• No results found

Smart Card APDU Analysis

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Smart Card APDU Analysis"

Copied!
39
0
0

Loading.... (view fulltext now)

Download now ( 39 Page )

Full text

(1)

Tel.+41 55-214 41 60 Compass Security AG

Smart Card APDU Analysis

Black Hat Briefings 2008

Las Vegas

Ivan "e1" Buetler

[email protected]

(2)

Hypothesis::Statement

SOFTWARE

cannot protect

(3)

Hypothesis::Situation

Attacker Toolkit:

Please choose your victim...

Network

Connectivity

Server

Infrastructure

Client

Infrastructure

Victim Victim Victim Victim 1:1:1:1: E-Mail Contamination

Visits to malicious Web Sites Second Channel Attacks

Victim Victim Victim Victim 2:2:2:2: Phishing, Pharming DNS Spoofing Network Interception Victim Victim Victim Victim 3:3:3:3: Web 2.0 Hacking

Cross Site Scripting ... Malicious Web Sites

(4)

Hypothesis::Situation

Attacker Toolkit:

Please enter the attacking strategy ...

Network

Connectivity

Server

Infrastructure

Client

Infrastructure

Most

Most

Most

Most promising

promising

promising target

promising

target

target

target

----> Client Computer

> Client Computer

> Client Computer

> Client Computer

E-Mail Malicious Web Site

(5)

Hypothesis::Situation

Client Infection Approaches

 E-Mails

 Malicious Web Sites

 Rogue Access Points (drive-by-injection)

 Exploitation of internet enabled client software

 Malicious U3, USB stick

 Malicious CD-Rom

 .... [many infection strategies – as you know]

Client Security Defense Strategies

 Latest patches / Update services

 Firewall / Personal Firewall

 Anti-Virus protection

 Spyware protection

 Device Locking Suite

 Hard disk encryption

SOFTWARE

cannot protect

SOFTWARE

Pentest

Pentest

Pentest

Pentest Experience

Experience

Experience

Experience::::

Success rate in client

exploitation = 95%

(6)

Hypothesis::Conclusion

(7)

Hypothesis::Conclusion

Secure devices provide ...

 AuthenticationAuthenticationAuthenticationAuthentication

 EncryptionEncryptionEncryptionEncryption

 SignaturesSignaturesSignaturesSignatures

Secure devices are ...

 Tamper ProofTamper ProofTamper ProofTamper Proof

(8)

Smart Card::Life Cycle

Smart Card

(9)

Smart Card::Life Cycle

Producer -> Company -> User

SmartCard Producer MyBank John Doe

Initialize()

sw + policy

(10)

Smart Card::Life Cycle::Initialize()

MyBank::Unitialized Smart Card

Smart Card needs to

be initialized before

usage!

Initialization means:

a) PIN policy

b) PUK policy

c) Key generation

d) MasterKeySet

... and more...see next

page

(11)
(12)

Smart Card::Life Cycle::Initialize()

During Initialization...

 Applets are configured (policy)

 Applets are loaded from computer to Smart Card

 Applets are instantiated on Smart Card

This is like „initial software package“ on a Personal Computer

 The password for doing so must be known => Master Key Set!!!

.java Java Compiler .class Java Card Converter .cap .ijc Cardlet Development

(13)

Smart Card::Life Cycle::Personalize()

Certificate Enrollment

 Generate Key on Card

 Generate CSR (certificate signing request)

 Send CSR to CA (certification authority)

 Receive Certificate from CA

 Store Certificate on Card

Smart Card is then useable

 Authentication

 Encryption

(14)

Smart Card::APDU

Smart Card

Communication

APDU

(15)

Smart Card::APDU

Application Protocol Data Unit

 Communication between CSP/PKCS#10 and Smart Card

 ISO 7816 Specification + Vendor extensions

Host

Smart Card

Reader

APDU Layer Physical Layer (serial, usb, bluetooth, ...)

