Security on the move

Download Report

Transcript Security on the move

Introduction to
Smart Cards
Pascal Paillier
Crypto & Security Department
Gemplus
1/41
7/17/2015
Outline
What are Smart Cards?
How do we make them?
How do they work?
How can you program them?
What can you do with them?
2/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
What is a Smart Card?
3/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
A Closer Look (1)
4/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
A Closer Look (2)
5/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Outline
What are Smart Cards?
How do we make them?
How do they work?
How can you program them?
What can you do with them?
6/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Manufacturing: Cutting
7/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Manufacturing: Gluing
8/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Manufacturing: Bonding
9/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Manufacturing: Encapsulation
10/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Manufacturing: Finished Modules
11/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Manufacturing: Module on Body
Electrical Initialisation
12/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Smart Card
Personalization
Artwork
13/41
7/17/2015
Electrical
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
The Players
Chip Manufacturer Electronic Circuit
Initialization
Card Manufacturer Personalization
Card Issuer
Card Distribution
( Personalization )
Card Holder
14/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Card Manufacturer’s role
 Initialization
 Card associated with issuer
 Security conditions
Initialization
 Personalization
 Application profile into every
card.The cards belong to one
given application.
 Cardholder profile into the card:
name, identification number...
15/41
7/17/2015
Personalization
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Card Personalization
 Electrical personalization:
 downloading of data (application & cardholder)
 Graphical personalization:
 printing text or artwork on the card body
My name
My name
Making each card unique !
16/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Manufacturing: Personalisation
Electrical and Physical Personalisation
17/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Outline
What are Smart Cards?
How do we make them?
How do they work?
How can you program them?
What can you do with them?
18/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
What is a Chip...
Chips?
Sheep?
Cheap?
19/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Main features
 Tiny semiconductor based component
 Millions of basic electronic components
 Contains memory zones
 Erasable or not
 Protected or not
20/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
The Chip
pad
A Chip
Different memory blocks
Silicon wafer
21/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Main chip providers








22/41
ST
ATMEL
Infineon
Philips
Hitachi
Samsung
Nec
Others …
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Chip Layout
•CPU
8 bits (8051, 6805, Custom)
16 & 32 bits
•Memory (EEPROM, RAM, ROM, Flash)
•Control registers
•Clock generator (3.57 MHz)
•Timer(s)
•Serial IO interface (9600 bit/s)
•Crypto-Coprocessor (DES, AES, RSA)
•25 mm² max.
23/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Close-up view...
Vcc
24/41
GND
7/17/2015
RST
CLK
Introduction to Smart Cards - Crypto & Security Training
I/O
Bull Patents
Memory Characteristics
•EEPROM (non volatile memory)
Up to 64K Bytes
Application data storage
•ROM (write once)
Up to 208 K Bytes
Software (Operating System) storage
•RAM (temporary)
Up to 5 K Bytes
Working memory
•Flash (non volatile memory)
Software patches or static application code & data
25/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
What Does It Stand For?
 ROM
 Read Only Memory
 EEPROM
 Electrically Erasable Programmable R O M
 RAM
 Random Access Memory
26/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Smart Cards and
Cryptography
 Typical figures (internal clock @ 5 to 33 MHz)
 Assembly language (software implementation)
 DES : 5 ms
 SHA-1 : 10 ms
 AES : 5 ms
 Public Key coprocessors (hardware implementation)

RSA 1024 signature: ~ 200 ms

ECC 160 signature: ~ 200 ms
Introduction to Smart Cards - Crypto & Security Training
Smart Card Life cycle
Card
Software
Silicon
Personalization
Manufacturing
Development Manufacturing
EEPROM
(Files)
Software
burning
(ROM)
Hardware: CPU, RAM, EEPROM, …
Silicon
Manufacturer
28/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Card Life Cycle
IC Manufacturer
From
Manufacturing to
Application phase
End User
Card Issuer
29/41
7/17/2015
Card
Manufacturer
System
Integrator
Software
Manufacturer
Card Accepting
Devices
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Outline
What are Smart Cards?
How do we make them?
How do they work?
How can you program them?
What can you do with them?
30/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Card Families
Memory
Microprocessor
31/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Memory Cards
 Bitmap, synchronous access
 First Generation Technology
 Read
 Erase
00000000
00000000
00000
1111
 Second Generation Technology
10110101
001110
111
10110111
 Read
 Write
 Erase
32/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Enhanced Memory Cards
 Onboard hardwired crypto engine
 Card Authentication
 MAC on balance
33/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Memory Card Application
 Loyalty
34/41
7/17/2015
 Payphones
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Smarter Smart Cards
 Chip Stucture (0,25mm2 )
RAM
FLASH / EEPROM
CPU
35/41
7/17/2015
ROM
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Smarter Smart Cards




