ISG Seminar Agenda for Lecture 3 rd November 2011 Evolution of - - PowerPoint PPT Presentation

isg seminar agenda for lecture
SMART_READER_LITE
LIVE PREVIEW

ISG Seminar Agenda for Lecture 3 rd November 2011 Evolution of - - PowerPoint PPT Presentation

Mar 08, 2023 460 likes •550 views

ISG Seminar Agenda for Lecture 3 rd November 2011 Evolution of smart cards/RFIDs From Smart Cards to NFC Smart Phone Attacks/countermeasures Security Near Field Communication (NFC) Keith Mayes NFC Security Elements

slide-1
SLIDE 1

1

1

ISG Seminar

3rd November 2011 From Smart Cards to NFC Smart Phone Security

Keith Mayes ISG Smart Card Centre (SCC)

www.scc.rhul.ac.uk www.isg.rhul.ac.uk keith.mayes@rhul.ac.uk

2

Agenda for Lecture

  • Evolution of smart cards/RFIDs
  • Attacks/countermeasures
  • Near Field Communication (NFC)
  • NFC Security Elements
  • Misuse of NFC devices as attack platforms
  • Other worries about phone platforms

Smart Cards with Contacts

[Gemplus Images] Chip module interface via metal contacts Card reader makes physical contact

Contact-less Smart Cards

Chip module interface via antenna Reader uses RF field

slide-2
SLIDE 2

2

5

Smart Card/RFID Trade-offs

6

RFID Tags - Passive/Active

  • There are many different

contact-less tag/device formats

  • The main classes are passive

and active (powered) 7

At a store near you… Near Field Communication

  • The latest standards for mobile

phones support Near Field Communications (NFC)

  • NFC is a equivalent to a

contact-less interface for the phone

  • The phone can behave as a

smart card or token

  • The phone can behave as the

reader

  • (Standards from

− www.nfc-forum.org)

8

Recap: Normally Smart Cards as Personalised Devices that Resist Attack

  • When we are dealing with deployed/accessible devices we are

not only concerned about attacks against the theoretical design

  • f the security protection, but also its implementation and

associated policies.

  • Attacks can be classed under generic headings.

− Logical. − Physical/Fault. − Timing/Side-Channel.

  • Attacks that target the implementation are often referred to as

“tampering”.

  • Specialist devices including Hardware Security Modules

(HSM), Security Elements (SE), Mobile Smart cards (SIM), trusted Platform Modules (TPM) are designed to be strongly tamper-resistant.

slide-3
SLIDE 3

3

9

Hacking a popular “sport”

  • Wikipedia on the popular Hacking at Random Conference

− “Hacking at Random was an outdoor hacker conference that took place in The Netherlands in August 2009. …This conference was the most recent event in a sequence …. Galactic Hacker Party in 1989, followed by Hacking at the End of the Universe in 1993, Hacking In Progress in 1997, Hackers At Large in 2001, and What the Hack in 2005….

  • A small selection of seminars from HAR 2009….

− RFID sniffer workshop: Assemble your own RFID sniffer and find RFID tags in your wallet − Cracking A5 GSM encryption − Lock picking − Sniffing cable modems − Side channel analysis and fault injection − Rootkits are awesome. Insider Threat for Fun and Profit − Wikileaks. History is the only guidebook civilization has, but who's the publisher?

10

10

Hacking RFID a popular pastime….

11

Physical Attack Countermeasures

  • In hardware security modules these are at

chip level and include

− Physical barriers − Active shields − Circuit scrambling − Encrypted busses − Encrypted memories − Environment/fault sensors

Source Gemalto

  • In mobile equipment you have to consider

protecting/obscuring sensitive chips and interfaces

− Making things hard to get at is better than nothing − Try to impede the replacement of critical chips

12

Timing/Side Channel Attack

  • Side channel attacks exploit “leakage” from sensitive operations.
  • The principle is simple;

− An electronic circuit is made up of gates/transistors − Switching between logic levels causes a slight variation in power consumption and a small RF emission

  • The attacker captures these variations and processes them in order

to extract secret/sensitive information

  • The equipment needed is relatively low cost/available and the

processing techniques are well published

  • The attack is effective against unprotected hardware and will

extract keys from good “logical” algorithms such as DES/AES etc.

slide-4
SLIDE 4

4

13

NFC Modes

  • Basically NFC ‘modem’ with three modes

− Reader-Token Communication − Token-Reader Communication − Peer-to-Peer

  • <<DEMOs>>

All very exciting …..but…… considerable concerns remain about NFC security

RIM2011

14

The NFC Secure Element

  • Starting position: “Mobile handset is not a

trusted platform”.

  • Need additional trusted security component.

− Most well known example is the UICC.

  • SE is security core of NFC applications.

− Tamper resistance - secure storage and management

  • f applications and keys.

− Security mechanisms, e.g. encryption of communication channel.

  • SE facilitates two key services.

− Secure execution of sensitive applications and their data. − Secure management of applications.

  • Multiple form factors!

RIM2011

15

Example of a Secure Element

  • NXP SmartMX Secure Microcontroller Family

– Dual interface smart cards – Embedded form factors

  • NXP SmartMX2 newest addition

– Processing – 8,16,24,32 bit instruction set – Memory - up to 384KB ROM, 8.125 KB RAM, 144 KB EEPROM and 400 KB Flash – Security

Common Criteria – targeting EAL6+ Crypto library and co-processors (AES/DES/ECC/RSA)

– Software platform

JCOP (Java Card)

– Application management

Global Platform

NXP2011

16

Embedded SE

  • SE is embedded in handset

− Smartcard in IC form factor − Works when phone off

  • No distinct ‘owner’

− Development opportunities − Potential trust and ownership issues − Secure personalisation important

NXP2011 iFitIt Teardown 2011

slide-5
SLIDE 5

5

17

SIM/USIM as SE

  • The existing SIM/USIM is the SE.

