FORMAL SECURITY ANALYSIS OF CRITICAL INFRASTRUCTURE Tom Chothia University of Birmingham

Research at the University of Birmingham •  I am a Senior Lecturer in Cyber-Security, in Birmingham’s Security

and Privacy group.

•  UK leading cyber security group, •  GCHQ centre of academic excellence, •  Part of the UK wide RITICS/SCEPTICS (CPNI) project on the security of

industrial control systems. •  Birmingham also has a leading rail research group.

•  Particular work on Cars, RFID tags, EMV/Contactless bank cards, banking apps, e-passports …

•  We are currently looking at the cyber-security of ERTMS systems.

Introduction • Basic pentesting is not enough.

•  It is particularly important to look at the correctness of all protocols and crypto. •  Proprietorial crypto is almost always a disaster.

•  Formal modelling is a useful analytic tool to help experts explore systems.

• Examples, our work on e-passports, EMV cards.

Thales è Chip marker è Key maker è Volkswagen

NXP London Underground

Mifare classic

Mifare DESFire

Message of this talk:

•  Formal methods can help analysts find bugs in systems.

• All non-standard crypto and crypto constructs should be examined in detail.

•  Formal methods can “prove” systems correct and

“automatically find” errors.

•  In my view, their value is more in forcing analysts to think carefully about a system’s design.

The Applied Pi Calculus

ProVerif – a tool for the applied pi-calculus •  An easier syntax for the applied pi calculus: in, out, new,..

•  Function definitions to model complex crypto.

•  Can check: •  if a value is kept secret, •  reachability, •  correspondence, •  equivalence.

•  Checks systems against arbitrary attackers,

•  Can check an unbounded number of processes.

Traceability Attacks

•  A traceability attack lets you link two runs of a protocol.

•  It does not break security, authenticity or anonymity.

•  It does threaten privacy.

•  Particularly important for RFID protocols.

Basic Access Control

Reader Passport — GET CHALLENGE → Pick random NP ← NP

——— Pick random NR,KR — {NR,NP,KR}Ke,MACKm({NR,NP,KR}Ke) → Check MAC,

Decrypt, Check NP Pick random KP ← {NP,NR,KP}Ke,MACKm({NP,NR, KP}Ke) — Check MAC, Decrypt, Check NR

Error Messages: French Passport

Reader Passport — GET CHALLENGE → Pick random NP

← NP ———

Pick random NR,KR

— {NR,NP,KR}Ke,MACKm({NR,NP,KR}Ke) →

Check MAC Fails ← 6300 no info. – MAC fail equals with error 6300: “no info”

Error Messages: French Passport

Reader Passport — GET CHALLENGE → Pick random NP

← NP ———

Pick random NR,KR

— {NR,NP,KR}Ke,MACKm({NR,NP,KR}Ke) → Check MAC, Decrypt Check NP Fails ← 6A80 Incorrect params – Nonce fail equals error 6A80 “Incorrect params”

Formal Model of BAC

Strong Untracability

A process is untraceable if a run where tags repeat, looks the same as a run where tags never repeat:

new cs.(Env | !new names.Init.!A) = new cs.(Env | !new names.Init.A)

no ! here

Attack Part 1

Attacker eavesdrops on Alice using her passport Reader Passport — GET CHALLENGE → Pick random NP ← NP

——— Pick random NR,KR — M = {NR,NP,KR}Ke,MACKm({NR,NP,KR}Ke) → Attack records message M.

Attack Part 2

Attacker ???? — GET CHALLENGE → Pick random NP ← NP2

——— — M = {NR,NP,KR}Ke,MACKm({NR,NP,KR}Ke) → ← 6300 no info. – Mac check failed. ???? is not Alice

Attack Part 2

Attacker ???? — GET CHALLENGE → Pick random NP ← NP2

——— — M = {NR,NP,KR}Ke,MACKm({NR,NP,KR}Ke) → ← 6A80 incorrect params. – Mac check passed, ???? must have used Alice's Mac key therefore ???? is Alice.

The failed MAC is rejected sooner, UK passport

Contactless EMV Cards

Sym. Key: Kbc

Sym. Key: Kbc Private Bank Key: Sb

Card Data Signed with Sb

Public Bank Key: Vb

Private Card Key: Sc

Public Card Cert Signed by Bank

amount

Signed data, Cryptogram & Cert Cryptogram

Online only

Visa’s PayWave

Formal Model PayWave

Correspondence Assertions •  Checking this protocol we find that all expected secrecy

properties hold.

•  A transaction cannot be completed without a real card.

•  Correspondence assertions let us check if two parts of the system agree on a value, and if they are in a one-to-one correspondence.

•  We find that shops will only accept one payment for each use of the card .

•  But shops can accept a transaction for the wrong amount. •  i.e. with an incorrect cryptogram.

Wedge Attack

Bad card replaces AC with fake data.

Euroradio: Protocol EuroRadio generates a shared secret key. Key is used to great message authentications codes (MAC) used to ensure the integrity of each message to the train.

EuroRadio Model

Result • Session keys are set up securely.

• Messages can be replayed •  (mitigated by counter at the application layer)

• Messages can be deleted without the train knowing.

• Messages can be delayed.

EuroRadio: Message Authentication Code

A More Secure MAC

Balises

Ethernet and CAN Bus Attacks

Back End Systems

Conclusion •  Formal methods provide a useful tool to help analysts

discover flaws in systems. •  A key advantage is in forcing analysts to think very carefully about

their systems.

•  They have been shown to be effective at finding vulnerabilities that other analyses have missed.

• Any crypto which is not widely used must be carefully examined. •  Never accept proprietorial crypto.