Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
La Carte à Puce
Nicolas T. Courtois 1, ex. 2
1 - University College of London, UK2 = [Axalto+Gemplus]
Smart Cards
2 Nicolas T. Courtois 2006-2009
Scope and References
Smart Cards
3 Nicolas T. Courtois 2006-2009
What are Smart Cards ?The eternal tension in the industry:
competition � cooperation.
1. huge set of standards:• public bodies: ISO/IEC, ETSI, etc.• 10s of intra-industry standard bodies such as
GlobalPlatform, TCG
2. many industrial/commercial/trade/security secrets
Smart Cards
4 Nicolas T. Courtois 2006-2009
Books About Smart Cards
1) Security Engineering [Cambridge]• by Ross Anderson• MUCH larger scope, may selectively read
Chapters 3-5,10,11,16, 22,26 etc.
2) Smart Card Handbook [Germany, 2002]• by Wolfgang Rankl and Wolfgang Effing
3) Smart Card Applications [Germany, 2007]• by Wolfgang Rankl
4) LATEST BOOK [RHUL, 2008]Smart Cards, Tokens, Security and Applications
• by Keith Mayes and Konstantinos Markantonakis (Editors)
Smart Cards
5 Nicolas T. Courtois 2006-2009
RemarkWhat do we learn from these books:• A lot of things [1000s of pages].But still many things are missing:• Full specs of products?• Full specs of chips?• Details of advanced security countermeasures?• Secret crypto algorithms + padding• Details of authentication protocols• Some little tricks that make big difference…The industry cultivates a lot of secrecy(!).
But at the same they publish 100s of papers they have 1000s of patents, and runs 10s of standard bodies… Many things are not that secret. Just obscure.
Smart Cards
6 Nicolas T. Courtois 2006-2009
Motivation in a Nutshell
Smart Cards
7 Nicolas T. Courtois 2006-2009
Key RemarkSoftware CANNOT be protected by software.
Smart Cards
8 Nicolas T. Courtois 2006-2009
Main Function of a Smart Card = = to be “a secure hardware device”.
1. ”intelligent” (Smart): the card – handles computations (e.g. crypto)– manages data (OS, file system, access rights)– takes informed security decisions (…block itself !)
2. Hopefully ”unbreakable”: nobody can know/modify what is inside.
USB interface ISO, [USB], [RF]
ISO, [USB,RFRFRF]
USB Token form factorSIM card form factor
credit card form factor
Smart Cards
9 Nicolas T. Courtois 2006-2009
“The Loophole”
Smart Cards
10 Nicolas T. Courtois 2006-2009
Magnetic Stripe Cards [since 60s]
Which one is counterfeit ?
Chip cards: much harder to read, much harder to counterfeit.
Smart Cards
11 Nicolas T. Courtois 2006-2009
Recall:Two sorts of technologies:A) Those that are effective if deployed at 20%:
Examples: 1. virus detection (as opposed to removal / fighting the viruses), 99 %2.2.2. email / hard disk encryption, 20 %email / hard disk encryption, 20 %email / hard disk encryption, 20 %3.3.3. making the entry/authentication harder, as an option for the usemaking the entry/authentication harder, as an option for the usemaking the entry/authentication harder, as an option for the user, 20%r, 20%r, 20%
B) Those that are totally ineffective even at 99%:Examples:Examples:Examples:
1.1.1. virus removal,virus removal,virus removal,2.2.2. buggy antibuggy antibuggy anti---virus: virus: virus: “““your antiyour antiyour anti---virus has just restarted due to an internal virus has just restarted due to an internal virus has just restarted due to an internal
errorerrorerror”…”…”…3.3.3. we click YES for 1 % of the security alerts out of fatiguewe click YES for 1 % of the security alerts out of fatiguewe click YES for 1 % of the security alerts out of fatigue………
••• certificates are frequently invalidcertificates are frequently invalidcertificates are frequently invalid………••• it invalidates the 99 % of the time we did prevent the intrusionit invalidates the 99 % of the time we did prevent the intrusionit invalidates the 99 % of the time we did prevent the intrusion………
we lost our timewe lost our timewe lost our time4.4.4. if some ATMs still accept a blankif some ATMs still accept a blankif some ATMs still accept a blank magmagmag---stripe only cards, the whole stripe only cards, the whole stripe only cards, the whole
purpose of chips on bank cards is nearly defeatedpurpose of chips on bank cards is nearly defeatedpurpose of chips on bank cards is nearly defeated………
Smart Cards
12 Nicolas T. Courtois 2006-2009
Magnetic Stripe Bank Cards - Loophole:
As long as some merchants accept them, they will be fraud…
In France:Since the introduction of smart cards: Fraud decreased 10 times
in 10 years.
Smart Cards
13 Nicolas T. Courtois 2006-2009
Philosophy / Model for Security of Smart Cards
Smart Cards
14 Nicolas T. Courtois 2006-2009
Why Smart Cards Are Good
Or are they?
The classical model for smart card security[Schneier and Schostack 1999]
is about • Splitting the security perimeter:
• One entity cannot breach the other people’s security?
• Hardware barriers that cannot be breached by software,• Motto: Software cannot protect software.
• Physical control of the card, • By the user, if it is in my pocket, it is not being hacked…
• And trusting the entities involved…• Companies/people involved in this business can compromise it’s security (backdoors etc!)
slightproblem..
Smart Cards
15 Nicolas T. Courtois 2006-2009
“Slight Problem” - Example:
The secrecy of the product spec can be:• An extra security layer,
– if hackers need 3 months more to get it, this can be worth millions of dollars in revenue…
• A source of unexpected and critical security vulnerabilities – that by the fact of being hidden
gives an utterly false sense of security.
Smart Cards
16 Nicolas T. Courtois 2006-2009
History
Smart Cards
17 Nicolas T. Courtois 2006-2009
Short Plastic Card History1878 US fiction writer Bellamy: In 2000 everybody will be paying
by a credit card (!). Cf. Edward Bellamy “Looking Backward, 2000 to 1887”.
1914-1940 Metal credit cards in the US, forbidden during WW2forbidden during WW2forbidden during WW21950 Invention of plastic money (PVC): Frank McNamara@Diners Club
[NY, USA] issues first universal plastic [charge] credit cards .
1967 First cash machines [DeLaRue] with punch cards.
1967 France: first magnetic stripe card for access control.
1972 [UK] First on-line ATM with magnetic stripe cards.
Smart Cards
18 Nicolas T. Courtois 2006-2009
History - Chip Cards1960s1. French science-fiction book “La nuit de temps” by
René Barjavel: A portable object/jewel that opens doors.
2. Plastic credit cards were standardized and used since the 50s [plastic money].
1970s: 1+2 = Embedding electronic components in credit cards: Many patents in USA, Germany, Japan and then France.
Smart Cards
19 Nicolas T. Courtois 2006-2009
Historical Patents
Smart Cards
20 Nicolas T. Courtois 2006-2009
Smart Card Odyssey
Two Key Patents:• Roland Moreno [France]:
– chip card [1974]– security limitations [1975]
• Michel Ugon, Bull CP8: – microprocessor card [1977]
10 years ago, half of chip cards in the world were French. Wider adoption around 2000.
Smart Cards
21 Nicolas T. Courtois 2006-2009
First Smart Card - Bull CP8
Around 1980, 2 chips, CPU+RAM, not very secure!
CP8 = Circuit Programmable 8 bits, CP8 = Circuit Programmable 8 bits, CP8 = Circuit Programmable 8 bits, Carte Carte Carte ààà Puce 8 bitsPuce 8 bitsPuce 8 bits
Smart Cards
22 Nicolas T. Courtois 2006-2009
SPOM, October 1981 - Bull CP8
Patented• NMOS 3,5 µ, • 42 K Transistors,• RAM: 36 bytes (!), • ROM: 1,6 Kbytes, • EPROM: 1 Kbyte
Smart Cards
23 Nicolas T. Courtois 2006-2009
History of Electronic Bank Cards - in 1984:Schlumberger pilot in Lyon, France: • a simple wired logic card
Bull CP8 pilot in Blois, France: • a microprocessor card
The banks adopted the Bull CP8 solution, the fore-father of current smart bank cards (EMV).
100% in France in 1992. 100% in the world around 2010 ?
=> Close the loophole.
Gemplus
Smart Cards
24 Nicolas T. Courtois 2006-2009
Vocabulary, Typology, Features
Smart Cards
25 Nicolas T. Courtois 2006-2009
Vocabulary
magnetic stripe card
IC= Integrated CircuitICC, chip card :• memory card
• wired logic card• smart card
carte à piste magnétique
puce, circuit intégrécarte à puce :• carte à mémoire• c. à logique câblée• carte à microprocesseur[+crypto co-processeur]
Smart Cards
26 Nicolas T. Courtois 2006-2009
More Vocabulary
card reader, CAD (Card Acceptance Device)
BO’ card [1985-2004]EMV card [1996-2020?]
lecteur carte
carte bancaire françaisenouveau standard
Smart Cards
27 Nicolas T. Courtois 2006-2009
Types of cards
memory/wired logic microprocessor
micropr.+crypto contactless
Source: Gartner, 2005
0 CPU
2 CPU
1 CPU
1-2 CPU
Smart Cards
28 Nicolas T. Courtois 2006-2009
Memory/Wired Logic CardMemory/Wired Logic Card
• Primitive• NVM – non-
volatile memory(E2PROM, Flash
memory)• simple function• e.g. prepay card
Smart Cards
29 Nicolas T. Courtois 2006-2009
Smart CardSmart Card
• Microcontroller = CPU+memory
• Universal, Turing machine, software driven
• flexibility• security features• [Hardware DES]
Smart Cards
30 Nicolas T. Courtois 2006-2009
CryptoCrypto--processor IC Cardsprocessor IC Cards
• Additional crypto-processor for RSA or elliptic curves
• Hardware security counter-measures
Smart Cards
31 Nicolas T. Courtois 2006-2009
ContactContact--less Smart Cardless Smart Card
• with RF transceiver• 0.1 s transaction
– much less energy– even less computing
power
Smart Cards
32 Nicolas T. Courtois 2006-2009
Memory on Smart Cards• ROM (‘hard mask’: C/Assembly, contains OS,
secure file access, I/O, libraries[crypto!], JVM) = 100 - 300 Kbytes now
• RAM = 4-16 K now(expensive, first Bull CP8 card had 36 bytes)
• NVM: (‘soft mask’, compiled C, more libraries…)– EPROM: 1980s, high voltage needed to erase it– E2PROM: 8-64 Kbytes,
recently 128-256 K GSM SIM.– New trend: Flash memory:
• Much cheaper, dense and shrinkable process.• Random read, harder to manage,
hard to re-write and very slow to erase.• Spansion 2006: 1 Giga in a SIM card!
≈≈≈≈≈≈≈≈10001000 times slower times slower to writeto write than RAMthan RAM
Smart Cards
33 Nicolas T. Courtois 2006-2009
Memory – R/Erase Memory
• Exists in Certain Memory Cards• In E2PROM,the transition from 0->1 is VERY
VERY slow. – But this is a security feature!– Read-Erase Memory (cannot 0->1):
≈≈≈≈≈≈≈≈10001000 times slowertimes slower
Smart Cards
34 Nicolas T. Courtois 2006-2009
Life Cycle of a Smart Card [ISO 10202-1]• Manufacturing: [e.g. Infineon, Gemalto]
– ROM <= ‘hard mask’, remove test functionality
• Initialize: [e.g. Gemalto, Card Issuer]– E2PROM <= ‘soft mask’, completing O.S. install
• Personalize: [Card Issuer]– Init apps– E2PROM <= data, keys etc. for an individual user!