− No extra hardware. − SIM stable technology. − Handset needs to support Single Wire Protocol (SWP).

  • Owned by the MNO.

− 3rd party application access?

  • Variations.

− DIF-SIM: All functionality on SIM with antenna in phone. − SIM-Flex: All functionality on SIM with attached antenna

NXP2011 Gemalto 2011

18

microSD SE

  • SE added in SD memory slot

− No NFC capability required in handset − Can add to any handset with slot − Off when phone is off

  • Flexibly ownership

− 3rd party owner – open for development − SE tied to specific owner/application

  • Variations

− Some units only readers or only tokens − Secure storage and execution

  • NFC module in handset

− Integrated unit

  • NFC communication capability
  • Antenna included

NXP2011 SDID2011

19

19

Security Domains and Keys

  • Global Platform application management is

based on Security Domains (SD)

  • Multiple SDs can be created on a SE and

associated with Service Providers (SP)

  • An SP can only access manage applications

housed within its own SD.

  • Example of Delegated Mode with UICC as SE

shown on right….

  • An Issuer Security Domain for MNO

services, and multiple Supplementary Security Domains (SSD) for other services

  • OTA keys are used to gain access to the SE
  • SSD keys are used to gain access to each of

the service domains ….Nice idea at least!….

SmartTrust2011

20

Clones/Emulators

  • Products/applications tied to

specific UID not easily transferable to other token

  • Emulator can masquerade as any

token if data and/or key material can be obtained

  • A number of devices have been

demonstrated (available publicly) for LF, HF and UHF

Credit: TU Graz, OpenPICC, Intel, Radboud University

slide-6
SLIDE 6

6

21

Passive Relay

[G.P. Hancke, K. Mayes and K.Markantonakis. "Confidence in Smart Token Proximity: Relay Attacks Revisited", Elsevier Computers & Security, June 2009.] 22

A Hack a day keeps boredom away?

  • Hackers/enthusiasts are

very active and co-

  • perative via forums

and web sites.

  • The examples here were

found on the Hack-a- Day website.

  • Smart Phones are

becoming top targets!

23

Phone Platform Risks

  • As sophistication of phones grow, they become vulnerable

to all the security perils of PCs

− Rootkits, viruses, malware, trojans, keyloggers..etc..

  • Phone architectures are complex and various components

are “bolted” together.

  • Phones are available from many sources, get unlocked, re-

flashed, upgraded and cheap clone/copies are in use - so what software is actually running?

  • If your security protection relies on a software only

solution you are at risk.

− Hardware security provides a reliable anchor point for security.

  • Phone platform security protection is often proprietary and

not disclosed for verification….

24

NFC device as an attack platform!

  • Attacks currently use a lot of custom built kit.
  • Hence, the interest in NFC devices as attack platforms!

− Skimming - reading genuine cards. − Clone card emulation.

  • An open development platform.
  • Anyone can write phone reader applications.
  • Embedded secure elements are unlockable.
  • Existing APIs and developer environments.
  • Multiple communications links.
  • A software downloaded attack application could spread

very fast!

slide-7
SLIDE 7

7

25

Payment card ‘cloning’ via NFC

  • First generation contactless cards had

rudimentary security

− Card authentication with static data

  • Develop a Skimming Tool

− MIDlet on NFC phone reads card data. − No code signing required.

  • ‘Cloning’ the card.

− Unlock SE. − Load Java card applet with payment AID.

  • Worked on POS system in lab

[ L. Francis,G. Hancke, K. Mayes, and K. Markantonakis, Potential misuse of NFC enabled mobile phones with embedded security elements as contactless attack platforms," Proceedings of The First International Workshop on RFID Security and Cryptography, (RISC 2009), UK] 26

Proof-of-Concept NFC Relay Experiment

  • Two NFC enabled mobile phones operating in P2P

mode and participating in a legitimate transaction.

− Phone-A intends to interact with Phone-B. − Introduce two additional proxy phones (Proxy-A and Proxy-B) to relay the communication.

[ L. Francis, G. Hancke, K. Mayes, and K. Markantonakis, "Practical NFC Peer- to-Peer Relay Attack using Mobile Phones". 6th Workshop on RFID Security (RFIDSec 2010), June 7 - 9, 2010, Istanbul, Turkey]. 27

Trusted NFC Phone platform?

Security Applications go here… Malware goes here!

Image from Vikas Rajole MSc report 2011

'Safebot' malware running as 'root' user

28

Conclusion/Comments

  • Smart Cards have been evolving and changing from cards with

contacts to contactless cards and RFIDs.

  • The need for attack resistant hardware remains as cards/RFIDs

are targeted by organised hacker/enthusiast communities.

  • Near Field Communications offers possibility of using the mobile

phone instead of smartcards/RFIDs or their readers.

  • Security concerns around NFC have let to the definition of

Security Elements, but several competing options.

  • NFC reader mode does not use the SE and so applications are at

risk from phone vulnerabilities.

  • Phone architectures are complex and there are published attacks.
  • NFC phones are attracting interest as convenient attack platforms!
slide-8
SLIDE 8

8

29

Thank you for your attention… Questions ?