Professional Documents
Culture Documents
Erik Poll
Digital Security Radboud University Nijmegen
or contactless inter'ace
.5 smart smartcard aka micro,rocessor card ,rovides ,rogrammable *PU t"at can im,lement any 'unctionality
>
Do%it%Doursel'
Euy a card reader or NF* mobile ,"one Euy some tags and cards
Programming you o&n smartcards is ,ossible using Fava*ard or $UG/:S smartcards *"eck &&&5ru5nl+ds+smartcards libn'c ,roHmark r'idiot5org
EHternal ,o&er su,,ly and eHternal clock < Jcc9 orignally ; J0 no& also .J or 5=J < J,,9 "ig"er voltage 'or &riting EEPR:$ 6 . J8 J,, no longer used9 ,ainting over t"is contact is a major security t"reat
Erik Poll ( Digital Security
$i'are Ultralig"t
< < < < Used in dis,osable ov%c"i,kaart No keys to ,rotect memory access Relies on read%only and &rite%once memory 'or security $emory organised in > ,ages o' 4 bytes ( 'irst ,art is read%only < includes I byte serial number ( second ,art is :ne /ime Programmable 6:/P8 < you can &rite @s0 not L@s < includes data 'or locking ( t"ird ,art is readable & &ritable
12 )
byte UID
byte .
c"ecksum
read only
L ) .
4
UIDL
c"ecksum
lock
:/P .
:/P L
:/P
:/P )
a,,lication data
13 .
14 4
< :nly mitigation9 serial number 6UID8 cannot be over&ritten0 so s,oo'ing re7uires s,ecial "ard&are i' UID is used
Erik Poll ( Digital Security
15 ;
Gogical attacks9
>
*"allenge%res,onse
secret key B *PU
< I' t"e card can do encry,tion0 t"e secret key B never leaves t"e card < *ard issuer does not "ave to trust card "older0 terminal0 or net&ork
< /"is is "o& you bank card &orks9 it uses a .DES key t"at only t"e bank kno&s
Ereaking t"is#
secret key B *PU
5 Figuring out &"ic" encry,tion 'unction is used maybe t"is is kno&n & ,ublis"ed ot"er&ise9 reverse engineering0 eH,erimenting to 'igure out "o& encry,tion &orks )5 For ,oor encry,tion9 by trying out 'e& c"allenges0 you may be able to reconstruct key For good cry,to ( .DES0 -ES0 RS-0555 ( t"is is "o,eless
$oral o' t"e story9 use establis"ed0 cry,to ,rimitives ,ublicly studied according to Berck"o''s ,rinci,le
*ry,to
in $i'are *lassic
)L
Gogical attacks9
-L- -)-.-4-; is an initial trans,ort key o' $IF-RE tags5 ?oogling 'or -L- -)-.-4-; ,roduces links to documentation &it" ot"er eHam,le keys to tryA
)) 22
Gogical attacks9
).
)4
3 6 54 2 1
59 23 4
8 76
);
USB
)>
)I
)=
Vulnerability: e5denti'ier) tells P* t"at user ,ressed :B P* instructs e5denti'ier) to continue transaction
)K
-ttack
.L
$ovie
.)
Un&anted 'unctionality
/est version o' Dutc" ,ass,ort ,rovided so't&are emulation o' $i'are *lassic &it" de'ault key0 o' course555
..
Gukas ?run&ald managed to cras" e%,ass,ort terminals by sending a mal'ormed FPE? causing a bu''er over'lo& in t"e gra,"ics library
until &e "ave aut"enticated t"e card and+or t"e data it ,rovides
.4
/"is reveals t"e nationality o' a ,ass,ort in s,ite o' access control to ,ass,ort data
);; ot"er instructions to try0 Eut attack range limited to .L cm0 so danger o' ,ass,ort bombs over"y,ed and &e can try di''erent ,arameters 555
Erik Poll ( Digital Security
.;
side%c"annel attacks
P"ysical attacks9
.>
MSource9 RiscureO
.I
.=
.K
4L
microsco,e images &it" di''erent layers in di''erent colours0 be'ore and a'ter etc"ing
Probing
:bserve or c"ange t"e data on t"e bus &"ile t"e c"i, is in o,eration5 eg to observe key
4)
Fibbing
FIE R Focussed Ion Eeam can observe or modi'y c"i, by < drilling "oles < cutting connections < soldering ne& connections and creating ne& gates
blo&n 'use
4.
Staining can o,tically reveal t"e bits stored in R:$9 dark s7uares are lig"t s7uares are L
MSource9 Erig"tsig"tO
Erik Poll ( Digital Security
44
4;
*onclusions
Smartcard & RFID security not ,er'ect c"ea,0 logical attacks little e7ui,ment0 but some time & brain,o&er eH,ensive0 ,"ysical atacks more e7ui,ment bot" can be devastating555 /"e ongoing arms race bet&een de'enders and attackers &ill never end t"ese days es,5 'or side%c"annel and 'ault attacks
4>