• Use it: [e.g. ATM]– issue commands (APDUs)
• Death: [e.g. local bank]– invalidate the chip / destroy the card.
Smart Cards
35 Nicolas T. Courtois 2006-2009
****Perso Process
Smart Cards
36 Nicolas T. Courtois 2006-2009
Functionalities of Chip/Smart Cards
Smart Cards
37 Nicolas T. Courtois 2006-2009
Advantages of Smart Card
• storage capacity• security functionalities• multiple functions• user acceptability, effective packaging• successful business model
Smart Cards
38 Nicolas T. Courtois 2006-2009
Crypto Functionalities of a Smart Card (1)
• Cardholder verification by the card. – Check PIN or biometric data.– Not always done with crypto, but otherwise
necessary to activate the crypto capabilities of the card.
• Key generation, its secure storage, safe “usage” and (why not) erasure.
• Encrypt data (public and secret key)– emails, files, etc… e.g. PGP PKI badge– secure messaging
Smart Cards
39 Nicolas T. Courtois 2006-2009
Crypto Functionalities of a Smart Card (2)Authentication – from weaker to stronger:• Integrity checks (CRC, or better: cryptographic hash).• Origin checks (storing a static signature)• Dynamic Challenge-Replay card authentication (proof of
identity, should be a Zero-knowledge mechanism).• Dynamic authentication of any data with a 3-DES
cryptogram or a MAC (symmetric-key signatures).• Dynamic authentication of any data with a “real” (=public-
key) digital signature. – Provides authenticity and non-repudiation of every individual action
taken in a complex protocol !
• Also verification: the authenticity of a terminal / external word.
Smart Cards
40 Nicolas T. Courtois 2006-2009
Smart Card Applications
Smart Cards
41 Nicolas T. Courtois 2006-2009
Some Applications of a Smart Card
• PayTV - Broadcast Encryption and Traitor Tracing.– First PayTV Card: Philips+Bull, 1980-81
• Storing private data (emails, passwords etc…)• First phone cards with a chip: [1983 Schlumberger
Télécarte, France], [1984 G&D Telekarte, Germany], Remark: wired logic, contact placement later changed
• GSM / 3G phones – First SIM card: Gemplus 1989, MANY billions sold since
• Electronic passport, ID– PKI, Belgium by Axalto.– Biometric passports: required since October 2005.
Smart Cards
42 Nicolas T. Courtois 2006-2009
More Applications of a Smart Card
• Bank Cards [since 1984, Bull CP8]• Home Banking, Internet Shopping• PC access, corporate badge, secure email
PGP• Electronic purse, parking: [1996-] Proton[Be],
Geldkarte, later integrated with bank cards• First student card [restaurant, library, etc.]
– First in 1988, Italy, Bull CP8
Smart Cards
43 Nicolas T. Courtois 2006-2009
Smart Cards Market
Smart Cards
44 Nicolas T. Courtois 2006-2009
**Actors and Value Chain
Smart Cards
45 Nicolas T. Courtois 2006-2009
2004 Market Shares [before merger]
Source: Gartner, 2005
Microprocessor cards Market
1,566 million units
Axalto
Gemplus
G&D
OCSOrga
Incard
Others
23%
13%
5%
26%
20%
9%
4%
Smart Cards
46 Nicolas T. Courtois 2006-2009
***2007 Market Segments
Source: Gartner, 2005
[source: eurosmart.com]
Smart Cards
47 Nicolas T. Courtois 2006-2009
Market GrowthIn Volume: in M units shipped
In Value: in M €
Smart Cards
48 Nicolas T. Courtois 2006-2009
Industrial Standards [1]:=> Cards
Smart Cards
49 Nicolas T. Courtois 2006-2009
What is a Smart Card ?Set of standards ISO.• cards with contacts:
– ISO 7816-1..3
• contact-less:– ISO 14443 (proximity <10 cm)
– ISO 15693 (vicinity <1 m)– more…
• with and without contact:– ISO 7816-4..16
Smart Cards
50 Nicolas T. Courtois 2006-2009
ISO 7816-1
Size matters! Like a credit card.
Smart Cards
51 Nicolas T. Courtois 2006-2009
ISO 7816-1
Physical Characteristics:• operating temperature, humidity, etc…
» below are very severe requirements:
• bending properties (the chip can break• torsion properties or take-off)
» Consequences for the chip:
• silicon surface ≤ 25 mm2, ≤ 0.3 mm depth• small computing power, not Pentium 4…
Smart Cards
52 Nicolas T. Courtois 2006-2009
Manufacturing
Smart Cards
53 Nicolas T. Courtois 2006-2009
Bare Connectors
• The chip will be glued to the contact.
Smart Cards
54 Nicolas T. Courtois 2006-2009
Die Bonding
• Connections with gold wire (20 µm)
Smart Cards
55 Nicolas T. Courtois 2006-2009
Encartage
• Embed in a ¾ mm card.
Smart Cards
56 Nicolas T. Courtois 2006-2009
Encapsulation
• Embed in a ¾ mm card.(Encartage (Encartage (Encartage FrFrFr)))
Smart Cards
57 Nicolas T. Courtois 2006-2009
Plastic Matters
Smart Cards
58 Nicolas T. Courtois 2006-2009
ISO 7816-2
Contacts1.7 x 2 mm
[changed in 1990]
old AFNOR standard
Smart Cards
59 Nicolas T. Courtois 2006-2009
ISO 7816-2=> Freedom
Smart Cards
60 Nicolas T. Courtois 2006-2009
Contact Quality
• “Friction force” readers scratch the cards [contacts frottants]
• Landing contacts – much better [contacts atterrissants]
Smart Cards
61 Nicolas T. Courtois 2006-2009
ISO 7816-2 - Historical
C1 – VCC (+) C5 – GND (-)C2 – Reset C6 – VPP for EPROMC3 – CLK C7 – I/O (serial port a.k.a. ISO)C4 – ??? C8 - ???
Smart Cards
62 Nicolas T. Courtois 2006-2009
ISO 7816-2 – Evolution@2005-2009
C1 – VCC C5 – GNDC2 – RST C6 – [SWP -> antenna]C3 – CLK C7 – I/OC4 – [USB] C8 - [USB]
USB USB Samsung S-SIMsupports both+NAND+InterChip USB
Smart Cards
63 Nicolas T. Courtois 2006-2009
ISO 7816-3 and EMV/GSMVoltage and current supplied [I~clock freq.]:
• Class A: 5 V ±10% / 60 mA @5 MHz [ex. 200 mA]
• Class B: 3 V ±10% / 50 mA @ 4 MHz• Class C: 1.8 V ±10% / 30 mA @ 4 MHz
• EMV bank cards: always 5V, 50 mA• GSM cards: class A-C max current respectively:
10 / 6 / 4 mA ONLY! (heat, phone battery life).
Smart Cards
64 Nicolas T. Courtois 2006-2009
Power MattersSummary: • …• Bank card: 5 V, 50 mA• GSM SIM class C card (the latest): 4 mA• …• Even much less for contact-less cards !!!
(power supplied by an alternative magnetic field)
=>Very Low computing power !!! In contrast: modern PC CPU – up to 50 000 mA !
Smart Cards
65 Nicolas T. Courtois 2006-2009
Power MattersSummary: • Several 1000 x less power than an Intel CPU…
• Low surface (≤ 25 mm2)• Lower density (0.09 µm
vs. 0.065 µ SOI process for recent CPUs)
• 8 and 16-bit CPUs for very long time• 32 bits CPU only since 2003-4
Smart Cards
66 Nicolas T. Courtois 2006-2009
****Electrical behavior of contactsI/O: • Z=high- A=low, remains Z unless in transmissionCLK: • in/out capacity < 30 pF,
To switch on (no electricity until all are connected): • RST low, VCC high, no VPP, I/O = Z, CLK = 1…5 MHzTo switch off: • RST low, CLK low, VPP inactive, I/O = A, VCC low
Smart Cards
67 Nicolas T. Courtois 2006-2009
ISO 7816-3
CLK: • transition time < Max( 0,5 µs, 9% x period T)• at 1 during 40 % - 60 % of time.
– The card security should block if short impulses !
Clock speed:• First cards [1996]: 3.579545 MHz
(still@begin)
Smart Cards
68 Nicolas T. Courtois 2006-2009
Clock and Maximum Computing Power Avail.
Clock speed, NO co-processor:• 1990: 3.5 MHz, RSA-512, 2 minutes
Clock speed with co-processor:• 1996: 3.5 MHz, RSA-1024 in 500 ms• 2000: 7 MHz, RSA-2048 in 500 ms• 2004: 60-100 MHz, RSA-2048 in 50 ms • 200-400 MHz today, RSA-2048 in 10 ms
Smart Cards
69 Nicolas T. Courtois 2006-2009
I/O - ISO 7816-3Known as “ISO interface” of a card: simplified UART (serial port)Transmission of bytes:
Time duration of 1 bit = 1 Elementary Time Unit [etu]
N specified by TC1 in ATR
Smart Cards
70 Nicolas T. Courtois 2006-2009
ETU
etu = duration of 1 bit, by default 1 etu = 372 / Clock frequency Examples:• 3.5712 MHz/372=9600 bit/s• 3.5712 MHz/186=19200 bit/s• 3.5712 MHz/93=38400 bit/s• 3.5712 MHz/32=111600 bit/s
Smart Cards
71 Nicolas T. Courtois 2006-2009
ISO 7816-3Defines the ATR: answer to reset. Up to 33 bytes.
Must happen at 400 … 40,000 clocks after RST. ATR = a series of bytes transmitted in order b8..b1:• TS • T0 [presence of TA1-TD1 and 0..15 historical bytes]
– TA1– TB1 – TC1– TD1: like T0, specifies the presence of extra objects…
• TA2• etc…
Smart Cards
72 Nicolas T. Courtois 2006-2009
ATR Structure
XOR checksum
Smart Cards
73 Nicolas T. Courtois 2006-2009
TS specifies:TS [A+8+Z bits]: specifies the relationship between A/Z and 0/1 Z=high voltage, A=low voltage• Direct convention [Germany], where A=0, Z=1:
TS = ‘3B’; b1:b8= A(ZZAZZZAA)Z• Inverse convention [France], with A=1, Z=0:
TS = ‘3F’; b8:b1= A(ZZAAZZZZ)Z
Smart Cards
74 Nicolas T. Courtois 2006-2009
ISO 7816-3 - Highlights
In particular ATR specifies the comm. capacities: • T=0 or T=1• half[/full] duplex• clock speed• baud rate
Smart Cards
75 Nicolas T. Courtois 2006-2009
ISO 7816-3Communication Protocols Main two: synchronous, half/duplex
– T=0 (byte-oriented, e.g. GSM SIM), – T=1 (block-oriented, e.g. bank cards)
––– T=14 (proprietary for German phone cards)T=14 (proprietary for German phone cards)T=14 (proprietary for German phone cards)Recent developments: • T=2 (block-oriented, full duplex, cf. ISO 10536-4).
