INOSSEM i nsti tut de recherche Guillaume Bouffard (SSD) - - PowerPoint PPT Presentation

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion

Vulnerability Analysis on Smart Cards using Fault Tree

Guillaume Bouffard Bhagyalekshmy N Thampi Jean-Louis Lanet

Smart Secure Devices (SSD) Team – XLIM/University of Limoges guillaume.bouffard@xlim.fr http://secinfo.msi.unilim.fr

SAFECOMP 2013

i nsti tut de recherche

INOSSEM

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 1 / 23

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion

Outline

1

Introduction Smart Card Java Card Technology Attacks on Java Card

2

Fault Tree Analysis Definition FTA for Smart Card Code Integrity

3

An API to Mitigate the Undesirable Events Principle The INOSSEM API

4

Conclusion

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 2 / 23

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion Smart Card

The Smart Card

Widely used device

◮ Credit Card; ◮ (U)SIM Card; ◮ Health Card (french Vitale card); ◮ Pay TV; ◮ . . .

This device contains sensitive data

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 3 / 23

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion Java Card Technology

Java Card based Smart Card

◮ Created by

Schlumberger in 1996.

◮ Specified by Oracle ◮ Provide a friendly

environment to develop secure Java-applications.

Applet Applet Applet Vendor and/or Industry Spe- cific Extensions Java Card Framework and APIs Java Card Virtual Machine Card Operating System Hardware

Java Card Runtime Environment

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 4 / 23

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion Java Card Technology

Java Card Security Model

Off-card Security

Java Class Files Java Card Files Byte Code Verifier Byte Code Converter Byte Code Signer

On-card Security

Java Card Files Byte Code Verifier Installed applet Firewall

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 5 / 23

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion Attacks on Java Card

Java Card Attacks

Logical attacks

◮ Execution of malicious Java

Card byte codes

Physical attacks

◮ Side Channel attacks

(timing attacks, power analysis attack, . . . );

◮ Fault attacks

(electromagnetic injection, laser beam injection, . . . )

Combined attacks

Mix of physical and logical attacks.

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 6 / 23

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion Attacks on Java Card

Example: Eman 2 attack

... Operand Stack

Unknown area

Local variables

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 7 / 23

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion Attacks on Java Card

Example: Eman 2 attack

... ToS

• param. 2
• param. 1

@method

Unknown area

Local variables

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 7 / 23

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion Attacks on Java Card

Example: Eman 2 attack

... ToS

• param. 2
• param. 1

@method

Unknown area

Local variables ... ToS

Unknown area

• param. 2
• param. 1

@method Previous Frame

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 7 / 23

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion Attacks on Java Card

Example: Eman 2 attack

✞ ☎

public void ModifyStack (byte [] apduBuffer , APDU apdu , short a) { short i=( short)0xCAFE; short j=( short) maliciousFunction (); i = j ; }

✝ ✆

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 8 / 23

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion Attacks on Java Card

Example: Eman 2 attack

✞ ☎

public void ModifyStack (byte [] apduBuffer , APDU apdu , short a) { short i=( short)0xCAFE; short j=( short) maliciousFunction (); i = j ; }

✝ ✆

invokevirtual @ModifyStack ModifyStack Method Any unchecked byte code

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 8 / 23

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion Attacks on Java Card

Example: Eman 2 attack

✞ ☎

public void ModifyStack (byte [] apduBuffer , APDU apdu , short a) { 02 // flags:0 max_stack:2 42 // nargs:4 max_locals:2 11 CAFE sspush 0xCAFE 29 04 sstore 4 18 aload_0 7B 00 getstatic_a 8B 01 invokevirtual 1 29 05 sstore 5 16 05 sload 5 29 04 sstore 4 7A return }

✝ ✆

invokevirtual @ModifyStack ModifyStack Method Any unchecked byte code

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 8 / 23

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion Attacks on Java Card

Example: Eman 2 attack

✞ ☎

public void ModifyStack (byte [] apduBuffer , APDU apdu , short a) { 02 // flags:0 max_stack:2 42 // nargs:4 max_locals:2 11 CAFE sspush 0xCAFE 29 04 sstore 4 18 aload_0 7B 00 getstatic_a 8B 01 invokevirtual 1 29 05 sstore 5 16 05 sload 5 29 07 sstore 7 7A return }

✝ ✆

The Return Address of the current function is changed! invokevirtual @ModifyStack ModifyStack Method Any unchecked byte code

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 8 / 23

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion Attacks on Java Card

Example: Eman 2 attack – Countermeasure

Security Requirements

◮ Embed a Byte Code Verifier (BCV); ◮ Check the number of locals; ◮ Check the frame integrity;

Proposed Countermeasure: the linked-frame

◮ The memory area is non-contiguous ◮ The top of stack should be copied

Applet Frame Method Frame 1 Method Frame 2

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 9 / 23

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion Attacks on Java Card

Problematic

Inductive Approach

◮ 1 attack = 1 countermeasure ◮ bottom-up solution

Our Requirements

◮ A top-down analytic solution; ◮ Definition of each undesirable events;

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 10 / 23

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion Definition

The Fault Tree Analysis (FTA)

Effect Cause 1 Cause 2

• r

◮ Undesirable event; ◮ Initial causes; ◮ Gate Connector.

