Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
1
1
ISG Seminar 3rd November 2011
From Smart Cards to NFC Smart Phone
Security
Keith Mayes
ISG Smart Card Centre (SCC) www.scc.rhul.ac.uk www.isg.rhul.ac.uk
2
Agenda for Lecture
• Evolution of smart cards/RFIDs
• Attacks/countermeasures
• Near Field Communication (NFC)
• NFC Security Elements
• Misuse of NFC devices as attack platforms
• Other worries about phone platforms
Smart Cards with Contacts
[Gemplus Images]
Chip module interface via metal contacts Card reader makes physical contact
Contact-less Smart Cards
Chip module interface via antenna Reader uses RF field
2
5
Smart Card/RFID Trade-offs
6
RFID Tags - Passive/Active
• There are many different
contact-less tag/device formats
• The main classes are passive
and active (powered)
7
At a store near you…
Near Field Communication
• The latest standards for mobile
phones support Near Field
Communications (NFC)
• NFC is a equivalent to a
contact-less interface for the
phone
• The phone can behave as a
smart card or token
• The phone can behave as the
reader
• (Standards from
− www.nfc-forum.org)8
Recap: Normally Smart Cards as
Personalised Devices that Resist Attack
• When we are dealing with deployed/accessible devices we are not only concerned about attacks against the theoretical design of the security protection, but also its implementation and associated policies.
• Attacks can be classed under generic headings.− Logical.
− Physical/Fault.
− Timing/Side-Channel.
• Attacks that target the implementation are often referred to as “tampering”.
• Specialist devices including Hardware Security Modules (HSM), Security Elements (SE), Mobile Smart cards (SIM), trusted Platform Modules (TPM) are designed to be strongly tamper-resistant.
3
9
Hacking a popular “sport”• Wikipedia on the popular Hacking at Random Conference
− “Hacking at Random was an outdoor hacker conference that took place in
The Netherlands in August 2009. …This conference was the most recent
event in a sequence …. Galactic Hacker Party in 1989, followed by
Hacking at the End of the Universe in 1993, Hacking In Progress in 1997,
Hackers At Large in 2001, and What the Hack in 2005….
• A small selection of seminars from HAR 2009….
− RFID sniffer workshop: Assemble your own RFID sniffer and find RFID
tags in your wallet
− Cracking A5 GSM encryption
− Lock picking
− Sniffing cable modems
− Side channel analysis and fault injection
− Rootkits are awesome. Insider Threat for Fun and Profit
− Wikileaks. History is the only guidebook civilization has, but who's the
publisher?10
10
Hacking RFID a popular pastime….
11
Physical Attack Countermeasures
• In hardware security modules these are at chip level and include− Physical barriers
− Active shields
− Circuit scrambling
− Encrypted busses
− Encrypted memories
− Environment/fault sensors Source Gemalto
• In mobile equipment you have to consider protecting/obscuring sensitive chips and interfaces
− Making things hard to get at is better than nothing
− Try to impede the replacement of critical chips
12
Timing/Side Channel Attack• Side channel attacks exploit “leakage” from sensitive operations.
• The principle is simple;− An electronic circuit is made up of gates/transistors
− Switching between logic levels causes a slight variation in power consumption and a small RF emission
• The attacker captures these variations and processes them in order to extract secret/sensitive information
• The equipment needed is relatively low cost/available and the processing techniques are well published
• The attack is effective against unprotected hardware and will extract keys from good “logical” algorithms such as DES/AES etc.
4
13
NFC Modes
• Basically NFC ‘modem’ with three modes− Reader-Token Communication
− Token-Reader Communication
− Peer-to-Peer
• <<DEMOs>>
All very exciting …..but……
considerable concerns remain
about NFC security
RIM201114
The NFC Secure Element
• Starting position: “Mobile handset is not a
trusted platform”.
• Need additional trusted security component.
− Most well known example is the UICC.
• SE is security core of NFC applications.
− Tamper resistance - secure storage and management
of applications and keys.
− Security mechanisms, e.g. encryption of
communication channel.
• SE facilitates two key services.
− Secure execution of sensitive applications and their
data.
− Secure management of applications.
• Multiple form factors!
RIM2011
15
Example of a Secure Element• NXP SmartMX Secure Microcontroller Family
– Dual interface smart cards
– Embedded form factors
• NXP SmartMX2 newest addition
– Processing – 8,16,24,32 bit instruction set
– Memory - up to 384KB ROM, 8.125 KB RAM,
144 KB EEPROM and 400 KB Flash
– Security
Common Criteria – targeting EAL6+
Crypto library and co-processors (AES/DES/ECC/RSA)
– Software platform
JCOP (Java Card)
– Application management
Global Platform
NXP2011
16
Embedded SE
• SE is embedded in handset
− Smartcard in IC form factor
− Works when phone off
• No distinct ‘owner’
− Development opportunities
− Potential trust and ownership
issues
− Secure personalisation important
NXP2011
iFitIt Teardown
2011
5
17
SIM/USIM as SE
• The existing SIM/USIM is the SE.