••• T=4, expansion of T=0T=4, expansion of T=0T=4, expansion of T=0
••• T=USBT=USBT=USB
Smart Cards
76 Nicolas T. Courtois 2006-2009
T=CL
• T=CL is used for talking to ISO 14443A/B cards with APDUs translated by the reader (totally hides the RF interface from the programmer, the card seems to be a card with contact!)
Smart Cards
77 Nicolas T. Courtois 2006-2009
T=0 or T=1?
Remark: – T=0 (byte-oriented)
• parity bits only
– T=1 (block-oriented) is ‘more modern’. • More error detection too: parity +
each block also has a CRC.
Smart Cards
78 Nicolas T. Courtois 2006-2009
ISO 7816-3
Baud rate:• 1996: 9.6 K bit/sec default, @beginning.• Then: 115 K bits/sec
• Outdated by Axalto patent: USB smart card: – First Axalto USB: 700 K bits/sec– Full-speed USB – up to 12 Mbit/s [since 2005].
• Not USB 2.0., it is just USB 1.0. full-speed.
Smart Cards
79 Nicolas T. Courtois 2006-2009
Example of GSM SIM ATR‘3B894014474732344D35323830’
Decoded:TS= ‘3B’ => direct encodingT0= ’89’= ‘1000’ll’1001’ => TD1 + 9 historical bytes
TD1= ’40’= ‘0010’ll’0000’ => TC2 present and protocol is T=0TC2= ’14’= ‘0001’ll’1110’ => waiting time 14 * 100 msT1…T9: ’47’ll’47’ll’32’ll’34’ll’4D’ll’35’ll’32’ll’38’ll’30’ =>
“GG24M5520” (these are the 9 historical bytes, sort of unique ID of this SIM card)
Smart Cards
80 Nicolas T. Courtois 2006-2009
ATR - More Examples"3B8F8001804F0CA000000306030001000000006A"
=> "Philips MIFARE Standard 1 K and London Oyster card””3B6500009C02020702"
=> “US Department of Defense Common Access Card,Axalto Cyberflex Access 32K V2, Sun Microsystems employee card”
"3B898001006404150102009000EE" => "German e-Passport April 2007",
"3B6D00000031C071D66438D00300849000" => HSBC MasterCard
"3F6525082204689000"
=> "France Telecom card“"3F65250052096A9000"
=> "French carte Vitale", "3BEF00FF8131FE4565631104010280000F274000030100E1"
=> “German Postbank Geldkarte","3FFF9500FF918171A04700444E415350303131205265764230423A"
=> "NagraVision card for StarHub Digital Cable DVB-C Singapore",
Smart Cards
81 Nicolas T. Courtois 2006-2009
Industrial Standards [1B]:=> Other Form Factors
Smart Cards
82 Nicolas T. Courtois 2006-2009
Form Factors and InterfacesUSB interface ISO, [USB], [RF]
ISO, [USB,RFRFRF]
USB Token form factorSIM card form factor
a.k.a. ID-000 credit card form factor, a.k.a. ID-1
3FF - [telecom, not widely used]
ISO, [USB,RFRFRF]
VISA-mini a.k.a. ID-00
ISO, [USB,RFRFRF]
Smart Cards
83 Nicolas T. Courtois 2006-2009
Dimensions
Smart Cards
84 Nicolas T. Courtois 2006-2009
Industrial Standards [1C]:=> Contact-less
Smart Cards
85 Nicolas T. Courtois 2006-2009
Contactless Smart Cards
••• cards with contacts:cards with contacts:cards with contacts:––– ISO 7816ISO 7816ISO 7816---1..31..31..3
• contact-less:– ISO 14443 A-..C [Oyster, e-Passport]– ISO 15693 [NFC]– ISO 18000 [tiny RFIDs]– other…
Smart Cards
86 Nicolas T. Courtois 2006-2009
Two Types of Contactless Communication
• Capacity (electrical field)– Standardized, not widely used
• Needs the reader and the card to close and geometrically aligned.
• RF = electromagnetic waves– Much better:– it is not true that an Oyster card would not be able
to communicate if >5 cm from the reader, but it will typically not have enough power
(drawn from the magnetic field).
Smart Cards
87 Nicolas T. Courtois 2006-2009
Form Factors
key fob
Smart Cards
88 Nicolas T. Courtois 2006-2009
AntennaAntenna
large loop antenna
Smart Cards
89 Nicolas T. Courtois 2006-2009
Embedding the AntennaEmbedding the Antenna• Must be a LARGE coil
• SIM card: must be external (“NFC enabled mobile phone”)
Smart Cards
90 Nicolas T. Courtois 2006-2009
Double/Triple Interface Cards
E.g. corporate badge– Functionalities:
• Enter doors, • PC log-in, • PGP decrypt and sign
– Adopted worldwide, e.g. U.S. Army
ISO, USB, RF
ISO, RF
Smart Cards
91 Nicolas T. Courtois 2006-2009
Contactless InterfaceContactless Interface
• ISO 14443 (Oyster, e-Passport)• ISO 15693 (NFC)• ISO 18000 (tiny RFIDs)
Smart Cards
92 Nicolas T. Courtois 2006-2009
ComparisonComparison
Smart Cards
93 Nicolas T. Courtois 2006-2009
• UHF 860 - 915 -… MHz (EPC)– Pros: large range, simple antenna
design, cheap, – Cons: bad penetration of water and
organic fabric
• 100-135 kHz, ISO 11784/85– Pros: penetrates water and organic
fabric, relatively insensitive to metallic objects
– Cons: low transmission speed, wire coil antenna, cannot be printed
• 13.56 MHz, ISO 15693, ISO 14443A,B– Pros: faster communication (26 kBit/s), – Cons: high absorption by metallic
environment, few cm range, or a large antenna needed
****Pros and Cons of Different RFID Technologies****Pros and Cons of Different RFID Technologies
Smart Cards
94 Nicolas T. Courtois 2006-2009
• UHF 860 - 915 MHz (EPC)– UCode HSL/EPC, – EM 4222/4223, – EM 4442/4444
• 100-135 kHz, ISO 11784/85– HITAG,– HID Prox,– EM 4102/01,...
• 13.56 MHz, ISO 15693, ISO 14443A,B– MIFARE,– LEGIC,– iCode,– HID iClass,...
****Some Products on the Market****Some Products on the Market
Smart Cards
95 Nicolas T. Courtois 2006-2009
*Visual Security
Smart Cards
96 Nicolas T. Courtois 2006-2009
Secure Printing [Source: Oberthur]
Smart Cards
97 Nicolas T. Courtois 2006-2009
***more details…
Smart Cards
98 Nicolas T. Courtois 2006-2009
***more details…
Different on each card:
Smart Cards
99 Nicolas T. Courtois 2006-2009
Low-Level and Physical Security
Smart Cards
100 Nicolas T. Courtois 2006-2009
Main Function of a Main Function of a Main Function of a Smart Cards ==== to be = to be = to be “““a a a secure hardware devicehardware devicehardware device”””...
1.1.1. ”””intelligentintelligentintelligent””” (Smart): the card (Smart): the card (Smart): the card ––– handles computations (e.g. crypto)handles computations (e.g. crypto)handles computations (e.g. crypto)––– manages data (OS, file system, access rights)manages data (OS, file system, access rights)manages data (OS, file system, access rights)––– takes informed security decisions (takes informed security decisions (takes informed security decisions (………block itself !)block itself !)block itself !)
2. Hopefully ”unbreakable” : nobody can know/modify what is inside.
USB interface ISO, [USB], [RF]
ISO, [USB]
USB Token form factorSIM card form factor
credit card form factor
Smart Cards
101 Nicolas T. Courtois 2006-2009
Remark:
There is no defense against an adversary that has several millions of €…
Smart Cards
102 Nicolas T. Courtois 2006-2009
Removing the Chip
Smart Cards
103 Nicolas T. Courtois 2006-2009
Making the Chip Harder to Extract:
Oberthur Potting™ claims:• improves durability [harder to break] • any attempt to remove the module from the card would
result in totally destroying it
Smart Cards
104 Nicolas T. Courtois 2006-2009
Reverse Engineering
Smart Cards
105 Nicolas T. Courtois 2006-2009
Open-source � Closed-source
Industry: competition � cooperation
Standards
�
Industrial/commercial/trade/security secrets
Smart Cards
106 Nicolas T. Courtois 2006-2009
*Open Source vs. Closed Source
Smart Cards
107 Nicolas T. Courtois 2006-2009
Kerckhoffs Principle
Dutch cryptologist, wrote his book in French.
In June 2006 Dutch researchers De Gans et all, have published several cloning attacks on MiFare Classic chips [London Oyster card + 200 M other].
[first cloning attack: Courtois, Nohl and O’Neil, April 2008].
Smart Cards
108 Nicolas T. Courtois 2006-2009
Kerckhoffs principle: [1883]
“The system must remain secure should it fall in enemy hands …”
Smart Cards
109 Nicolas T. Courtois 2006-2009
*Remark:
Smart Cards:
They are already in ‘enemy’ hands
- even more for RFID…
Smart Cards
110 Nicolas T. Courtois 2006-2009
Kerckhoffs’ principle: [1883]
Most of the time: incorrectly understood. Utopia. Who can force companies to publish their specs???Who can force companies to publish their specs???Who can force companies to publish their specs???
No obligation to disclose.
• Security when disclosed.• Better security when not disclosed???
Smart Cards
111 Nicolas T. Courtois 2006-2009
Yes (1,2,3):
1. Military: layer the defences.
Smart Cards
112 Nicolas T. Courtois 2006-2009
Yes (2):
2) Basic economics:
these 3 extra months(and not more �)
are simply worth a a lot of money.
Smart Cards
113 Nicolas T. Courtois 2006-2009
Yes (3):
3) Prevent the erosion of profitability
/ barriers for entry for competitors / “inimitability”
Smart Cards
114 Nicolas T. Courtois 2006-2009
Kerckhoffs principle is kind of WRONG in the world of smart cards
Reasons: • side channel attacks are HARD and COSTLY to
prevent when the algo is known• in some applications, for example Pay TV the
system is broken immediately when the cryptographic algorithms are public.
Smart Cards
115 Nicolas T. Courtois 2006-2009
*Silicon Hacking
Smart Cards
116 Nicolas T. Courtois 2006-2009
Tarnovsky Lab
Only few thousands of dollars of equipment
Smart Cards
117 Nicolas T. Courtois 2006-2009
Tarnovsky (and Other Professional Chip Hackers)
Few thousands of dollars of equipment• Surface polishing• HydroBromic acid to eat away the passivation layers• A microscope for pictures:
– the successive layers of silicon are revealed with acids and lasers
• Doping guns to cut/add traces to a working IC• Stinger: bypassing the protections with long microscopic needles.
Smart Cards
118 Nicolas T. Courtois 2006-2009
More Expensive:
• Atomic Force Microscope(20 K€ - 1 M€)
• FIB device (Focused Ion Beam, 0.5 M€)Canal+ Technologies Lab
Smart Cards
119 Nicolas T. Courtois 2006-2009
FIB:Example resolution: 10 nm Classical applications: failure analysis of ICC
But also: circuit modification:• Local material removal:
– cutting metal lines, milling, gas enhanced etching
• Local rebuilding/rewiring of the device– new metal interconnects
– new insulating layers
• Fine tuning of analog components: decrease/increase R or C…
• Reading (electron image)• Art: writing on the nm scale:
Smart Cards
120 Nicolas T. Courtois 2006-2009
Can Do Anything?
