PV204 Security technologies Cryptographic smartcards, attacks against two-factor Petr Švenda svenda@fi.muni.cz @rngsec Centre for Research on Cryptography and Security, Masaryk University www.crcs.cz/rsa Check-in activity: how to stay awake • Any idea what we can do, prepare, try… to help us stay awake? • (5 minutes) | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa Overview 1. 2. 3. 4. 5. What smart cards are? What smart cards are capable of? How to manage smart cards? Lightweight secure channel protocols Two-factor authentication and some attacks | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa Smart card basics What A Smart card is? | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa Basic types of (smart) cards 1. Contactless “barcode” – Fixed identification string (RFID, < 5 cents) 2. Simple memory cards (magnetic stripe, RFID) – Small write memory (< 1KB) for data, (~10 cents) 3. Memory cards with PIN protection – Memory (< 5KB), simple protection logic (<$1) | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa Basic types of (smart) cards (2) 4. Cryptographic smart cards – Support for (real) cryptographic algorithms – Mifare Classic ($1), Mifare DESFire ($3) 6. User-programmable cryptographic smart cards – JavaCard, .NET card, MULTOS cards ($2-$30) •. Chip manufacturers: NXP, Infineon, Gemalto, G&D, Oberthur, STM, Atmel, Samsung... We will mainly focus on these two categories | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa CRYPTO SRAM CPU ROM Cryptographic smart cards • SC is quite powerful device – – – – RNG chip 8-32 bit processor @ 5-50MHz persistent memory 32-100s kB (EEPROM) volatile fast RAM, usually <<20kB truly random generator, cryptographic coprocessor (3DES, AES, RSA-2048...) EEPROM • ~10 billion units shipped in 2018 (EUROSMART) – mostly smart cards, telco, payment and loyalty... – ~1.5 billion contactless (EUROSMART) • Intended for physically unprotected environment – NIST FIPS140-2 standard, security Level 4 – Common Criteria EAL4+/5+ | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa Payment Telco http://www.eurosmart.com/facts-figures.html | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa Smartcards used in wider system | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa Big picture – terminal/reader and card Merchant payment Digital signature What principles and standards are used? | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa Group activity: smartcard stack • • • • • (Imagine e.g., digital signature application with private key on smartcard) Organize and glue floating items into smartcard stack Use internet… (but don’t google for my slides from previous years ) Annotate with own comment (what is the item about) (15 minutes) • Combine results found by groups • (5 minutes) | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa PC application with direct control: GnuPG, GPShell PC application via library: browser TLS, PDF sign… Libraries PKCS#11, OpenSC, JMRTD Custom app with direct control Smartcard control language API C/C# WinSCard.h, Java java.smartcardio.*, Python pyscard System smartcard interface: Windows’s PC/SC, Linux’s PC/SC-lite Manage readers and cards, Transmit ISO7816-4’s APDU Readers Contact: ISO7816-2,3 (T=0/1) Contactless: ISO 14443 (T=CL) APDU packet API: EMV, GSM, PIV, OpenPGP, ICAO 9303 (BAC/EAC/SAC) OpenPlatform, ISO7816-4 cmds, custom APDU Card application 1 Card application 2 Card application 3 SC app programming: JavaCard, MultOS, .NET | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa APDU (Application Protocol Data Unit) • APDU is basic logical communication datagram – header (5 bytes) and up to ~256 bytes of user data • Format specified in ISO7816-4 • Header/Data format – – – – – – CLA – instruction class INS – instruction number P1, P2 – optional data Lc – length of incoming data Data – user data Le – length of the expected output data • Some values of CLA/INS/P1/P2 standardized • Custom values used by application developer | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa What values of APDU header are used? • Standardized values for selected application – Improves interoperability – https://web.archive.org/web/20180721010834/http://techmeonline.com/most-u sed-smart-card-commands-apdu/ • Custom commands for proprietary application – Your own API | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa Smartcard algorithms and performance | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa Common algorithms • Basic - cryptographic co-processor – – – – – – Truly random data generator 3DES, AES128/256 MD5, SHA1, SHA-2 256/512 RSA (up to 2048b