Token, Transponder und RFID-Tags Angriffe auf elektronische Zugangskontrollsysteme

Transcription

1 Berlin, 8. November 2016 Forum Modernes Zutritts- und Berechtigungsmanagement Token, Transponder und RFID-Tags Angriffe auf elektronische Zugangskontrollsysteme Timo Kasper Kasper & Oswald GmbH, Bochum, Germany

2 Dr.-Ing. Timo Kasper Dr.-Ing. David Oswald Core Competence: Embedded Security Research, Analysis, Development, Consulting, Training Many years of Research and Development experience 3

3 Embedded Devices in the Internet of Things NFC 5

4 Introduction to (Symmetric) Cryptography plaintext Simedia plaintext Simedia Alice Cipher Secret Key G3H31M Cipher Bob ciphertext ciphertext Internet Oscar 6

5 The core of (IT-)Security Security Design Report flaws Improve Analysis 8

6 Implementation Attacks on Embedded Devices Fault Injection, Reverse Engineering Side-Channel Analysis 11

7 Remote Keyless Entry (1) Uni-directional First systems: Fixed code 123xbhdsgf 123xbhdsgf 123xbhdsgf 20

8 Remote Keyless Entry (2) Uni-directional with Crypto Industry reacts: Rolling code Option 2: Attack crypto Cipher Option 1: Attack key management encrypt(124) encrypt(125) BUT there are attacks... 23

9 KeeLoq (Crypto 2008)

10 Principle of Side-Channel Analysis (here: listen to Sound) A Bank Robbery 25

11 Principle of Side-Channel Analysis The world is changing 26

12 Principle of Side-Channel Analysis (Monitor the power consumption / run-time) The world is changing the tools are, too. 27

13 Applied Side-Channel Analysis (Power) Attack target (2008): KeeLoq remote controls very widespread in cars and garages (world-wide)? Secret Key 64 Counter 32 Encryption (KeeLoq) 32 Dynamic Code secret cryptographic key of remote control! 32

14 Side-Channel Analysis of KeeLoq: Management Summary Power-analysis attack (with physical access): clone a remote control from 10 power measurements obtain Manufacturer Key from 1 power measurement Flaw of KeeLoq system: Key derivation from Manufacturer Key k M k remote_control = f(#ser, k M ) k M used in every receiver of manufacturer M Single point-of-failure 33

15 Flavio Garcia, David Oswald, Timo Kasper, Pierre Pavlidès University of Birmingham / Kasper & Oswald GmbH 36

16 Automotive RKE (Usenix 2016)

17 VW Group: Affected Vehicles Audi: A1, Q3, R8, S3, TT, other types of Audi cars (e.g. remote control 4D ) VW: Amarok, (New) Beetle, Bora, Caddy, Crafter, e-up, Eos, Fox, Golf 4, Golf 5, Golf 6, Golf Plus, Jetta, Lupo, Passat, Polo, T4, T5, Scirocco, Sharan, Tiguan, Touran, Up Seat: Alhambra, Altea, Arosa, Cordoba, Ibiza, Leon, MII, Toledo S koda: City Go, Roomster, Fabia 1, Fabia 2, Octavia, Superb, Yeti In summary: probably most VW group vehicles between 1995 and today not using Golf 7 (MQB) platform 44

18 Hitag2 RKE Attack Demo 45 45

19 Vehicles we tested using Hitag2 RKE Opel Astra H 2008 Opel Corsa D 2009 Fiat Grande Punto

20 Management Summary VW Group: secure crypto secure system extract a few worldwide keys instantly copy a remote control from 1 signal RF attack highly practical and scalable Hitag2: diversified keys but bad crypto eavesdrop 4 to 8 signals (key presses) copy remote control with some computations Poor crypto is bad, but poor key management is worse. 47

21 Embedded Devices in the Internet of Things NFC 49

22 Authentication with Login Tokens Past: One factor: Password/PIN Today: Two factors: Password/PIN and an additional token: 50

23 51

24 Yubikey 2: Overview Simulates USB keyboard Generates and enters One-Time Password (OTP) on button press Based on AES w/ 128-bit key 52

25 Yubikey OTP Generation... dhbgnhfhjcrl rgukndgttlehvhetuunugglkfetdegjd dhbgnhfhjcrl trjddibkbugfhnevdebrddvhhhlluhgh dhbgnhfhjcrl judbdifkcchgjkitgvgvvbinebdigdfd... AES encrypted = secure?! 53

26 Side-Channel Analysis of Yubikey2: Management Summary 128-bit AES key of the Yubikey 2 can be recovered (700 EM measurements = 1 hour physical access) Attacker can compute OTPs w/o Yubikey Impersonate user: Username and password still needed 54

27 Countermeasures Side-channel attacks are a threat in practice FW version 2.4 for Yubikey 2 comes with countermeasures Newly produced Yubikeys are more secure Report flaws Improve 55

28 Remote Keyless Entry (3) Bi-Directional: Challenge-Response C i challenge e k (C i ) = R i response 1. computes: R i = e k (C i )? 2. verifies: R i = R i can be extended for mutual authentication challenge must be random and big enough 57

29 Embedded Devices in the Internet of Things NFC 58

30 Contactless Smartcards / RFID ISO / ISO MHz Used in access control systems electronic passports payment systems ticketing / public transport Near Field Communication (NFC) One insecure example: Mifare Classic 59

31 KeeLoq (Crypto 2008)

32 Analysis of the ID-Card 1/2 Extracting Keys test our key-recovery on ID-Card extraction of all secret keys another ID-Card contains the same keys a third ID-Card contains the same keys... surprising discovery: All ID-Cards have identical keys! 61 61