(16)

Smart Card::APDU::Architecture

(17)

Smart Card::APDU::Command

APDU Command and Response Structure

(18)

Smart Card::APDU::Response

APDU Command and Response Structure

(19)

Smart Card::APDU::Enter PIN

Example: APDU Enter PIN

APDU Command

C0 20 00 01 08 3030303030303030

APDU Response

(20)

Smart Card::APDU::Standards

GSC-IS (Government Smart Card Interoperability Specification)

 ISO Standard (APDU)ISO Standard (APDU)ISO Standard (APDU)ISO Standard (APDU)

 7816781678167816----4: Organization, security and commands for interchange4: Organization, security and commands for interchange4: Organization, security and commands for interchange4: Organization, security and commands for interchange

 7816781678167816----8: Commands for security operations8: Commands for security operations8: Commands for security operations8: Commands for security operations

 Goal of GSCGoal of GSCGoal of GSCGoal of GSC----ISISISIS

 Interoperability requirements of the enterprise marketInteroperability requirements of the enterprise marketInteroperability requirements of the enterprise marketInteroperability requirements of the enterprise market

EMV - CAP

 EuropayEuropayEuropayEuropay/MasterCard/Visa /MasterCard/Visa /MasterCard/Visa /MasterCard/Visa ---- Chip Authentication ProgramChip Authentication ProgramChip Authentication ProgramChip Authentication Program

GSM (Global System Mobile)

(21)

Smart Card::ATR::Answer to Reset

ATR String: Unique Identification for Smart Cards

 ATR (Answer to Reset) returns unique number

(22)

Smart Card::APDU::CSP

ATR:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\Smart Cards

(23)

Tel.+41 55-214 41 60 Compass Security AG

ATTACKING

Smart Card

SOLUTIONS

(24)

Introduction::Smart Card Attacks

Attacking Approaches

 Host Computer (Software)

 Transmission (Link Layer)

 Internal Smart Card (Physical, Side Channel Attacks, not covered here)

Trojan

Link Layer

(25)

Hardware::Sniffing APDU

Hardware APDU Sniffing Device

 The APDU sequences are not commonly known – hidden secret disclosure

 ATM APDU analysis

(26)

Hardware::Sniffing APDU

Season2 Interface

Smart

Card

RS232

Sniffing

To the SC

Reader

To the SC Reader

(27)

Hardware::Sniffing APDU

RS232

Sniffing

Port

SC Reader

Serial

Port

Monitor

(28)
(29)

Software::APDU LiveDebugger

Live Debugger

 DLL Proxy winscard.dll

 Analyzing any software that communicates with the Smart Card with winscard.dll

 Works with PKCS#10 or CSP enabled applications

Live Debugger Features

 Command Modification

 Response Modification

 Logging

Microsoft Crypto API

CSP

CSP – Cryptographic Service Provider

Cryptoki

Pkcs#10 DLL from vendor

winscard.ori

Compass Monitoring: winscard.dll

APDU Live Debugger Java Program

(30)

Software::APDU LiveDebugger

APDU Live Debugger: APDU Inspection/Interception

 Live Debugging

(31)

Tel.+41 55-214 41 60 Compass Security AG

APDU LiveDebugger

Discovery!

(32)

APDU::LiveDebugger::Results

APDU Control Sequences

80 XX XX XX Not encrypted (Axalto Commands)

84 XX XX XX Encrypted

C0 XX XX XX Not encrypted

00 XX XX XX ISO Standard APDU

APDU Instructions

XX B0 XX XX Read

XX D6 XX XX Write

C0 D2 XX XX Generate keys on Smart Card

C0 12 XX XX Generate keys on PC

(33)

APDU::LiveDebugger::Results

C0 12: Generate Keys on Computer (not on Smart Card)

 First: Offcard key generation

(34)

