hacking smartcards & rfid
DESCRIPTION
Presentation for the Devnology Back to School program at the Radboud University NijmegenTRANSCRIPT
![Page 1: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/1.jpg)
Hacking smartcards & RFID
Erik PollDigital Security
Radboud University Nijmegen
1
![Page 2: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/2.jpg)
What are smartcards & RFID tags?
Micro-controller with contact interface
or contactless interface
Erik Poll – Digital Security 2
![Page 3: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/3.jpg)
Why use them?
Convenience• more convenient than username/password
Security• more secure than username/password
Also more convenient & secure than barcodes and magstripes
Erik Poll – Digital Security 3
![Page 4: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/4.jpg)
What makes them secure?• Tamper-resistant and tamper-evident – to some degree, but never tamper-proof
• no way to remove or access the “hard disk”
• therefore– any access to data - say the credit on your ov-chipcard - is under control of
the card’s functionality– the same goes for adding or changing code on the card
• if possible at all
Erik Poll – Digital Security 4
![Page 5: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/5.jpg)
What can they do ?
1. stupid card just reports some data card shouts out a (unique) serial number on start-up
2. stupid smartcard aka memory card provides configurable file system with some access control
by means of PIN code/passwords or crypto keys or even simpler: irreversible writes (OTP or WORM memory)
3. smart smartcard aka microprocessor card provides programmable CPU that can implement any
functionality
Erik Poll – Digital Security 5
![Page 6: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/6.jpg)
Smartcard hardware for microprocessor cards
• CPU (usually 8 or 16, but now also 32 bit)• possibly also
– crypto co-processor & random number generator (RNG)• memory: RAM and ROM & EEPROM
– EEPROM serves as the smartcard's hard disk • no power, no clock!
A modern card may have 512 bytes RAM, 16K ROM, 64K EEPROM and operate at 13.5 MHz
Erik Poll – Digital Security 6
![Page 7: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/7.jpg)
Do-it-Yourself
• Buy a card reader or NFC mobile phone• Buy some tags and cards
• Programming you own smartcards is possible using JavaCard or MULTOS smartcards
• Check• www.ru.nl/ds/smartcards • libnfc• proxmark• rfidiot.org
Erik Poll – Digital Security 7
![Page 8: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/8.jpg)
Attacking smartcards and RFID
• logical attacks– find flaw in the functionality, targeting eg
• the crypto – ie the cryptographic algorithms• the protocol• the key management• any other functionality
• physical attacks– physically mess with the card
• combinations– abuse functionality while you mess with the card
Erik Poll – Digital Security 8
![Page 9: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/9.jpg)
The simplest physical attack
External power supply and external clock• Vcc: orignally 5 V, now also 3V or 1.8V • Vpp: higher voltage for writing EEPROM (13 V)
Erik Poll – Digital Security 9
Vpp no longer used: painting over this contact is a major security threat
![Page 10: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/10.jpg)
Logical attacks: tools of the trade
for passive eavesdropping or active Man-in-the-Middle
![Page 11: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/11.jpg)
Logical attacks:A very weak RFID tag
Erik Poll – Digital Security 11
![Page 12: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/12.jpg)
12
Mifare Ultralight
• Used in disposable ov-chipkaart• No keys to protect memory access• Relies on read-only and write-once memory for security• Memory organised in 16 pages of 4 bytes
– first part is read-only• includes 7 byte serial number
– second part is One Time Programmable (OTP)• you can write 1's, not 0's• includes data for locking
– third part is readable & writable
Erik Poll – Digital Security 12
![Page 13: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/13.jpg)
13
MIFARE Ultralight memory layoutPage byte 0 byte 1 byte 2 byte 30 UID0 UID1 UID2 checksum
12 checksum lock 0 lock13 OTP 0 OTP 1 OTP 2 OTP 34
5
6
7
8
9
10
11
12
13
14
15
applicationdata
serial number UID
read/write
readonly
OTP
Erik Poll – Digital Security 13
![Page 14: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/14.jpg)
14
Flaw in disposable ov-chipcard
• wo lock bytes initially 0x00F0• set to 0xF8FF to invalidate tag• we can change an invalid tag so that terminals fail to
recognize it as invalid...• remaining 3 lock bits can still be set to one, so that lock
bytes become 0xFFFF• flaw in terminals: tags with lock bytes 0xF8FF are
recognized as invalid, but tags with 0xFFFF are not • flaw since fixed by patching terminals
