10/02/2015. Introduction PROTOCOL EXAMPLES. e-passport. e-passports contain an RFID tag.

Transcription

1 Introduction PROTOCOL EXAMPLES Tom Chothia Intro. To Comp. Sec. This talk gives some example of protocol attacks from my research, and a research group in Cambridge. E-passports (me & Smirnov) Contactless EMV cards (me & Flavio & others) Chip and PIN cards (Cambridge). The content of this lecture will not be on the exam but it will help you understand the last lecture and the next (which might be) e-passport e-passports contain an RFID tag. It stores picture, personal details, and in some cases fingerprints. Believed to be readable from up to 50cm, can be eavesdropped on from greater distance. Read access is protected with a key based on the DoB, DoI and passport number. 1

2 7 8 Data on the Passport DG1: Machine readable info. DG2: Picture DG3: Fingerprints ( seen on German ) DG4: Iris Scans (not seen) DG7: Signature (not seen) DG11+12: Optional (height&home address on FR) DG14: Extended Access Control Options DG15: Active Authentication public key DG16: Emergency Contact Basic Access Control This protocol is run first and establishes a session key. Goal: stop skimming and eavesdropping. Only allows access to a reader that knows the date of birth, data of expiry and number of the passport. 9 Basic Access Control DoB,DoE,# reader generates Km Ke 1 Reader Passport : GET CHALLENGE 2 Passport Reader : N P 3 Reader Passport : {N R, K R, 4 Passport Reader : {N P,N R, K P, MAC Km, K R ) MAC Km ({N P,N R, K P ) 10 Traceability Portability devices lead to new kinds of attacks. If a secure device you carry with you can be identified then it can be used to trace you. A traceability attack is one where the attack can link two runs of the same device. Session key based on K P xor K R Error Messages For a complete model we must also include the error messages from the passport. Each country has a different implementation of the passport. We use the French passport as an example. Basic Access Control Reader Passport Pick N P N P Pick N R --- {N R,MAC(X) Check MAC, Check Fails

3 14 Basic Access Control Reader Passport Pick N P N P Pick N R --- {N R,X,MAC Km,X ) Check MAC, Nonce Check Failed 6A80 -- Attack Part 1 Attacker eavesdrops on Alice using her passport Reader Alice Pick random N P N P Pick random N R --- M = {N R,MAC KAm ) Attack records message M. 15 Attack Part 2 Attacker???? Pick random N P N P2 --- {N R,MAC KAm ) MAC check fails 6300 It's the same passport as before. 16 Attack Part 2 Attacker???? Pick random N P N P2 --- {N R,MAC KAm ) MAC passess, nonce fails 6A80 It's the same passport as before. 17 A Time-Based Attack? UK,German, Russian, Irish passport return error 6900 in both situation. 18 The failed MAC is rejected sooner, UK passport Our analyses shows this to be untraceable. But what about a timing attack? 3

4 19 Visa s Protocols Shop SELECT 2PAY.SYS.DDF01 AIDs of all payment apps. SELECT Visa app ID PDOL Card PDOL = Processing Options Data Object List list of data the reader must provide to the card. PDOL 9F38189F66049F02069F03069F1A F2A029A039C019F 37045F2D02656E9000 which parses as: 9F38 len:18 Processing Options Data Object List (PDOL) 9F66 len:04 Card Production Life Cycle 9F02 len:06 Amount, Authorised (Numeric) 9F03 len:06 Amount, Other (Numeric) 9F1A len:02 Terminal Country Code 95 len:05 Terminal Verification Results 5F2A len:02 Transaction Currency Code 9A len:03 Transaction Date 9C len:01 Transaction Type 9F37 len:04 Unpredictable Number Visa s Protocols Visa s Protocols Shop Card Shop Card GPO (amount, currency, UN,... ) READ RECORD ATC,AC, SDAD, PAN Generate nonce: Nc Session key based on ATC: Ks=Enc Kbank (ATC) AC=MAC Ks (amount,currency,un,..) SDAD=Sign(amount,currency,UN,Nc..) Certs READ RECORDS Data printed on card, Nc Shop reader then checks the signature on the SDAD data. If this is correct it shop reader accepts the payment and sends the AC to the bank. The bank checks the AC and transfers the money. 4

5 Visa s PayWave Mastercard s PayPass Traffic: Stopping Relays: Idea 1 Reader: 00A404000E E E Tag: 6F378407A A52C500A F38189F66049F02069F03069F1A F2A029A039C019F37045F2D026 56E9000 Reader80A F Tag7781C29F4B81804D8EC3F85EB28D9C8828E2238BFE8F922F89D08DE DA061DE7270CF6EB015109D58DC58B34706CED0BFA24A28ED3E6AE0B D34199B0A3BD F639F65203C84EEE7BC60B4D14F649E67C62162CAF5 3045E8D5A2A99E A28DF24941C6AF486FEEBA0A8C6DB EFF87 FFF9984C9DECDFDCE6728DB F A0A D F F F E6BD F6C Relaying all messages takes over a second. The spec. says that the transaction should complete in under 500ms. Can we stop relay attacks by adding a time out to the reader? Related question: can we make the relay faster? A Fast Relay Shop Phone1 Phone2 Card Shop Phone1 Phone2 Card SELECTS SELECT AIDs SELECT AID SELECT AIDs PDOL AIDs GPO GPO UN, amount GPO ATC,AC, SDAD, PAN ATC,AC, SDAD, PAN AC, SDAD ATC,AC,SDAD,PAN READ READ1 READ2 RECORDS Static data READ2 Nc SSAD,Nc SSAD,Nc 5

6 Relay timing We measured the exact transaction times for a number of cards. Fastest 330ms Slowest 637ms Fastest relayed transaction: 485ms Placement of card can have an affect > 80ms for longest messages. ABN Amro (Dutch) Time for card to complete a purchase: 637ms Time for relay to complete a purchase:627ms. Stopping Relays: Idea 2 Why not just time-bound the important crypto message? GPO for Visa s paywave GENERATE AC for Mastercard s PayPass Problem: these are the steps that require the cards to do crypto, which shows more variance than any other messages. Fastest paywave GPO: 105ms Slowest paywave GPO: 364ms We were able to relay the fastest response in 208ms. Key Observation Protocol The non-crypto messages are predictable and therefore can be time bound. PayWave But in the current protocols all none crypto messages can be cached. We tweak the protocol, so there is a non-crypto message that can be time-bound. Pay Wave PayPass Pay Wave PaySafe 6

7 PaySafe Timing Time for cards to respond to a message of this length = 28 to 36ms. Pay Wave PaySafe Time to relay a message of this length: 100ms So the reader will time out after 80ms. No phone or USB reader will be able to relay this message. Faster purpose build hardware costs tens of thousands of pounds. Chip & PIN (contact) protocol 7

8 ATM protocol Investigating the ATM machines They found that many ATM just a counter, or weak random number as the nonce. ATM protocol Attack Attacker must run a shop with a card reader. Attacker goes to an ATM and records the nonce. Victim goes into Attackers shop and buys something. Attacker s card reader requests lots of cryptograms from the victim s card using the nonces that the ATM machine will use. Attacker goes to the ATM and replays the cryptogram. Attacker gets cash from victims account. Cambridge group claims this has really happened. Conclusion Almost everything we do electronically relies on a protocol. Many of these protocols are flawed Either by design Or by implementation. Careful & formal analysis can find these errors, which can be exploited in real life. 8