10 protocolexamples print - school of computer science · • the spec. says that the transaction...
TRANSCRIPT
10/02/2015
1
PROTOCOL EXAMPLES Tom Chothia Intro. To Comp. Sec.
Introduction • This talk gives some example of protocol attacks from my
research, and a research group in Cambridge. • E-passports (me & Smirnov) • Contactless EMV cards (me & Flavio & others) • Chip and PIN cards (Cambridge).
• The content of this lecture will not be on the exam • …but it will help you understand the last lecture and the
next (which might be).
4
5
e-Passport
• e-Passports contain an RFID tag.
• It stores picture, personal details, and in some cases fingerprints.
• Believed to be readable from up to 50cm, can be eavesdropped on from greater distance.
• Read access is protected with a key based on the DoB, DoI and passport number.
6
10/02/2015
2
Data on the Passport
• DG1: Machine readable info. • DG2: Picture • DG3: Fingerprints ( seen on German ) • DG4: Iris Scans (not seen) • DG7: Signature (not seen) • DG11+12: Optional (height&home address on FR) • DG14: Extended Access Control Options • DG15: Active Authentication public key • DG16: Emergency Contact
7
Basic Access Control
• This protocol is run first and establishes a session key.
• Goal: stop “skimming” and eavesdropping.
• Only allows access to a reader that knows the date of birth, data of expiry and number of the passport.
8
Basic Access Control
DoB,DoE,# reader generates Km Ke 1 Reader → Passport : GET CHALLENGE 2 Passport → Reader : NP
3 Reader → Passport : {NR,NP, KR}Ke , MACKm({NR,NP, KR}Ke)
4 Passport → Reader : {NP,NR, KP}Ke ,
MACKm({NP,NR, KP}Ke)
Session key based on KP xor KR
9
Traceability
• Portability devices lead to new kinds of attacks.
• If a secure device you carry with you can be identified then it can be used to trace you.
• A traceability attack is one where the attack can link two runs of the same device.
10
Error Messages
• For a complete model we must also include the error messages from the passport.
• Each country has a different implementation of the passport.
• We use the French passport as an example.
Basic Access Control
Reader Passport —— GET CHALLENGE → Pick NP ←----- NP --------- Pick NR,KR --- {NR,NP,KR}Ke,MAC(X) → Check MAC,
Check Fails ← 6300 --
10/02/2015
3
Basic Access Control
Reader Passport —— GET CHALLENGE → Pick NP ←----- NP --------- Pick NR,KR --- {NR,X,KR}Ke,MACKm({NR,X,KR}Ke) → Check MAC, Nonce Check Failed ← 6A80 --
Attack Part 1
Attacker eavesdrops on Alice using her passport Reader Alice —— GET CHALLENGE → Pick random NP ←----- NP --------- Pick random NR,KR --- M = {NR,NP,KR}KAe,MACKAm({NR,NP,KR}KAe) → Attack records message M.
14
Attack Part 2
Attacker ???? —— GET CHALLENGE → Pick random NP2 ←----- NP2 --------- --- {NR,NP,KR}KAe,MACKAm({NR,NP,KR}KAe) → MAC check fails ← 6300 — It's the same passport as before.
15
Attack Part 2
Attacker ???? —— GET CHALLENGE → Pick random NP2 ←----- NP2 --------- --- {NR,NP,KR}KAe,MACKAm({NR,NP,KR}KAe) → MAC passess,
nonce fails ← 6A80 — It's the same passport as before.
16
A Time-Based Attack?
• UK,German, Russian, Irish passport return error 6900 in both situation.
• Our analyses shows this to be untraceable. • But what about a timing attack?
17
The failed MAC is rejected sooner, UK passport
18
10/02/2015
4
19
Visa’s Protocols Shop Card
SELECT 2PAY.SYS.DDF01
AIDs of all payment apps.
SELECT Visa app ID
PDOL
PDOL = Processing Options Data Object List • list of data the reader must provide to the card.
PDOL 9F38189F66049F02069F03069F1A0295055F2A029A039C019F37045F2D02656E9000
which parses as: 9F38 | len:18 Processing Options Data Object List (PDOL)
9F66 len:04 Card Production Life Cycle 9F02 len:06 Amount, Authorised (Numeric) 9F03 len:06 Amount, Other (Numeric) 9F1A len:02 Terminal Country Code 95 len:05 Terminal Verification Results 5F2A len:02 Transaction Currency Code 9A len:03 Transaction Date
9C len:01 Transaction Type 9F37 len:04 Unpredictable Number
Visa’s Protocols Shop Card
GPO (amount, currency, UN,. . . )
ATC,AC, SDAD, PAN
Generate nonce: Nc Session key based on ATC:
Ks=EncKbank(ATC) AC=MACKs(amount,currency,UN,..)