In theory a FIB does anything. Including read/write memory?
But only in theory.
Not so easy: • The IC has many layers (!)• Security is hidden in inner layers(!)• Can you do many operations reliably enough
to achieve your goal?
Smart Cards
121 Nicolas T. Courtois 2006-2009
Reverse Engineering
Smart Cards
122 Nicolas T. Courtois 2006-2009
Clear and Present Danger:
Reverse engineering is NOT that hard.No no need for a FIB device
(Focused Ion Beam, 0.5 M€).
A few thousand dollars microscope will suffice.
Smart Cards
123 Nicolas T. Courtois 2006-2009
Reverse Engineering MiFare [Nohl, Plotz, 2007]
Smart Cards
124 Nicolas T. Courtois 2006-2009
Hardware Defences
Smart Cards
125 Nicolas T. Courtois 2006-2009
Hardware Countermeasures:
Make the life of the hacker much harder.
Financial sector requirements:• attacks should cost more than
say 25 K$ per card…
Smart Cards
126 Nicolas T. Courtois 2006-2009
Functionality + Security
Smart Cards
127 Nicolas T. Courtois 2006-2009
Hardware Countermeasures
Detection:• Detect under/over-clocking (stop the clock, read the (stop the clock, read the (stop the clock, read the
RAM)RAM)RAM)
• Random instructions, and Random Wait States [e.g. Infineon SLE66].
• Detect low/high voltage [<2.3 V or >6.3 V].• Glitch/spike detect• Detect UVs, light, alpha particles, high/low
temp etc.
Smart Cards
128 Nicolas T. Courtois 2006-2009
Intrusion Detection
Smart Cards
129 Nicolas T. Courtois 2006-2009
More Hardware Countermeasures1. Shield/coating.
– Detect if “passivation layer” was removed. • R/C measurements.
2. Metallic layer: screens for charges/radiation.
– Needed and monitored:• R/C measurements.
3. Active shields=detect tampering with.– Mesh of wires: prevents probing, attacks with a laser
cutter, etc.
4. Detection + Destruction???
Smart Cards
130 Nicolas T. Courtois 2006-2009
Active Shield
Source:Infineon. Problem: back side attacks.Problem: back side attacks.Problem: back side attacks.
Smart Cards
131 Nicolas T. Courtois 2006-2009
**Intrusion Detection on PEDs (Pin Entry Device)
Anderson et al. UCAM-CL-TR-711
2/2008this way
not this way…
works!
Smart Cards
132 Nicolas T. Courtois 2006-2009
More Hardware Countermeasures
4. Detection + Destruction??? – Chemical traps: SiShell [Axalto patent].
Smart Cards
133 Nicolas T. Courtois 2006-2009
**** Related Example• UK Military Laptop LT-450 (Termite)• A laptop + hardware crypto module
– secret algo!– secret key
• Has tamper switches: – the key and the algo will be deleted
• Manual destruction: • press two buttons at the same time• mechanism works also
when PC is switched off and does not need the battery
Smart Cards
134 Nicolas T. Courtois 2006-2009
***Example Closer to Smart Cards2006
Smart Cards
135 Nicolas T. Courtois 2006-2009
Design Obfuscation• Restricted circulation of specs.• Non-standard instruction set. • Custom crypto algorithms.• ROM and busses in lower layers of silicon.
– Only “ion-implanted ROM” is used, not visible with UV light.
• Scrambling the data busses.– in each chip different lines, on certain chips the busses location changes during the execution of the code.
• Dummy structures in silicon.• Duplication• Symmetry -> same power consumption.• Memory Obfuscation:
– Encrypt the memory addresses.– Encrypt the memory data.
Smart Cards
136 Nicolas T. Courtois 2006-2009
Robustness and RedundancyGoals:• Avoid perturbation at logical level:
– Control bits, error correcting– Dual logic, also protects against power attacks.
• Detect perturbation at the OS and software level and block the card…– Data checksums, – Redo DES twice, – Etc..
Security of file system and OS: later.
Smart Cards
137 Nicolas T. Courtois 2006-2009
More and Higher-Level Security Countermeasures
Smart Cards
138 Nicolas T. Courtois 2006-2009
Motivation:
Most Bank Cards have a PIN verification function.
PIN
Y/Nnot authenticated except in EMV DDA cards
not encrypted except in some EMV DDA cards
Smart Cards
139 Nicolas T. Courtois 2006-2009
Critical Bits and Pieces
• Example: PIN verification.• Can be implemented in asynchronous logic
[dedicated transistors/gates]– much lower power consumption, – in a lower layer and much harder to localize– requires a dedicated hardware attack
• as apposed to a generic attack on CPU registers, busses, loading to memory, etc..
Smart Cards
140 Nicolas T. Courtois 2006-2009
PIN code – Simple Hacker Attack [1992]
• Enter the PIN with a home terminal.• “Listen to” card radiation/power consumption to
detect early in time that it was wrong.• Switch the voltage off very quickly.
Solution?
Smart Cards
141 Nicolas T. Courtois 2006-2009
PIN code – Simple Hacker Attack [1992]
••• Enter the PIN with a home terminal.Enter the PIN with a home terminal.Enter the PIN with a home terminal.
••• “““Listen toListen toListen to””” card radiation/power consumption to card radiation/power consumption to card radiation/power consumption to detect early in time that it was wrong.detect early in time that it was wrong.detect early in time that it was wrong.
••• Switch the voltage off very quickly.Switch the voltage off very quickly.Switch the voltage off very quickly.
Countermeasure [used in all bank cards]:• Increment the ratification counter first• Check the PIN• The decrement it(!).
Smart Cards
142 Nicolas T. Courtois 2006-2009
Increment First? Slight Problem
• this could not be done, the first French bank card B0 had no NVM!
• They used an array of 480 bits, – where at each PIN verification attempt, a bit
would be irreversibly changed (EEEPROM).– after 480 (right or wrong) attempts, the card
would stop working
––– also they had a limited history 768 bytes, 4 bytes also they had a limited history 768 bytes, 4 bytes also they had a limited history 768 bytes, 4 bytes per transaction, 2 transactions/week.per transaction, 2 transactions/week.per transaction, 2 transactions/week.
Smart Cards
143 Nicolas T. Courtois 2006-2009
Timing Attack on PINs
[old, worked before c. 1990]• Bad programming: compare PIN digits one
after one, if first is incorrect, abort! • Good programming: write a program such
that the execution time is constant.
Smart Cards
144 Nicolas T. Courtois 2006-2009
PINs and Keys – Storage in RAM
• E2PROM of the smart card: assume addresses and data are encrypted.
Attack 1: read it (assume it’s possible)• Solution 1: store h(PIN)?
– Attack 2: dictionary attack.
• Solution 2A: store R, h(PIN,UID,R)• Solution 2B: store R, E_K(PIN,R)
where K is a key specific to this card only
Smart Cards
145 Nicolas T. Courtois 2006-2009
Protocol/Software Countermeasures
• Typically, the chaining of commands is strictly controlled. Each command can be issued only once, and in a certain order. – Assured by a finite state machine.– Example: don’t accept commands in clear-text
once secure messaging is established.
• The spec should not allow buffer overflows.
Smart Cards
146 Nicolas T. Courtois 2006-2009
***Example: Conformity Test
The test verifies the enforcement of Secure Messaging:
Afterwards the chip denies to send data in an unencrypted way and answers with 6X XX (error).
Not enough: make sure that the same error code is sent in the same situation!
Smart Cards
147 Nicolas T. Courtois 2006-2009
Example:
Eric Poll [Nijmegen] Attacks on e-passports.Send various ISO commands, observe the error messages:
Smart Cards
148 Nicolas T. Courtois 2006-2009
Clone Attacks
Smart Cards
149 Nicolas T. Courtois 2006-2009
More Hardware Countermeasures
• Unique serial number– Written in WORM (Write Once Read Many)
a.k.a. OTP (One Time Programmable). – Example: Oyster card UID=32 bits Benefits are:⇒ clones harder to make⇒ and can blacklist clones⇒ tracing of each card⇒ card-dependent memory encryption, hashing and RNG
Smart Cards
150 Nicolas T. Courtois 2006-2009
Threats (1.)Assume that we have all the data. Clone the card? 1. Card Emulation on a card – defenses:
• unique ID, cards that can be personalized not available => • requires a special re-programmable card,
• or a pirate emulator
-speed, +size, +cost, etc.
Smart Cards
151 Nicolas T. Courtois 2006-2009
Threats (2.):Assume that we have all the data. Clone the card? 1. Card Emulation on a card ???2. Card Emulation on a PC!
Smart Cards
152 Nicolas T. Courtois 2006-2009
Threat 3. Relay AttackLow-tech, always works!
No Need to Break Anything !!!
Smart Cards
153 Nicolas T. Courtois 2006-2009
Has Been Done…
Smart Cards
154 Nicolas T. Courtois 2006-2009
Economics Aspects
Smart Cards
155 Nicolas T. Courtois 2006-2009
*Cost of Some Attacks [source: RFI Global]
Smart Cards
156 Nicolas T. Courtois 2006-2009
*Cost of Fault Attacks [source: ST]
Smart Cards
157 Nicolas T. Courtois 2006-2009
Security Management -the Development Process
Smart Cards
158 Nicolas T. Courtois 2006-2009
Secure Hardware Dev. Management[In smart cards] one design criterion differs from the criteria used
for standard chips but is nonetheless very important is that absolutely no undocumented mechanisms or functions must be present in the chip ('that's not a bug, that's a feature').
Since they are not documented, they can be unintentionally overlooked during the hardware evaluation and possibly be used later for attacks.
The use of such undocumented features is thus strictly prohibited[...]
[pages 518-519 in the Smart Card handbook by Wolfgang Rankl and Wolfgang Effing, 1088 pages, Wiley, absolute reference in the industry]
Smart Cards
159 Nicolas T. Courtois 2006-2009
Testing• White-box tests are prohibited, no debugging commands
must be left in the hard-mask and soft-mask. • Tests must be black-box tests and test suites include
scanning for hidden [debugging] commands.
Smart Cards
160 Nicolas T. Courtois 2006-2009
Application Development ManagementGoals:• Avoid backdoors, Trojans, covert channels, bugs
etc.• Kleptography: techniques to leak keys to the
attacker, • form of perfect crime.
Means:• Segregation of duties [Lipner 1982].• Monitoring.
Smart Cards
161 Nicolas T. Courtois 2006-2009
Segregation of Duties
• Never one developer works alone on an application.
• he knows only some parts of the spec (partial secrecy, “need to know”).
• Some critical security mechanisms can be distributed: part in hard mask(ROM), part in soft mask, harder to know both…– the chip manufacturer does NOT have the full
spec either.
Smart Cards
162 Nicolas T. Courtois 2006-2009
Monitoring / Checks and Balances• Internal quality and security audits within each company.• The entire source code is frequently inspected by an
independent company: – government agency [such as GCHQ] or – an evaluation (or hacker) lab [such as CEA-LETI]
• mandated and paid by the customer [to avoid conflicts of interests].
• Some countries have a process to evaluate these labs (they have to prove that they can break smart cards as well as other people do).
• External security audits (mandated by a customer: for example a large bank).