33 A Practical Threat: Denial of Service disguised reader, e.g., near a waiting line at the cash desk Evil attacker: sets credit of any card in its proximity to 0 (in 40 ms) Nice attacker : charges cards of victims 64

34 My favourite Attack: Converting Bits to Cash anonymous get anonymous ID-Card (10 deposit) modify credit balance return card at cash desk deposit and up to 150 paid out in cash! 65

35 Analysis of a Contactless Payment System 5 years after the Attack. new issued cards are Mifare DESfire (EV1) old Mifare Classic cards are still working improved backend: shadow accounts are used ( and still manually checked ) Report flaws Improve 66

36 A Versatile NFC Emulator and more

37 2006: Kaffeetassen Transponder (Coffee Cup Tag) 69

38 Fake Tag 72

39 The Primal- (2011) A Versatile Emulator for Contactless Smartcards Atmel ATXmega32 Mifare Classic: Crypto1 stream cipher Mifare DESFire MF3ICD40: Auth. with (3)DES Mifare DESFire EV1: Auth. with AES-128, (3)DES and other ISO14443 / ISO15693 cards 75

40 Rev.D 76

41 Rev.D 79

42 Rev.E 8 card slots Breakable antenna Improved USB command set Widespread open source project: 80

43 Rev.E is not enough: Upgrade MCU and FRAM Rev. F 89

44 Crowdfunding via Kickstarter, Day 45 Project successfully funded. 91

45 Crowdfunding via Kickstarter. 6 months later: Production finished. 92

46 Rev.G (Basic) RFID Reader ATXMega128 + FRAM Li-Ion Battery ISO 14443/ ISO Sniffing Log Mode 94

47 Rev.G Log Mode / Sniffing Emulation: Log reader and Chameleon data Sniffing: Chameleon is invisible during recording Precise time stamps Live logging 95

48 Card Emulator open source project: Source Code/Firmware and Hardware Layout of Rev.G Now online! 97

49 Creative Usage of (Florian RUB) 98

50 Long Range Contactless Card 99

51 A Useful Book Reading Range: more than 70 cm 100

52 Chameleon and the Magic Dragon PUFF! CHES 2015 paper: The Gap Between Promise and Reality: On the Insecurity of XOR Arbiter PUFs (Georg T. Becker) Chameleon clones a PUF (Physically Unclonable Function) 101

53 Embedded Devices in the Internet of Things NFC 105

54 Case Study: An Electronic Locking System (CRYPTO 2013)

55 Electronic Locking System with Bi-Directional Authentication Scheme Token Lock 111

56 Electronic Locking System with Bi-Directional Authentication Scheme Black-box analysis: Token and lock perform authentication protocol Token Authentication protocol Lock??? 115

57 Electronic Locking System: PIC Microcontroller in Token and Lock Embedded code? Token Lock Read-out protection! 121

58 Decapping an IC (1) 122

59 Decapping an IC (2) 123

60 Decapping an IC (3) 124

61 Decapping an IC (4) 125

62 Microscopic View of the Silicon Die 126

63 Exposure to UV-C: Disable Read-Out Protection (1) 127

64 Exposure to UV-C: Disable Read-Out Protection (2) 128

65 Exposure to UV-C: Disable Read-Out Protection (2) 129

66 Read Out the Content of the PIC Microcontroller Use standard programmer Reverse-Engineer (e.g., IDA) all secrets known 130

67 K T ID T ID L K L D challenge C compute K T = S KL (ID T, D) both: compute R KT (C, D, ID T, ID L ) = R T R L response R T (verify R L ) (verify R T ) response R L 131

68 Weaknesses and Attacks (1) Hardware Each lock stores installation-wide cryptographic key UV-C attack in ~ 30 min (decap PIC) EM - side-channel attack in ~ 15 min (close to PIC) Attacking one lock gives access to all doors 136

69 K T ID T ID L K L D challenge C compute K T = S KL (ID T, D) both: compute R KT (C, D, ID T, ID L ) = R T R L response R T (verify R L ) (verify R T ) response R L 139

70 Cryptographic Functions R and S ID T ID L D C O O DES * R T R L ID T D K T O DES * O* K L

71 Cryptographic Functions R and S Security Vulnerabilities ID T ID L ZD R C O 1.) 40 Bits of Z R reused as C leaks internal value O DES * R T R L ID T D ) 128-Bit key K T computed from 64 unknown bits K T O DES * O* Z S K L ) O has bad cryptographic properties 144

72 Weaknesses and Attacks (2) Wireless Lock-only attack initiate some (not successful) protocol runs compute valid K T open door(s) Efforts for computing K T on a PC: Protocol Runs Run-Time Key Candidates 3 3,36 min 21, ,5 s 1 5 1,2 s ms 1 145

73 A System Designer s Perspective: How to Secure the Internet of Things? Use peer-reviewed crypto and random numbers Do not educate your attacker Do not start with a weak product that must be upgraded Implementation attacks: Practical threat, but: Use certified devices (secure hardware) Algorithmic countermeasures (secure software) System level: Second line of defense! Shadow accounts / Logging (detect fraud) Key diversification (minimize impact) Expect the Unexpected 153

74 Thank you! Questions? Comments? Contact:

75 Secure Against Cyber Attacks 156

76 Kasper & Oswald Prüfsiegel Unabhängige Sicherheitsanalyse Verbesserungsvorschläge Diskretion über Firmeninterna 157