ISG Seminar 3 rd November Agenda for Lecture. Smart Cards with Contacts. Contact-less Smart Cards. From Smart Cards to NFC Smart Phone Security

Transcription

1 ISG Seminar 3 rd November 2011 From Smart Cards to NFC Smart Phone Security Keith Mayes ISG Smart Card Centre (SCC) keith.mayes@rhul.ac.uk Agenda for Lecture Evolution of smart cards/rfids Attacks/countermeasures Near Field Communication (NFC) NFC Security Elements Misuse of NFC devices as attack platforms Other worries about phone platforms 1 2 Smart Cards with Contacts Contact-less Smart Cards Chip module interface via metal contacts Card reader makes physical contact [Gemplus Images] Chip module interface via antenna Reader uses RF field 1

2 Smart Card/RFID Trade-offs RFID Tags - Passive/Active There are many different contact-less tag/device formats The main classes are passive and active (powered) 5 6 At a store near you Near Field Communication The latest standards for mobile phones support Near Field Communications (NFC) NFC is a equivalent to a contact-less interface for the phone The phone can behave as a smart card or token The phone can behave as the reader (Standards from 7 Recap: Normally Smart Cards as Personalised Devices that Resist Attack When we are dealing with deployed/accessible devices we are not only concerned about attacks against the theoretical design of the security protection, but also its implementation and associated policies. Attacks can be classed under generic headings. Logical. Physical/Fault. Timing/Side-Channel. Attacks that target the implementation are often referred to as tampering. Specialist devices including Hardware Security Modules (HSM), Security Elements (SE), Mobile Smart cards (SIM), trusted Platform Modules (TPM) are designed to be strongly tamper-resistant. 8 2

3 Hacking a popular sport Wikipedia on the popular Hacking at Random Conference Hacking at Random was an outdoor hacker conference that took place in The Netherlands in August This conference was the most recent event in a sequence. Galactic Hacker Party in 1989, followed by Hacking at the End of the Universe in 1993, Hacking In Progress in 1997, Hackers At Large in 2001, and What the Hack in A small selection of seminars from HAR RFID sniffer workshop: Assemble your own RFID sniffer and find RFID tags in your wallet Cracking A5 GSM encryption Lock picking Sniffing cable modems Side channel analysis and fault injection Rootkits are awesome. Insider Threat for Fun and Profit Wikileaks. History is the only guidebook civilization has, but who's the publisher? 9 10 Hacking RFID a popular pastime. 10 Physical Attack Countermeasures In hardware security modules these are at chip level and include Physical barriers Active shields Circuit scrambling Encrypted busses Encrypted memories Environment/fault sensors In mobile equipment you have to consider protecting/obscuring sensitive chips and interfaces Making things hard to get at is better than nothing Try to impede the replacement of critical chips Source Gemalto 11 Timing/Side Channel Attack Side channel attacks exploit leakage from sensitive operations. The principle is simple; An electronic circuit is made up of gates/transistors Switching between logic levels causes a slight variation in power consumption and a small RF emission The attacker captures these variations and processes them in order to extract secret/sensitive information The equipment needed is relatively low cost/available and the processing techniques are well published The attack is effective against unprotected hardware and will extract keys from good logical algorithms such as DES/AES etc. 12 3

4 NFC Modes Basically NFC modem with three modes Reader-Token Communication Token-Reader Communication Peer-to-Peer <<DEMOs>> All very exciting..but considerable concerns remain about NFC security The NFC Secure Element Starting position: Mobile handset is not a trusted platform. Need additional trusted security component. Most well known example is the UICC. SE is security core of NFC applications. Tamper resistance - secure storage and management of applications and keys. Security mechanisms, e.g. encryption of communication channel. SE facilitates two key services. Secure execution of sensitive applications and their data. Secure management of applications. Multiple form factors! RIM RIM Example of a Secure Element Embedded SE NXP SmartMX Secure Microcontroller Family Dual interface smart cards Embedded form factors NXP SmartMX2 newest addition Processing 8,16,24,32 bit instruction set Memory - up to 384KB ROM, KB RAM, 144 KB EEPROM and 400 KB Flash Security Common Criteria targeting EAL6+ Crypto library and co-processors (AES/DES/ECC/RSA) Software platform JCOP (Java Card) Application management Global Platform NXP2011 SE is embedded in handset Smartcard in IC form factor Works when phone off No distinct owner Development opportunities Potential trust and ownership issues Secure personalisation important NXP2011 ifitit Teardown