[Source "Security Evaluation of the disposable OV chipkaart", by UvA students Pieter Siekerman and Maurits van der Schee , July 2007]
Erik Poll – Digital Security 14
![Page 15: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/15.jpg)
• Mifare Ultraright can store signed or encrypted data, but cannot do any processing, or offer any access control to reading the data
• No way to protect against spoofing of tags
• Only mitigation: serial number (UID) cannot be overwritten, so spoofing requires special hardware if UID is used
15
More fundamental limitation: replay attack
Erik Poll – Digital Security 15
![Page 16: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/16.jpg)
Logical attacks:Attacking the crypto
Erik Poll – Digital Security 16
![Page 17: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/17.jpg)
• If the card can do encryption, the secret key K never leaves the card
• Card issuer does not have to trust card holder, terminal, or network
• This is how you bank card works: it uses a 3DES key that only the bank knows
secret key K CPU challenge c
response encryptK(c)
Challenge-response
Erik Poll – Digital Security 17
![Page 18: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/18.jpg)
1. Figuring out which encryption function is used– maybe this is known & published– otherwise: reverse engineering, experimenting to figure out how encryption works
2. For poor encryption: by trying out few challenges, you may be able to reconstruct key
For good crypto – 3DES, AES, RSA,... – this is hopeless
secret key K CPU challenge c
response encryptK(c)
Breaking this?
Erik Poll – Digital Security 18
![Page 19: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/19.jpg)
Proprietary crypto broken in DS group
• Mifare Classic• ATMEL SecureMemory, CryptoMemory and CryptoRF• HID iClass and iClass Elite• Hitag2
• Moral of the story: use established, crypto primitives – publicly studied according to Kerckhoffs principle
Erik Poll – Digital Security 19
![Page 20: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/20.jpg)
Crypto 1 in Mifare Classic
Erik Poll – Digital Security 20
![Page 21: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/21.jpg)
Logical attacks:Attacking the key management
Erik Poll – Digital Security 21
![Page 22: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/22.jpg)
22
Common problems with crypto keys
• people using the same key in all cards • for one customer, or - worse - all their customers!• HID iClass uses a globally unique master key, which is built into all
HID card readers• worse still, using the default keys• 75% of MIFARE applications was found to use default keys or keys
used in examples in documentation
[Source: Lukas Grunwald, DEFCON14, 2007]
• A0A1A2A3A4A5 is an initial transport key of MIFARE tags. Googling for A0A1A2A3A4A5 produces links to documentation with other example keys to try!
Erik Poll – Digital Security 22
![Page 23: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/23.jpg)
Logical attacks:attacking security protocols
Erik Poll – Digital Security 23
![Page 24: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/24.jpg)
Fraud with internet banking in Netherlands
Erik Poll – Digital Security 24
2008 2.1 M€2009 1.9 M€2010 9.8 M€ (7100€ per incident)
2011 35 M€ (4500€ per incident)
2012 (1st half) 27.3 M€
[source: NVB]
![Page 25: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/25.jpg)
Internet banking & Man-in-the-Browser attacks
Erik Poll – Digital Security 25
display of PC can not be trusted(despite )
→ 23459876
← 123654
![Page 26: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/26.jpg)
this display can be trusted andunderstood
USB
Erik Poll – Digital Security 26
Internet banking & protecting against Man-in-the-Browser attacks
![Page 27: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/27.jpg)
Protocol of USB-connected e.dentifier2
Erik Poll – Digital Security 27
![Page 28: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/28.jpg)
28Erik Poll – Digital Security
Protocol of USB-connected e.dentifier2
![Page 29: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/29.jpg)
29
Vulnerability: e.dentifier2 tells PC that user pressed OK PC instructs e.dentifier2 to continue transaction
Erik Poll – Digital Security
Protocol of USB-connected e.dentifier2
![Page 30: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/30.jpg)
30 Erik Poll – Digital Security
Attack
![Page 31: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/31.jpg)
31
Movie
Erik Poll – Digital Security
![Page 32: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/32.jpg)
Other example logical weaknesses-
for e-passports
Erik Poll – Digital Security 32
![Page 33: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/33.jpg)
Unwanted functionality
Erik Poll – Digital Security 33
• Test version of Dutch passport provided software emulation of Mifare Classic
• with default key, of course...
