View
0
Download
0
Category
Preview:
Citation preview
Kasper & Oswald GmbH, Bochum, Germany
www.kasper-oswald.com
Berlin, 8. November 2016
Token, Transponder und RFID-Tags Angriffe auf elektronischeZugangskontrollsysteme
Timo Kasper
Forum Modernes Zutritts- undBerechtigungsmanagement
3
Dr.-Ing. Timo Kasper Dr.-Ing. David Oswald
Core Competence: Embedded Security
Research, Analysis, Development, Consulting, Training
Many years of Research and Development experience
5
Embedded Devices in the Internet of Things
NFC
6
Introduction to (Symmetric) Cryptography
Secret KeyG3H31M
plaintext
Simedia
Cipher
ciphertext9e%~@@²a
Alice
plaintext
Simedia
Cipher
ciphertext9e%~@@²a
Bob
Internet
Oscar
9e%~@@²a
8
The core of (IT-)Security
Security
Design AnalysisImprove
Report flaws
11
Implementation Attackson Embedded Devices
Fault Injection,Reverse Engineering
Side-Channel Analysis
20
Remote Keyless Entry (1)Uni-directional
First systems: Fixed code
123xbhdsgf …123xbhdsgf …123xbhdsgf …
23
Remote Keyless Entry (2)Uni-directional with Crypto
Industry reacts: Rolling code
encrypt(124)encrypt(125)
…
Cipher
BUT there are attacks ...
Option 1:Attack key management
Option 2:Attack crypto
KeeLoq(Crypto 2008)
25
Principle of Side-Channel Analysis(here: listen to Sound)
A Bank Robbery
26
Principle of Side-Channel Analysis
The world is changing…
27
Principle of Side-Channel Analysis(Monitor the power consumption / run-time)
The world is changing…
…the tools are, too.
32
Applied Side-Channel Analysis (Power)
32
Counter
Secret Key
Dynamic Code
Encryption(KeeLoq)
32
64?
secret cryptographic key of remote control !
Attack target (2008):KeeLoq remote controls
• very widespreadin cars and garages(world-wide)
33
Side-Channel Analysis of KeeLoq:Management Summary
Power-analysis attack (with physical access):
clone a remote control from 10 power measurements
obtain Manufacturer Key from 1 power measurement
Flaw of KeeLoq system:
Key derivation from Manufacturer Key kM
– kremote_control = f(#ser, kM)
– kM used in every receiver of manufacturer M
– Single point-of-failure
36
Flavio Garcia, David Oswald,Timo Kasper, Pierre Pavlidès
University of Birmingham / Kasper & Oswald GmbH
Automotive RKE(Usenix 2016)
44
VW Group: Affected Vehicles
• Audi: A1, Q3, R8, S3, TT, other types of Audi cars (e.g. remote control 4D0 837 231)
• VW: Amarok, (New) Beetle, Bora, Caddy, Crafter, e-Up, Eos, Fox, Golf 4, Golf 5, Golf 6, Golf Plus, Jetta, Lupo, Passat, Polo, T4, T5, Scirocco, Sharan, Tiguan, Touran, Up
• Seat: Alhambra, Altea, Arosa, Cordoba, Ibiza, Leon, MII, Toledo
• Skoda: City Go, Roomster, Fabia 1, Fabia 2, Octavia, Superb, Yeti
• In summary: probably most VW group vehicles between 1995 and today not using Golf 7 (MQB) platform
45
Hitag2 RKE Attack Demo
45
46
Vehicles we tested using Hitag2 RKE
Opel | Astra H | 2008Opel | Corsa D | 2009Fiat | Grande Punto | 2009
47
Management Summary
VW Group: secure crypto ≠ secure system
• extract a few worldwide keys
instantly copy a remote control from 1 signal
• RF attack highly practical and scalable
Hitag2: diversified keys but bad crypto
• eavesdrop ≈ 4 to 8 signals (key presses)
copy remote control with some computations
Poor crypto is bad, but poor key management is worse.
49
Embedded Devices in the Internet of Things
NFC
50
Authentication with Login Tokens
Past: One factor: Password/PIN
Today: Two factors: Password/PIN and an additional token:
51
52
Yubikey 2: Overview
Simulates USB keyboard
Generates and enters One-TimePassword (OTP) on button press
Based on AES w/ 128-bit key
53
Yubikey OTP Generation
...
dhbgnhfhjcrl rgukndgttlehvhetuunugglkfetdegjd
dhbgnhfhjcrl trjddibkbugfhnevdebrddvhhhlluhgh
dhbgnhfhjcrl judbdifkcchgjkitgvgvvbinebdigdfd
...