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 11 / 23

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion Definition

The Fault Tree Analysis (FTA)

Effect Cause 1 Cause 2

• r

◮ Undesirable event; ◮ Initial causes; ◮ Gate Connector.

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 11 / 23

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion Definition

The Fault Tree Analysis (FTA)

Effect Cause 1 Cause 2

• r

◮ Undesirable event; ◮ Initial causes; ◮ Gate Connector.

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 11 / 23

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion Definition

The Fault Tree Analysis (FTA)

Effect Cause 1 Cause 2

• r

◮ Undesirable event; ◮ Initial causes; ◮ Gate Connector.

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 11 / 23

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion Definition

FTA for Eman 2 attack

Access to the frame content CAP file Modification Ill-formed applet execution is allowed No frame integrity No runtime locals check No BCV

and and Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 12 / 23

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion FTA for Smart Card

Smart Card’s Assets

Undesirable events can affect:

◮ Code integrity; ◮ Data integrity; ◮ Code confidentiality; ◮ Data confidentiality;

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 13 / 23

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion FTA for Smart Card

Smart Card’s Assets

Undesirable events can affect:

◮ Code integrity; ◮ Data integrity; ◮ Code confidentiality; ◮ Data confidentiality;

An attack offers the execution of a malicious byte code.

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 13 / 23

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion Code Integrity

How to break the Java Card Code Integrity?

Perturbation of the Code Integrity Existing code modification Type Confusion Exception mechanism Condition branch Code desyn- chronization Execution of new arbitrary code Byte Code Modifi- cation Extended branch Frame corruption

• r
• r
• r

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 14 / 23

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion Code Integrity

Code Integrity Tree

Code Integrity Java Card Countermeasures Java Card Attacks Existing code modification Type Confusion Prevent checkcast instruc- tion [BTG10] Shareable Interface Attack [HP04] no RTC Exception mechanism Tampering the Exception Mech- anism [BHD12] no RTC Condition branch Eman 4 Attack [BLIC11] no RTC Code desyn- chronization Hiding a fault enabled virus in a smart card [RBL12] no FI no RTC Execution of new arbitrary code Byte Code modification Eman 1 Attack [ICL10] Abuse the Java Card Linker [HBL+12] no FI no BCV no RTC Extended branch Eman 4 Attack [BLIC11] no RTC Frame corruption Eman 2 Attack [BLIC11] No BCV No Run- time Check No Frame Integrity

• r
• r
• r

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 15 / 23

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion Code Integrity

Code Integrity Tree

Code Integrity Java Card Countermeasures Java Card Attacks Existing code modification Type Confusion Prevent checkcast instruc- tion [BTG10] Shareable Interface Attack [HP04] no RTC Exception mechanism Tampering the Exception Mech- anism [BHD12] no RTC Condition branch Eman 4 Attack [BLIC11] no RTC Code desyn- chronization Hiding a fault enabled virus in a smart card [RBL12] no FI no RTC Execution of new arbitrary code Byte Code modification Eman 1 Attack [ICL10] Abuse the Java Card Linker [HBL+12] no FI no BCV no RTC Extended branch Eman 4 Attack [BLIC11] no RTC Frame corruption Eman 2 Attack [BLIC11] No BCV No Run- time Check No Frame Integrity

• r
• r
• r

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 15 / 23

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion Code Integrity

Code Integrity Tree

Execution of new arbitrary code Byte Code modification Eman 1 Attack [ICL10] Abuse the Java Card Linker [HBL+12] no FI no BCV no RTC Extended branch Eman 4 Attack [BLIC11] no RTC Frame corruption Eman 2 Attack [BLIC11] No BCV No Run- time Check No Frame Integrity

and and

• r
• r

and

no FI no RTC no BCV

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 16 / 23

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion Code Integrity

New Undesirable Events detected

Laser beam injection effects

◮ Precise byte errors into the

memory;

◮ Perturb the runtime

execution.

Laser beam injection issues

◮ Modification of the returned

value;

◮ Bypass a method calls; ◮ Modify the data’s address.