APDU::LiveDebugger::Results

C0 D2: Generate Keys on Card

 First: Oncard key generation

(35)

APDU::LiveDebugger::Results

The flag „Generate Keys on Card“ is not enforced

This results in the following attack vector

 The CSP asks the card for oncard, or offcard key generation because the card itself knows the status

 The APDU interceptor responds: „I am an offcard keygen Smart Card“

 The CSP will then perform the generate key functions on the computer

 The CSP will send the CSR to the CA

 After all, the certificate and key material will be stored onto the Smart Card

 The hacker who did all the man in the middle stuff „knows“ all the keying and certificate details! Trust is lost!

(36)

PoC

Smart Card APDU

(37)

Smart Card Man-in-the-Middle Attack

SmartCard Certification Authority

Object1 APDU Debugger Object3 Object4

Client Cert Enrollment GenerateKey Flag: Generate Key on Card?()

OffCard=Yes GenerateKeys Generate CSR SendCSR Create Certificate Client Certificate Store to SmartCard Store to SmartCard CSR Attacker Host

Trust is Lost! Send details to Attacker

Browser

Status of Flag? GetFlag OnCard=Yes

(38)

Smart Card Man-in-the-Middle Attack

Conclusion

 The use of Smart Cards does not make you independent from the host computer in any case and situation!

 The flag „Generate Keys on Card“ does still allow key material being stored onto the Smart Card.

 This demonstration was solely related to Smart Cards an end-user has. If the attacker has some sort of virus/trojan running where the Smart Cards are initialized, even more fraud can occur (MasterKeySet attacks, Rogue Applet Uploads, ...)

 The PIN has been seen in plain-text within the memory segment of the Smart Card software. The PIN can be gathered without administrative privileges. By knowing the PIN, the Smart Card could be used behind the scenes without the users knowledge (signing, encryption).

(39)

Thank you!

Questions?

 [email protected]

See you at the Swiss Cyber Storm II – Switzerland - 2009

References

Download now ( PDF - 39 Page - 3.51 MB )

Related documents

Student Nurses’ Experience of Learning with Human Patient Simulation

You are being asked to volunteer for an audio-taped and hand-recorded focus group discussion for a research study of BSN Nursing Student’s Experience using Human Patient Simulation

Larva Migrans. 1-Cutaneous Larva Migrans (CLM) 2-Visceral Larva Migrans (VLM)

Visceral larva migrans is a condition in humans caused by the migratory larvae of certain nematodes, humans being a dead-end host... 1) Toxocara canis (dogs) canis

The Chartroom The Chartroom, Kip Marina, Inverkip, PA16 0BF Tel:

Free bottle of wine or bucket of beer with every 4 places booked £28 Friday 6th December CHRISTMAS PARTY NIGHT with EARL BLUE & THE SESSIONS £36 Saturday 7th December

Automatic Extraction of Antropometrical Features from Images

Extrakce příznakových bodů se uplatňuje v mnoha oborech, jako jsou 3D rekonstrukce lidského těla, bezkontaktní měření rozměrů objektů, segmentace a detekce části těla

Municipal Corporation of Greater Mumbai

The service provider may use its own support templates related to various Support activities (Issue/Time logging, Business Change Request, Technical Change Request,

Universal Behavior of Connectivity Properties in Fractal Percolation Models

Our main result consists in showing that, when the intensity λ of the Poisson process is at its critical value, the random fractals are in the connected phase in the sense that

Second order Poincaré inequalities and CLTs on Wiener space

This result generalizes and unifies the findings contained in [16, 20, 21, 23], and virtually closes a very fruitful circle of recent ideas linking Malliavin calculus, Stein’s

BASIC EXPOSURE APERTURES, SHUTTER SPEEDS AND PHOTO TERMINOLOGY

This rule states that to obtain correct exposure on a bright sunny day with a subject of average illumination you (1) Set the shutter speed to the number closest to the ISO of