 | Crypto smartcards - Eset 3.10.2014
Problem?
| Crypto smartcards - Eset 3.10.2014
What kind of smart card?
Which algorithms supported?
What key lengths?
How much RAM memory?
How much persistent memory? What version
of JavaCardAPI?
Which one should I choose?
36
http://www.fi.muni.cz/~xsvenda/jcsupport.html
Supported algorithms for JavaCard smart cards
• Same hw sells in several configurations– e.g., AES present, but disabled
– additional software libraries in later versions of card
• ATR alone is not sufficient identification– hard to get product description just from ATR
– ATR can be changed via service command
– seller not always aware of details
– http://smartcard-atr.appspot.com/
• More details from certification reports like NIST FIPS 140– http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm
37 | Crypto smartcards - Eset 3.10.2014
JCAlgTester project (test app & database)
38 | Crypto smartcards - Eset 3.10.2014
http://www.fi.muni.cz/~xsvenda/jcsupport.html
Supported algorithms - extract
• Always supported: TRNG, 3DES, RSA-1024b,
SHA-1, MD5, on-card key generation
• Supported by newer cards: AES-128/196/256,
RSA-2048b, ECC
• Usually supported by newer cards: SHA2-256,
EC-DH key agreement
39 | Crypto smartcards - Eset 3.10.2014
Easier than ever to contribute
• Contribute with your card (please ☺)
1. Download zip with most recent binaries
https://github.com/petrs/JCAlgTest
2. Upload cap file to your card (e.g., via GPShell)
3. Run Java application AlgTestJClient
4. Send me resulting *.csv file ([email protected])
• Fork me on GitHub and help development
– https://github.com/petrs/JCAlgTest
– TODO: new testing modes, performance testing...
| Crypto smartcards - Eset 3.10.201440
http://www.fi.muni.cz/~xsvenda/jcsupport.html
Basic crypto - performance
• DES, AES (one block) ~ 3-10ms
• SHA-1/SHA-2 (one block) ~ 3-6ms
• RandomData (16B) ~ 1-5ms
41 | Crypto smartcards - Eset 3.10.2014
SHA-1
Asymmetric cryptography - performance
• RSA-2048b private key operation ~ 80-200ms
• RSA-2048b public key operation ~ 40-70ms
• RSA-2048b key pair generation ~ 3-100sec (avg 20)
• ECC-193b key pair generation ~ 50-600ms (stable)
42 | Crypto smartcards - Eset 3.10.2014
RSA-2048b, 1000 keys
What if algorithm is not supported?
• JavaCard API is limited
– And not all algorithms from standard are supported by particular card
• Own implementation can be written (bytecode)
• Expect much lower performance
– bytecode interpreted by JCVM
• Expect lower resilience against attacks
– side channel, fault induction…
• Still doable, see (AES, SHA2-512, OAEP)
http://www.fi.muni.cz/~xsvenda/jcalgs
| Crypto smartcards - Eset 3.10.201443
COMMUNICATION
Communicating with smart card
44 | Crypto smartcards - Eset 3.10.2014
How to communicate with our applet?
