Smart Tokens: Tags, smart phones and everything in between. Dr Gerhard Hancke Information Security Group

Transcription

1 Smart Tokens: Tags, smart phones and everything in between Dr Gerhard Hancke Information Security Group

2 Royal Holloway (RHUL) Royal Holloway founded in 1879 by Victorian entrepreneur Thomas Holloway, also as a college for women. Queen Victoria presided over the opening ceremony in Over 8,500 students from over 100 countries Approximately 20% are postgraduates Faculties of Science, Arts & Social Sciences, Management & Economics 1,525 members of staff

3 The Information Security Group Computer scientists, engineers, mathematicians and social scientists Interdisciplinary research with strong links to industry ISG Members 18 Academic staff 8 Visiting Staff (Fellows and Professors) 4 Expert Consultants 45+ PhD Students and Research Assistants 1998 Queens Anniversary Prize In recognition of the contribution the ISG made in training information security specialists, developing secure systems and providing expertise of national importance. The Da Vinci Code Heroine Sophie Neveu learned her excellent code breaking and information security skills at the ISG

4 MSc in Information Security Information Security MSc launched at RHUL in 1992 Balanced and broad curriculum technical and non-technical Diverse student backgrounds: Wide range of ages Inexperienced or experienced in field of security Different academic/work background Full-time, part-time and diploma (CPD) Between 100 and 180 new students each year Students from over 40 countries have taken one of our MSc degrees Over 1600 graduates, most now working in industry Over 40 companies contribute to the MSc

5 The Smart Card Centre The ISG Smart Card Centre was founded in October 2002 A World-Wide centre of Excellence for training and research in the field of Smart Cards, applications and related technologies. The SCC currently has three members of staff and 7 PhD researchers. RFID and Showcase Labs Support an MSc module on Smart Cards, Tokens, Security and Applications 24+ MSc project students each year working on mobile, RFID and smart cards Konstantinos Markantonakis 5

6 Strong Industry Support Full Members Founding Members Associate Members Other industry supporters

7 Smart Card becomes Smart Token Not so long ago we had a good idea what a smart card was.. no longer a card!

8 RFID and contact less technology RFID technologies used to be Reader and passive tag Single application Closed system Low value Now a core Internet of Things technology A variety of devices need to communicate Devices may have no/limited prior relationship Multiple applications within open systems Security sensitive applications Access control, eid, payment, asset tracking RFID/contactless security therefore important! 8

9 RFID security issues does attract interest 9

10 Practical RFID/contactless security issues Contactless tokens are still smart tokens Susceptible to attacks demonstrated on contact tokens Cloning, side channel and tampering Systems with proprietary security algorithms Security through obscurity strength is that it is secret Reverse engineering attempts Protocol weaknesses Back-end security Middleware attacks incorrect configurations/sql injection/malware It is has a radio interface Eavesdropping Skimming Relay attacks 10

11 History of Near Field Communication (NFC) Initiative started by NXP, Sony and Nokia Allows for active devices to interact with contactless infrastructure Vision of smart cards towards smart devices Selling point is intuitive and fast user experience Today NFC is managed by NFC Forum (formed 2004) 130+ members Standards and specifications Promoting and developing the NFC ecosystem Product certification Many large organization do work related to NFC EMVCo GlobalPlatform ETSI Mobey Forum GSM Association Smart Card Alliance 11

12 Top of the Hype Curve! Hype Cycle Emerging Technologies, Gartner, July

13 Basic NFC Functionality Modes of operation Passive Communication Device acts as contactless reader Device acts as contactless token Active Communication Peer to peer mode Envisioned uses Payment Ticketing (including loyalty and coupons) eid Access control Ad-hoc interaction with objects Communication setup 13

14 NFC Mobile Platforms and Handset Availability No progress for a while. OS support Android 2.3.x (Google Nexus X) Samsung Bada OS 2.0 (Toco Lite) Symbian^3 (Nokia C7) Blackberry OS 7.0 (Bold 9900/30) Cross platform Qt J2ME 14

15 Basic Mobile NFC Architecture NFC module Antenna (built in or external) Untrusted application area Normal program area of phone AEE: Application Execution Environment Secure Element (SE) TEE: Trusted Execution Environment 15