This allows adding a cloned ov-chipcard on the passport
![Page 34: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/34.jpg)
Attacking the terminal software Lukas Grunwald managed to crash e-passport terminals by
sending a malformed JPEG causing a buffer overflow in the graphics library
Smartcards and RFID tags should be treated as untrusted inputs
until we have authenticated the card and/or the data it provides
Erik Poll – Digital Security 34
![Page 35: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/35.jpg)
e-passport leaking info by error response
2 byte error response
meaning
Belgian 6986 not allowedDutch 6982 security status not satisfiedFrench 6F00 no precise diagnosisItalian 6D00 not supportedGerman 6700 wrong length
Erik Poll – Digital Security 35
255 other instructions to try, and we can try different parameters ...
Error code for illegal B0, ie. READ BINARY, instruction
This reveals the nationality of a passport • in spite of access control to passport data
But attack range limited to 30 cm, so danger of passport bombs overhyped
![Page 36: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/36.jpg)
Physical attacks:side-channel attacks
Erik Poll – Digital Security 36
![Page 37: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/37.jpg)
Power trace of an RSA encryption
[Source: Riscure]
Erik Poll – Digital Security 37
![Page 38: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/38.jpg)
38
Power analysis: reading the key from this trace!
Erik Poll – Digital Security
![Page 39: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/39.jpg)
Physical, invasive attacks
Erik Poll – Digital Security 39
![Page 40: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/40.jpg)
First step: removing chip from smartcard
Erik Poll – Digital Security 40
![Page 41: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/41.jpg)
Optical reverse engineering
microscope images with different layers in different colours, before and after etching
[Source: Oliver Kömmerling, Marcus Kuhn] Erik Poll – Digital Security 41
![Page 42: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/42.jpg)
Probing
Observe or change the data on the bus while the chip is in operation.
eg to observe key
probing with8 needles
Erik Poll – Digital Security 42
![Page 43: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/43.jpg)
FIB = Focussed Ion Beam can observe or modify chip by• drilling holes• cutting connections• soldering new connections and
creating new gates
blown fusehole drilled in
the chip surface
Fibbing
Erik Poll – Digital Security 43
![Page 44: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/44.jpg)
Extracting ROM content
[Source: Brightsight]
Staining can optically revealthe bitsstored in ROM:dark squares are 1light squares are 0
Erik Poll – Digital Security 44
![Page 45: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/45.jpg)
Latest fashion: fault attacks
• Introduce a fault while chip is operating– by glitching: dipping the voltage– by shooting a laser at the chip
Erik Poll – Digital Security 45
![Page 46: Hacking Smartcards & RFID](https://reader034.vdocuments.us/reader034/viewer/2022052315/5568dd36d8b42a287a8b4645/html5/thumbnails/46.jpg)
Conclusions
• Smartcard & RFID security not perfect– cheap, logical attacks
• little equipment, but some time & brainpower– expensive, physical atacks
• more equipment– both can be devastating...
• The ongoing arms race between defenders and attackers will never end– these days esp. for side-channel and fault attacks
Erik Poll – Digital Security 46