Breaking Korea Transit Card with Side-Channel Attack

Similar documents
Side channel attack: Power Analysis. Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut

SIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017

Breaking the Bitstream Decryption of FPGAs

Homework 2. Out: 09/23/16 Due: 09/30/16 11:59pm UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING

Lecture 1 Applied Cryptography (Part 1)

Power Analysis of Atmel CryptoMemory Recovering Keys from Secure EEPROMs

ISO/IEC INTERNATIONAL STANDARD

Power Analysis Attacks

HOST Differential Power Attacks ECE 525

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Cryptography Functions

Side-Channel Attack against RSA Key Generation Algorithms

A CCA2 Secure PKE Based on McEliece Assumptions in the Standard Model

Lecture 3: Symmetric Key Encryption

ISA 562: Information Security, Theory and Practice. Lecture 1

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Crypto tidbits: misuse, side channels. Slides from Dave Levin 414-spring2016

SOLUTIONS FOR HOMEWORK # 1 ANSWERS TO QUESTIONS

Security against Timing Analysis Attack

CPSC 467b: Cryptography and Computer Security

Technological foundation

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

CS155. Cryptography Overview

Symmetric Key Algorithms. Definition. A symmetric key algorithm is an encryption algorithm where the same key is used for encrypting and decrypting.

Chapter 3 Block Ciphers and the Data Encryption Standard

Block Cipher Modes of Operation

PASSWORDS & ENCRYPTION

Masking as a Side-Channel Countermeasure in Hardware

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

CS155. Cryptography Overview

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

WhatsApp Encryption Overview. Technical white paper

Computational Security, Stream and Block Cipher Functions

2.1 Basic Cryptography Concepts

DPA CONTEST 08/09 A SIMPLE IMPROVEMENT OF CLASSICAL CORRELATION POWER ANALYSIS ATTACK ON DES

Practical Electromagnetic Template Attack on HMAC

Block Cipher Operation. CS 6313 Fall ASU

Lecture 4: Symmetric Key Encryption

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018

CS 161 Computer Security

: Practical Cryptographic Systems March 25, Midterm

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Secret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34

Double-DES, Triple-DES & Modes of Operation

CHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))

Secret Key Cryptography

ECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria. Stefan Mangard.

CIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm

Differential Computation Analysis Hiding your White-Box Designs is Not Enough

Computer Security CS 526

Secret Key Algorithms (DES)

Fault injection attacks on cryptographic devices and countermeasures Part 1

P2_L6 Symmetric Encryption Page 1

CSCI 454/554 Computer and Network Security. Topic 3.2 Secret Key Cryptography Modes of Operation

Side Channel Analysis of an Automotive Microprocessor

A physical level perspective

The Davies-Murphy Power Attack. Sébastien Kunz-Jacques Frédéric Muller Frédéric Valette DCSSI Crypto Lab

Block cipher modes. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 75

Introduction to Software Countermeasures For Embedded Cryptography

10/1/2015. Authentication. Outline. Authentication. Authentication Mechanisms. Authentication Mechanisms. Authentication Mechanisms

EEC-484/584 Computer Networks

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

18-642: Cryptography

New attacks on the MacDES MAC Algorithm. 1st July Two new attacks are given on a CBC-MAC algorithm due to Knudsen and Preneel, [2],

Processing with Block Ciphers

CSC/ECE 574 Computer and Network Security. Processing with Block Ciphers. Issues for Block Chaining Modes

Goals of Modern Cryptography

Security of Block Ciphers Beyond Blackbox Model

Symmetric Encryption Algorithms

Pass, No Record: An Android Password Manager

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

Advanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50

CSC 474/574 Information Systems Security

Defeating Embedded Cryptographic Protocols by Combining Second-Order with Brute Force

Using block ciphers 1

Differential Computation Analysis Hiding your White-Box Designs is Not Enough

Security issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.

Block Ciphers. Secure Software Systems

ECE Lecture 2. Basic Concepts of Cryptology. Basic Vocabulary CRYPTOLOGY. Symmetric Key Public Key Protocols

Improved differential fault analysis on lightweight block cipher LBlock for wireless sensor networks

Plaintext-Recovery Attacks Against Datagram TLS

CSCE 813 Internet Security Symmetric Cryptography

The Xirrus Wi Fi Array XS4, XS8 Security Policy Document Version 1.0. Xirrus, Inc.

