Presentation is loading. Please wait.

Presentation is loading. Please wait.

Author: Andrew Calafato

Similar presentations

Presentation on theme: "Author: Andrew Calafato"— Presentation transcript:

1 Author: Andrew Calafato
An analysis of the vulnerabilities introduced with Java Card 3 Connected Edition Author: Andrew Calafato Supervisor: Dr. Kostantinos Markantonakis 2012 Royal Holloway, University of London

2 Contents Smart cards & their usages
Smart Card Operating Systems/Platforms (Java Card) Attacks on Smart Cards Java Card 3 Connected Edition – new features, new threats

3 Smart cards Pocket-sized devices with an embedded integrated circuit chip (ICC) and secure storage Microcontroller: offers a secure processing environment (encryption, integrity, authentication and other security services) Memory: to store information in a tamper-resistant security system, (protecting confidentiality and integrity of data) RAM – volatile (non-persistent) - computation working space EEPROM/Flash - non-volatile - data storage, applications loaded after issuance ROM – non-volatile read-only memory programmed during manufacture – OS & permanent data Form factors: plastic cards subscriber identity modules (SIMs) - like ones in mobile phones USB-based tokens Fobs Contact smart cards - contact pads in direct contact with the reader for power and data communication Contactless smart cards – power and communication through antennae using radio frequencies (RF)

4 Smart card Usages Mobile phone SIM card (Subscriber Identity Module)
Credit/Debit Cards with a chip (chip-and-pin) Health cards Pay-TV cards Contactless travel cards Access/identity cards Eurosmart Smart cards market figures forecast for 2012 (in Millions of Units): Contact Contactless

5 Contents Smart cards & their usages
Smart Card Operating Systems/Platforms (Java Card) Attacks on Smart Cards Java Card 3 Connected Edition – new features, new threats

6 Operating Systems & Platforms
monolithic embedded in chip by manufacturers Rigid architecture modular architecture hardware management application level modules target application Shorter time to market Software reuse Standard platforms adaptable using filters (e.g. SIM cards) Some flexibility Open Platforms: Embedded h/w management layer VM for platform independence Multiple apps installed after issue Multi-application execution platforms Java Card, MULTOS, SmartCard.NET

7 Java Card Applets Extended Applets Servlets Industry Add on Classes
Multiple Java Card applications Applet container manages classic & extended ISO7816 APDU applets Servlet container manages servlet-based web apps Java Card Runtime Environment (JCRE) Industry Add on Classes Libraries providing services / refinements to security & system models Java Card Framework API classes for developing Java Card apps providing system services to apps application management transaction management I/O communication cryptographic functionality Java Card Virtual Machine (JCVM) Executes byte code Provides the functions accessible from outside, such as signature, authentication and applications. Controls access to smart card resources (memory, I/O, etc) Secure loading of apps on card post-issuance Hides manufacturer's proprietary technology with a common language and system interface O.S. & Native Functions Specific IC and native operating system implementation

8 Contents Smart cards & their usages
Smart Card Operating Systems/Platforms (Java Card) Attacks on Smart Cards Java Card 3 Connected Edition – new features, new threats

9 Smart card Physical Attacks (Hardware)
Probing bus with microprobes Focused Ion Beams & laser cutters to cut/short circuit Extreme environment - temperature, light, ionized radiation, high frequency rays, etc. (semi-invasive) E.g. Clock signal / power supply / external electrical field transients to create glitch attacks to deliberately alter memory locations. Combined with mathematical and statistical analysis to compromise integrity and confidentiality of data - e.g. a number of papers on applying Differential Fault Analysis (DFA) for key retrieval Countermeasures programmable active shielding covering the whole chip sensors, such as infra-red, ultra-violet or visible light sensors, filters internal voltage, glitch and temperature sensors proprietary timing and chip layout scrambled memories and busses (also dynamic per session using scramblers) software-based countermeasures against fault induction – e.g. integrity checks

10 Smart card Physical Attacks (Side-channel)
Non-intrusive attacks based on the analysis of information achieved through covert channels to gain information on algorithms/keys timing information electromagnetic radiation power consumption Simple Power Analysis (SPA) - power consumption analysis during program execution Differential Power Analysis (DPA) - power consumption analysis over known sets of data vs. some unknown input & statistical extrapolation (algorithm can be unknown) High-Order Differential Power Analysis (HO-DPA) - signal readings from multiple data sources, using different measuring techniques and different time offsets Countermeasures frequency monitoring sensors to avoid clock speed reduction fast voltage regulators to de-correlate power consumption from instruction execution introduction of random noise and random wait states current scrambling/stabilizing techniques design cryptographic algorithms susceptible to Timing Analysis Attacks random delays / random ordering of code execution exclusive use of instructions with similar power consumption

