1

1

ISG Seminar 3rd November 2011

From Smart Cards to NFC Smart Phone

Security

Keith Mayes

ISG Smart Card Centre (SCC) www.scc.rhul.ac.uk www.isg.rhul.ac.uk

keith.mayes@rhul.ac.uk

2

Agenda for Lecture

• Evolution of smart cards/RFIDs

• Attacks/countermeasures

• Near Field Communication (NFC)

• NFC Security Elements

• Misuse of NFC devices as attack platforms

• Other worries about phone platforms

Smart Cards with Contacts

[Gemplus Images]

Chip module interface via metal contacts Card reader makes physical contact

Contact-less Smart Cards

Chip module interface via antenna Reader uses RF field

2

5

Smart Card/RFID Trade-offs

6

RFID Tags - Passive/Active

• There are many different

contact-less tag/device formats

• The main classes are passive

and active (powered)

7

At a store near you…

Near Field Communication

• The latest standards for mobile

phones support Near Field

Communications (NFC)

• NFC is a equivalent to a

contact-less interface for the

phone

• The phone can behave as a

smart card or token

• The phone can behave as the

reader

• (Standards from

− www.nfc-forum.org)8

Recap: Normally Smart Cards as

Personalised Devices that Resist Attack

• When we are dealing with deployed/accessible devices we are not only concerned about attacks against the theoretical design of the security protection, but also its implementation and associated policies.

• Attacks can be classed under generic headings.− Logical.

− Physical/Fault.

− Timing/Side-Channel.

• Attacks that target the implementation are often referred to as “tampering”.

• Specialist devices including Hardware Security Modules (HSM), Security Elements (SE), Mobile Smart cards (SIM), trusted Platform Modules (TPM) are designed to be strongly tamper-resistant.

3

9

Hacking a popular “sport”• Wikipedia on the popular Hacking at Random Conference

− “Hacking at Random was an outdoor hacker conference that took place in

The Netherlands in August 2009. …This conference was the most recent

event in a sequence …. Galactic Hacker Party in 1989, followed by

Hacking at the End of the Universe in 1993, Hacking In Progress in 1997,

Hackers At Large in 2001, and What the Hack in 2005….

• A small selection of seminars from HAR 2009….

− RFID sniffer workshop: Assemble your own RFID sniffer and find RFID

tags in your wallet

− Cracking A5 GSM encryption

− Lock picking

− Sniffing cable modems

− Side channel analysis and fault injection

− Rootkits are awesome. Insider Threat for Fun and Profit

− Wikileaks. History is the only guidebook civilization has, but who's the

publisher?10

10

Hacking RFID a popular pastime….

11

Physical Attack Countermeasures

• In hardware security modules these are at chip level and include− Physical barriers

− Active shields

− Circuit scrambling

− Encrypted busses

− Encrypted memories

− Environment/fault sensors Source Gemalto

• In mobile equipment you have to consider protecting/obscuring sensitive chips and interfaces

− Making things hard to get at is better than nothing

− Try to impede the replacement of critical chips

12

Timing/Side Channel Attack• Side channel attacks exploit “leakage” from sensitive operations.

• The principle is simple;− An electronic circuit is made up of gates/transistors

− Switching between logic levels causes a slight variation in power consumption and a small RF emission

• The attacker captures these variations and processes them in order to extract secret/sensitive information

• The equipment needed is relatively low cost/available and the processing techniques are well published

• The attack is effective against unprotected hardware and will extract keys from good “logical” algorithms such as DES/AES etc.

4

13

NFC Modes

• Basically NFC ‘modem’ with three modes− Reader-Token Communication

− Token-Reader Communication

− Peer-to-Peer

• <<DEMOs>>

All very exciting …..but……

considerable concerns remain

about NFC security

RIM201114

The NFC Secure Element

• Starting position: “Mobile handset is not a

trusted platform”.

• Need additional trusted security component.

− Most well known example is the UICC.

• SE is security core of NFC applications.

− Tamper resistance - secure storage and management

of applications and keys.

− Security mechanisms, e.g. encryption of

communication channel.

• SE facilitates two key services.

− Secure execution of sensitive applications and their

data.

− Secure management of applications.

• Multiple form factors!

RIM2011

15

Example of a Secure Element• NXP SmartMX Secure Microcontroller Family

– Dual interface smart cards

– Embedded form factors

• NXP SmartMX2 newest addition

– Processing – 8,16,24,32 bit instruction set

– Memory - up to 384KB ROM, 8.125 KB RAM,

144 KB EEPROM and 400 KB Flash

– Security

Common Criteria – targeting EAL6+

Crypto library and co-processors (AES/DES/ECC/RSA)

– Software platform

JCOP (Java Card)

– Application management

Global Platform

NXP2011

16

Embedded SE

• SE is embedded in handset

− Smartcard in IC form factor

− Works when phone off

• No distinct ‘owner’

− Development opportunities

− Potential trust and ownership

issues

− Secure personalisation important

NXP2011

iFitIt Teardown

2011

5

17

SIM/USIM as SE

• The existing SIM/USIM is the SE.