CIS 6930/4930 Computer and Network Security. Topic 3.2 Secret Key Cryptography Modes of Operation

Symmetric Cryptography. Chapter 6

EM Analysis in the IoT Context: Lessons Learned from an Attack on Thread

Block Cipher Modes of Operation

1-7 Attacks on Cryptosystems

Practical Aspects of Modern Cryptography

The embedded security challenge: Protecting bits at rest

EE 595 (PMP) Introduction to Security and Privacy Homework 1 Solutions

CS 161 Computer Security. Week of September 11, 2017: Cryptography I

Cryptography MIS

BCA III Network security and Cryptography Examination-2016 Model Paper 1

Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard

CPSC 467b: Cryptography and Computer Security

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

Countermeasures against EM Analysis

Message authentication codes

Transcription:

Breaking Korea Transit Card with Side-Channel Attack -Unauthorized Recharging- Black Hat Asia 2017 Tae Won Kim, Tae Hyun Kim, and Seokhie Hong

Outline 1. Attack Goal & Scenario 2. Target Device Details Introduction of Target Device Authentication Protocol Analysis Cryptosystem 3. Key Recovery Attack Attack environment & Measurement Set-Up Attack Overview Attack Results 4. Recharging Simulation 5. Conclusion

1. Attack Goal & Scenario 2. Target Device Details Introduction of Target Device Authentication Protocol Analysis Cryptosystem 3. Key Recovery Attack Attack environment & Measurement Set-Up Attack Overview Attack Results 4. Recharging Simulation 5. Conclusion

Recharging on Transit Card Vending & Reload Device USER

Recharging on Transit Card Vending & Reload Device USER

Our Ultimate Goal Free recharging as much as attacker want Vending & Reload Device Attacker

Attack Scenario toward Goal Phase 1. Extract authentication key for recharging using side-channel analysis attack Attacker

Attack Scenario toward Goal Phase 1. Extract authentication key for recharging using side-channel analysis attack Attacker Phase 2. Design free recharging tool with restored key

Attack Scenario toward Goal Phase 1. Extract authentication key for recharging using side-channel analysis attack Attacker Phase 2. Design free recharging tool with restored key

1. Attack Goal & Scenario 2. Target Device Details Introduction of Target Device Authentication Protocol Analysis Cryptosystem 3. Key Recovery Attack Attack environment & Measurement Set-Up Attack Overview Attack Results 4. Recharging Simulation 5. Conclusion

Target device Transit card Pre-paid transit card for the freeway in Korea Over 800 million cards were issued and used Cafeteria and convenience store in the freeway service area Movie theater, Airport car park etc... Contact Smartcard Equipped with cryptographic engine in hardware level Countermeasure employed against side-channel attacks Support ISO/IEC 7816 standard and KS X 6924 Korea standard

Authentication protocol for recharging Public information Secret information Crypto algorithm Transit Card Random Number 1 gen Session key 1 gen E( Random Number-1, Card Key ) Card reader Request recharging Secure Access Module Signature 1 gen E ( Card information, Session key-1 )

Authentication protocol for recharging Public information Secret information Crypto algorithm Transit Card Random Number 1 gen Session key 1 gen E( Random Number-1, Card Key ) Signature 1 gen E ( Card information, Session key-1 ) Card reader Request recharging Random Number 1, Card Information, Signature 1 Secure Access Module Card Key gen E( Card information, Master Key ) Session key 1 gen E( Random Number 1, Card Key ) Verify Signature 1

Authentication protocol for recharging Public information Secret information Crypto algorithm Transit Card Random Number 1 gen Session key 1 gen E( Random Number-1, Card Key ) Signature 1 gen E ( Card information, Session key-1 ) Card reader Request recharging Random Number 1, Card Information, Signature 1 Secure Access Module Card Key gen E( Card information, Master Key ) Session key 1 gen E( Random Number 1, Card Key ) Verify Signature 1 Random Number 2 gen Session key 2 gen E( Ran Number-2, Session Key-1 ) Signature 2 gen E ( Card info, Session key-2 )

Authentication protocol for recharging Public information Secret information Crypto algorithm Transit Card Random Number 1 gen Session key 1 gen E( Random Number-1, Card Key ) Signature 1 gen E ( Card information, Session key-1 ) Card reader Request recharging Random Number 1, Card Information, Signature 1 Secure Access Module Card Key gen E( Card information, Master Key ) Session key 1 gen E( Random Number 1, Card Key ) Verify Signature 1 Random Number 2 gen Session key 2 gen E( Ran Number-2, Session Key-1 ) Random Number 2 Signature -2 Session key 2 gen E( Ran Number-2, Session Key-1 ) Signature 2 gen E ( Card info, Session key-2 ) Verify Signature - 2 Recharging