− No extra hardware.
− SIM stable technology.
− Handset needs to support Single Wire
Protocol (SWP).
• Owned by the MNO.
− 3rd party application access?
• Variations.
− DIF-SIM: All functionality on SIM
with antenna in phone.
− SIM-Flex: All functionality on SIM
with attached antenna
NXP2011
Gemalto
2011
18
microSD SE
• SE added in SD memory slot
− No NFC capability required in handset
− Can add to any handset with slot
− Off when phone is off
• Flexibly ownership
− 3rd party owner – open for development
− SE tied to specific owner/application
• Variations
− Some units only readers or only tokens
− Secure storage and execution
• NFC module in handset
− Integrated unit
• NFC communication capability
• Antenna included
NXP2011
SDID2011
1919
Security Domains and Keys• Global Platform application management is
based on Security Domains (SD)
• Multiple SDs can be created on a SE and
associated with Service Providers (SP)
• An SP can only access manage applications
housed within its own SD.
• Example of Delegated Mode with UICC as SE
shown on right….
• An Issuer Security Domain for MNO
services, and multiple Supplementary
Security Domains (SSD) for other services
• OTA keys are used to gain access to the SE
• SSD keys are used to gain access to each of
the service domains
….Nice idea at least!….
SmartTrust2011
20
Clones/Emulators
• Products/applications tied to
specific UID not easily
transferable to other token
• Emulator can masquerade as any
token if data and/or key material
can be obtained
• A number of devices have been
demonstrated (available publicly)
for LF, HF and UHF
Credit: TU Graz, OpenPICC, Intel, Radboud University
6
21
Passive Relay
[G.P. Hancke, K. Mayes and K.Markantonakis. "Confidence in Smart Token
Proximity: Relay Attacks Revisited", Elsevier Computers & Security, June 2009.]22
A Hack a day keeps boredom away?• Hackers/enthusiasts are
very active and co-operative via forums and web sites.
• The examples here were found on the Hack-a-Day website.
• Smart Phones are becoming top targets!
23
Phone Platform Risks• As sophistication of phones grow, they become vulnerable
to all the security perils of PCs
− Rootkits, viruses, malware, trojans, keyloggers..etc..
• Phone architectures are complex and various components are “bolted” together.
• Phones are available from many sources, get unlocked, re-flashed, upgraded and cheap clone/copies are in use - so what software is actually running?
• If your security protection relies on a software only solution you are at risk.
− Hardware security provides a reliable anchor point for security.
• Phone platform security protection is often proprietary and not disclosed for verification….
24
NFC device as an attack platform!
• Attacks currently use a lot of custom built kit.
• Hence, the interest in NFC devices as attack platforms!
− Skimming - reading genuine cards.
− Clone card emulation.
• An open development platform.
• Anyone can write phone reader applications.
• Embedded secure elements are unlockable.
• Existing APIs and developer environments.
• Multiple communications links.
• A software downloaded attack application could spread
very fast!
7
25
Payment card ‘cloning’ via NFC• First generation contactless cards had
rudimentary security
− Card authentication with static data
• Develop a Skimming Tool
− MIDlet on NFC phone reads card data.
− No code signing required.
• ‘Cloning’ the card.
− Unlock SE.
− Load Java card applet with payment AID.
• Worked on POS system in lab
[ L. Francis,G. Hancke, K. Mayes, and K. Markantonakis, Potential misuse of NFC
enabled mobile phones with embedded security elements as contactless attack
platforms," Proceedings of The First International Workshop on RFID Security and
Cryptography, (RISC 2009), UK]
26
Proof-of-Concept NFC Relay Experiment• Two NFC enabled mobile phones operating in P2P
mode and participating in a legitimate transaction.
− Phone-A intends to interact with Phone-B.
− Introduce two additional proxy phones (Proxy-A and
Proxy-B) to relay the communication.
[ L. Francis, G. Hancke, K. Mayes, and K. Markantonakis, "Practical NFC Peer-
to-Peer Relay Attack using Mobile Phones". 6th Workshop on RFID Security
(RFIDSec 2010), June 7 - 9, 2010, Istanbul, Turkey].
27
Trusted NFC Phone platform?
Security Applications
go here…
Malware
goes here!
Image from Vikas Rajole MSc report 2011
'Safebot' malware running as 'root' user
28
Conclusion/Comments
• Smart Cards have been evolving and changing from cards with
contacts to contactless cards and RFIDs.
• The need for attack resistant hardware remains as cards/RFIDs
are targeted by organised hacker/enthusiast communities.
• Near Field Communications offers possibility of using the mobile
phone instead of smartcards/RFIDs or their readers.
• Security concerns around NFC have let to the definition of
Security Elements, but several competing options.
• NFC reader mode does not use the SE and so applications are at
risk from phone vulnerabilities.
• Phone architectures are complex and there are published attacks.
• NFC phones are attracting interest as convenient attack platforms!
8
29
Thank you for your
attention…
Questions ?