• Various existing tools for APDU sending
– e.g., GPShell and send_apdu command
• Possibility to send APDU from our own program
– PC/SC standard (PC/SC-lite on Linux)
– SCardxxx Win32 API (winscard.dll)
– javax.smartcardio.* API for Java 6
– android.nfc.*
– …
45 | Crypto smartcards - Eset 3.10.2014
Proximity-based credentials control
| Crypto smartcards - Eset 3.10.2014
• Gradual authorization/credential (x PIN-only)
• Mobile phone (Android) with NFC reader, ISO/IEC 14443
• Credentials with different level of sensitivity
46
ATTACKS
Invasive attacks
Semi-invasive attacks
Logical attacks
47 | Crypto smartcards - Eset 3.10.2014
Basic types of attacks
• Invasive
– physical de-packaging, chip is often destroyed
– reading microprobes, direct memory access
– usually high cost attack, but eventually possible
• Semi-invasive
– often de-packaging, but chip still works
– optical fault induction, voltage peaks…
– often low cost
• Non-invasive
– passive observation, chip not affected
– timing and power analysis
• Application-level attacks48 | Crypto smartcards - Eset 3.10.2014
Basic setup for power analysis
| Crypto smartcards - Eset 3.10.2014
Smart card
Smart card reader
Inverse card connector
Oscilloscope
Resistor 20-80 ohm
Probe
49
More advanced setup for power analysis
| Crypto smartcards - Eset 3.10.2014
Ethernet
Tested smartcard
External power supply
SCSAT04 measurement board
50
Reverse engineering of Java Card
bytecode• Goal: obtain code back from smart card
– JavaCard defines around 140 bytecode instructions
– JVM fetch instruction and execute it
| Crypto smartcards - Eset 3.10.2014
(source code)
m_ram1[0] = (byte) (m_ram1[0] % 1);
(bytecode)
getfield_a_this 0;sconst_0;baload;sconst_1;srem;bastore;
(power trace)
compiler oscilloscope
51
Conditional jumps
• may reveal sensitive info
• keys, internal branches…
| Crypto smartcards - Eset 3.10.2014
(bytecode)
sload_1;
ifeq_w L2;
L1: getfield_a_this 0;
sconst_0;
sconst_0;
bastore;
goto L3;
L2: getfield_a_this 0;
sconst_0;
sconst_1;
bastore;
goto L3;
L3: …
(source code)
if (key == 0) m_ram1[0] = 1;else m_ram1[0] = 0;
compileroscilloscope
(power trace, k != 0)
(power trace, k == 0)
52
Analyzing API via power analysis
OpenPlatform Secure channel protocol (SCP’01)
INIT_UPDATE operation53 | Crypto smartcards - Eset 3.10.2014
Application attacks
• Focus on logical attacks possible by “malware”
– No physical access to target card is assumed, remote attacks
– Man-in-the middle attacks
– Redirection of traffic, remote smart card access
• Target applications
– Banking app (login, transaction authorization)
– Resources protected by two-factor authentication (VPNs…)
– DRM applications (user is attacker)
– Citizen ID cards (ID theft)
– …
54 | Crypto smartcards - Eset 3.10.2014
Where to log/manipulate communication?
| Crypto smartcards - Eset 3.10.2014
User application
PC/SC(winscard.dll)
reader driver
USB driver
APDU
Code inject application
Virtual reader, change/inject new driver
SW USB sniffer
HW USB sniffer
In-card logger
Load malicious dll (stub)
55
Malicious reader firmware
Let’s write own winscard.dll (PC/SC)
| Crypto smartcards - Eset 3.10.2014
User application
winscard.dll (stub)
original.dll
[begin]
SCardTransmit (handle 0xEA010001)# apduCounter:0#
totalBytesINCounter:1#
transmitted:00 a4 04 00 0a a0 00 00 00 28 80 10 30 01 ff
responseTime:31#
SCardTransmit result:0x0#
received:6a 81
SCardTransmit (handle 0xEA010001)# apduCounter:1#
totalBytesINCounter:16#
…
based on ApduView utility (by Fernandes)
http://www.fi.muni.cz/~xsvenda/apduinspect.html
56
winscard.dll
What can you do then…
• Log all APDU send via SCardTransmit()
• Log all SCardXXX function calls
| Crypto smartcards - Eset 3.10.201457
| Crypto smartcards - Eset 3.10.201458
Not only logging…
• Manipulate incoming/outgoing APDUs