common, 4096 possible) ECC (up to 192b common, 384b possible) Diffie-Hellman key exchange (DH/ECDSA) • Custom code running in secure environment – E.g. HMAC, OTP code, re-encryption – Might be significantly slower (e.g., SW AES 50x slower) | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa Cryptographic operations • Supported algorithms (JCAlgTester, almost 90 cards) – https://github.com/crocs-muni/JCAlgTest – https://www.fi.muni.cz/~xsvenda/jcsupport.html | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa What is the typical performance? • Hardware differ significantly – Clock multiplier, memory speed, crypto coprocessor… • Typical speed of operation is: – – – – Milliseconds (RNG, symmetric crypto, hash) Tens of milliseconds (transfer data in/out) Hundreds of millisecond (asymmetric crypto) Seconds (RSA keypair generation) • Operation may consists from multiple steps – Transmit data, prepare key, prepare engine, encrypt – → additional performance penalty | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa https://jcalgtest.org Performance tables for common cards • Visit https://jcalgtest.org Is faster always better? What influences the speed? | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa https://jcalgtest.org Performance with variable data lengths Limited memory and resources may cause non-linear dependency on a processed data length | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa How many cryptographic engines? | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa Smart card management What functionality would require? | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa Motivation • • • • How to upload, install and remove applications? Who should be allowed to upload/remove apps? What if multiple mutually distrusting apps on card? How to update application in already issued card? • Need for cross-platform interoperable standard – Many manufactures and platform providers | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa Globalplatform | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa GlobalPlatform • Specification of API for card administration – – – – Upload/install/delete applications Card lifecycle management Card security management Security mechanisms and protocols • Newest is GlobalPlatform Card Specification v2.3 – December 2015 – Previous versions also frequently used – http://www.globalplatform.org/specificationscard.asp | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa GlobalPlatform – main terms • Smart card life cycle – – – – OP_READY, INITIALIZED (prepared for personalization) SECURED (issued to user, use phase) CARD_LOCKED (temporarily locked (attack), unlock to SECURED) TERMINATED (logically destroyed) Card Manager Security Domain 1 Security Domain 2 • Card Manager (CM) – Special card component responsible for administration and card system service functions (cannot be removed) • Security Domain (SD) – Logically separated area on card with own access control – Enforced by different authentication keys www.crcs.cz/rsa | PV204 Smartcards 12.3.2019 GlobalPlatform – main terms • Card Content (apps,data) Management – Content verification, loading, installation, removal Card Manager Security Domain 1 Applet 2 Applet 1 Security Domain 2 Applet 3 • Security Management – – – – Security Domain locking, Application locking Card locking, Card termination Application privilege usage, Security Domain privileges Tracing and event logging • Command Dispatch – Application selection – (Optional) Logical channel management | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa Card Production Life Cycle (CPLC) • • • • • Manufacturing metadata Dates (OS, chip) Circuit serial number (not mandatory) GlobalPlatform APDU – 80 CA 9F 7F 00 – gppro --info • ISO7816 APDU – 00 CA 9F 7F 00 | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa Two factor authentication | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa Two-factor authentication • Two factors with tokens/smart cards – Token (smart card, phone) + Knowledge (PIN, Password) 1. Authorize transaction with card and PIN 2. Authenticate with password and SMS 3. Authenticate user with One-Time Password (OTP) generated on mobile phone (stored secret key) after screen unlock (pattern) 4. U2F token (password + token + button press) 5. … How to attack two-factor? | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa Application uses PC/SC interface (SCardxx) User application winscard.dll reader driver USB driver APDU | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa Where to log communication? User application In-application logging winscard.dll