1 smartcards & rfid erik poll digital security radboud university nijmegen
TRANSCRIPT
![Page 1: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/1.jpg)
1
Smartcards & RFID
Erik PollDigital Security
Radboud University Nijmegen
![Page 2: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/2.jpg)
2
1900's technology
![Page 3: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/3.jpg)
3
2000's technology
![Page 4: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/4.jpg)
4
Overview
• What are smartcards & RFID ?• Why use them?• Possibilities and limitations
– hardware, software, communication protocols
• Attacks on security
![Page 5: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/5.jpg)
5
What is a smartcard?
![Page 6: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/6.jpg)
6
What is a smartcard?
• Tamper-resistant computer, embedded in piece of plastic, with limited resources
• capable of securely– storing information– processing information (This is what makes a smartcard smart; stupid cards
can store but not process data)
![Page 7: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/7.jpg)
7
Smartcard form factors
• traditional credit-card sized plastic card– ISO 7816
• mobile phone SIM– cut-down in size
• contactless cards– aka proximity card
or RFID transponder/tag
– also possible: dual interface
• iButton
![Page 8: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/8.jpg)
8
Smartcard example uses
• banking cards– bank or credit card, electronic purse
• telephone card for use in public phone booths• GSM SIM• pay TV• public transport – eg London Oyster card • health cards • passports and other e-id cards• access cards
– to control access to buildings, computer networks, laptops,...
![Page 9: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/9.jpg)
9
Magnetic stripe cards
• Older mag-stripe card can only store information, without read/write protection, and cannot process it.
![Page 10: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/10.jpg)
10
Anything suspicious?
![Page 11: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/11.jpg)
11
Skimming
![Page 12: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/12.jpg)
12
Skimming
![Page 13: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/13.jpg)
13
Skimming
![Page 14: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/14.jpg)
14
Skimming
![Page 15: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/15.jpg)
15
Smartcard vs mag-stripe cards
• Smartcard cannot easily be copied or altered, unlike a mag-stripe card
• Skimming is big criminal business– copying (aka cloning) mag-stripe cards and
observing PIN codes is easy...
• Still, credit card companies in US are sticking to mag-stripe, and in Europe they are only slowly moving to smartcards– apparently, it is secure enough for them to make a
profit
![Page 16: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/16.jpg)
16
smartcard essentials
![Page 17: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/17.jpg)
17
Smartcard contacts
External power supply and external clockOn a SIM card the clock can be stopped to safe power
![Page 18: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/18.jpg)
18
Smartcard contacts
Vpp is higher voltage than Vcc needed for writing EEPROM• no longer used because of security problem
– painting over this contact prevents changes to EEPROM
![Page 19: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/19.jpg)
19
Smart vs stupid smartcards
Big range in capabilities of smartcards. Rough division:• Memory cards (stupid)
– provide a file system– possibly with some access control, or, simpler still, destructive (irreversible) writes as in old payphone-
cards – functionality hardwired in ROM
• Microprocessor cards (very smart)– contain CPU
• possibly also crypto co-processor– programmable
• program burnt into ROM, or stored in EEPROM
![Page 20: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/20.jpg)
20
Smartcard hardware
• CPU – 8 to 32 bits
• memory
– RAM – ROM (for some program code)
– EEPROM/Flash/... (“hard disk”, for code and data)
Modern cards may have 1K RAM, 16K ROM, 64K EEPROM • limited I/O: just a serial port
• possibly: crypto co-processor, random number generator
![Page 21: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/21.jpg)
21
Communication (ISO 7816)
• All subsequent communication via APDUs– Application Protocol Data Units
which are just byte sequences in particular format
• Master-Slave mode, with terminal master:1. Terminal sends command APDU2. Card replies with response APDUetc, etc ....
– Smartcard cannot initiate any actions:– on phones the phone polls the SIM periodically
![Page 22: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/22.jpg)
22
Command & response APDU
• CLA class byte• INS instruction byte• P1,P2 parameters• Lc length of data block • Data Lc bytes of data
• Response Lc bytes of data
• SW1, SW2 2 byte status word
CLA INS P1 P2 Lc ...Data .... Le
Response ...
SW1 SW2
![Page 23: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/23.jpg)
23
Smartcard software
• (Microprocessor) smartcard contains very simple operating system, capable of executing programs
• Programs can be written in– proprietary machine code language, or– higher level language, notably Java Card
Most new SIMs are now Java Cards.
