test vehicle for java card - your creative solutions and tools/toru... · evaluation program within...

Test Vehicle for Java CardTest Vehicle for Java Card

September 20, 2012September 20, 2012Toru Hashimoto

IT Security Center (ISEC)y ( )Information‐technology Promotion Agency, JAPAN (IPA)

1

ContentsContents

1. Introduction of Japan’s Scheme

h l2. Test Vehicle

3 Att k M th d f IC hi3. Attack Methods for IC chips

4 J C d d Gl b lPl tf4. Java Card and GlobalPlatform

5 Test Vehicle for Java Card5. Test Vehicle for Java Card

6 Future Plan6. Future Plan2

Japan’s Common Criteria SchemeJapan s Common Criteria Scheme

• JISEC: Japan IT Security Evaluation and• JISEC: Japan IT Security Evaluation and Certification Scheme

• IPA: The Certification Body of JISEC• JISEC has been established in 2001 certifying• JISEC has been established in 2001, certifying software‐related products only.

3

Beginning of Hardware CertificationBeginning of Hardware Certification

• We have established hardware security• We have established hardware security evaluation program within JISEC scheme

d METI’ l d hiunder METI’s leadership.• It has just begun very recently: The first j g y yITSEFs to evaluate hardware have been approved this year!approved this year!

4

METI: Ministry of Economy, Trade and Industry

Checking Skills of ITSEFsChecking Skills of ITSEFs

• One problem: How to check the ability of• One problem: How to check the ability of candidate ITSEFs for hardware evaluation?

• Various skills are needed for penetration testing hardware product.g p

T t V hi l i l ti• Test Vehicle is a solution.

5

ContentsContents


hi l2. Test Vehicle





What is the Test Vehicle?What is the Test Vehicle?

• Test Vehicle is a security hardware product in• Test Vehicle is a security hardware product in the form of smartcard with some deliberately

b dd d l bili iembedded vulnerabilities. • A candidate ITSEF demonstrates their ability yof penetration testing by attacking it.

• Difficulty for breaking the test vehicle is• Difficulty for breaking the test vehicle is tuned so that only the skilled candidate ITSEFs should be able to attack successfully.

7

Previous WorkPrevious Work

• IPA funded to develop Test Vehicle of native• IPA funded to develop Test Vehicle of native smart card in 2011.

• These attack methods are covered:– Physical AttacksPhysical Attacks– Perturbation AttacksSid Ch l Att k– Side Channel Attacks

– Fault Injection Attacks– Software Attacks

8

ContentsContents


h l2. Test Vehicle





Attack MethodsAttack Methods

• Invasive Attacks• Invasive Attacks– Bus Probing– ROM Reading

• Semi‐invasive AttacksSemi invasive Attacks– Perturbation AttacksF lt I j ti Att k– Fault Injection Attacks

• Non‐Invasive Attacks– Power Analysis– Electromagnetic Analysis– Electromagnetic Analysis

10

Perturbation AttacksPerturbation Attacks

• Methods• Methods– Glitch– Laser

• EffectEffect– Instruction skipR i t l h– Register value change

enter PIN;enter PIN;if(PIN is incorrect){goto error;

}

11

}proceed...

Power AnalysisPower Analysis

• Measure power consumption during• Measure power consumption during operation– Recover the secret value like a cryptographic key– Analyze the operation running inside the chip

12

ContentsContents


h l2. Test Vehicle





GlobalPlatformGlobalPlatform

• Open standards architecture for dynamic• Open standards architecture for dynamic multi‐application card schemes

14

GlobalPlatformGlobalPlatform

• Runtime Environment• Runtime Environment• Card Manager• Security Domains• GlobalPlatform API• GlobalPlatform API• Card Content

15

GlobalPlatform SecurityGlobalPlatform Security

• On Card Components’ Security Requirements• On‐Card Components Security Requirements• Cryptographic Support

– Integrity and Authentication– Secure MessagingSecure Messaging

• Installation of Applications is permitted only ith t l t i t h lwith at least an appropriate secure‐channel

established.

16

Java CardJava Card

• Based on Java Technology• Based on Java Technology• Can have Java‐based applications, named applets

• Can have multiple applets• Can have multiple applets

Applet Applet Applet

J C d API

Java Card Virtual Machine

Java Card APIs

17

Card OS

Security Mechanisms of Java CardSecurity Mechanisms of Java Card

• Type Safety• Type Safety– Taking an integer value and reinterpret as a value

f diff ( f i ) i f biddof different type (type confusion) is forbidden.

• Byte‐code Verifiery– Performed offcard or oncard

• Defensive Virtual Machine• Defensive Virtual Machine– Executing illegal byte code is blocked.

