10 protocolexamples print - school of computer science · • the spec. says that the transaction...

8
10/02/2015 1 PROTOCOL EXAMPLES Tom Chothia Intro. To Comp. Sec. Introduction This talk gives some example of protocol attacks from my research, and a research group in Cambridge. E-passports (me & Smirnov) Contactless EMV cards (me & Flavio & others) Chip and PIN cards (Cambridge). The content of this lecture will not be on the exam …but it will help you understand the last lecture and the next (which might be). 4 5 e-Passport e-Passports contain an RFID tag. It stores picture, personal details, and in some cases fingerprints. Believed to be readable from up to 50cm, can be eavesdropped on from greater distance. Read access is protected with a key based on the DoB, DoI and passport number. 6

Upload: phamkien

Post on 20-Jun-2018

219 views

Category:

Documents


0 download

TRANSCRIPT

10/02/2015  

1  

PROTOCOL EXAMPLES Tom Chothia Intro. To Comp. Sec.

Introduction •  This talk gives some example of protocol attacks from my

research, and a research group in Cambridge. •  E-passports (me & Smirnov) •  Contactless EMV cards (me & Flavio & others) •  Chip and PIN cards (Cambridge).

•  The content of this lecture will not be on the exam • …but it will help you understand the last lecture and the

next (which might be).

4

5

e-Passport

• e-Passports contain an RFID tag.

•  It stores picture, personal details, and in some cases fingerprints.

• Believed to be readable from up to 50cm, can be eavesdropped on from greater distance.

• Read access is protected with a key based on the DoB, DoI and passport number.

6

10/02/2015  

2  

Data on the Passport

• DG1: Machine readable info. • DG2: Picture • DG3: Fingerprints ( seen on German ) • DG4: Iris Scans (not seen) • DG7: Signature (not seen) • DG11+12: Optional (height&home address on FR) • DG14: Extended Access Control Options • DG15: Active Authentication public key • DG16: Emergency Contact

7

Basic Access Control

•  This protocol is run first and establishes a session key.

• Goal: stop “skimming” and eavesdropping.

• Only allows access to a reader that knows the date of birth, data of expiry and number of the passport.

8

Basic Access Control

DoB,DoE,# reader generates Km Ke 1 Reader → Passport : GET CHALLENGE 2 Passport → Reader : NP

3 Reader → Passport : {NR,NP, KR}Ke , MACKm({NR,NP, KR}Ke)

4 Passport → Reader : {NP,NR, KP}Ke ,

MACKm({NP,NR, KP}Ke)

Session key based on KP xor KR

9

Traceability

•  Portability devices lead to new kinds of attacks.

•  If a secure device you carry with you can be identified then it can be used to trace you.

•  A traceability attack is one where the attack can link two runs of the same device.

10

Error Messages

•  For a complete model we must also include the error messages from the passport.

• Each country has a different implementation of the passport.

• We use the French passport as an example.

Basic Access Control

Reader Passport —— GET CHALLENGE → Pick NP ←----- NP --------- Pick NR,KR --- {NR,NP,KR}Ke,MAC(X) → Check MAC,

Check Fails ← 6300 --

10/02/2015  

3  

Basic Access Control

Reader Passport —— GET CHALLENGE → Pick NP ←----- NP --------- Pick NR,KR --- {NR,X,KR}Ke,MACKm({NR,X,KR}Ke) → Check MAC, Nonce Check Failed ← 6A80 --

Attack Part 1

Attacker eavesdrops on Alice using her passport Reader Alice —— GET CHALLENGE → Pick random NP ←----- NP --------- Pick random NR,KR --- M = {NR,NP,KR}KAe,MACKAm({NR,NP,KR}KAe) → Attack records message M.

14

Attack Part 2

Attacker ???? —— GET CHALLENGE → Pick random NP2 ←----- NP2 --------- --- {NR,NP,KR}KAe,MACKAm({NR,NP,KR}KAe) → MAC check fails ← 6300 — It's the same passport as before.

15

Attack Part 2

Attacker ???? —— GET CHALLENGE → Pick random NP2 ←----- NP2 --------- --- {NR,NP,KR}KAe,MACKAm({NR,NP,KR}KAe) → MAC passess,

nonce fails ← 6A80 — It's the same passport as before.

16

A Time-Based Attack?

•  UK,German, Russian, Irish passport return error 6900 in both situation.

•  Our analyses shows this to be untraceable. •  But what about a timing attack?

17

The failed MAC is rejected sooner, UK passport

18

10/02/2015  

4  

19

Visa’s Protocols Shop Card

SELECT 2PAY.SYS.DDF01

AIDs of all payment apps.

SELECT Visa app ID

PDOL

PDOL = Processing Options Data Object List •  list of data the reader must provide to the card.