Smart Cards
163 Nicolas T. Courtois 2006-2009
File System
Smart Cards
164 Nicolas T. Courtois 2006-2009
Data in smart cardsThink about sequences of bytes.BER-TLV conventions [ISO 8825]
T – Tag, for example “90” in hex.L – 1 or 3 bytes. Let L[0] be the first byte
MSB(L[0])=0, L[0] = length 0-127,MSB(L[0])=1, L[1-2] = length 0..65535
V – value, a string bytes.
TLV objects can be nested !
Smart Cards
165 Nicolas T. Courtois 2006-2009
ISO 7816-6
Specifies how to encode different data elements as BER-TLV objects,
For example:• Name of the credit card holder• Expiration date• Etc.
Smart Cards
166 Nicolas T. Courtois 2006-2009
ISO 7816-4
File names FID: • 2 bytes• example: ‘3F 00’
Short file names (SFID): – 5 bits, 1..30, used as
a parameter in certain commands
Smart Cards
167 Nicolas T. Courtois 2006-2009
ISO 7816-4
• MF: Master File(root directory “3F00”)
• DF: Dedicated Files(directories+some data)
• EF: Elementary Files(data files)
Smart Cards
168 Nicolas T. Courtois 2006-2009
Elementary Files
EF: Elementary FilesNot all files are visible for applications(!)
– Internal EF: card private files, card O.S. only can see them
– Working EF: data accessible to applications that communicate with the external world.
Smart Cards
169 Nicolas T. Courtois 2006-2009
Example: GSM Card [incomplete picture](cf. 3GPP TS 51.011
standard)
Smart Cards
170 Nicolas T. Courtois 2006-2009
Some Directories in a GSM CardImportant directories:
• root directory : 3F 00
• DFGSM = 7F 20
• DFTELECOM = 7F 10.
First byte: • '3F': Master File;
• '7F': 1st level Dedicated File
• '5F': 2nd level Dedicated File
• '2F': Elementary File under the Master File
• '6F': Elementary File under a 1st level Dedicated File
• '4F': Elementary File under 2nd level Dedicated File
Smart Cards
171 Nicolas T. Courtois 2006-2009
ISO 7816-4 – Files (EFs)
4 types
like RAM, or a string of bytes
“records”, with specific instructions and applications…
Smart Cards
172 Nicolas T. Courtois 2006-2009
2 Types of Fixed-Size Entry Records
2 types of records:
• Linear Fixed file– Like a list
• Cyclic Fixed file: – Motivation:
• fixed E2PROM size, scarcity
– Applications: • Bank card history
– e.g.150 last transactions
• all SMS sent/received• etc..
Record 1
Record n
Record 2
.
.Body
Structure of a linear fixed file
Header
Record n-1
Record n-2
Record n
Record 1
Record 2..
Body
Last updated record
Structure of a cyclic file EN726-3
Oldest record
Header
Smart Cards
173 Nicolas T. Courtois 2006-2009
GSM Card: Some Files Inside DFGSM• EFIMSI (6F07)• Le fichier EFLOCI (6F7E) contains TMSI, LAI etc.• EFLP(Language preference)• EFKc = Ciphering key Kc + sequence number• EFSST (6F38) = SIM service table = 1byte = [s1present, s1active, …]
= ‘services’ present/not active/not in this card, these are:– Service n°1 : disable user’s PIN == CHV1
– Service n°2 : Abbreviated Dialing Numbers (ADN)– Service n°3 : Fixed Dialing Numbers (FDN)– Service n°4 : Short Message Storage (SMS)
• EFACM = Accumulated Call Meter, in units• EFMSISDN = the subscriber’s MSISDN.• etc..
present inDFTELECOM
Smart Cards
174 Nicolas T. Courtois 2006-2009
Some Files Inside DFTELECOMThis directory is protected by PIN(!)
• EFADN(6F3A) your short phone directory (10 entries),• EFFDN(6F3B) your phone directory• EFSMS(6F3C) all the SMS received and sent, cyclic file
Record n-1
Record n-2
Record n
Record 1
Record 2..
Body
Last updated record
Structure of a cyclic file EN726-3
Oldest record
Header
Smart Cards
175 Nicolas T. Courtois 2006-2009
File Access and Access Conditions
Smart Cards
176 Nicolas T. Courtois 2006-2009
Accessing Files: SELECT FILE – FCI/90 00General philosophy: Almost always one must select a file before any operation on it… (MF is
selected at the start)• SELECT FILE + params• Response: either:
– 90 00
– FCI = File Control Info = status of the file selected, • exact spec [attributes and their encoding]: depends on the smart card, e.g. GSM.
• STATUS command (C0 F2) - GSM specific: – allows to know (to avoid confusion) what file was selected with the last
SELECT command.
Smart Cards
177 Nicolas T. Courtois 2006-2009
VariantsThere are MANY methods to address a file with SELECT FILE:• by 2 bytes FID (for MF, DF and EF)
– 0_ A4 00 …• By DF name or AID (for DF only or an application)
– 0_ A4 04 …– 0_ A4 02 …
• by absolute path from MF– 0_ A4 08 …
• by a relative path from current DF– 0_ A4 09 …
••• Switch to higher level DF? (equiv to ../ in PC OS)Switch to higher level DF? (equiv to ../ in PC OS)Switch to higher level DF? (equiv to ../ in PC OS)
••• ……… another DF when partial AID is transferred?another DF when partial AID is transferred?another DF when partial AID is transferred?
Smart Cards
178 Nicolas T. Courtois 2006-2009
Examples: SELECT FILE1. Example of a SELECT FILE with FID and FCI, for a GSM card:
• Command: C0 A4 00 00 02 6F 07
• Response: This command returns the FCI.
2. Example of a SELECT FILE with AID and no FCI (widely used for accessing files AND applications by their unique identifier):
• Command: 00 A4 02 00 05 [AID]
empty params.SELECT FILE
GSM cardlength + FID == file identifier on 2 bytes‘6F 07’ = IMSI file of this SIM card
specific params.SELECT FILEISO command
length + AID, if no ambiguity, a prefix of a valid AID can also be accepted
Smart Cards
179 Nicolas T. Courtois 2006-2009
FCI and Access Conditions for EF files
Smart Cards
180 Nicolas T. Courtois 2006-2009
Status of EF Files
SELECT FILE command for an EF file =>returns:
1. an error command:• 62 83 – file deactivated• 64 00 – execution error
• 6A 81 – function not supported• 6A 82 – file not found• etc..
OR2. an FCI (File Control Information) + 90 00(each EF file in a card has specified access conditions):
Smart Cards
181 Nicolas T. Courtois 2006-2009
FCI (File Control Information) for EF files
May contain (examples, mostly optional)• “80”+2 bytes: size of the file• “82” + 2 bytes: file descriptors, e.g.
– shareable/not – type of file: DF/working EF/internal EF– EF structure
• “83” + 2: file identifier.• “84” + 1-16: DF name.• “86” + security attributes (proprietary coding).• etc..
Smart Cards
182 Nicolas T. Courtois 2006-2009
*FCI Attributes [contd.]• “86” + security attributes (proprietary coding).Files can be:• WORM (Write Once, Read Many times)
– implemented in hardware or software
• EDC (Error Detection Code)• atomic write access
– Security: must written entirely or not at all (!!!)
• multiple storage attribute– for frequently used files in the card, ‘wear-level’ usage of E2PROM
• data transfer selection attribute– on dual-contact cards, to make file accessible only via contact or
contact-less interface
Smart Cards
183 Nicolas T. Courtois 2006-2009
Examples of FCINot 100% compatible, depends on products…• 6F 07 80 02 00 58 82 01 01 90 00
– EF with transparent structure, file size: 88 (0x0058)
Example of GSM FCI (22 bytes = 0x16):• 00 00 00 01 7F 20 02 00 00 00 00 00 09 91 00 11 08 00 83 8A 83 8A
Can be decoded according to GSM spec: Can be decoded according to GSM spec: Can be decoded according to GSM spec: ••• ………••• Byte 14: The most significant bits of is 0 if an only if PIN1 isByte 14: The most significant bits of is 0 if an only if PIN1 isByte 14: The most significant bits of is 0 if an only if PIN1 is disabled.disabled.disabled.••• ………••• Byte 19 = is the "CHV1 statusByte 19 = is the "CHV1 statusByte 19 = is the "CHV1 status“““. . .
––– Typically the value of this byte is '83' where 8 means that the Typically the value of this byte is '83' where 8 means that the Typically the value of this byte is '83' where 8 means that the PIN1 has been PIN1 has been PIN1 has been initialized, and that there are 3 cardholder verification attempinitialized, and that there are 3 cardholder verification attempinitialized, and that there are 3 cardholder verification attempts left for this ts left for this ts left for this PIN.PIN.PIN.
Smart Cards
184 Nicolas T. Courtois 2006-2009
Files Security Status
Smart Cards
185 Nicolas T. Courtois 2006-2009
Security of Files in Directories“Security status” of a file results from the sequence of commands
performed (e.g. authentication of entities) and their results. It can be:• Global: may be modified after a completion of a certain authentication
command (or other secure functionality), • Examples (studied later):
» VERIFY + PIN, » GET CHALLENGE + EXTERNAL AUTHENTICATE)» only if the commands are embedded inside SECURE MESSAGING channel (normal APDUs
with encryption AND authentication with a MAC)
• a secret key/value stored in the MF is used to perform this cryptographic command.
• Directory-specific, • then the key/PIN used is stored in the same DF.
• File-specific (EF).• Command-specific and ephemeral.
Example:
Smart Cards
186 Nicolas T. Courtois 2006-2009
Security of Files in DirectoriesExample: Access conditions for a given file or directory
+ given access mode (e.g. WRITE):
• PRO: An external command can write a file if the MAC of this command is valid. • AUT: File accessible R/W if the terminal authentication have been done before.• CHV: This file can be read if the user have entered the Pin and if it was correct.
••• CHV2: The same with the second PIN (exists in GSM).CHV2: The same with the second PIN (exists in GSM).CHV2: The same with the second PIN (exists in GSM).
••• ADM: requires the admin code number (up to 14 exist in GSM, TelcADM: requires the admin code number (up to 14 exist in GSM, TelcADM: requires the admin code number (up to 14 exist in GSM, Telcooo’’’s access)s access)s access)• NEV (access to some files can be disabled forever)
• ALW (always), public access (at least in this mode, e.g. READ).• Other conditions may exist in a specific card…
Smart Cards
187 Nicolas T. Courtois 2006-2009
Security and Access to Files:
Example [root directory]:
Smart Cards
188 Nicolas T. Courtois 2006-2009
MACs = “Secret-Key Signatures”
MAC algorithm
m
sk(secret key)
MAC algorithm
sk(secret key)
σ
(m,σ)
yes/no
forgery
Smart Cards
189 Nicolas T. Courtois 2006-2009
MAC = secret key “signature”Several methods: CBC-MAC, C-MAC, Retail-MAC, etc.
Based on symmetric encryption algorithms such as DES, AES.
ICV
C-MACwith chaining ICV=last MAC
this MAC guarantees the
order of commands too!
(cannot add, cannot remove except at the end)
Smart Cards
190 Nicolas T. Courtois 2006-2009
MAC and IVImportant:• Never use a random IV in a MAC.
– IV = 0 is a safe choice. – Or another constant.– Do use random IVs in encryption.