5 SIM/USIM as SE microsd SE The existing SIM/USIM is the SE. No extra hardware. SIM stable technology. Handset needs to support Single Wire Protocol (SWP). Owned by the MNO. 3 rd party application access? Variations. DIF-SIM: All functionality on SIM with antenna in phone. SIM-Flex: All functionality on SIM with attached antenna NXP2011 Gemalto SE added in SD memory slot No NFC capability required in handset Can add to any handset with slot Off when phone is off Flexibly ownership 3 rd party owner open for development SE tied to specific owner/application Variations Some units only readers or only tokens Secure storage and execution NFC module in handset Integrated unit NFC communication capability Antenna included NXP2011 SDID Security Domains and Keys Global Platform application management is based on Security Domains (SD) Multiple SDs can be created on a SE and associated with Service Providers (SP) An SP can only access manage applications housed within its own SD. Example of Delegated Mode with UICC as SE shown on right. An Issuer Security Domain for MNO services, and multiple Supplementary Security Domains (SSD) for other services OTA keys are used to gain access to the SE SSD keys are used to gain access to each of the service domains Clones/Emulators Products/applications tied to specific UID not easily transferable to other token Emulator can masquerade as any token if data and/or key material can be obtained A number of devices have been demonstrated (available publicly) for LF, HF and UHF.Nice idea at least!. Credit: TU Graz, OpenPICC, Intel, Radboud University SmartTrust2011 5

6 Passive Relay A Hack a day keeps boredom away? Hackers/enthusiasts are very active and cooperative via forums and web sites. The examples here were found on the Hack-a- Day website. [G.P. Hancke, K. Mayes and K.Markantonakis. "Confidence in Smart Token Proximity: Relay Attacks Revisited", Elsevier Computers & Security, June 2009.] 21 Smart Phones are becoming top targets! 22 Phone Platform Risks As sophistication of phones grow, they become vulnerable to all the security perils of PCs Rootkits, viruses, malware, trojans, keyloggers..etc.. Phone architectures are complex and various components are bolted together. Phones are available from many sources, get unlocked, reflashed, upgraded and cheap clone/copies are in use - so what software is actually running? If your security protection relies on a software only solution you are at risk. Hardware security provides a reliable anchor point for security. Phone platform security protection is often proprietary and not disclosed for verification. 23 NFC device as an attack platform! Attacks currently use a lot of custom built kit. Hence, the interest in NFC devices as attack platforms! Skimming - reading genuine cards. Clone card emulation. An open development platform. Anyone can write phone reader applications. Embedded secure elements are unlockable. Existing APIs and developer environments. Multiple communications links. A software downloaded attack application could spread very fast! 24 6

7 Payment card cloning via NFC First generation contactless cards had rudimentary security Card authentication with static data Develop a Skimming Tool MIDlet on NFC phone reads card data. No code signing required. Cloning the card. Unlock SE. Load Java card applet with payment AID. Worked on POS system in lab [ L. Francis,G. Hancke, K. Mayes, and K. Markantonakis, Potential misuse of NFC enabled mobile phones with embedded security elements as contactless attack platforms," Proceedings of The First International Workshop on RFID Security and Cryptography, (RISC 2009), UK] 25 Proof-of-Concept NFC Relay Experiment Two NFC enabled mobile phones operating in P2P mode and participating in a legitimate transaction. Phone-A intends to interact with Phone-B. Introduce two additional proxy phones (Proxy-A and Proxy-B) to relay the communication. [ L. Francis, G. Hancke, K. Mayes, and K. Markantonakis, "Practical NFC Peerto-Peer Relay Attack using Mobile Phones". 6th Workshop on RFID Security (RFIDSec 2010), June 7-9, 2010, Istanbul, Turkey]. 26 Trusted NFC Phone platform? Security Applications go here 'Safebot' malware running as 'root' user Image from Vikas Rajole MSc report 2011 Malware goes here! 27 Conclusion/Comments Smart Cards have been evolving and changing from cards with contacts to contactless cards and RFIDs. The need for attack resistant hardware remains as cards/rfids are targeted by organised hacker/enthusiast communities. Near Field Communications offers possibility of using the mobile phone instead of smartcards/rfids or their readers. Security concerns around NFC have let to the definition of Security Elements, but several competing options. NFC reader mode does not use the SE and so applications are at risk from phone vulnerabilities. Phone architectures are complex and there are published attacks. NFC phones are attracting interest as convenient attack platforms! 28 7

8 Thank you for your attention Questions? 29 8