• Firewall– Data in an applet is protected from other applets– Data in an applet is protected from other applets.

18

Type SafetyType Safety

• Any reference can be dereferenced only as a• Any reference can be dereferenced only as a reference of the original type.

• What if a byte array is accessed as a short array?y

0 1 2 3

00 01 02 03Read as byte[4]

00 01 02 03

0 2 4 6

0001 0203 XXXX XXXXRead as short[4]

0001 0203 XXXX XXXX

• Accessing beyond the array bound!

19• This is called ‘type confusion’.

Type SafetyType Safety

• Illegal class cast is prohibited: This is enforced• Illegal class cast is prohibited: This is enforced by compiler and runtime environment.

Object class A {};class B extends A {};class C {};A

class A class CA a;B b;C c;

class B

cast attempt result

(A)b O.K. No problem.

(B)a ClassCastException is thrown if a is not an object of class B

20

(B)a ClassCastException is thrown if a is not an object of class B.

(A)c Compile Error

Java Card System SecurityJava Card System Security

• Java Card is protected by various security• Java Card is protected by various security techniques– Combined with GlobalPlatform prohibits installation of applets unless authenticated.

– Byte Code Verifier and Defensive Virtual Machine (if implemented) enforce type safety.

– Java Card Firewall prohibits accessing unauthorized access to another applet’s data.unauthorized access to another applet s data.

• How ITSEFs can evaluate that a Java Card d t i ll i l t d l ?

21

product is really implemented securely?

ContentsContents


h l2. Test Vehicle





Java CardJava Card

• Specifications of GlobalPlatform and Java• Specifications of GlobalPlatform and Java Card enforce security in theory.

• However, Java Card security could be breakable if implementation is done pcarelessly, as well as a native smart card is.

23

Test Vehicle for Java CardTest Vehicle for Java Card

• There are Java Card specific attack methods• There are Java Card specific attack methods that are not covered by the native Test V hi lVehicle.

• Therefore, we have developed Test Vehicle , pfor Java Card so as to make it possible to assess the evaluators’ ability of penetrationassess the evaluators ability of penetration testing of Java Card.

• Test Vehicle defines some attack scenarios regarding partial attack techniques and also g g p qcombined attacks.

24

DevelopmentDevelopment

• Test Vehicle for Java Card is sponsored by IPA• Test Vehicle for Java Card is sponsored by IPA and developed by Trusted Labs.

25

Attacking GlobalPlatformAttacking GlobalPlatform

• Installing an applet is allowed only with• Installing an applet is allowed only with opening a secure channel.

• How does GlobalPlatform Card Manager• How does GlobalPlatform Card Manager determine if secure channel is opened?

• If this decision logic consists of only a single conditional branch, it could be bypassed by , yp yperturbation attacks.

26

Type ConfusionType Confusion

• Causing type confusion somehow to access• Causing type confusion somehow to access memory beyond its own applet’s boundary.

• The following methods could be effective if implementation is flawed:p– Modify CAP file and load an ill‐formed appletBypass On Card verifier somehow– Bypass On‐Card verifier somehow

– Abuse Transaction Mechanism

27

Firewall AttackFirewall Attack

• Find a way to access another applet’s data• Find a way to access another applet s data, for example:– Realize type confusion, i.e. convert an integer value to an object reference.

– Invoke a private method of another applet.

28

Full Attack PathFull Attack Path

• A full attack against a Java Card is a• A full attack against a Java Card is a combination of partial attacks, for example:– Find flaws of the implementation.– Develop a malicious applet that causes type confusion.

– Install the malicious applet by attackingInstall the malicious applet by attacking GlobalPlatform.

29

ContentsContents


h l2. Test Vehicle





Future PlanFuture Plan

• Fine Tuning the Test Vehicle for Java Card• Fine Tuning the Test Vehicle for Java Card– Tune the difficulty so that attacking needs state‐

f kill b b k bl i hi i l iof‐art skill but breakable within practical time scale.

– The fine tuning will be completed by the end of 2012.

31

Japan Information Technology Security Evaluation and Certification Scheme

Thank you for your attention.Thank you for your attention.Thank you for your attention.Thank you for your attention.

IT Security CenterIPA, Japan

JISEC InformationJISEC InformationURL:

English: http://www.ipa.go.jp/security/jisec/jisec e/g s ttp // pa go jp/secu ty/j sec/j sec_e/Japanese: http://www.ipa.go.jp/security/jisec/

32

test vehicle for java card - your creative solutions and tools/toru... · evaluation program within...

Documents