• Exception to this rule: – In many smart card products MACS are chained: – ICV = last MAC computed by the card/reader, prevents changing the
order of commands or dropping commands etc.••• together with random numbers (nonces) also prevents full reply otogether with random numbers (nonces) also prevents full reply otogether with random numbers (nonces) also prevents full reply of a full f a full f a full
transaction flow.transaction flow.transaction flow.
Smart Cards
191 Nicolas T. Courtois 2006-2009
*Example – how a card will enter mode PRO:Terminal Card
ASK RANDOMcommand
Challengegeneration
(T)DEScalculation
Challenge
PRO key
Cryptogram
PRO command
OK?
Compare thecryptograms
Delete flag randompresent
Data + cryptogram
EF key
PRO Key
Challenge
PRO mode OK
Bad Authentication
N
Y
(T)DEScalculation
Data tosent
Data
Receivedbytes
Data
ReceivedCryptogram
Decreaseratification counter
Reset ratificationcounter if needed
Smart Cards
192 Nicolas T. Courtois 2006-2009
*Example – entering mode AUT:
Terminal Card
ASK RANDOMcommand
Challengegeneration
(T)DEScalculationAUT mode
Challenge
TerminalKey
(T)DEScalculationAUT mode
Certificate
EXTERNALAUTHENTICATE
command
Compare thecryptograms
Delete flag randompresent
Cryptogram
EF keyKey number
+Cryptogram
Card Key
Receivedbytes
Keynumber
OK?
Authenticationsuccessful
Bad Authentication
N
Y
Decreaseratification counter
Reset ratificationcounter if needed
Smart Cards
193 Nicolas T. Courtois 2006-2009
Commands (APDUs)
Smart Cards
194 Nicolas T. Courtois 2006-2009
Commands - ISO 7816-4APDU = Application Protocol Data Unit
Master-slave principle. Half-duplex. • The card never starts anything.
Smart Cards
195 Nicolas T. Courtois 2006-2009
ISO 7816-4APDU = Application Protocol Data Unit
CLA = 1 byte, identifies the applicationINS = 1 byte, instruction codeLc = size of data, 1 or 3 bytes
Le = size of the expected answer, 1 or 3 bytes.
Smart Cards
196 Nicolas T. Courtois 2006-2009
CLA byte and ‘Logical Channels’
CLA is 1 byte that:
• identifies the application – so remains constant (though 1 application can have several ‘channels’),
• is an indication to what extent the command and the response complies with ISO 7816-4– Examples: ‘0X’ standard ISO, ‘A0’ in GSM,
‘80’ e-purse EN1546-3, ‘BC’ old EMV bank cards, ‘80’ and ‘84’: EMV bank cards ‘8X’: proprietary commands
CLA=‘0X’, 48X’ and ‘9X’, ‘AX’ use so called ‘logical channels’: • Let X=b4b3b2b1
– b4 b3 indicate if Secure Messaging is used and if the command header is also authenticated
– b1 b2 indicate the number of logical channel 0..3• Application: concurrent communication with multiple applications (or concurrent
execution of multiple tasks). Example: mobile phone talking to phone book another application [can be Java] stored on the SIM card.
Smart Cards
197 Nicolas T. Courtois 2006-2009
Command APDUs
Lc = size of data, 1 or 3 bytes
Le = size of the expected answer, 1-3 bytes.
4 cases
Smart Cards
198 Nicolas T. Courtois 2006-2009
C-APDU INS ExamplesWhen CLA=0X0E2070828488A4B0B2C0C2CAD0D2D6DADCE2
Erase Binary Verify Manage Channel External AuthenticateGet Challenge Internal AuthenticateSelect File Read Binary Read Record(s) Get Response Envelope Get Data Write Binary Write Record Update Binary Put Data Update Record Append Record
Smart Cards
199 Nicolas T. Courtois 2006-2009
Response = R-APDUResponse structure:
• SW1: 90=completed/OK with warning/error during exec/checking error;?NVM changed[63,65]
• SW2: error number
90 00 = All OK
Smart Cards
200 Nicolas T. Courtois 2006-2009
IMPORTANT:In many cases, and in all cases where the size
of the answer is not known in advance,The response is NOT given,
the terminal must ask for it (another C-APDU).
Example (for a bank card):
Smart Cards
201 Nicolas T. Courtois 2006-2009
5 Possible Cases:Case 1: No input data/no output data
Case 2: No input data/Output size known in advance:
Case 3: No input data/Output size not known:
Smart Cards
202 Nicolas T. Courtois 2006-2009
Case 3: 2 x C-APDU, 2 x R-APDU:Card
ACK = 9000
2 status bytes
ACK = 9000
Data
2 status bytes
TerminalCommand APDU
Data
Request the Answer APDU
wait for completion
wait for completion
Smart Cards
203 Nicolas T. Courtois 2006-2009
[…] 5 Possible Cases
Case 4: Input data/no output:
Case 5: Input data/Output size known or unknown:
Smart Cards
204 Nicolas T. Courtois 2006-2009
Standard Cross-IndustryCommands
Smart Cards
205 Nicolas T. Courtois 2006-2009
ISO 7816-4 Inter-industry Commands
For transparent linear files: • READ BINARY• WRITE BINARY* • UPDATE BINARY = real WRITE• ERASE BINARY• SEARCH BINARY
**VERY SPECIAL:VERY SPECIAL:as Eas E22PROM isPROM is10001000times times slowerslowerto writeto write than RAM, than RAM, and it is the change from and it is the change from
00→→1 that is slow (requires 1 that is slow (requires erasing)erasing)
Thus the command WRITE Thus the command WRITE performs a logical AND performs a logical AND
with the current file with the current file content!!!!content!!!!
Smart Cards
206 Nicolas T. Courtois 2006-2009
Syntax: Read/Write
• READ BINARY
• UPDATE BINARY (overwrite=real write)
Smart Cards
207 Nicolas T. Courtois 2006-2009
ISO 7816-4 Inter-industry CommandsFor records (2 types): • READ RECORD• WRITE RECORD• APPEND RECORD• UPDATE RECORD• SEEK• SEARCH RECORD
Smart Cards
208 Nicolas T. Courtois 2006-2009
ISO 7816-4 standard commands
For application-specific data objects.• GET DATA• PUT DATA
Smart Cards
209 Nicolas T. Courtois 2006-2009
Security Commands
Smart Cards
210 Nicolas T. Courtois 2006-2009
Authentication
R: deny
W: deny
R: allow
W: allow
Smart Cards
211 Nicolas T. Courtois 2006-2009
Cardholder Authentication
On-card PIN/Password verification.
PIN
not encrypted except in some EMV DDA cardsnot encrypted except in some EMV DDA cardsnot encrypted except in some EMV DDA cards
Y/Nnot authenticated except in EMV DDA cardsnot authenticated except in EMV DDA cardsnot authenticated except in EMV DDA cards
Smart Cards
212 Nicolas T. Courtois 2006-2009
ISO 7816-4 Security Commands
Authentication Card Holder => Card
• VERIFY + password/CHV/PINBTW. CHV == Card Holder Verification == PIN
• Example: 00 20 00 00 04 70 61 70 61
4 bytes password = ‘papa’)
no L_e, no data in reply expected, result will be visible in two status bytes SW1SW2
must be 0INS
CLA authenticates the whole MF if b7=0, PIN stored in MF
Smart Cards
213 Nicolas T. Courtois 2006-2009
Challenge-Response a.k.a. Dynamic Authentication Card=>External World
randomB
A B
A, MACK(randomB)KK
Smart Cards
214 Nicolas T. Courtois 2006-2009
****Exists in GSM, but a non-standard dedicated command
A3 A3Ki Ki
challenge RANDSIM card
Signed RESponse (SRES)
are = ?
• RUN GSM ALGORITHMExample: A0 88 00 00 10 XX …………….XX
16 bytes random nonce
no L_e, no data in reply expected, result will be visible in the status bytes = 0x9F Le
both 0INSCLA
Smart Cards
215 Nicolas T. Courtois 2006-2009
ISO 7816-4 Security Commands
Authentication Card => Terminal
• INTERNAL AUTHENTICATE + random challenge algo nb. + key nb.– Produces a cryptogram/MAC, proves the identity of the
card.• Example: 00 88 00 00 04 A3 02 AF D1 04
crypto algo nb.
authenticates the whole MF if b7=0, key stored in MF
INS
CLA
random challenge on 4 digits
the reply should be 4 digits/bytes too
Smart Cards
216 Nicolas T. Courtois 2006-2009
ISO 7816-4 Security Commands
Challenge-Response Authentication:Terminal => Card
• GET CHALLENGE
• EXTERNAL AUTHENTICATE+ algo nb. + key nb. + cryptogram
Smart Cards
217 Nicolas T. Courtois 2006-2009
Example:
• GET CHALLENGE• Example: 00 84 00 00 10
• EXTERNAL AUTHENTICATE• Example: 00 82 00 00 04 01 02 03 04
crypto algo nb.
authenticates the whole MF if b7=0, key stored in MF
INSCLA
our cryptogram on 4 bytes
no data to recover in reply, OK/not OK seen as 2 status bytes.
LE = it expects 16 digits randomboth are 0INS
CLA
Smart Cards
218 Nicolas T. Courtois 2006-2009
Unilateral AuthenticationHistorically very popular.Examples:• password -> login
––– OK if we trust the browser + the DNS, OK if we trust the browser + the DNS, OK if we trust the browser + the DNS, ••• or a PK certificateor a PK certificateor a PK certificate---based secure tunnel is needed.based secure tunnel is needed.based secure tunnel is needed.
• SIM card -> GSM base station (fixed in 3G)• offline bank card transactions -> Point of Sale terminal
Problems: • login page spoofing etc.• false GSM base stations, • false ATMs,
Smart Cards
219 Nicolas T. Courtois 2006-2009
Uni-directional vs. Mutual Authentication
statement1,
[interactive] proof1
statement2,
[interactive] proof2
K
K
Smart Cards
220 Nicolas T. Courtois 2006-2009
Mutual Authentication in One Piece
Mutual Authentication
Smart Cards
221 Nicolas T. Courtois 2006-2009
ISO 7816-4 Security Commands
Mutual Authentication:Terminal <=> Card
The sequence:• GET CHIP NUMBER• GET CHALLENGE• MUTUAL AUTHENTICATE + params
Smart Cards
222 Nicolas T. Courtois 2006-2009
Read/Write => Secure Read/Write, CLA=04
Smart Cards
223 Nicolas T. Courtois 2006-2009
Secure Messaging
=> starting from now, all read/write commands & data are encrypted…
encrypted
[Mutual Authentication]+
Shared Key Derivation
Smart Cards
224 Nicolas T. Courtois 2006-2009
Encapsulation of ISO 7816-4 Commands
Commands and answers contain another embedded APDU command (or part of it):
• GET RESPONSE for an embedded command
• ENVELOPE – sent an encrypted APDU• Example: 00 C2 00 00 10 ……………
some data, length = 16both are 0INS
CLA
no data to recover in reply, only 2 status bytes.
