PetrŠvenda [email protected] Faculty of Informatics ...xsvenda/SmartCards_Svenda... · • Application code & keys never leave thecard –smart card can do complicated programmable

Cryptographic smart cards

Multi-application cryptographic smart cards and their practical security

Petr Švenda [email protected]

Faculty of Informatics, Masaryk University

Outline

• Short intro to smart cards

• Typical usage scenarios

• Multi-application smart cards (JavaCard)

• Platform performance and capabilities

• Attacks against smart cards

2 | Crypto smartcards - Eset 3.10.2014

Centre for Research on Cryptography and Security

• Formerly Laboratory of Security and Applied

Cryptography (Labak)

• Established 2006 at the Faculty of Informatics of the

Masaryk University, Brno

• Security-related university courses

• Laboratory for students

• Applied research with commercial partners


Something about me...

| Crypto smartcards - Eset 3.10.2014

+

⇒Genetic programming

Secrecy amplification protocols for WSNRandom distinguisher for crypto fncs

Distributed computing

4


Power analysis

Security programming

5

Something about me...


http://astrolight.cz

6

INTRO TO SMART CARDS


Basic types of (smart) cards

• Contactless “barcode”

– Fixed identification string (RFID, < 5 cents)

• Simple memory cards (magnetic stripe, RFID)

– Small write memory (< 1KB) for data, (~10 cents)

• Memory cards with PIN protection

– Memory (< 5KB), simple protection logic (<$1)


Basic types of (smart) cards (2)

• Cryptographic smart cards

– Support for (real) cryptographic algorithms

– Mifare Classic ($1), Mifare DESFire ($3)

• User-programmable smart cards

– Java cards, .NET cards, MULTOS cards ($10-$30)


Cryptographic smart cards

• SC is quite powerful device

– 8-32 bit procesors @ 5-20MHz

– persistent memory 32-100kB (EEPROM)

– volatile fast RAM, usually <<10kB

– truly random generator

– cryptographic coprocessor (3DES, RSA-2048,...)

• 8.05 billion units shipped in 2013 (ABI Research)

– mostly smart cards

– telco, payment and loyalty...


EEPROM

CPU

CRYPTO

SRAM

ROM

RNG

chip

10

Smart cards forms

• Many possible forms

– ISO 7816 standard

– SIM size, USB dongles, Java rings…

• Contact(-less), hybrid/dual interface

– contact physical interface

– contact-less interface

• chip powered by current induced on antenna by reader

• reader→chip communication - relatively easy

• chip→ reader – dedicated circuits are charged, more power

consumed, fluctuation detected by reader

– hybrid card – separate logics on single card

– dual interface – same chip accessible contact & c-less


Main advantages of crypto smart cards

• High-level of security (CC EAL4 and higher)

• Fast cryptographic coprocessor

• Programmable secure execution environment

• Secure memory and storage

• On-card asymmetric key generation

• High-quality and very fast RNG

• Possibility for secure remote card control


MODES OF USAGE


Smart card carries fixed information

• Fixed information ID transmitted, no secure channel

• Low cost solution (nothing “smart” needed)

• Problem: Attacker can eavesdrop and clone chip


Smart card as a secure carrier

• Key(s) stored on a card, loaded to a PC before

encryption/signing/authentication, then erased

• High speed usage of key possible (>>MB/sec)

• Attacker with an access to PC during operation will

obtain the key

– key protected for transport, but not during the usage


Smart card as encryption/signing device

• PC just sends data for encryption/signing…

• Key never leaves the card

– personalized in secure environment

– protected during transport and usage

• Attacker must attack the smart card

– or wait until card is inserted and PIN entered!

• Low speed encryption (~kB/sec)

– low communication speed / limited card performance


Smart card as computational device

• PC just sends input for application on smart card

• Application code & keys never leave the card

– smart card can do complicated programmable actions

– can open secure channels to other entity

• secure server, trusted time service…

• PC act as a transparent relay only (no access to data)

• Attacker must attack the smart card or input


Smart card as root of trust (TPM)

• Secure boot process, remote attestation

• Smart card provides robust store with integrity

• Application can verify before pass control

(measured boot)

• Computer can authenticate with remote entity…



http://technet.microsoft.com/en-US/windows/dn168167.aspx

Author: Guillaume Piolle

Smart cards are used for…

• SIM modules (GSM)

• On-card digital signatures (OpenPGP)

• Bank payment card (EMV standard)

• System authentication (PKCS#11, Radius…)

• Operations authorizations (electronic banking)

• ePassports (ICAO BAC/EAC)

• Multimedia distribution (DRM)

• Secure storage and encryption device (certificates…)

• Secure boot (TPM)

• …


MULTI-APP PLATFORMS

Multi-application platforms (JavaCard, .NET, MULTOS)