PDOL 9F38189F66049F02069F03069F1A0295055F2A029A039C019F37045F2D02656E9000

which parses as: 9F38 | len:18 Processing Options Data Object List (PDOL)

9F66 len:04 Card Production Life Cycle 9F02 len:06 Amount, Authorised (Numeric) 9F03 len:06 Amount, Other (Numeric) 9F1A len:02 Terminal Country Code 95 len:05 Terminal Verification Results 5F2A len:02 Transaction Currency Code 9A len:03 Transaction Date

9C len:01 Transaction Type 9F37 len:04 Unpredictable Number

Visa’s Protocols Shop Card

GPO (amount, currency, UN,. . . )

ATC,AC, SDAD, PAN

Generate nonce: Nc Session key based on ATC:

Ks=EncKbank(ATC) AC=MACKs(amount,currency,UN,..)

SDAD=Sign(amount,currency,UN,Nc..)

Visa’s Protocols Shop Card

READ RECORD

Certs

READ RECORDS

Data printed on card, Nc

• Shop reader then checks the signature on the SDAD data. •  If this is correct it shop reader accepts the payment and

sends the AC to the bank. •  The bank checks the AC and transfers the money.

10/02/2015  

5  

Visa’s PayWave

Master- card’s PayPass

Traffic: Reader: 00A404000E325041592E5359532E444446303100 Tag: 6F378407A0000000031010A52C500A56495341204445 4249549F38189F66049F02069F03069F1A0295055F2A029A039C019F37045F2D02656E9000 … Reader80A800002383213220400000000000003000000000000008260000000000082614091500338F 507800Tag7781C29F4B81804D8EC3F85EB28D9C8828E2238BFE8F922F89D08DEDA061DE7270CF6EB015109D58DC58B34706CED0BFA24A28ED3E6AE0B2908617D34199B0A3BD298187376F639F65203C84EEE7BC60B4D14F649E67C62162CAF53045E8D5A2A99E39589483A28DF24941C6AF486FEEBA0A8C6DB33978309EFF87FFF9984C9DECDFDCE6728DB19404100203009F1007060A0A0390000057134635658326570935D16042015140000001001F820220009F360200579F26083501E6BD098562889F6C0210009000

Stopping Relays: Idea 1

• Relaying all messages takes over a second.

•  The spec. says that the transaction should complete in under 500ms.

• Can we stop relay attacks by adding a time out to the reader?

• Related question: can we make the relay faster?

A Fast Relay Shop Phone1 Phone2 Card

SELECTS

PDOL

GPO

ATC,AC, SDAD, PAN

READ

RECORDS

Shop Phone1 Phone2 Card SELECT

AIDs

GPO

ATC,AC, SDAD, PAN

READ1

Static data

SELECT AID

AIDs

READ2

SSAD,Nc

READ2

SSAD,Nc

SELECT

AIDs

UN, amount GPO

ATC,AC,SDAD,PAN AC, SDAD

Nc

10/02/2015  

6  

Relay timing • We measured the exact transaction times for a number of cards. •  Fastest 330ms •  Slowest 637ms

• Fastest relayed transaction: 485ms

• Placement of card can have an affect > 80ms for longest messages.

• ABN Amro (Dutch) •  Time for card to complete a

purchase: 637ms •  Time for relay to complete

a purchase:627ms.

Stopping Relays: Idea 2 • Why not just time-bound the important crypto message?

•  GPO for Visa’s payWave •  GENERATE AC for Mastercard’s PayPass

• Problem: these are the steps that require the cards to do crypto, which shows more variance than any other messages. •  Fastest payWave GPO: 105ms •  Slowest payWave GPO: 364ms

• We were able to relay the fastest response in 208ms.

Key Observation Protocol

•  The non-crypto messages are predictable and therefore can be time bound.

• But in the current protocols all none crypto messages can be cached.

• We tweak the protocol, so there is a non-crypto message that can be time-bound.

PayWave

PayPass

Pay Wave

PaySafe

Pay Wave

10/02/2015  

7  

PaySafe Timing •  Time for cards to respond to a message of this length =

28 to 36ms.

•  Time to relay a message of this length: 100ms

• So the reader will time out after 80ms.

• No phone or USB reader will be able to relay this message.

•  Faster purpose build hardware costs tens of thousands of pounds.

PaySafe

Pay Wave

Chip & PIN (contact) protocol

10/02/2015  

8  

ATM protocol Investigating the ATM machines

•  They found that many ATM just a counter, or weak random number as the nonce.

ATM protocol Attack • Attacker must run a shop with a card reader. • Attacker goes to an ATM and records the nonce. • Victim goes into Attackers shop and buys something. • Attacker’s card reader requests lots of cryptograms from

the victim’s card using the nonces that the ATM machine will use.

• Attacker goes to the ATM and replays the cryptogram. • Attacker gets cash from victims account.

Cambridge group claims this has really happened.

Conclusion • Almost everything we do electronically relies on a

protocol.

• Many of these protocols are flawed •  Either by design •  Or by implementation.

• Careful & formal analysis can find these errors,

• which can be exploited in real life.