reader driver USB driver “Stub” winscard.dll logging Virtual reader HW USB sniffer In-card logger APDU SW USB sniffer HW ISO7816 T=0/1 | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa For attacking two-factor, logging is usually not enough • Manipulate incoming/outgoing APDUs – – – – modify packet content (change receiver account number) replay of previous packets (pay twice) simulate presence of smart card 00 a4 04 00 08 01 02 03 04 05 06 07 08 … winscard.dll (stub) 90 00 [RULE1] MATCH1=in=1;t=0;cla=00;ins=a4;p1=04; ACTION=in=0;data0=90 00;le=02; | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa German banking malware (2009) • Two-factor authorization of transactions (chipTAN/cardTAN) • Application code injection – modifies info about transaction and balance shown to user in browser – intercepts/modifies transaction data for signature by smart card – http://www.cio.com/article/2429854/infrastructure/german-police--two-factor-authentication-fa iling.html • The Fairy Tale of “What You See Is What You Sign” - Trojan Horse Attacks on Software for Digital Signatures (2001) – http://www.hanno-langweg.de/hanno/research/scits01p.pdf – Importance of physical PIN-pad and display of transaction amount independently | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa German banking malware User application Code inject application winscard.dll reader driver USB driver APDU | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa Win32/Spy.Ranbyus • Analysed by A. Matrosov – http://www.welivesecurity.com/2012/06/05/smartcard-vulnerabilities-in-modernbanking-malware/ • Scans for available smart cards, info send to C&C – uses PC/SC SmartCard API for scan – later redirects communication on USB level (FabulaTech USB for RD installed) | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa Win32/Spy.Ranbyus User application Malicious app winscard.dll reader driver USB driver Malicious application APDU Remote USB redirection | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa Skimmers, PoS hacks Manipulated PoS firmware: • Magnetic skimmer (+ send data over GSM) • MitM: chip→verified by signature APDU | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa Recall U2F how can you attack U2F if PC/SC layer is controlled? | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa FIDO U2F protocol https://developers.yubico.com/U2F/Protocol_details/Overview.html | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa Malicious PC/SC How to authenticate and communicate securely? Secure channel Protocol (for smartcards) | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa TLS handshake | PV204 Smartcards 12.3.2019 Credit: Cloudflare www.crcs.cz/rsa Why not to use TLS all the time? 1. Requires asymmetric cryptography – Unsuitable for slower devices 2. Requires long keys – Unsuitable for devices with small memory 3. Requires significant data overhead (~6.5KB) – http://netsekure.org/2010/03/tls-overhead/ 4. More lightweight protocols exist – RFID / smartcards / IoT… •. Note: TLS can be fully implemented on smartcards (but slow) – https://github.com/gilb/smart_card_TLS | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa Common lightweight SCPs • • • • • • OpenPlatform SCP’01,’02 (3DES-based) OpenPlatform SCP‘10 (RSA-based) OpenPlatform SCP’03 (AES-based) ISO/IEC 7816-4 Secure Messaging ePassports Basic Access Control (3DES-based) ePassports Extended Access Control (3DES,RSA,DH,SHA1/2-based) | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa Example: GlobalPlatform SCP’03 • Mutual authentication (based on symmetric crypto) • Session key derivation (based on long-term keys) – NIST SP 800-108 • Message (APDU) confidentiality and integrity MAC 1. INITIALIZE UPDATE – Random challenge, card’s computations 2. EXTERNAL AUTHENTICATE – Terminal response 3. Secure messaging | PV204 Smartcards 12.3.2019 What are problems with usage of symmetric crypto? www.crcs.cz/rsa Mandatory reading • When Organized Crime Applies Academic Results – A Forensic Analysis of an In-Card Listening Device – https://eprint.iacr.org/2015/963.pdf • • • • Which academic attacks is of concern? What system is targeted? How is attack carried out? Is it protocol flaw? What can prevent this attack vector? | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa Conclusions • Smartcards are highly secure and capable modules – Programmable – Accessible (cost, API…) • Protocol stack between PC application and smartcard – PC/SC, APDU transfer, GlobalPlatform, JavaCard • Two-factor authentication is not silver bullet – But way better than password alone! Questions | PV204 Smartcards 12.3.2019 www.crcs.cz/rsa