Main standards

• ISO7816

– card physical properties

– physical layer communication protocol

– packet format (APDU)

• PC/SC, PKCS#11

– standardized interface on host side

– card can be proprietary

• GlobalPlatform

– remote card management interface

– secure installation of applications


User application

Card OS

Card application

Card I/O manager

contact(less)transmission

OS smart card API

smart card reader

Multi-application platforms

• MultOS

– multi-languages programming, native

compilation

– high security certifications, often bank cards

• Java Card

– open programming platform from Sun

– applets portable between cards

• Microsoft .NET for smartcards

– similar to Java Card, relatively new

– applications portable between cards


User application

Card OS

Card application

Card I/O manager

contact(less)transmission

OS smart card API

smart card reader

23

PKCS#11

• Standardized interface of security-related functions

– vendor-specific library in OS, often paid

– communication library→card proprietary interface

• Functionality cover

– slot and token management

– session management

– management of objects in smartcard memory

– encryption/decryption functions

– message digest

– creation/verification of digital signature

– random number generation

– PIN management


User Application

Vendor library

Smartcard

PKCS#11 interface

proprietary interface

CardEdge applet (PKCS#15)

OpenSC library (PKCS#11)

24

Old vs. multi-application smart cards

• One program only

• Stored persistently in

ROM o EEPROM

• Written in machine

code

– chip specific

• Multiple applications at

the same time

• Stored in EEPROM

• Written in high-level

language

• Interpreted from

bytecode

• Application can be later

managed (remotely)


Java Card basics


JavaCard specification (1996)

• Maintained by Sun Microsystems (Oracle)

• Cross-platform and cross-vendor applet interoperability

• Freely available specifications and development kits

– http://www.oracle.com/technetwork/java/javacard/index.html

• Java Card applet is Java-like application

– uploaded to a smart card

– executed by the Java Card Virtual Machine


User Application

PC/SC library

Applet1Applet2

JCVM

Java Card applets

• Writing in restricted Java syntax

– byte/short (int) only, missing most of Java objects

• Compiled using standard Java compiler

• Converted using Java Card converter

– check bytecode for restrictions

– can be signed, encrypted…

• Uploaded and installed into smartcard

– executed in JC Virtual Machine

• Communication using APDU commands

– small packets with header


JavaCard API versions

• Java Card 2.1.x/2.2.x

– widely supported versions

– basic symmetric and asymmetric cryptography algorithms

– PIN, hash functions, random number generation

– transactions, utility functions

• Java Card 2.2.2

– last version from 2.x series

– significantly extended support for algorithms and new concepts

• long “extended” APDUs, BigNumber support

• biometric capability

• external memory usage, fast array manipulation methods…

• JavaCard 3.x


Java Card 3.x

• Recent major release of Java Card specification

– significant changes in development logic

– two separate branches – Classic and Connected edition

• Java Card Classic Edition

– legacy version, extended JC 2.x

– APDU-oriented communication

• Java Card Connected Edition

– smart card perceived as web server (Servlet API)

– TCP/IP network capability, HTTP(s), TLS

– supports Java 6 language features (generics, annotations…)

– move towards more powerful target devices

– focused on different segment then classic smart cards


DEVELOPING JAVACARD APPS


Necessary tools

• Several tool chains available

– both commercial (RADIII, JCOPTools, G&D JCS Suite)

– and free (Sun JC SDK, Eclipse JC plugin…)

• We prepared tutorial and VM – try it!

– NetBeans 6.8 or later

– Java Standard Edition Development Kit 1.3 or later

– Apache Ant 1.7 or later, GPShell 1.4.2

– Java Card Development Kit 2.1.2

– Java Card Ant Tasks (from JC SDK 2.2.2)

• https://minotaur.fi.muni.cz:8443/~xsvenda/docuwiki/doku.php

?id=public:smartcard:javacardcompilation


JC development process


6. Write user Java app (javax.smartcardio.*)

1. Subclass javacard.framework.Applet

2. Compile Java→*.class (Java 1.3 binary format)

3. Convert *.class→*.jar/cap (Java Card Convertor)

4. Upload *.jar/cap→ smart card (GPShell)

5. Install applet (GPShell)

7. Use applet on smart card (APDU)

JavaCard application running model

1. Uploaded package – application binary

2. Installed applet from package – running application

3. Applet is running until deleted from card

4. Applet is suspended when power is lost

– Transient data inside RAM are erased

– Persistent data inside EEPROM remain

– Currently executed method is interrupted

5. When power is resumed

– Unfinished transactions are rolled back

– Applet continues to run with the same persistent state

– Applet waits for new command

6. Applet is deleted by service command


ALGORITHMS, PERFORMANCE

Algorithms offered, performance of the current hardware


Problem?


What kind of smart card?

Which algorithms supported?

What key lengths?

How much RAM memory?