![Page 24: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/24.jpg)
24
old vs new smartcards
• one program (applet)
• written in machine
code, specific to chip
• burnt into ROM or
uploaded once to
EEPROM
• applet written in high-level language (eg Java Card)• compiled into bytecode• stored in EEPROM• interpreted on card
• multi-application: several applets on one card
• post-issuance: adding or deleting applets after it's issued
![Page 25: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/25.jpg)
25
Multi-application cards
• multi-application vision: everyone carrying just one card, with all their smartcard applications
• This is not going to happen. Problems include:– trust: bank won't allow untrusted applet
code on their cards, despite any VM+ firewall security guarantees
– marketing: who gets to put their logo on the plastic?
![Page 26: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/26.jpg)
26
Post-issuance download
• Downloading additional applets protected by digital signatures
• Switched of on many cards for security reasons
• Enabled on SIMs it allows telco to install new software on the SIM
![Page 27: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/27.jpg)
27
Java Card
• dialect of Java for programming smartcards:– superset of a subset of normal Java
• subset of Java (due to hardware constraints)– no threads, doubles, strings, garbage
collection, and very restricted API• with some extras (due to hardware peculiarities)
– communication via APDUs or RMI– persistent & transient data in EEPROM &RAM– transaction mechanism
![Page 28: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/28.jpg)
28
Java Card platformJava Card platformJava Card platformJava Card platform
Java Card architecture
smartcard hardwaresmartcard hardware
app
let
app
let
app
let
app
let
ap
ple
tapp
let
Java CardVirtual Machine
Java Card API(mini OS)
![Page 29: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/29.jpg)
29
app
let
app
let
Java Card I/O with APDUs
Java Card platformJava Card platformap
ple
tapp
let
ap
ple
tapp
let
smartcard hardwaresmartcard hardware
command APDU,incl. applet ID
OS selects applet
and invokes itsprocess method
Applet sendsresponse APDU
appletexecutesa
pp
let
app
let
![Page 30: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/30.jpg)
30
Pros of JavaCard
• vendor-independance• easy to program
– higher-level language => smaller programs with fewer bugs
– standard functionality (eg for PINs) provided once by the API
• open standard– no reliance on security-by-obscurity– specs can be studied and criticised
![Page 31: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/31.jpg)
31
Cons of JavaCard
• overhead of VM makes cards slow and requires lots of memory => expensive
• ease of programming may be deceptive: non-experts programming cards may make silly mistakes– every idiot can program a JavaCard, not every idiot should
• trust: how secure is the whole JavaCard infrastructure– complicated platform, and complexity <-> security
• blank programmable JavaCard easy for attacker to experiment with– security by obscurity may have its merits...
![Page 32: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/32.jpg)
32
Java Card vs Java
Java Card applets are executed in a sandbox• like applets in a web browserBut important differences:• no bytecode verifier on most cards
– due to space required
• downloading applets controlled by digital signatures instead– plus bytecode verification, if card supports it
• sandbox more restrictive, and includes runtime firewall between applets
![Page 33: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/33.jpg)
33
Java Card Runtime Environment (JCRE = VM+API)
Java Card Runtime Environment (JCRE = VM+API)
Java Card firewall
smartcard hardwaresmartcard hardware
app
let
ap
ple
t
app
let
ap
ple
t
ap
ple
tap
ple
t eg prevents accessto public fields ofother appletsor references to objects belongingto other appletsor JCRE
![Page 34: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/34.jpg)
34
Java Card 3.0
• Releases up to Java Card 2.2.2 use traditional smartcard communication model – small byte array (APDU) sent back and forth to
applet on the card (using ISO 7816 standard)• Java Card 3.0 (March 2008) introduces new
communication model:– smartcard becomes a webserver with IP-stack etc
– applets become servletsSo you can talk http(s) to the smartcard
• Proclaimed goal:easier development of SIM services
![Page 35: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/35.jpg)
35
Why use smartcards?What are the possibilities and limitations
of smartcards?
![Page 36: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/36.jpg)
36
Why use smartcard?