11 Smart card Logical Attacks
Can be targeted at the system / infrastructure that the smart card in part of Can be launched throughout the whole life cycle of the smart card accidental/deliberate tampering or disclosure of card design, architecture and layout load Trojan horse & malicious applets software vulnerabilities such as buffer overflows in all software layers design and choice of cryptographic algorithms, protocols and key sizes (COMP128 & A5) man-in-the-middle attack between card and card-reader (EMV protocol) replay attacks against Static Data Authentication mechanisms tearing attacks - card is powered off during processing leaving card in an inconsistent or invalid state, or omitting part of the operation such as incrementing the retry counter Countermeasures distribution of knowledge to protect from insider threat physical security to protect from outsider threat security-relating training and awareness programs for social engineering attacks software development based on software engineering principles including testing OS, virtual machines and applications susceptible to timing analysis

12 Smart card Combined S/w & H/w Attacks
A number of papers on combining fault injection with logical attacks Example 1 Power analysis to locate VM type-checking moment in time (class cast exception) Laser beam to ignore the exception thrown => bypass runtime verification => reference forgery => access memory locations inside application firewall boundary => code injection and alteration Example 2 Fault injection to alter Java Card operand stack value => corrupt conditional branching Example 3 Alter return address of current function on stack to execute malicious bytecode Example 4 Replacing Java Card opcode with a NOP opcode (represented as 00) to skip instructions Countermeasures Same as ones discussed in fault attacks

13 Contents Smart cards & their usages
Smart Card Operating Systems/Platforms (Java Card) Attacks on Smart Cards Java Card 3 Connected Edition – new features, new threats

14 harder to manage/model security
1. Complexity Virtual Machine Runtime Environment Applets & Web Applications Security systems card is part of all more complex harder to manage/model security

15 2. Multithreading Parallel execution of processes in web application and extended applet environments A multithreaded runtime environment – can service multiple incoming requests concurrently & perform multiple executions in parallel Inherent complexity of concurrency threads interact & intervene with each other (e.g. shared data) nondeterministic executions logging and debug information lead to different execution order More difficult to test and model security (ensure correctness) Denial of Service deadlock – treads waiting while attempting to acquire each other's locks high priority threads cause other threads to starve Race conditions Explained in next slide Need to access shared data atomically – use locks Time-of-check to time-of-use (TOCTTOU) Example in next slide Need to check as close as possible to use Preferably make check immutable (check and use in an atomic operation)

16 Thread 1 – add 5 to shared balance Thread 2 – add 10 to shared balance
Race condition Thread 1 – add 5 to shared balance Thread 2 – add 10 to shared balance Read shared value (100) Context Switch Add 10 to it (110) Store value (110) Add 5 to it (105) Store value (105) The +10 here has been overridden!

17 Time-of-check to time-of-use (TOCTTOU)
public void setBalance(final BalanceRef balanceParam) { //check phase if (balanceParam.getBalance() < 0) { throw new IllegalArgumentException("Balance cannot be -ve"); } //reference parameter value can change during this time //use phase this.balance = balanceParam.getBalance();

18 3. Web Applications A subset of Java Servlet Specification v2.4 is supported => smart cards can host web applications Expanded attack surface HTTP & HTTPS connections (together with APDU) ports outward facing the network / WWW More URIs & application services available All network layer attacks Injection Attacks Attacker injects untrusted data which ends up being executed unintentionally by an interpreter (HTML, Xpath, etc) – e.g. comment injection Path manipulation / traversal Crafting of URL/input to access files & additional capabilities use ‛dot-dot-slash (../)’ sequences to move up to parent directories Cross-Site Scripting Injection of active content - client-side script (e.g. JavaScript, ActiveX, VBScript, Flash, etc) Reflected – e.g. trick user to follow a link injecting script Stored/Persistent – e.g. forum / social media DOM Based – script act on DOM objects - does not involve server at all

19 ... 3. Web Applications Cross Site Request Forgery (CSRF)
Try to force an authenticated victim to send a forged HTTP request to a vulnerable application Step 1. Attacker forges a request in a way that is acceptable by the target server Step 2. Trick victim to submit the information through a forged request while authenticated Prevention: Synchronizer Token – nonce set to rendered page to be submitted back with request Insecure Direct Object Reference Request parameters altered ‘manually’ to reference protected resources Prevention: authorization Failure to Restrict URL Access Whole URL is manually crafted to access protected resources Other attacks/vulnerabilities DoS (card has restricted environment) HTTP Response Splitting Man-in-the-Browser Session Management vulnerabilities Prevention: Input validation of any untrusted data Escape/sanitize before parsing Authentication & Authorization Etc.

20 Other Features Dynamic class loading Inter-application communications
Application can load a class dynamically at runtime as opposed to explicitly imported complicates the type safety enforcement process significantly can load class with malicious code attacks by Barbu et al. exploited dynamic class loading to create ill-formed code injection attacks illegitimate modification of applications circumvent application firewall Inter-application communications Interactions between applications through the application firewall Object can offer services to other applications notification mechanism using events Larger attack surface Features can be use in more sophisticated attacks (e.g. Barbu et al.)

21 Other Features Network Communications (Generic Connection Framework) through high speed interfaces (e.g. USB) TCP/IP, HTTP, SSL/TLS , File Connections, etc exposed to attacks targeted at all lower Network Layers connected for prolonged period of times Garbage collector Process reclaiming unreferenced data Another process which can be exploited by attackers (e.g. Barbu et al.)

22 Questions?

Download ppt "Author: Andrew Calafato"

Similar presentations

Ads by Google