Smart Cards
225 Nicolas T. Courtois 2006-2009
***Case Studies:GSM
Smart Cards
226 Nicolas T. Courtois 2006-2009
Some More GSM Commands (CLA=‘A0’)
CHV1=user PINCHV2=second PIN
Smart Cards
227 Nicolas T. Courtois 2006-2009
GSM Security
A3
Mobile Equipment
GSM OperatorAuthentication Center
A8
A5
A3
A8
A5
Ki Ki
challenge RAND
KcKc
mi Encrypted Data mi
SIM card
Signed RESponse (SRES)
SRESSRES
Fn Fnare = ?
precomputed triples:(RAND,SRES,Kc)
Base Station
Smart Cards
228 Nicolas T. Courtois 2006-2009
SIM Card Side
secret key
Triples RAND, SRES, Ki are stored in BS
Data with redundancy: terrible mistake…
data block of 114 bits.
Smart Cards
229 Nicolas T. Courtois 2006-2009
Running the Secret Algorithm (with secret key)
Both (key+algo)remain secret at all times.
Custom-made!
Smart Cards
230 Nicolas T. Courtois 2006-2009
Authentication Algorithms
Some operators used COMP128 v1, the default algorithm.• Very bad, there are several attacks
[Briceno,Goldberg,Wagner].• Some never published attacks existed only in a form of an
exe file, better than any published attack – less queries to the card!– I’ve developed such attacks myself, they were never published
(sorry…).– Gemplus patented and commercialized a strong key solution
Encryption AlgorithmsIn the phone.
Smart Cards
231 Nicolas T. Courtois 2006-2009
Embarrassing Discovery
What was discovered before [SDA-Berkeley 04/98].• Keys generated were not 64 bits.
– 10 bits fixed to 0 => 54 effective bits.
• The limitation was implemented in both AuC (authentication Centers) and in SIM cards.
• Later most operators have, by now, increased the size of their keys to 64 bits (also changing the algorithms or not). – It appears that the key is 64 bits starting from COMP 128 v3 and also
in most recent proprietary algorithms. – But one should check if they did!
Let’s do it.
Smart Cards
232 Nicolas T. Courtois 2006-2009
Embarrassing Discovery
• Keys generated by typical UK and French cards (I’ve checked many): 64 bits.
• Key in Polish Orange card: 64 bits.• All Chinese cards checked: 64 bits.
But many keys are still 54 bits: Examples I’ve seen myself:
• SIM I bought in Russia in 2007 (operator = “MTC”): • Estonian card, operator=“simpel”, 2009• Greek Vodafone SIM, 54 bits as well...
Smart Cards
233 Nicolas T. Courtois 2006-2009
Contactless Commands
Smart Cards
234 Nicolas T. Courtois 2006-2009
High-Level APDUNo difference, the reader “translates” the commands.Example: MiFare Classic access:
Smart Cards
235 Nicolas T. Courtois 2006-2009
Low-Level CommandsSent over the air.Example:nfclib+ACR122
+MiFare Classic
> 26< 0400> 9320< CA1C46D141> 9370CA1C46D141 (CRC)< 08 (CRC)> 6000(CRC)< 24D2783A> CF80E99F1AA2A1F1> …
UID
Smart Cards
236 Nicolas T. Courtois 2006-2009
**Case Studies:Oyster Card
Smart Cards
237 Nicolas T. Courtois 2006-2009
**Contact**Contact--less Authentication less Authentication -- HistoryHistory
IFF: Identify Friend or Foe (1942)
Challenge--Response
problem: relay attacksproblem: relay attacksproblem: relay attacks
Smart Cards
238 Nicolas T. Courtois 2006-2009
**Mutual Authentication + Secure Messaging
=> starting from now, all read/write commands data is sent encrypted…
tag random 32 bits
tag resp. 32 bits
encr. rdr random + rdr resp. 2x32 bits
card ID 32 bits
Smart Cards
239 Nicolas T. Courtois 2006-2009
**FactsBest Attack:
– Multiple Differential Attack by Courtois, in SECRYPT 2009.
• card-only attack, • 300 queries to the card,
– very fast!!!» but precise timing needed.
– Can be combine with Nested Authentication attack by the Dutch Nijmegen group.
Then the whole card can be cloned in 10 seconds.
Smart Cards
240 Nicolas T. Courtois 2006-2009
Smart Card O.S.
Smart Cards
241 Nicolas T. Courtois 2006-2009
Modern Multi-Application O.S.• MULTOS
– originally developed for e-purse Mondex [UK]– High level of security, EAL6 for some chips
• Open Platform – promoted by Visa et al.
• JavaCard• popular in GSM• banks never wanted 3rd party applications on their
cards… problems: branding, ownership, risks…
• Windows for Smartcards– commercial fiasco, abandoned
Smart Cards
242 Nicolas T. Courtois 2006-2009
Further Smart Card Standards
Smart Cards
243 Nicolas T. Courtois 2006-2009
ISO 7816-5Specifies AIDs (Application IDentifier)• 16 bytes (128 bits)
– [RID(5)+PIX(0..11)]– RID: Registered Application Provider– PIX: Proprietary Identifier Extension
• Can uniquely identify one smart card application. • Also used to identify files in the smart card.• Simultaneous selection of an application and of a
directory of a card.
Smart Cards
244 Nicolas T. Courtois 2006-2009
*Accessing Files and Applications by AID: SELECT FILE
As for files, applications are selected by the same method with an APDU ‘XX A4 …’ to select a file by its AID: Example:
• 00 A4 02 00 0E 31 50 41 59 2E 53 59 53 2E 44 44 46 30 31
• Response: 90 00 if all OK…
specific params.
SELECT FILE
ISO command
length + AID, "1PAY.SYS.DDF01"
Smart Cards
245 Nicolas T. Courtois 2006-2009
RID: Registered Application Provider“Administrative” method to get a RID is described in ISO 7816-
5. Not all application provider RIDs are public. Examples:• A0 00 00 00 87
– 3GPP (3G USIM application)
• A0 00 00 00 09– ETSI (e.g. GSM SIM with Java)
• RID = D2 76 00 01 24 – In OpenPGP cards.
• A0 00 00 00 03– VISA EMV international cards
• A0 00 00 00 04– MasterCard EMV cards
• Etc..
Smart Cards
246 Nicolas T. Courtois 2006-2009
Examples of a Complete AID• 31 50 41 59 2E 53 59 53 2E 44 44 46 30 31
– which is "1PAY.SYS.DDF01" en ASCII, it contains a list of AIDs of an EMV bank card
• A0 00 00 00 42 10 10– Visa Credit EMV application, France
• A0 00 00 00 03 10 10– Visa Credit EMV application, international
• A0 00 00 00 04 10 10– MasterCard EMV application, international
• A0 00 00 00 69 00 – is the French Monéo e-purse application.
printed on the ticket
Smart Cards
247 Nicolas T. Courtois 2006-2009
ISO 7816-7
• APDU for accessing a database stored on a smart card(!).
• Defines SCQL = Smart Card Query Language
Smart Cards
248 Nicolas T. Courtois 2006-2009
IS0 7816-8..10
• More inter-industry commands to manage the security environment of the card, for example during the personalization phase (before the card is issued to the user!!!)
Smart Cards
249 Nicolas T. Courtois 2006-2009
ISO 7816-12 – 12/2005
USB on smart cards!• Two versions, still evolving• Bridge the connectivity gap between PCs
and smart cards!
Smart Cards
250 Nicolas T. Courtois 2006-2009
Industrial Standards [2]:=> Crypto Standards
Smart Cards
251 Nicolas T. Courtois 2006-2009
Standards• RSA Security PKCS #11: Application Programming
Interface (API), called Cryptoki, to access devices which hold cryptographic information and perform cryptographic functions.– used e.g. in Netscape / Mozilla / cryptlib etc.
Smart Cards
252 Nicolas T. Courtois 2006-2009
Standards
• RSA Security PKCS #15: storage and management of crypto/security objects, keys and their attributes in smart cards
Smart Cards
253 Nicolas T. Courtois 2006-2009
RSA Security PKCS #15 - Examples
Smart Cards
254 Nicolas T. Courtois 2006-2009
Industrial Standards [3]:=> Applications, Protocols
Smart Cards
255 Nicolas T. Courtois 2006-2009
Standards
• PC/SC: communication between Ms Windows and smart card readers [developed in 1997]
• Microsoft Cryptographic API (CryptoAPI).– enables application developers to add cryptography and certificate management functionality to
their Win32 applications without knowing anything about the hardware configuration
Smart Cards
256 Nicolas T. Courtois 2006-2009
Smart Cards under Linux?
PC/SC works and has drivers under Linux too.
Libraries? check out • M.U.S.C.L.E. at www.linuxnet.com• OpenSC library• Etc…
Smart Cards
257 Nicolas T. Courtois 2006-2009
Standards• JavaCard [later].
– OCF [OpenCard Framework]: a Java-based set of APIs for smart cards
– JavaCard 2.2
• ISO 15408: product evaluation derived from the ‘common criteria’
Smart Cards
258 Nicolas T. Courtois 2006-2009
Banking Standards
• EMV: international bank card specs• Visa Open Platform: security management of
multi-application cards
• CEPS: Common Electronic Purse Specification
• EN 1546: Pan-European e-Purse specification (very similar)
Smart Cards
259 Nicolas T. Courtois 2006-2009
Mobile Phone Card Standards
Smart Cards
260 Nicolas T. Courtois 2006-2009
***GSM Phones Card Standards• GSM 11-11: specifies the standard SIM-ME interface• GSM 11-14: more: « SIM Application Toolkit »• GSM 03.19: API JavaCardTM for programming SIM cards• GSM 03.40: how to implement Short Message Service
(SMS) in Point to Point (PP) mode• GSM 03.48: security mechanisms for the SIM card
application toolkit
Smart Cards
261 Nicolas T. Courtois 2006-2009
***3G Phone Card Standards• TS 51.011: specifies the 3G SIM-ME interface• ETSI TS 102 221: terminal-card physical and logical
characteristics• 3GPP: 31.101 V4.0.0, 31.102 V4.0.0 (Release 99)- 3G
cards (W-CDMA)• 3GPP2-C00-1999-1206-1208: specification of RUIM
modules for CDMA 2000
Smart Cards
262 Nicolas T. Courtois 2006-2009
3G Phone Security StandardsPrinciples, objectives and requirements• TS 33.120 Security principles and objectives• TS 21.133 Security threats and requirementsArchitecture, mechanisms and crypto algorithms• TS 33.102 Security architecture• TS 33.103 Integration guidelines• TS 22.022 Personalization of mobile equipment• TS 33.105 Cryptographic algorithm requirements• TR 33.900 A guide to 3G security• TR 33.901 Criteria for cryptographic algorithm design process• TR 33.902 Formal analysis of the 3G authentication protocol• TR 33.908 General report on the design, specification and evaluation of3GPP standard confidentiality and integrity algorithms• Document 1: f8 & f9• Document 2: KASUMI• Document 3,4: test dataLawful interception• TS 33.106 Lawful interception requirements• TS 33.107 Lawful interception architecture and functions
Smart Cards
263 Nicolas T. Courtois 2006-2009
PKI / Digital Signatures – Related to EU directive
• ETSI TS 101 333: digital signature formats• ETSI TS 101 808: CA management specification• CEN/ISSS: European Directive for Digital signatures
• CWA/prEN 14890: Interface for smart cards for D.S.