How much persistent memory? What version

of JavaCardAPI?

Which one should I choose?

36

http://www.fi.muni.cz/~xsvenda/jcsupport.html

Supported algorithms for JavaCard smart cards

• Same hw sells in several configurations– e.g., AES present, but disabled

– additional software libraries in later versions of card

• ATR alone is not sufficient identification– hard to get product description just from ATR

– ATR can be changed via service command

– seller not always aware of details

– http://smartcard-atr.appspot.com/

• More details from certification reports like NIST FIPS 140– http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm


JCAlgTester project (test app & database)



Supported algorithms - extract

• Always supported: TRNG, 3DES, RSA-1024b,

SHA-1, MD5, on-card key generation

• Supported by newer cards: AES-128/196/256,

RSA-2048b, ECC

• Usually supported by newer cards: SHA2-256,

EC-DH key agreement


Easier than ever to contribute

• Contribute with your card (please ☺)

1. Download zip with most recent binaries

https://github.com/petrs/JCAlgTest

2. Upload cap file to your card (e.g., via GPShell)

3. Run Java application AlgTestJClient

4. Send me resulting *.csv file ([email protected])

• Fork me on GitHub and help development

– https://github.com/petrs/JCAlgTest

– TODO: new testing modes, performance testing...



Basic crypto - performance

• DES, AES (one block) ~ 3-10ms

• SHA-1/SHA-2 (one block) ~ 3-6ms

• RandomData (16B) ~ 1-5ms


SHA-1

Asymmetric cryptography - performance

• RSA-2048b private key operation ~ 80-200ms

• RSA-2048b public key operation ~ 40-70ms

• RSA-2048b key pair generation ~ 3-100sec (avg 20)

• ECC-193b key pair generation ~ 50-600ms (stable)


RSA-2048b, 1000 keys

What if algorithm is not supported?

• JavaCard API is limited

– And not all algorithms from standard are supported by particular card

• Own implementation can be written (bytecode)

• Expect much lower performance

– bytecode interpreted by JCVM

• Expect lower resilience against attacks

– side channel, fault induction…

• Still doable, see (AES, SHA2-512, OAEP)

http://www.fi.muni.cz/~xsvenda/jcalgs


COMMUNICATION

Communicating with smart card


How to communicate with our applet?

• Various existing tools for APDU sending

– e.g., GPShell and send_apdu command

• Possibility to send APDU from our own program

– PC/SC standard (PC/SC-lite on Linux)

– SCardxxx Win32 API (winscard.dll)

– javax.smartcardio.* API for Java 6

– android.nfc.*

– …


Proximity-based credentials control


• Gradual authorization/credential (x PIN-only)

• Mobile phone (Android) with NFC reader, ISO/IEC 14443

• Credentials with different level of sensitivity

46

ATTACKS

Invasive attacks

Semi-invasive attacks

Logical attacks


Basic types of attacks

• Invasive

– physical de-packaging, chip is often destroyed

– reading microprobes, direct memory access

– usually high cost attack, but eventually possible

• Semi-invasive

– often de-packaging, but chip still works

– optical fault induction, voltage peaks…

– often low cost

• Non-invasive

– passive observation, chip not affected

– timing and power analysis

• Application-level attacks48 | Crypto smartcards - Eset 3.10.2014

Basic setup for power analysis


Smart card

Smart card reader

Inverse card connector

Oscilloscope

Resistor 20-80 ohm

Probe

49

More advanced setup for power analysis


Ethernet

Tested smartcard

External power supply

SCSAT04 measurement board

50

Reverse engineering of Java Card

bytecode• Goal: obtain code back from smart card

– JavaCard defines around 140 bytecode instructions

– JVM fetch instruction and execute it


(source code)

m_ram1[0] = (byte) (m_ram1[0] % 1);

(bytecode)

getfield_a_this 0;sconst_0;baload;sconst_1;srem;bastore;

(power trace)

compiler oscilloscope

51

Conditional jumps

• may reveal sensitive info

• keys, internal branches…


(bytecode)

sload_1;

ifeq_w L2;

L1: getfield_a_this 0;

sconst_0;

sconst_0;

bastore;

goto L3;

L2: getfield_a_this 0;

sconst_0;

sconst_1;

bastore;

goto L3;

L3: …

(source code)

if (key == 0) m_ram1[0] = 1;else m_ram1[0] = 0;

compileroscilloscope

(power trace, k != 0)

(power trace, k == 0)

52

Analyzing API via power analysis

OpenPlatform Secure channel protocol (SCP’01)

INIT_UPDATE operation53 | Crypto smartcards - Eset 3.10.2014

Application attacks

• Focus on logical attacks possible by “malware”

– No physical access to target card is assumed, remote attacks

– Man-in-the middle attacks

– Redirection of traffic, remote smart card access

• Target applications

– Banking app (login, transaction authorization)

– Resources protected by two-factor authentication (VPNs…)

– DRM applications (user is attacker)

– Citizen ID cards (ID theft)

– …


Where to log/manipulate communication?