16 The Secure Element Mobile handset is not a trusted platform Needs additional trusted security component SE is intended to be the security core of NFC Tamper resistance Security mechanisms SE should facilitate two key services Secure execution of sensitive applications Secure management of applications Different SE implementations UICC Embedded SD memory Hybrid RIM

17 Application Management on the SE Differs from the conventional smart card approach The token cannot be fully initialised and personalised before the user gets it Handset could be sold with initialised applications, but not personalised User requests services after getting handset (not initialised or personalised) The SE does not belong to the application provider Application provider does not hold the management keyset Needs assistance to manage the application Most use cases involve applications from multiple issuers Cannot provide management keyset to each one trust issues Applications therefore need to be managed post-issuance OTA management the only option Use of a Trusted Service Manager 17

18 Citizen-Centric Tokens Traditionally tokens are issuer centric The issuer controls the content on its token SCC working on citizen-centric card/token/device issuing model Stepping away from issuer centric issuing models Enable users to buy the devices from wherever they want These device will have some certifiable security functionality Users manage service through these devices Dynamically request services from application providers Free to install and delete applications as they wish Examples Transport multi-city travel Loyalty install loyalty applications from multiple vendors

19 Research in NFC Application Security NFC security is left to the application designer No formal security standards (apart from the Signature Record Type) Research scope includes Security of the NFC architecture Secure element (physical, access, interconnect) Application provisioning and management (OTA) Security of the remaining mobile phone platform Generally accepted to be an untrusted platform System and application security (vulnerabilities) UICC caters for communication security not applications Contactless system security Token and back-end infrastructure 19

20 Platform Architecture Research Issues Use of SE only clearly defined for NFC card emulation SE not used for P2P or reader applications How can other NFC and non-nfc applications leverage SE security functionality? Open SE architecture vs. closed SE architecture Role of Trusted Service Manager (TSM) well defined Trust relationship between TSM, SE Provider and other entities? Open SE promotes development but has security risks Protocols for limited memory and processing? SE is essentially a conventional smart token Any security function must still preserve user experience Paradigm shift SE along with a mobile phone a very powerful token 20

21 Issues with contactless tag interaction Easy to manipulate tag s content NDEF Signature Record intended to prevent this but not secure. Simple attack scenario Smart poster advertising for X directs you to Y (premium rate service) Advanced attack scenarios Website spoofing and redirecting traffic through proxies RFID Malware (infects mobile, propagates by writing to tags the phone reads) Denial of service Data integrity and tag authentication approaches needed! 21

22 NFC Device as Attack Platform Current attacks seem to use a lot of custom built kit. Use and existing NFC device as attack platform Skimming Sacrifice extended range reading It is mobile, small and not suspicious Card emulation It is an acceptable form factor More so than a blank, white card An open development platform Anyone can write phone as a reader applications Embedded secure elements are unlockable Existing APIs and developers fora 22

23 Relay Attacks Attacker s equipment Smart Token Proxy Reader Relay Channel Proxy Token Token Reader The attack theory is well known, i.e. grand master chess problem (Conway 1976), wormhole attacks Missed in most RFID threat models The reader cannot distinguish between the real token and the proxy-token Attack circumvents application layer security mechanisms Time-outs specified in standards, implemented at application layer too slow 23

24 Passive Relay 24

25 Off-the-shelf relay attacks? Relays with NFC-enabled devices have been demonstrated Attacker only writes software (there are open source examples) Possible weakness is the form factor and response time NFC-enabled phones are in theory an ideal platform.? 25

26 ISG and SCC Open Days ISCC Open Day September Networking and exhibition event for SCC sponsors, supporters and guests from industry, government and academia. Exhibition a 50:50 split of industry and SCC postgraduate student exhibits, concluded with invited keynote speaker. Hewlett-Packard Colloquium on Information Security - December Networking event for industry, academia and government. Exhibits together with several prestigious keynote seminars. if you would like to receive an inivitation please get in touch

27 Thank You Dr Gerhard Hancke Information Security Group Smart Card Centre Get in touch