SIM responsible for authentication to network•telco doesn't trust phone, but trusts SIM
![Page 37: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/37.jpg)
37
CIA and smartcards
• Confidentiality– of data (crypto keys) on card
• Integrity– of data and program code
• Authentication– because (data on) card cannot be copied
• Non-repudiation– because (data on) card cannot be copied – also logging on the smartcard (and integrity
of this log)
![Page 38: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/38.jpg)
38
crypto key K CPU
challenge c
response fK(c)
Typical use of smartcard
• key K never leaves the card
• Card issuer does not have to trust the network, the terminal, or card holder
![Page 39: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/39.jpg)
39
Example: logging on over a network
• Send password unencrypted over net (eg. rlogin) Trust network, terminal, user• Send password encrypted over net (eg. slogin) Trust terminal, user• Idem, but user, not terminal, does encryption
Trust user• Using smartcard Trust no-one, except the smartcard (NB smartcard is controlled by card issuer, not card
holder!)
![Page 40: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/40.jpg)
40
NB the problem with cryptography
Any use of crypto introduces problems:1. key distribution
• how do we generate & distribute keys?
2. key storage• where can we safely store keys?
3. en/decryption• who do we trust to perform en/decryption?
Smartcards can offer a solution
![Page 41: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/41.jpg)
41
TCB and smartcards
• Smartcard typically part of the TCB (Trusted Computing Base), ie. the trusted part of the system
• NB “trusted” is a negative quality: it means “you have to trust it” not “you can trust it”
– If any part of the TCB fails, security is broken– TCB should be as small and reliable as
possible
![Page 42: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/42.jpg)
42
RFID
![Page 43: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/43.jpg)
43
RFID tags
• RFID = Radio-Frequency IDentification • RFID devices are called tags or transponders• More powerful RFID tags can be called
(contactless) smartcards
• Inductive coupling is used for– energy transfer to card– transmission of clock signal– data transfer
![Page 44: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/44.jpg)
44
Types of RFID: different capabilities & ranges
animal identification
product identification (like bar codes)
contactless smartcards(possibly dual interface)
NFC mobile phones
![Page 45: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/45.jpg)
45
contactless smartcard inside
antennachip
![Page 46: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/46.jpg)
46
Different capabilities of RFID tags
• Simplest tags just broadcast fixed data (serial number) when activated– ie only communication from tag to reader
• Some tags provide basic file system, with simple access control
– ie reading & writing, and communication both ways• More advanced tags can do cryptographic
operations to protect data & encrypt communication
• Most advanced tags are programmable • Range can be a few mm, a few cm, a few feet
or several meters, depending on the type
![Page 47: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/47.jpg)
47
Pros & cons wireless
• Advantage– convenience– faster– contacts not subject to wear and tear
• Disadvantage– eavesdropping– virtual pickpocketing
![Page 48: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/48.jpg)
48
NFC
![Page 49: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/49.jpg)
49
Near Field Communication (NFC)
• Latest Nokia phones have NFC
• These can act as RFID tag
and as RFID reader
![Page 50: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/50.jpg)
50
NFC
• Advantage of NFC phone over smartcard:– (trusted?) display and keyboard
• Envisaged use– payment applications– RFID tags providing info to phone
• eg in information signs & billboards
![Page 51: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/51.jpg)
51
Attacks on smartcards & RFID tags
![Page 52: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/52.jpg)
52
Smartcard are not 100% secure
• Growing range of attacks (and associated countermeasures)
• Crucial question: is the risk acceptable?– are the costs of an attack larger than the
potential financial gain for the attacker?
• Threats depend on application – eg. cloning more interesting for PayTV than
GSM SIMs
![Page 53: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/53.jpg)
53
Logical & protocol attacks
Find & exploit bug in software or security protocol
• Possible weaknesses– silly programming error in card or terminal– hidden commands (eg for initialisation)– buffer overflows, eg to read past end of file– badly configured file access privileges– weaknesses in crypto-protocol
• eg replay attacks• Little equipment needed, but change of success low
![Page 54: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/54.jpg)
54
Logical & protocol attacks
Equipment• card reader• PC• maybe also a
programmable JavaCard
![Page 55: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/55.jpg)
55
Eavesdropping on card-terminal communication
![Page 56: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/56.jpg)
56
Eavesdropping on contactless card
![Page 57: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/57.jpg)
57
replay attack
• eavesdrop on communication
communication
![Page 58: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/58.jpg)
58
replay attack
• eavesdrop on communication
and make an emulator that mimics this
communication
![Page 59: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/59.jpg)
59
replay attack works on disposable Dutch public transport card!
gate cannot distinguishreal card and emulator
![Page 60: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/60.jpg)
60
challenge-response
• Better cards use challenge-response mechanism to prevent replays
n
encryptKEY{n}
random challenge n
![Page 61: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/61.jpg)
61
Mifare Classic
• > 1 billion sold– eg London metro Oyster card, Dutch public transport card,
Radboud university access cards,....