AES encrypted = secure?!
54
128-bit AES key of the Yubikey 2 can be recovered(700 EM measurements = 1 hour physical access)
Attacker can compute OTPs w/o Yubikey
Impersonate user:Username and password still needed
Side-Channel Analysis of Yubikey2:Management Summary
55
Countermeasures
Side-channel attacks are a threat in practice
FW version 2.4 for Yubikey 2 comes with countermeasures
Newly produced Yubikeys are more secure
Improve
Report flaws
57
• can be extended for mutual authentication
• challenge must be random and big enough
ek(Ci) = Ri
Ci
challenge
response
1. computes: R’i = ek(Ci)
2. verifies: R’i = Ri?
Remote Keyless Entry (3)Bi-Directional: Challenge-Response
58
Embedded Devices in the Internet of Things
NFC
59
Used in
• access control systems
• electronic passports
• payment systems
• ticketing / public transport
• Near Field Communication (NFC)
One insecure example:Mifare Classic
Contactless Smartcards / RFIDISO 14443 / ISO 15693 @ 13.56 MHz
KeeLoq(Crypto 2008)
61
Analysis of the ID-Card 1/2 Extracting Keys
• test our key-recovery on ID-Card extraction of all secret keys
• another ID-Card contains the same keys
• a third ID-Card contains the same keys
...• surprising discovery:
All ID-Cards have identical keys !
61
64
• disguised reader, e.g., near a waiting line at the cash desk
• Evil attacker: sets credit of any card in its proximity to 0€ (in 40 ms)
• “Nice“ attacker : charges cards of “victims”
A Practical Threat:Denial of Service
65
My favourite Attack:Converting Bits to Cash
• get anonymous ID-Card (10 € deposit)
• modify credit balance
• return card at cash desk
deposit and up to 150 € paid out in cash!
anonymous
66
new issued cards are Mifare DESfire (EV1)
old Mifare Classic cards are still working
improved backend: shadow accounts are used(…and still manually checked…)
Analysis of a Contactless Payment System5 years after the Attack ….
Improve
Report flaws
A Versatile NFC Emulator and more
69
2006: Kaffeetassen Transponder(Coffee Cup Tag)
72
Fake Tag
75
The Primal- (2011)
A Versatile Emulator for Contactless Smartcards
Mifare Classic: Crypto1 stream cipher
Mifare DESFire MF3ICD40: Auth. with (3)DES
Mifare DESFire EV1: Auth. with AES-128, (3)DES
… and other ISO14443 / ISO15693 cards
Atmel ATXmega32
76
Rev.D
79
Rev.D
80
Rev.E
open source project: https://github.com/emsec/ChameleonMini
• 8 card slots
• Breakableantenna
• Improved USBcommand set
• Widespread
89
Rev.E is not enough:Upgrade MCU and FRAM Rev. F
91
Crowdfunding via Kickstarter, Day 45
• Project successfully funded.
92
Crowdfunding via Kickstarter
…. 6 months later: Production finished.
94
Rev.G
• (Basic) RFID Reader• ATXMega128 + FRAM• Li-Ion Battery
• ISO 14443/ ISO 15693• Sniffing• Log Mode
95
Rev.GLog Mode / Sniffing
• Emulation: Log reader and Chameleon data• Sniffing: Chameleon is „invisible“ during recording• Precise time stamps• Live logging
97
Card Emulator
open source project: https://github.com/emsec/ChameleonMini
Source Code/Firmware and Hardware Layout of Rev.GNow online!
98
Creative Usage of (Florian Bache @ RUB)
99
Long Range Contactless Card
100
A Useful BookReading Range: more than 70 cm
101
Chameleon and the Magic DragonPUFF!
CHES 2015 paper:The Gap Between Promise and Reality: On theInsecurity of XOR Arbiter PUFs (Georg T. Becker)
Chameleon clonesa PUF (Physically
Unclonable Function)
105
Embedded Devices in the Internet of Things
NFC
Case Study:
An Electronic Locking System
(CRYPTO 2013)
111
Electronic Locking Systemwith Bi-Directional Authentication Scheme
Token Lock
115
Electronic Locking Systemwith Bi-Directional Authentication Scheme
Black-box analysis: Token and lock perform authentication protocol
Token LockAuthenticationprotocol
???