SDAD=Sign(amount,currency,UN,Nc..)
Visa’s Protocols Shop Card
READ RECORD
Certs
READ RECORDS
Data printed on card, Nc
• Shop reader then checks the signature on the SDAD data. • If this is correct it shop reader accepts the payment and
sends the AC to the bank. • The bank checks the AC and transfers the money.
10/02/2015
5
Visa’s PayWave
Master- card’s PayPass
Traffic: Reader: 00A404000E325041592E5359532E444446303100 Tag: 6F378407A0000000031010A52C500A56495341204445 4249549F38189F66049F02069F03069F1A0295055F2A029A039C019F37045F2D02656E9000 … Reader80A800002383213220400000000000003000000000000008260000000000082614091500338F 507800Tag7781C29F4B81804D8EC3F85EB28D9C8828E2238BFE8F922F89D08DEDA061DE7270CF6EB015109D58DC58B34706CED0BFA24A28ED3E6AE0B2908617D34199B0A3BD298187376F639F65203C84EEE7BC60B4D14F649E67C62162CAF53045E8D5A2A99E39589483A28DF24941C6AF486FEEBA0A8C6DB33978309EFF87FFF9984C9DECDFDCE6728DB19404100203009F1007060A0A0390000057134635658326570935D16042015140000001001F820220009F360200579F26083501E6BD098562889F6C0210009000
Stopping Relays: Idea 1
• Relaying all messages takes over a second.
• The spec. says that the transaction should complete in under 500ms.
• Can we stop relay attacks by adding a time out to the reader?
• Related question: can we make the relay faster?
A Fast Relay Shop Phone1 Phone2 Card
SELECTS
PDOL
GPO
ATC,AC, SDAD, PAN
READ
RECORDS
Shop Phone1 Phone2 Card SELECT
AIDs
GPO
ATC,AC, SDAD, PAN
READ1
Static data
SELECT AID
AIDs
READ2
SSAD,Nc
READ2
SSAD,Nc
SELECT
AIDs
UN, amount GPO
ATC,AC,SDAD,PAN AC, SDAD
Nc
10/02/2015
6
Relay timing • We measured the exact transaction times for a number of cards. • Fastest 330ms • Slowest 637ms
• Fastest relayed transaction: 485ms
• Placement of card can have an affect > 80ms for longest messages.
• ABN Amro (Dutch) • Time for card to complete a
purchase: 637ms • Time for relay to complete
a purchase:627ms.
Stopping Relays: Idea 2 • Why not just time-bound the important crypto message?
• GPO for Visa’s payWave • GENERATE AC for Mastercard’s PayPass
• Problem: these are the steps that require the cards to do crypto, which shows more variance than any other messages. • Fastest payWave GPO: 105ms • Slowest payWave GPO: 364ms
• We were able to relay the fastest response in 208ms.
Key Observation Protocol
• The non-crypto messages are predictable and therefore can be time bound.
• But in the current protocols all none crypto messages can be cached.
• We tweak the protocol, so there is a non-crypto message that can be time-bound.
PayWave
PayPass
Pay Wave
PaySafe
Pay Wave
10/02/2015
7
PaySafe Timing • Time for cards to respond to a message of this length =
28 to 36ms.
• Time to relay a message of this length: 100ms
• So the reader will time out after 80ms.
• No phone or USB reader will be able to relay this message.
• Faster purpose build hardware costs tens of thousands of pounds.
PaySafe
Pay Wave
Chip & PIN (contact) protocol
10/02/2015
8
ATM protocol Investigating the ATM machines
• They found that many ATM just a counter, or weak random number as the nonce.
ATM protocol Attack • Attacker must run a shop with a card reader. • Attacker goes to an ATM and records the nonce. • Victim goes into Attackers shop and buys something. • Attacker’s card reader requests lots of cryptograms from
the victim’s card using the nonces that the ATM machine will use.
• Attacker goes to the ATM and replays the cryptogram. • Attacker gets cash from victims account.
Cambridge group claims this has really happened.
Conclusion • Almost everything we do electronically relies on a
protocol.
• Many of these protocols are flawed • Either by design • Or by implementation.
• Careful & formal analysis can find these errors,
• which can be exploited in real life.