User application

PC/SC(winscard.dll)

reader driver

USB driver

APDU

Code inject application

Virtual reader, change/inject new driver

SW USB sniffer

HW USB sniffer

In-card logger

Load malicious dll (stub)

55

Malicious reader firmware

Let’s write own winscard.dll (PC/SC)


User application

winscard.dll (stub)

original.dll

[begin]

SCardTransmit (handle 0xEA010001)# apduCounter:0#

totalBytesINCounter:1#

transmitted:00 a4 04 00 0a a0 00 00 00 28 80 10 30 01 ff

responseTime:31#

SCardTransmit result:0x0#

received:6a 81

SCardTransmit (handle 0xEA010001)# apduCounter:1#

totalBytesINCounter:16#

…

based on ApduView utility (by Fernandes)

http://www.fi.muni.cz/~xsvenda/apduinspect.html

56

winscard.dll

What can you do then…

• Log all APDU send via SCardTransmit()

• Log all SCardXXX function calls



Not only logging…

• Manipulate incoming/outgoing APDUs

– modify packet content

– replay of previous packets

– simulate presence of smart card

– …


[RULE1]

MATCH1=in=1;t=0;cla=00;ins=a4;p1=04;

ACTION=in=0;data0=90 00;le=02;

00 a4 04 00 08 01 02 03 04 05 06 07 08

winscard.dll (stub)

90 00

59

Even more…

• Reorder smart card readers reported by system

– SCardListReaders()

– some applications connect to the first reader only

• Add virtual reader

– and handle all corresponding SCardTransmit()

– easier than smart card mini-driver

– (and no need for driver signature)

• Redirect communication via socket to remote machine -

remote smart card via TCP/IP


ATTACKS IN THE WILD

How smart cards are attacked in the wild


German banking malware (2009)

• Two-factor authorization of transactions (chipTAN/cardTAN)

• Application code injection

– modifies info about transaction and balance shown to user in browser

– intercepts/modifies transaction data for signature by smart card

– http://www.cio.com/article/2429854/infrastructure/german-police--two-

factor-authentication-failing.html

• The Fairy Tale of “What You See Is What You Sign” - Trojan

Horse Attacks on Software for Digital Signatures (2001)

– http://www.hanno-langweg.de/hanno/research/scits01p.pdf

– Importance of physical PIN-pad and display of transaction amount

independently


German banking malware


User application

winscard.dll

reader driver

USB driver

APDU

Code inject application

63

ZeuS smartcard support module

• ZeuS Banking Trojan (2010, 2012)

– Analysed by A. Matrosov, Group-IB and others

– http://www.welivesecurity.com/2010/11/05/dr-zeus-the-bot-in-the-hat/

– http://www.secureworks.com/cyber-threat-intelligence/threats/zeus/

• Smart card controlled via PC/SC interface


ZeuS smartcard support module


User application

winscard.dll

reader driver

USB driver

APDU

Malicious applicationMalicious app

65

Win32/Spy.Ranbyus

• Analysed by A. Matrosov

– http://www.welivesecurity.com/2012/06/05/smartcard-vulnerabilities-in-modern-banking-malware/

• Scans for available smart cards, info send to C&C

– uses PC/SC SmartCard API for scan

– later redirects communication on USB level (FabulaTechUSB for RD installed)


Win32/Spy.Ranbyus


User application

winscard.dll

reader driver

USB driver

APDU

Malicious applicationMalicious app

Remote USB redirection

67

Skimmers, PoS hacks


APDU

Manipulated PoS firmware:

• Magnetic skimmer (+GSM)

• MitM: chip→verified by signature

68

JavaCard applet firewall issues

• Main defense for separation of multiple applets

• Platform implementations differ

– Usually due to the unclear and complex specification

• If problem exists then is out of developer’s control

• Firewall Tester project (W. Mostowski)

– Open and free, the goal is to test the platform before selection

– http://www.sos.cs.ru.nl/applications/smartcards/firewalltester/


short[] array1, array2; // persistent variables

short[] localArray = null; // local array

JCSystem.beginTransaction();

array1 = new short[1];

array2 = localArray = array1; // dangling reference!

JCSystem.abortTransaction();

JavaCard applet firewall bypass


User application

winscard.dll

reader driver

USB driver

APDU

Malicious JavaCard applet

Applet1

JCVM

Malicious applet

Applet1data

JavaCard applet firewall

70


Thank you for your attention!

Questions


PetrŠvenda [email protected] Faculty of Informatics ...xsvenda/SmartCards_Svenda... · • Application code & keys never leave thecard –smart card can do complicated programmable

Documents