Smart Cards
264 Nicolas T. Courtois 2006-2009
Transport Card StandardsTransport Card Standards
Main Standards:• Calypso
[France, Belgium]• MiFare
[UK, Holland, Poland]
• Felica [Hong Kong, Japan, India]
Smart Cards
265 Nicolas T. Courtois 2006-2009
ITSO: used MiFare .. and withdraws [2009]ITSO: used MiFare .. and withdraws [2009]UK system and specs.
Compatible with both MiFare and Calypso.
MiFare Cards in ITSO system: 9.1 million [2008].Now slowly withdrawing it:1. ITSO licensed Members shall cease to issue MiFare
Classic cards after 31st December 2009. 2. ITSO shall not support any ITSO shell issued on a Mifare
Classic card after 31st December 2016.
Smart Cards
266 Nicolas T. Courtois 2006-2009
JavaCardWrite Once, Run Anywhere™
Smart Cards
267 Nicolas T. Courtois 2006-2009
Recent History
• Oct 25, 2010 - Gemalto has filed a patent infringement lawsuit in the US against Google, HTC, Motorola, and Samsung for mechanisms implemented in the Android OS
• From press release:– “Gemalto’s patented technologies are
fundamental to running software, developed in a high level programming language such as Java®, on a resource constrained device,”
Smart Cards
268 Nicolas T. Courtois 2006-2009
Motivation• Portable code, hardware-independent• Time to market: add new applications
to the card at any moment! • Easier to develop• Open platform,
=> specs of smart card chip are usually confidential(!!)
• Third party applications => much more security needed!!!– Hide the smart card OS and resources from the developer [not
trusted]– Java language has inherently better security…
• Much of current application insecurity comes from C language [exceptions, printf, goto, buffer overflow etc..]
• Provide “built-in security” for developers• Cons: slow + expensive…
Smart Cards
269 Nicolas T. Courtois 2006-2009
History
• Java Card 1.0: Schlumberger. APIs only. • Later, Bull+Gemplus+Schlumberger formed
the Java Card Forum. • + Sun Microsystems => develop Java Card
2.0.Still a SMALL subset of JavaTM
Some 2 billion Java cards to date(mainly in GSM…)
Smart Cards
270 Nicolas T. Courtois 2006-2009
Working Principle [source: Sun website]
Smart Cards
271 Nicolas T. Courtois 2006-2009
The Java Card VM Specs
The Java Card Virtual Machine (JCVM): defines
• a subset of the Java programming language
• a Java-compatible VM for smart cards,
• binary data representations and file formats,
• the JCVM instruction set.
Smart Cards
272 Nicolas T. Courtois 2006-2009
JavaCard - Types
Types
Smart Cards
273 Nicolas T. Courtois 2006-2009
JavaCard - Limitations
Dynamic class loading, security manager (java.lang.SecurityManager), threads, object cloning, and certain aspects of package access control are not supported.
native, synchronized, transient, volatile, strictfp are not supported.
There is no support for char, double, float, and long, or for multidimensional arrays. Support for int is optional.
The Java core API classes and interfaces (java.io, java.lang, java.util) are unsupported except for Object and Throwable, and most methods of Object and Throwable are not available.
Some Exception and Error subclasses are omitted because the exceptions and errors they encapsulate cannot arise in the Java Card platform.
Language Features
Keywords
Types
Classes and Interfaces
Exceptions
Smart Cards
274 Nicolas T. Courtois 2006-2009
Card Java – Resource Constraints
A package can refer to up to 128 other packages
A fully qualified package name is limited to 255 bytes. Note that the character size depends on the character encoding.
A package can have up to 255 classes.
A class can directly or indirectly implement up to 15 interfaces.An interface can inherit from up to 14 interfaces.
A package can have up to 256 static methods if it contains applets (an applet package), or 255 if it doesn't (a library package).
A class can implement up to 128 public or protected instance methods, and up to 128 with package visibility.
Packages
Classes
Smart Cards
275 Nicolas T. Courtois 2006-2009
Java Card - Standard Libs
• JavaCard.lang• JavaCard.framework• JavaCard.security• JavaCardx.crypto
Smart Cards
276 Nicolas T. Courtois 2006-2009
Added [Java Card 2.2] = javacard.frameworkISO7816 defines constants related to ISO 7816-3 and ISO 7816-4.MultiSelectable identifies applets that can support concurrent selections. PIN represents a personal identification number used for security (authentication) purposes. Shareable identifies a shared object. Objects that must be available through the applet firewall
must implement this interface.
AID defines an ISO7816-5-conforming Application sIdentifier associated with an application provider; a mandatory attribute of an applet.
APDU defines an ISO7816-4-conforming Application Protocol Data Unit, which is the communication format used between the applet (on-card) and the host application (off-card).
Applet defines a Java Card application. All applets must extend this abstract class. JCSystem provides methods to control the applet life-cycle, resource and transaction
management, and inter-applet object sharing and object deletion.OwnerPIN is an implementation of the PIN interface.Util provides utility methods for manipulation of arrays and shorts, including arrayCompare(),
arrayCopy(), arrayCopyNonAtomic(), arrayFillNonAtomic(), getShort(), makeShort(), setShort().
Various Java Card VM exception classes are defined: APDUException, CardException, CardRuntimeException, ISOException, PINException, SystemException, TransactionException, UserException.
Interfaces
Classes
Exceptions
Smart Cards
277 Nicolas T. Courtois 2006-2009
javacard.securityGeneric base interfaces:
Key, PrivateKey, PublicKey, and SecretKey, and subinterfaces that represent various types of security keys and algorithms: AESKey, DESKey, DSAKey, DSAPrivateKey, DSAPublicKey, ECKey, ECPrivateKey, ECPublicKey, RSAPrivateCrtKey, RSAPrivateKey, RSAPublicKey
Checksum: abstract base class for CRC algorithms
KeyAgreement: base class for key-agreement algorithmsKeyBuilder: key-object factory
KeyPair: a container to hold a pair of keys, one private, one publicMessageDigest: base class for hashing algorithms RandomData: base class for random-number generatorss
Signature: base abstract class for signature algorithms
CryptoException: encryption-related exceptions such as unsupported algorithm or uninitialized key.
Interfaces
Classes
Exceptions
Smart Cards
278 Nicolas T. Courtois 2006-2009
**Crypto Algorithms in Javacard 2.2• AES: Advanced Encryption Standard (NIST FIPS-197)• SEED Algorithm Specification : KISA - Korea Information Security Agency• SHA-1 (NIST FIPS 180-1), SHA-256,SHA-384,SHA-512 (NIST FIPS 180-2)
• MD5 defined by RSA DSI in RFC 1321• RIPEMD-160 defined in ISO/IEC 10118-3:1998• DSA (NIST FIPS 186)
• DES (NIST in FIPS 46-1 and 46-2)• RSA: The Rivest, Shamir and Adleman Asymmetric Cipher algorithm• ECDSA: Elliptic Curve Digital Signature Algorithm
• ECDH: Elliptic Curve Diffie-Hellman algorithm• HMAC: Keyed-Hashing for Message Authentication (RFC-2104)
Smart Cards
279 Nicolas T. Courtois 2006-2009
javacardx.cryptoNon-standard and proprietary crypto OR crypto subject to export controls!
KeyEncryption, Cipher
Interfaces
Classes
Exceptions
Smart Cards
280 Nicolas T. Courtois 2006-2009
Java Card Runtime Environment (JCRE)The JCRE consists of the Java Card VM, the Java Card Framework and APIs, and some
extension APIs.
Smart Cards
281 Nicolas T. Courtois 2006-2009
CommunicationSpecial subset of APDUs [ISO 7816-3..4] are used.
Smart Cards
282 Nicolas T. Courtois 2006-2009
Applet IsolationJCRE can act as a firewall
Smart Cards
283 Nicolas T. Courtois 2006-2009
Applet Structure and Execution
Smart Cards
284 Nicolas T. Courtois 2006-2009
Applet Execution
• The applet is identified by a unique identifier AIM.
• The terminal selects/deselects the applet at any moment.
• The APDUs are redirected to the applet currently selected.
Smart Cards
285 Nicolas T. Courtois 2006-2009
Applet SecurityApplets [bytecode] are
• CHECKED [if they don’t spy on other applets!!]
Should be signed with a digital signature [white-list principle(Nokia), as opposed to black list (Microsoft)]
Smart Cards
286 Nicolas T. Courtois 2006-2009
Java Card 3.0.
March 2008• Multi-threading• Garbage Collector• Multi-dimensional Arrays• TCP/IP• Servlets
Smart Cards
287 Nicolas T. Courtois 2006-2009
Terminals
Smart Cards
288 Nicolas T. Courtois 2006-2009
USB
Before were on serial port…Now all USB.Since about 2000 they use the [Microsoft
compatible] standard API/interface called PC/SC.
Smart Cards
289 Nicolas T. Courtois 2006-2009
PC Card
Smart Cards
290 Nicolas T. Courtois 2006-2009
Keyboards
Cherry etc.
Smart Cards
291 Nicolas T. Courtois 2006-2009
Contact-less
Open source: Open-PCD[Germany]
Smart Cards
292 Nicolas T. Courtois 2006-2009
Banking Terminals
Smart Cards
293 Nicolas T. Courtois 2006-2009
Home Banking
Smart Cards
294 Nicolas T. Courtois 2006-2009
Contact-less Bank Cards
Very recent
Smart Cards
295 Nicolas T. Courtois 2006-2009
Biometric
Smart Cards
296 Nicolas T. Courtois 2006-2009
Futuristic
UK pilot 2008
Smart Cards
297 Nicolas T. Courtois 2006-2009
Conclusion
Smart Cards
298 Nicolas T. Courtois 2006-2009
Future:
• Cannot live without Smart Cards or some other secure portable hardware device.– Bill Gates recognized it publicly in 2005…
• PKI enabler: – fair security: e.g. everyone can verify the
authenticity of a bank transaction.– 99.9 % unused potential.
Smart Cards
299 Nicolas T. Courtois 2006-2009
Some Difficulties Worldwide
• Major concern - COST EFFECTIVENESS• Security is of public interest, conflict of
interest - some market players think about their security, not of their customers and like fraud – make profit selling insurance…
• Bad press: – Unbreakable ? Not.– But there is no better technology on this planet.
Smart Cards
300 Nicolas T. Courtois 2006-2009
**How Secure Are Smart Cards?
A necessity: there is no better technology on earth !
…Succeeding requires tamper-proof hardware. But
• no security professional will speak of tamper-proof devices, as opposed to tamper-resistant ones.
• Security is a matter of economics, and not just technology.– How much will your attacker spend to defeat your security? – Are you protecting something valuable enough that your enemy will resort to the three
B's: burglary, bribery or blackmail?
• Protecting against determined adversaries is very hard; it's rarely wise to bet your business on it.”…
[Steve Bellovin blog, 24/08/07]
Smart Cards
301 Nicolas T. Courtois 2006-2009
Future of Smart Cards• New silicon technologies – 0.065 µm SOI for more
storage and security, lower power consumption• Multithread, DMA, MMU.• New memory technologies:
– In 2005: NOR-flash – 1 Megabyte…– 1 Gigabyte in a SIM ! – with NAND-Flash. Spansion.
• On-die support for RF, TCP/IP, WiFi, Bluetooth, etc. USB full speed – Axalto product + patents– 12 Mbits/sec ! The future standard in GSM handsets?
• Enhanced security with biometrics (3 factors).• More crypto: AES, Elliptic Curves etc...