Microprocessor based
Onboard Memory (RAM, ROM and EEPROM/Flash)
Programmable
Onboard processing
 Security features
 Crypto coprocessor (PK, DES,…)
 Physical sensors (V, freq,…)
 Physical protections (shielding,…)
36/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Standards : ISO/IEC 7816
Integrated circuits cards with contacts
 ISO/IEC 7816-1 : Physical characteristics.
 ISO/IEC 7816-2 : Dimension & location of contacts.
 ISO/IEC 7816-3 : Electronic signals & transmission protocols.
 ISO/IEC 7816-4 : Inter-industry commands.
 ISO/IEC 7816-5 : Registration system for applications in IC card.
 ISO/IEC 7816-6 : Inter-industry data elements.
 ISO/IEC 7816-7 : Inter-industry commands for
Structured Card Query Language (SCQL).
 ISO/IEC 7816-8 : Security architecture and related inter-industry commands.
37/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Smart Card Module
Data Bus
Microprocessor
Vcc
Ground
Reset
Vpp
Clock
I/O
CPU
EEPROM /
FLASH
ROM
Address Bus
Microchip
Microcontact
Micromodule
38/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
RAM
Communications
 One communication channel: serial line
 “Layered” transmission protocol
 Application: Application Protocol Data Unit
 Transport: T=0, T=1, T=14
39/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
How to communicate
with a smart card ?
40/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Required Infrastructure
 Personalisation Center
 Issuing Center
 Reader
 Middleware
 Back-end System
http://www.gemplus.com/usb
41/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
APDU Messages
 The card communicates with the reader by
exchanging APDU messages (Application
Protocol Data Unit)
 A message is
 a Command : From the reader to the card
 a Response : From the card to the reader
Command
Response
42/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Example
Read Name
Gemplus
Id: Gemplus
43/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
APDU Syntax
 APDU Command
CLA
Class
INS
P1
P2
Lc
Data
Le
Parameters
Instruction
Command Data
Data Length
Response Length
 APDU Response
Data
SW
Response Data
44/41
7/17/2015
Status Word
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Example
READ BINARY (P1,P2,Le)
Data, SW
CLA
INS
P1
P2
Lc
A0
B0
xx
xx
0
Data
Le
Le
P1, P2 : specify the data to be retrieved
Le : length of data to retrieve
45/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
APDU Commands Model
•Based on ISO 7816-3
Command
•APDU Format
Command
CLA INS P1 P2
Lc
DATA
Le
Response
Response
DATA
46/41
7/17/2015
SW1 SW2
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
APDU Commands - 4 Cases
(1/2)
 Case 1
 No command data, No response data
COMMAND: CLA INS P1 P2
RESPONSE: SW1 SW2
 Case 2
 No command data, sends response data
COMMAND: CLA INS P1 P2 Le
RESPONSE: Data SW1 SW2
47/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
APDU Commands - 4 Cases
(2/2)
 Case 3
 Card Receives command data, No response data
COMMAND:
RESPONSE:
CLA INS P1 P2 Lc Data
SW1 SW2
 Case 4
 Card Receives command data, sends response data
48/41
7/17/2015
COMMAND:
CLA INS P1 P2 Lc Data Le
RESPONSE:
Data SW1 SW2
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Select WIM Application
Command
49/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Outline
What are Smart Cards?
How do we make them?
How do they work?
How can you program them?
What can you do with them?
50/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Mask your Own Code
 Pros:
 Small code footprint
 “Complete” control
 Cons:
 Development in C and target assembly language
 Use emulators
 Mask lead time (~2 month)
 Bug fixes
51/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Use Proprietary Cards
 What you (usually) get:
 File System
 Fixed set of APDU Commands
 Read/Write files
 Access to cryptographic functions
 Pros:
 Off the shelf products
 Cheaper
 Cons:
 Not extensible
 Bug fixes
52/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Use Open Cards
 Choice
 Java
 Microsoft
 Standard API
 Crypto
 GSM (SMS, Pro active commands…)
53/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Applet Life Cycle