– modify packet content
– replay of previous packets
– simulate presence of smart card
– …
| Crypto smartcards - Eset 3.10.2014
[RULE1]
MATCH1=in=1;t=0;cla=00;ins=a4;p1=04;
ACTION=in=0;data0=90 00;le=02;
00 a4 04 00 08 01 02 03 04 05 06 07 08
winscard.dll (stub)
90 00
59
Even more…
• Reorder smart card readers reported by system
– SCardListReaders()
– some applications connect to the first reader only
• Add virtual reader
– and handle all corresponding SCardTransmit()
– easier than smart card mini-driver
– (and no need for driver signature)
• Redirect communication via socket to remote machine -
remote smart card via TCP/IP
| Crypto smartcards - Eset 3.10.201460
ATTACKS IN THE WILD
How smart cards are attacked in the wild
61 | Crypto smartcards - Eset 3.10.2014
German banking malware (2009)
• Two-factor authorization of transactions (chipTAN/cardTAN)
• Application code injection
– modifies info about transaction and balance shown to user in browser
– intercepts/modifies transaction data for signature by smart card
– http://www.cio.com/article/2429854/infrastructure/german-police--two-
factor-authentication-failing.html
• The Fairy Tale of “What You See Is What You Sign” - Trojan
Horse Attacks on Software for Digital Signatures (2001)
– http://www.hanno-langweg.de/hanno/research/scits01p.pdf
– Importance of physical PIN-pad and display of transaction amount
independently
62 | Crypto smartcards - Eset 3.10.2014
German banking malware
| Crypto smartcards - Eset 3.10.2014
User application
winscard.dll
reader driver
USB driver
APDU
Code inject application
63
ZeuS smartcard support module
• ZeuS Banking Trojan (2010, 2012)
– Analysed by A. Matrosov, Group-IB and others
– http://www.welivesecurity.com/2010/11/05/dr-zeus-the-bot-in-the-hat/
– http://www.secureworks.com/cyber-threat-intelligence/threats/zeus/
• Smart card controlled via PC/SC interface
64 | Crypto smartcards - Eset 3.10.2014
ZeuS smartcard support module
| Crypto smartcards - Eset 3.10.2014
User application
winscard.dll
reader driver
USB driver
APDU
Malicious applicationMalicious app
65
Win32/Spy.Ranbyus
• Analysed by A. Matrosov
– http://www.welivesecurity.com/2012/06/05/smartcard-vulnerabilities-in-modern-banking-malware/
• Scans for available smart cards, info send to C&C
– uses PC/SC SmartCard API for scan
– later redirects communication on USB level (FabulaTechUSB for RD installed)
66 | Crypto smartcards - Eset 3.10.2014
Win32/Spy.Ranbyus
| Crypto smartcards - Eset 3.10.2014
User application
winscard.dll
reader driver
USB driver
APDU
Malicious applicationMalicious app
Remote USB redirection
67
Skimmers, PoS hacks
| Crypto smartcards - Eset 3.10.2014
APDU
Manipulated PoS firmware:
• Magnetic skimmer (+GSM)
• MitM: chip→verified by signature
68
JavaCard applet firewall issues
• Main defense for separation of multiple applets
• Platform implementations differ
– Usually due to the unclear and complex specification
• If problem exists then is out of developer’s control
• Firewall Tester project (W. Mostowski)
– Open and free, the goal is to test the platform before selection
– http://www.sos.cs.ru.nl/applications/smartcards/firewalltester/
69 | Crypto smartcards - Eset 3.10.2014
short[] array1, array2; // persistent variables
short[] localArray = null; // local array
JCSystem.beginTransaction();
array1 = new short[1];
array2 = localArray = array1; // dangling reference!
JCSystem.abortTransaction();
JavaCard applet firewall bypass
| Crypto smartcards - Eset 3.10.2014
User application
winscard.dll
reader driver
USB driver
APDU
Malicious JavaCard applet
Applet1
JCVM
Malicious applet
Applet1data
JavaCard applet firewall
70
71 | Crypto smartcards - Eset 3.10.2014
Thank you for your attention!
Questions
72 | Crypto smartcards - Eset 3.10.2014