• uses proprietary crypto algorithm CRYPTO1– with 42 bit keys
• very weak crypto broked by Digital Security group– key to retrieved in seconds– Details http://www.ru.nl/ds/research/rfid/– or google YouTube for MIFARE
• Kerckhoffs principle: security of system should be based on secrecy of the key only, not on secrecy of the crypto algorithm!
![Page 62: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/62.jpg)
62
More specialised hardware attacks
![Page 63: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/63.jpg)
63
Countermeasures
• Used well-researched crypto & security protocols
• Write qualitity software– Testing– Formal verification – Perform code reviews to spot software problems– Improve OS, APIs, programming languages to make
software bugs less likely– Open research area !!
![Page 64: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/64.jpg)
64
Side-channel attacks
• Side-channel = any other channel than the normal I/O channel that may be observed
• Possible side-channels:– power consumption– timing– electro magnetic radiation– ....
• A side-channel might leak information
![Page 65: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/65.jpg)
65
Power consumption of a smartcard
![Page 66: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/66.jpg)
66
This is probably a DES encryption!
![Page 67: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/67.jpg)
67
Differential Power Analysis (DPA)
Deduce information from power consumption Simple power analysis (SPA) or Differential Power
Analysis (DPA)
Countermeasuresin software
– careful coding of crypto-algorithms– redundancy in data representation
• in hardware– add clock jitter or other noise– dual rail logic
![Page 68: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/68.jpg)
68
Power glitching
• precisely timed dip in power supply to induce fault, eg– prevent an EEPROM write
• eg to PIN counter
– read all memory cells as containing zero• eg of crypto-key
– attack crypto-algorithms attacks may leak info about keys
(DFA-Differential Fault Analysis)
![Page 69: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/69.jpg)
69
Active side-channel attacks
• Other side channels:– clock frequency – temparature/heat– light or X-rays– EM radiation
• Countermeasures:– hardware: sensors to detect changes in
voltage, etc.– software: double-checking results of
computations
![Page 70: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/70.jpg)
70
Physical (or invasive) attacks
• reverse engineer and tamper with the physical chip
• first step: getting access to chip’s surface– remove chip from the smartcard– use chemical to remove expoxy resin and
the top metal/silicon layers of the chip
![Page 71: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/71.jpg)
71
Removing chip from smartcard
![Page 72: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/72.jpg)
72
Etched smartcard with chip exposed
![Page 73: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/73.jpg)
73
Tools for physical attacks
• Microscope– optical or scanning electron microscope
(SEM)
• Focused Ion Beam (FIB)– not only observe, but also make changes:
removing or adding wires, insulators,...
• Probe station – to probe wires on the chip
![Page 74: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/74.jpg)
74
Probing
![Page 75: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/75.jpg)
75
![Page 76: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/76.jpg)
76
Probing
![Page 77: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/77.jpg)
77
Probing
• Observe data on the chip in operation• Typically: tap data on bus
– by putting needle on bus wires
• Probing can be done using– physical needles (>0.35 micron) or – electron beam
![Page 78: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/78.jpg)
78
Using Focused Ion Beam in probing
Fibbing can be used to• add probe pads for
lines too thin or fragile for needles
• surface buried lines
![Page 79: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/79.jpg)
79
Multiple layers on chip
The same gate before and after etching to remove top layer
![Page 80: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/80.jpg)
80
Using Focused Ion Beam (fibbing)
• all chips contain circuitry to check chip after production
• after testing, test logic is disabled by blowing a fuse
• FIB can restore test logic
![Page 81: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/81.jpg)
81
ROM memory content extraction
![Page 82: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/82.jpg)
82
RAM voltage contrast SEM
![Page 83: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/83.jpg)
83
Smartcards attacks - future
• Ongoing arms race between smartcard manufacturers and attackers
• Physical attacks becoming harder, due to improved countermeasures and smaller circuitry
• But increasing complexity of software on smartcard may introduce new logical attacks
![Page 84: 1 Smartcards & RFID Erik Poll Digital Security Radboud University Nijmegen](https://reader036.vdocument.in/reader036/viewer/2022062322/56649ca55503460f94965ed0/html5/thumbnails/84.jpg)
84
Smartcard attacks - conclusions
• Smartcards is not tamper-proof, as witnessed by – logical attacks– side-channel attacks: DPA, glitching– physical attacks
• Smartcards are tamper-resistant and tamper-evident, to a degree