− No extra hardware.

− SIM stable technology.

− Handset needs to support Single Wire

Protocol (SWP).

• Owned by the MNO.

− 3rd party application access?

• Variations.

− DIF-SIM: All functionality on SIM

with antenna in phone.

− SIM-Flex: All functionality on SIM

with attached antenna

NXP2011

Gemalto

2011

18

microSD SE

• SE added in SD memory slot

− No NFC capability required in handset

− Can add to any handset with slot

− Off when phone is off

• Flexibly ownership

− 3rd party owner – open for development

− SE tied to specific owner/application

• Variations

− Some units only readers or only tokens

− Secure storage and execution

• NFC module in handset

− Integrated unit

• NFC communication capability

• Antenna included

NXP2011

SDID2011

1919

Security Domains and Keys• Global Platform application management is

based on Security Domains (SD)

• Multiple SDs can be created on a SE and

associated with Service Providers (SP)

• An SP can only access manage applications

housed within its own SD.

• Example of Delegated Mode with UICC as SE

shown on right….

• An Issuer Security Domain for MNO

services, and multiple Supplementary

Security Domains (SSD) for other services

• OTA keys are used to gain access to the SE

• SSD keys are used to gain access to each of

the service domains

….Nice idea at least!….

SmartTrust2011

20

Clones/Emulators

• Products/applications tied to

specific UID not easily

transferable to other token

• Emulator can masquerade as any

token if data and/or key material

can be obtained

• A number of devices have been

demonstrated (available publicly)

for LF, HF and UHF

Credit: TU Graz, OpenPICC, Intel, Radboud University

6

21

Passive Relay

[G.P. Hancke, K. Mayes and K.Markantonakis. "Confidence in Smart Token

Proximity: Relay Attacks Revisited", Elsevier Computers & Security, June 2009.]22

A Hack a day keeps boredom away?• Hackers/enthusiasts are

very active and co-operative via forums and web sites.

• The examples here were found on the Hack-a-Day website.

• Smart Phones are becoming top targets!

23

Phone Platform Risks• As sophistication of phones grow, they become vulnerable

to all the security perils of PCs

− Rootkits, viruses, malware, trojans, keyloggers..etc..

• Phone architectures are complex and various components are “bolted” together.

• Phones are available from many sources, get unlocked, re-flashed, upgraded and cheap clone/copies are in use - so what software is actually running?

• If your security protection relies on a software only solution you are at risk.

− Hardware security provides a reliable anchor point for security.

• Phone platform security protection is often proprietary and not disclosed for verification….

24

NFC device as an attack platform!

• Attacks currently use a lot of custom built kit.

• Hence, the interest in NFC devices as attack platforms!

− Skimming - reading genuine cards.

− Clone card emulation.

• An open development platform.

• Anyone can write phone reader applications.

• Embedded secure elements are unlockable.

• Existing APIs and developer environments.

• Multiple communications links.

• A software downloaded attack application could spread

very fast!

7

25

Payment card ‘cloning’ via NFC• First generation contactless cards had

rudimentary security

− Card authentication with static data

• Develop a Skimming Tool

− MIDlet on NFC phone reads card data.

− No code signing required.

• ‘Cloning’ the card.

− Unlock SE.

− Load Java card applet with payment AID.

• Worked on POS system in lab

[ L. Francis,G. Hancke, K. Mayes, and K. Markantonakis, Potential misuse of NFC

enabled mobile phones with embedded security elements as contactless attack

platforms," Proceedings of The First International Workshop on RFID Security and

Cryptography, (RISC 2009), UK]

26

Proof-of-Concept NFC Relay Experiment• Two NFC enabled mobile phones operating in P2P

mode and participating in a legitimate transaction.

− Phone-A intends to interact with Phone-B.

− Introduce two additional proxy phones (Proxy-A and

Proxy-B) to relay the communication.

[ L. Francis, G. Hancke, K. Mayes, and K. Markantonakis, "Practical NFC Peer-

to-Peer Relay Attack using Mobile Phones". 6th Workshop on RFID Security

(RFIDSec 2010), June 7 - 9, 2010, Istanbul, Turkey].

27

Trusted NFC Phone platform?

Security Applications

go here…

Malware

goes here!

Image from Vikas Rajole MSc report 2011

'Safebot' malware running as 'root' user

28

Conclusion/Comments

• Smart Cards have been evolving and changing from cards with

contacts to contactless cards and RFIDs.

• The need for attack resistant hardware remains as cards/RFIDs

are targeted by organised hacker/enthusiast communities.

• Near Field Communications offers possibility of using the mobile

phone instead of smartcards/RFIDs or their readers.

• Security concerns around NFC have let to the definition of

Security Elements, but several competing options.

• NFC reader mode does not use the SE and so applications are at

risk from phone vulnerabilities.

• Phone architectures are complex and there are published attacks.

• NFC phones are attracting interest as convenient attack platforms!

8

29

Thank you for your

attention…

Questions ?