Authentication protocol for recharging Public information Secret information Crypto algorithm Transit Card Random Number 1 gen Session key 1 gen E( Random Number-1, Card Key ) Signature 1 gen E ( Card information, Session key-1 ) Card reader Request recharging Random Number 1, Card Information, Signature 1 Secure Access Module Card Key gen E( Card information, Master Key ) Session key 1 gen E( Random Number 1, Card Key ) Verify Signature 1 Session key 2 gen E( Ran Number-2, Session Key-1 ) Send card a valid signature!! Random Number 2 Signature -2 Random Number 2 gen Session key 2 gen E( Ran Number-2, Session Key-1 ) Signature 2 gen E ( Card info, Session key-2 ) Verify Signature - 2 Recharging

Authentication protocol for recharging Public information Secret information Crypto algorithm Transit Card Card reader Secure Access Module Random Number 1 gen Request Require recharging Session key 1 gen E( Random Number-1, Card Key ) Signature 1 gen E ( Card information, Session key-1 ) Target Random Number 1, Card Information, Signature 1 Card Key gen E( Card information, Master Key ) Session key 1 gen E( Random Number 1, Card Key ) Verify Signature 1 Session key 2 gen E( Ran Number-2, Session Key-1 ) Send card a valid signature!! Random Number 2 Signature -2 Random Number 2 gen Session key 2 gen E( Ran Number-2, Session Key-1 ) Signature 2 gen E ( Card info, Session key-2 ) Verify Signature - 2 Recharging

Authentication protocol for recharging Public information Secret information Crypto algorithm Transit Card Card reader Secure Access Module Random Number 1 gen Request Require recharging Session key 1 gen E( Random Number-1, Card Key ) Signature 1 gen E ( Card information, Session key-1 ) Target Random Number 1, Card Information, Signature 1 Card Key gen E( Card information, Master Key ) Session key 1 gen E( Random Number 1, Card Key ) Verify Signature 1 Session key 2 gen E( Ran Number-2, Session Key-1 ) Send card a valid signature!! Random Number 2 Signature -2 Random Number 2 gen Session key 2 gen E( Ran Number-2, Session Key-1 ) Signature 2 gen E ( Card info, Session key-2 ) Verify Signature - 2 Recharging

Crypto Algorithm Analysis Sign & verify P 1 (128-bit) P 2 P N => performs crypto Algorithm IV(0 128 ) 128-bit Block cipher & operation mode Crypto function => Two Triple-DES Crypto Crypto Crypto Cipher Block Chaining (CBC) mode Initial Vector 0 128 Signature value C 1 C 2 C N signature (32-bits) Most significant 32-bit of last ciphertext block Padding rule 80 00 00 00

Outline 1. Attack Goal & Scenario 2. Target Device Details Introduction of Target Device Authentication Protocol Analysis Cryptosystem 3. Key Recovery Attack Attack environment & Measurement Set-Up Attack Overview Attack Results 4. Recharging Simulation 5. Conclusion

Attack Environment Attack under the secure transit card APDU commands for recharging the card Hardware Board Card reader Oscilloscope Spectrum Analyze Software For the acquisitions(customized) Signal preprocessing(customized) Analysis(Customized) Matlab PC - Smartcard control - Oscilloscope control store signals Oscilloscope command response - Signal Acquisition iteration filtered signal Measurement setup Reader - Communication with card Spectrum analyzer - Frequency analysis - Filtering power EM

Attack Overview Phase 1 : Locate the positon of T-DES 1. I/O signal analysis 2. Visual Inspection Find similar patterns 3. Plaintext CPA Find location of relating plaintext Can deduce location of target operation from plaintext location

Attack Overview K 1 K 2 K 1 P DES Encryption DES Decryption 2-Key Triple DES Encryption Phase 2 : DPA Attack for key recovery 1. Pre-processing Compression Alignment 2. First Round attack in the DES 48-bit Key recovery 6-bitwise CPA 3. Correction of error Prevent error propagation Method based on BS-CPA 4. 2-15 Round attack 56-bit full-key recovery 32-bitwise CPA DES Encryption C Phase 1 : Locate the positon of T-DES 1. I/O signal analysis 2. Visual Inspection Find similar patterns 3. Plaintext CPA Find location of relating plaintext Can deduce location of target operation from plaintext location

Attack Overview K 1 K 2 K 1 P DES Encryption DES Decryption 2-Key Triple DES Encryption DES Encryption Phase 2 : DPA Attack for key recovery 1. Pre-processing Compression Alignment 2. First Round attack in the DES 48-bit Key recovery 6-bitwise CPA 3. Correction of error Prevent error propagation Method based on BS-CPA 4. 2-15 Round attack 56-bit full-key recovery 32-bitwise CPA C Phase 3 : Verification of restored the key - Compare the signature value through card response with the signature value generated by recovered key - This is only way to confirm the validity Phase 1 : Locate the positon of T-DES 1. I/O signal analysis 2. Visual Inspection Find similar patterns 3. Plaintext CPA Find location of relating plaintext Can deduce location of target operation from plaintext location