Write code in Java
Compile it
Debug it (simulator)
Verify and Convert it (specific byte code)
Load it
 Personalisation center
 Point of sale
 Over Networks (Internet, Wireless,…)
54/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Resources
 On Card development:
 Java card : http://www.javacard.org
“Java Card Technology for Smart Cards”, Zhiqun Chen, Sun Java Series,
ISBN: 0-201-70329-7
 Windows for SC : http://www.microsoft.com/smartcard/
 Gemplus
 Developer web site: http://www.gemplus.fr/developers/index.htm
 Developer conference: http://www.key3studios.com/gemplusworld/
June 20, 21, Paris.
 Middleware:
 PCSC-Lite : http://www.linuxnet.com/
 OCF (java) : http://ww.opencard.org/
 CDSA : http://www.opengroup.org/security/l2-cdsa.htm
 PKCS : http://www.rsasecurity.com/rsalabs/pkcs/index.html
55/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Outline
What are Smart Cards?
How do we make them?
How do they work?
How can you program them?
What can you do with them?
56/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
A Smart Card is
part of an
57/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Application Players
HOST
58/41
7/17/2015
READERS
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
CARDS
Application Software
 Application software developed for
customer’s needs
Designed to communicate with user
card
Application
software
59/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Readers
 Link between:
 the host
 the cards
60/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Role of the Reader
 The reader is the interface between the
card and the application
It serves as a translator
It accepts the messages
 from the card and
 from the application software
Reader
Card
Application
Software
61/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Why use a Smart Card?
Crypto
Theoretical
62/41
7/17/2015
Practical
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Advantages of a Smart Card
 Tamper resistance
 Storage
 Tamper resistance
 Processing
[Blah Blah]
[@ç^#~r&¤]
 Portability
63/41
7/17/2015
 Ease of use
 Onboard key generation
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Main applications
 Public phone cards (pre-paid),
 Cellular phone GSM cards,
 Banking cards,
 Health cards.
64/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
New applications
 Electronic purse,
 Transport,
 Security of information system,
 Identity,
 Loyalty,
 Games,
 Physical access control.
65/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Where is Cryptography
 Basic Electronic purse principle :
 Smart card reader asks user to enter his PIN code
 PIN code plays 2 roles :
 Authenticating the user
 Releasing the READ access right within the card
 Reader checks the Purse identity against Black list
 Reader (SAM) Authenticates the Purse (3-DES)
 Purse authenticates the Reader (SAM).
 Reader Decreases securely the purse value :
 Ask the SAM to generate a MAC
 Send the value to decrease & the MAC to purse
 Reader Increases securely the SAM counter :
 Read the new purse value with a MAC
 Send the whole to SAM
66/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Attacking Smart Cards
 Timing Attacks
 Power Analysis
 Simple Power Analysis
 Differential Power Analysis
 High-order, EMA, …
 Invasive Attacks
 Probe Stations
 Focused Ion Beam
67/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Security Notions
68/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Attacks on Smart cards :
Wide range of techniques, requiring
various skills, equipment and time:
 Physical security
 Invasive Attacks
 Side Channel Attacks
 Fault Generation
69/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Open Platform Threats
 Flawed program (ex: server)
 Bad design (ex: no verification)
 Bad implementation (ex: buffer overflow)
 Trojan horse
 Piece of software (plug-ins..) hiding amongst its
normal functionalities some malicious ones
70/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
JavaCard Threats
 Stack overflow / underflow
 Type mismatch (e.g. pointer forgery)
 Data execution
 as Byte Code
 as native code
 Goal: bypass Java Virtual Machine controls and
access local resources directly
71/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Cryptographic Attacks
 Integrity



hash algorithms
Checksums
Authentication




MAC forgery
External authentication
Internal Authentication
Mutual authentication
 Confidentiality



72/41
7/17/2015
Plaintext recovery
Key recovery
Ciphertext forgery
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Application level security
: Protocols
 Replay attacks
 Man-in-the middle attacks
 Session high-jacking
 Eavesdropping
73/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Focus on
Smart Card Security
or
How to defeat
Tamper resistance
74/41
7/17/2015
Introduction to Smart Cards - Crypto & Security Training
Bull Patents
Conclusion
=
75/41
7/17/2015
Smart
Personal
Portable
Secure
Introduction to Smart Cards - Crypto & Security Training
Bull Patents