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 17 / 23

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion Principle

Principle

Countermeasures should be implemented in the:

◮ application level; ◮ Java Card Virtual Machine level.

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 18 / 23

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion Principle

Principle

Countermeasures should be implemented in the:

◮ application level; ◮ Java Card Virtual Machine level.

Advantages

◮ Implementation of several

checks;

◮ The developer knows the

assets to protect.

Drawbacks

◮ Code redundancy; ◮ Increase the program’s size.

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 18 / 23

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion Principle

Principle

Countermeasures should be implemented in the:

◮ application level; ◮ Java Card Virtual Machine level.

Advantages

◮ Low level system countermeasures; ◮ Stored in ROM module.

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 18 / 23

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion The INOSSEM API

INOSSEM API

“The aim [of the INOSSEM project] is to provide security interoperability between smart card manufacturers.”

INOSSEM

The INOSSEM API defines functions to protect:

◮ Code Integrity; ◮ Frame Integrity; ◮ Data Integrity.

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 19 / 23

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion The INOSSEM API

Frame Integrity Protection

✞ ☎

// initialize the signature object with the first parameter paramChkInstance .init(firstParam); // update signature buffer paramChkInstance .update(secondParam); // sign parameters short paramChk = paramChkInstance .doFinal(userPIN); // invoke the sensitive method sensitiveMeth (firstParam , secondParam , userPIN , paramChk);

✝ ✆

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 20 / 23

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion The INOSSEM API

JPC Protection

The Java Program Counter (JPC) can be corrupted by a laser beam injection.

✞ ☎

private void debit(APDU apdu) { // transition to a new state this.setState( CRITICAL_SECTION ); if (!pin.isValidated ()) {

• this. endStateMachine

( PIN_VERIFICATION_REQUIRED_STATE ); ISOException .throwIt ( SW_PIN_VERIFICATION_REQUIRED );}

✝ ✆

debit function called CRITICAL SECTION pin.isValidated() No Exception Yes CRITICAL SECTION end

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 21 / 23

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion

Conclusion

◮ FTA can be used for safety and smart card vulnerabilities

analysis;

◮ New undesirable events were found; ◮ Detected undesirable events are prevented by the INOSSEM

API;

◮ Next step: quantify the attacker’s power

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 22 / 23

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion

Thank you for your attention! Do you have any questions?

?

guillaume.bouffard@xlim.fr http://secinfo.msi.unilim.fr

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 23 / 23

References I

Guillaume Barbu, Philippe Hoogvorst, and Guillaume Duc. Tampering with Java Card Exceptions - The Exception Proves the Rule. In Pierangela Samarati, Wenjing Lou, and Jianying Zhou, editors, SECRYPT, pages 55–63. SciTePress, 2012. Guillaume Bouffard, Jean-Louis Lanet, and Julien Iguchy-Cartigny. Combined Software and Hardware Attacks on the Java Card Control Flow. In Smart Card Research and Advanced Applications, volume 7079 of Lecture Notes in Computer Science, pages 283–296, Berlin / Heidelberg, 2011. Springer.

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 1 / 4

References II

Guillaume Barbu, Hugues Thiebeauld, and Vincent Guerin. Attacks on Java Card 3.0 Combining Fault and Logical Attacks. In Dieter Gollmann, Jean-Louis Lanet, and Julien Iguchi-Cartigny, editors, CARDIS, volume 6035 of Lecture Notes in Computer Science, pages 148–163. Springer, 2010. Samiya Hamadouche, Guillaume Bouffard, Jean-Louis Lanet, Bruno Dorsemaine, Bastien Nouhant, Alexandre Magloire, and Arnaud Reygnaud. Subverting Byte Code Linker service to characterize Java Card API. In Seventh Conference on Network and Information Systems Security (SAR-SSI), pages 75–81, May 22rd to 25th 2012.

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 2 / 4

References III

Engelbert Hubbers and Erik Poll. Transactions and non-atomic API methods in Java Card: specification ambiguity and strange implementation behaviours. Technical Report NIII-R0438, Radboud University Nijmegen, 2004. Julien Iguchi-Cartigny and Jean-Louis Lanet. Developing a trojan applets in a smart card. Journal in Computer Virology, 6(4):343–351, 2010.

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 3 / 4

References IV

Tiana Razafindralambo, Guillaume Bouffard, and Jean-Louis Lanet. A Friendly Framework for Hidding fault enabled virus for Java Based Smartcard. In Nora Cuppens-Boulahia, Fr´ ed´ eric Cuppens, and Joaqu´ ın Garc´ ıa-Alfaro, editors, DBSec, volume 7371 of Lecture Notes in Computer Science, pages 122–128. Springer, 2012.

Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards SAFECOMP 2013 4 / 4