121
Lock
Embedded code?
Read-out protection!
Token
Electronic Locking System:PIC Microcontroller in Token and Lock
122
Decapping an IC (1)
123
Decapping an IC (2)
124
Decapping an IC (3)
125
Decapping an IC (4)
126
Microscopic View of the Silicon Die
127
Exposure to UV-C: Disable Read-Out Protection (1)
128
Exposure to UV-C: Disable Read-Out Protection (2)
129
Exposure to UV-C: Disable Read-Out Protection (2)
130
Read Out the Contentof the PIC Microcontroller
• Use standard programmer• Reverse-Engineer (e.g., IDA)
all secrets known
131
𝑰𝑫𝑳
𝑰𝑫𝑻
challenge 𝑪
𝑫
both: compute 𝑹𝑲𝑻(𝑪, 𝑫, 𝑰𝑫𝑻, 𝑰𝑫𝑳) = 𝑹𝑻 𝑹𝑳
(verify 𝑹𝑳)
𝑲𝑻 𝑲𝑳
compute 𝑲𝑻 = 𝑺𝑲𝑳(𝑰𝑫𝑻, 𝑫)
response 𝑹𝑻
response 𝑹𝑳
(verify 𝑹𝑻)
88
32
32
24
32
80
136
Weaknesses and Attacks (1)Hardware
Each lock stores installation-wide cryptographic key
UV-C attack in ~ 30 min (decap PIC)
EM - side-channel attack in ~ 15 min (close to PIC)
Attacking one lock gives access to all doors
139
𝑰𝑫𝑳
𝑰𝑫𝑻
challenge 𝑪
𝑫
both: compute 𝑹𝑲𝑻(𝑪, 𝑫, 𝑰𝑫𝑻, 𝑰𝑫𝑳) = 𝑹𝑻 𝑹𝑳
(verify 𝑹𝑳)
𝑲𝑻 𝑲𝑳
compute 𝑲𝑻 = 𝑺𝑲𝑳(𝑰𝑫𝑻, 𝑫)
response 𝑹𝑻
response 𝑹𝑳
(verify 𝑹𝑻)
88
32
32
24
32
80
142
𝑰𝑫𝑻
𝑫
𝑲𝑳
O*64DES*
1..64O
65..128
128
128 𝑲𝑻128
128
𝑹𝑻 𝑹𝑳𝑫𝑪 O
128
128 64
128
O DES*1..64
65..128
128
𝑰𝑫𝑻
𝑰𝑫𝑳
Cryptographic Functions R and S
144
𝑰𝑫𝑻
𝑫
𝑲𝑳
O*64DES*
1..64O
65..128
128
128 𝑲𝑻128
128
𝑹𝑻 𝑹𝑳𝑫𝑪 O
128
128 64
128
O DES*1..64
65..128
128
𝑰𝑫𝑻
𝑰𝑫𝑳
𝒁𝑹
𝒁𝑺
Cryptographic Functions R and SSecurity Vulnerabilities
1.) 40 Bits of 𝒁𝑹 reused as C leaks internal value
2.) 128-Bit key 𝑲𝑻 computedfrom 64 unknown bits
3.) O has bad cryptographic properties
145
Protocol Runs Run-Time Key Candidates
3 3,36 min 21,34
4 11,5 s 1
5 1,2 s 1
6 650 ms 1
Weaknesses and Attacks (2) Wireless Lock-only attack
Efforts for computing 𝑲𝑻 on a PC:
• initiate some (not successful) protocol runs• compute valid 𝑲𝑻 open door(s)
153
A System Designer‘s Perspective:How to Secure the Internet of Things?
Use peer-reviewed crypto and random numbers
Do not educate your attacker
– Do not start with a weak product that must be upgraded
Implementation attacks: Practical threat, but:
– Use certified devices (secure hardware)
– Algorithmic countermeasures (secure software)
System level: Second line of defense!
– Shadow accounts / Logging (detect fraud)
– Key diversification (minimize impact)
Expect the Unexpected
Thank you!
Questions? Comments?
Contact: info@kasper-oswald.com
www.kasper-oswald.com
156
Secure Against Cyber Attacks
157
Kasper & Oswald Prüfsiegel
• Unabhängige Sicherheitsanalyse
• Verbesserungsvorschläge
• Diskretion über Firmeninterna
www.kasper-oswald.de
Recommended