Attack Overview K 1 K 2 K 1 P DES Encryption DES Decryption 2-Key Triple DES Encryption DES Encryption Phase 2 : DPA Attack for key recovery 1. Pre-processing Compression Alignment 2. First Round attack in the DES 48-bit Key recovery 6-bitwise CPA 3. Correction of error Prevent error propagation Method based on BS-CPA 4. 2-15 Round attack 56-bit full-key recovery 32-bitwise CPA C Phase 3 : Verification of restored the key - Compare the signature value through card response with the signature value generated by recovered key - This is only way to confirm the validity Phase 1 : Locate the positon of T-DES 1. I/O signal analysis 2. Visual Inspection Find similar patterns 3. Plaintext CPA Find location of relating plaintext Can deduce location of target operation from plaintext location If fail, return to the beginning Repeat until the key is found Tremendous trials and errors!!

Some Problems for Key Recovery Hiding Countermeasure Pre-processing for mitigation Filtering, Alignment Increases the number of traces Alignment Align, whenever guess the location of target operation There is no good reference pattern By effect of hiding countermeasure Need elaborated work One or two point of misalignment leads to attack failure More requirement of time cost, memory Compression of trace Parallel processing

Visual Inspection Search for similar patterns Execution of three crypto function =>6 T-DES Overview measurement T-DES T-DES T-DES T-DES T-DES T-DES Voltage Session Key gen 1 Crypto function 2 T-DES Signature gen 2 Crypto function 4 T-DES Time(# of samples)

Time(# of samples) Plaintext CPA Perform after alignment Result of CPA => Indicate location relating to plaintext Mean trace Correlation 8-Byte plaintext correlation coefficient peaks

Time(# of samples) Plaintext CPA Perform after alignment Result of CPA => Indicate location relating to plaintext Mean trace Correlation 8-Byte plaintext correlation coefficient peaks

Time(# of samples) Plaintext CPA Two possible intervals for target operation T-DES? T-DES? Correlation Which one is exact? =>only can be identified through CPA attack for key recovery 8-Byte plaintext correlation coefficient peaks

48-bit key recovery Correlation Coefficients for the first Round of DES (a) Sbox 1 (b) Sbox 2 (c) Sbox 3 Time(# of samples) Time(# of samples) Time(# of samples) Correlation Correlation Time(# of samples) Time(# of samples) Time(# of samples) Correlation Correlation Correlation Correlation Correlation Correlation Correlation (d) Sbox 4 (e) Sbox 5 (f) Sbox 6 (g) Sbox 7 (h) Sbox 8 (i) Sbox 1-8 Time(# of samples) Time(# of samples) Time(# of samples)

Full Key Recovery Correlation coefficients for the Hamming distances between rounds(2-15) of the T-DES Correct key guess => Observe 14 peaks Correlation 1 2 3 6 4 5 7 8 11 9 10 12 13 14 Correlation Time(# of samples) correct key guess Time(# of samples) incorrect key guess

Verification of Restored Entire Key Same Response values from the card including signatures Generated signatures by ourselves

1. Attack Goal & Scenario 2. Target Device Details Introduction of Target Device Authentication Protocol Analysis Cryptosystem 3. Key Recovery Attack Attack environment & Measurement Set-Up Attack Overview Attack Results 4. Recharging Simulation 5. Conclusion

Card Number Card Number (a) Before recharging, check balance with ATM (b) Balance : 20,050 ( ) (c) Recharging Tool (f) After recharging, Balance : 30,050 ( ) (d) Execution of our recharging program. Insert amount of money you wish to recharge => 10,000 ( ) (e) Completion of recharging

1. Attack Goal & Scenario 2. Target Device Details Introduction of Target Device Authentication Protocol Analysis Cryptosystem 3. Key Recovery Attack Attack environment & Measurement Set-Up Attack Overview Attack Results 4. Recharging Simulation 5. Conclusion

Conclusion Demonstrated that side-channel analysis attack is serious threat in real-world Hacking the Korea transit card in a black-box manner Showing financial damage through unauthorized recharging balance Practical attack Trials and errors Approx. six months Current extracting key in same device Approx. 63 hours (trace collection : 58 hours + Attack : 5 hours) Further works For black box attack, combination of reverse engineering and sidechannel attack Go on attack for any commercial devices!

More details? Could please see white paper & Questions? ktw@sntworks.kr Thank you

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback