AttackingGlobalPlatformSCP02-compliantSmartCards资源-CSDN文库

需积分: 9 84 浏览量 2019-07-17 11:02:14 上传评论 1 收藏 591KB PDF 举报

本文介绍了一种攻击方法，即针对GlobalPlatform SCP02协议的填充预言攻击，攻击目标是符合SCP02标准的智能卡。GlobalPlatform是一个致力于定义与芯片技术相关的技术机制的组织，这些技术包括智能卡、应用程序处理器、SD卡、USB令牌和安全元素等。该组织的目标还包括促进这些设备上应用程序的互操作性部署和管理，以及推动一个全球性的智能卡实施基础设施。 SCP02协议主要用于在卡片和“卡片外实体”之间建立一个安全的通信通道。当通过空中接口（over-the-air）使用时，该协议的主要目的是远程管理卡片。SCP02是基于对称密钥加密的协议之一，目前是广泛部署的SCP协议。SCP01已经不再使用，而SCP02基于3DES加密技术，SCP03则基于AES加密技术，其使用似乎不如SCP02普遍。文章介绍了填充预言攻击，并且表明了通过实验验证了这一攻击方法是完全可行的。研究人员对来自六个不同制造商的10张智能卡进行了实验，实验结果显示在他们设定的实验环境中，攻击是完全可行的。由于全球每年生产数十亿的SIM卡，因此受影响的卡片数量可能很高。据作者所知，这是首次成功地对SCP02协议进行攻击。填充预言攻击是一种利用密码系统中的时序侧信道攻击方法，攻击者通过观察加密操作的反应时间来推断明文信息。这种攻击利用了加密数据的填充方式，通过观察加密服务的反应，尤其是解密操作对于填充不当的错误消息的反应时间，攻击者可以逐渐推断出加密数据中的明文。文章中还提到了GlobalPlatform定义的其他几种安全通道协议（SCP），大多数基于对称密钥加密。作者详细描述了如何对SCP02实施攻击，并且在实验中通过10张不同制造商生产的智能卡展示了攻击的实际性。结果表明攻击具有很高的实用价值，攻击者可以有效地从加密数据字段中检索出明文字节。从攻击技术来看，通过填充预言攻击可以破解SCP02的加密，因此对于SCP02智能卡而言，这种攻击方法可能造成重大威胁。考虑到每年全球大量的SIM卡生产量，受影响的卡片数量可能非常高，但具体的受影响卡片数量难以估计。这种攻击成功意味着SCP02协议本身可能存在设计上的缺陷或漏洞，需要相关机构和开发者进行进一步的安全评估和修复。从行业应用的角度来看，SCP02协议被运用于多个行业，包括交通公司、银行界以及移动网络运营商。由于涉及到这些关键行业的安全通信协议，了解和防范此类攻击显得尤为重要。对于制造商而言，提高智能卡的安全标准，加强抗攻击能力，将是未来产品开发的重要方向。同时，智能卡的应用与管理也需要考虑实施额外的安全措施，以抵御类似攻击带来的威胁。本文深入探讨了对SCP02智能卡实施的填充预言攻击的方法，具有较高的实用性和危险性，涉及的技术知识包括安全协议、填充预言攻击、侧信道攻击等，这对于智能卡安全领域有着重要的意义。

资源推荐

资源详情

资源评论

Attacking GlobalPlatform SCP02-compliant

Smart Cards Using a Padding Oracle Attack

Gildas Avoine

1,2

and Loïc Ferreira

3,1

Univ Rennes, INSA Rennes, CNRS, IRISA, France

Institut Universitaire de France

Orange Labs, Applied Cryptography Group, Caen, France

Abstract.

We describe in this paper how to perform a padding oracle attack against

the GlobalPlatform SCP02 protocol. SCP02 is implemented in smart cards and

used by transport companies, in the banking world and by mobile network operators

(UICC/SIM cards). The attack allows an adversary to eﬃciently retrieve plaintext

bytes from an encrypted data ﬁeld. We provide results of our experiments done

with

smart cards from six diﬀerent card manufacturers, and show that, in our

experimental setting, the attack is fully practical. Given that billions SIM cards are

produced every year, the number of aﬀected cards, although diﬃcult to estimate,

is potentially high. To the best of our knowledge, this is the ﬁrst successful attack

against SCP02.

Keywords:

Security protocol

Padding oracle attack

GlobalPlatform

Smart cards

· Timing side-channel

1 Introduction

1.1 Context

GlobalPlatform is an organisation that aims at deﬁning technical mechanisms related

to the chip technology (e.g., smart cards, application processors, SD cards, USB tokens,

secure elements), used to securely add and remove applications, and related parameters,

into the chips. This initiative aims also at facilitating the interoperable deployment and

management of applications on these types of device, regardless of the manufacturer, as

well as “promot[ing] a global infrastructure for smart card implementation across multiple

industries” [Glo18].

Several Secure Channel Protocols (SCP) are speciﬁed by GlobalPlatform. Most of

them are based on symmetric-key cryptography (e.g., SCP01, SCP02, SCP03, SCP81).

Regarding the protocols status, SCP01 (based on the

DES

algorithm) is now deprecated.

SCP02 (based on

3DES

) is currently the most deployed symmetric-key based SCP protocol

while the use of SCP03 (based on AES) seems to be less widespread.

SCP02 is a protocol aiming at establishing a secure channel between a card and an

“oﬀ-card entity”. When used over-the-air, the main purpose of the protocol (yet not the

only one) is the management of a (remote) card. Through the secure channel established

with SCP02, applets, ﬁles, secret data (e.g., encryption keys, PIN codes), etc., may be

transmitted and stored into the card.

According to GlobalPlatform, SCP02 is used by transport companies, in the banking

world and by mobile network operators (UICC/SIM cards). The number of SIM cards used

Last release: March 2018 [Glo18].

Last release: July 2014 [Glo14].

Licensed under Creative Commons License CC-BY 4.0.

IACR Transactions on Cryptographic Hardware and Embedded Systems ISSN 2569-2925,

Vol. 2018, No. 2, pp. 149–170

DOI:10.13154/tches.v2018.i2.149-170

150 Attacking GlobalPlatform SCP02-compliant Smart Cards Using a Padding Oracle Attack

worldwide in 2015 is estimated to 5

3 billion by the SIMalliance [

SIM16

], and 7

6 billion

by the GSMA [

GSM16

], although it is diﬃcult to estimate what proportion implements

SCP02. A typical usage of the SCP02 protocol is the management of a speciﬁc application

storing user credentials (e.g., for payment or transport transactions) located in the UICC

card that is plugged into the smartphone. Depending on the context, an additional security

protocol (e.g., TLS [

DR08

] or SCP80 [

ETS17

]) may be used together with SCP02. For

instance, in order for a remote server to send SCP02 commands to the UICC, a SCP02

channel is established between the remote server and the UICC through the intermediary

of an application on the smartphone. In addition a second secure channel is established

between the remote server and the application on the smartphone (e.g., with TLS or

SCP80). This second security layer embeds the SCP02 commands sent by the server. The

data exchanged between the server and the application are protected with the two security

layers, whereas the data exchanged between the application on the smartphone and the

UICC are protected with SCP02 only.

1.2 Contribution

We describe how to perform a padding oracle attack against the SCP02 protocol. This

attack allows an attacker to retrieve the plaintext data sent to a smart card through the

secure SCP02 channel. We present the results of our practical experiments made with

smart cards from six card manufacturers. We explain how to exploit a timing channel

provided by these cards in order to successfully achieve the attack against them.

1.3 Paper outline

Section 2 summarises previous work related to padding oracle attacks. Section 3 describes

the SCP02 protocol. Based on the regular padding oracle attack described in Section 4, we

explain in Section 5 how to exploit a weakness of several smart cards implementing SCP02

in order to apply the attack. We present our setting and our experimental results. In

Section 6, we list possible countermeasures. Section 7 deals with our responsible disclosure

of this work to various card manufacturers. Finally, we conclude in Section 8.

1.4 Notations

A byte value is written as

. The value

corresponds to the byte string made of

bytes

equal to

i+1

refers to the concatenation of the bytes

and

i+1

CkB

refers to

the concatenation of the two

DES

blocks

and

ENC

indicates a symmetric encryption

function, while ENC

−1

indicates the corresponding decryption function.

2 Related work

In 2002, Vaudenay [

Vau02

] describes the theoretical principles of an attack against a

symmetric-key encryption algorithm in

CBC

mode, leaning on the padding data, that

enables the decryption of encrypted data. He presents applications against several security

protocols (e.g., TLS 1

0 [

DA99

], IPsec [

KS05

] and ESP [

Ken05

], WTLS [

Wir01

]). The

latter is adapted by Canvel, Hiltgen, Vaudenay, and Vuagnoux [

CHVV03

] who succeed in

bypassing two limitations of Vaudenay’s attack: the lack of diﬀerentiated error messages

when the padding is invalid and when the

MAC

tag is invalid (a timing side-channel is

used instead), and the break of the secure channel when a cryptographic error occurs (the

underlying application they target repeatedly sets up a TLS session and transmits the

same secret). Thereby they provide a fully practical attack against TLS 1.0.

Including M2M connections.

Gildas Avoine and Loïc Ferreira 151

AlFardan and Paterson [

PA12

] describe a padding oracle attack against DTLS [

RM06

]

and targeting actual implementations even though TLS implementations have been patched

in order to thwart the padding oracle attacks.

Their attack is made easier because a

DTLS session is not stopped when a cryptographic error occurs. On the other hand, in

such a case, the invalid packet is silently discarded and no error message is sent. In order

to circumvent this drawback, they perform a timing attack (using a kind of keep-alive

command) and amplify the response time diﬀerence thanks to a batch of numerous packets

which all either have valid or invalid padding and hence all contribute to an accumulated

timing diﬀerence in the same way.

Afterwards, the padding oracle attack has been applied to various network and applica-

tion protocols, and schemes such as IPsec [

PY04

YPM05

DP07

DP10

], SSL 3

0 [

MDK14

EMV [

DLP

], ASP.NET [

DR11

], XML [

JS11

JSS12

KMSS15

], JavaServer Faces

CAPTCHA, Ruby on Rails framework, and OWASP Enterprise Security API Toolk-

its [

RD10

]. In addition, Rizzo and Duong [

RD10

] describe how to turn a padding oracle

into an encryption oracle

, under the condition that the encryption key is invariant (at

least it does not change throughout several messages decryption, in particular it is not

renewed in case of a cryptographic error).

Using the same kind of technique as [

PA12

], AlFardan and Paterson [

AP13

] use another

side-channel to perform attacks targeting DTLS (practical) and TLS (almost practical).

Their timing attack, called “Lucky 13”, relies on the number of inner compression function

iterations made during the

HMAC

computation when verifying a message authentication

tag. The attack remains possible despite the fact that the targeted cryptographic libraries

implement the recommended countermeasure. Indeed the recommended mitigation consists,

when the padding data is invalid, in performing a

MAC

veriﬁcation on the decrypted data

as if there were no padding data. This leaves a small timing channel that can be exploited

(based on the discrepancy when the padding data is valid and when one assumes there is

no padding data).

Using a variant of Lucky 13, Albrecht and Paterson [

AP16

] succeed in attacking the

Amazon’ s2n implementation of SSL/TLS [

Sch15

AWS

], overcoming the countermeasures

implemented in the cryptographic library.

Irazoqui, İnci, Eisenbarth, and Sunar [

AIES15

] show that it is still possible to apply

the Lucky 13 attack in a cloud setting even if the recommended mitigations against the

attack are implemented. They consider co-located virtual machines which are able to know

if a dummy function (used to equalize the processing time) is called or not.

Paterson and Watson [

PW08

] provide a formal security treatment of the

CBC

mode

encryption with padding in the chosen plaintext setting. They show that a padding method

that has no invalid padded message achieves immunity against padding oracle attacks when

the underlying block cipher is modeled as a pseudo-random permutation family. Paterson

and Watson [

PW12

] also extend existing security models for authenticated encryption

of Bellare and Namprempre [

BN08

] to incorporate padding oracle attacks in the chosen

ciphertext setting.

Moreover the attack presented in 1998 by Bleichenbacher [

Ble98

] against the PKCS #1

5 RSA encryption scheme in SSL can retrospectively be seen as a padding oracle or, more

generally, a “format oracle” attack. This attack aims at retrieving the “premaster secret”

negotiated by a client and a server, and used to compute the session keys. This adaptive

ciphertext attack uses the speciﬁc plaintext format in order to gradually narrow the interval

the plaintext belongs to until one possible value remains. In order to know if his guess is cor-

rect, Bleichenbacher exploits an error code sent by the server when the decrypted message

does not correspond to a valid format. Bleichenbacher attack has been followed by subse-

As noted in [

PA12

], the explanation could lie in the fact that DTLS provides no error messages in

case of a cryptographic error, neither does the secure tunnel end. Thereby a remaining timing channel

could have been seen as not usable in order to build a padding oracle.

The underlying algorithm provides encryption only, not authenticated encryption.

152 Attacking GlobalPlatform SCP02-compliant Smart Cards Using a Padding Oracle Attack

quent improvements and developments (e.g., [

Man01

KPR03

BFK

JSS15

ASS

]).

To the best of our knowledge, there is no security analysis of SCP02 besides a theoretical

attack by Sabt and Traoré [

ST16

]. They describe a chosen plaintext attack based on the

fact that the encryption scheme is deterministic (data is encrypted in

CBC

mode with a

static IV). In addition, they provide the ﬁrst security proof of SCP03 [Glo14].

Regarding the padding method, Black and Urtubia [

BU02

] describe several of them

that may provide a suitable oracle in order to perform an attack, among which a padding

scheme also used in SCP02. In addition, they present methods supposed to resist padding

oracle attacks.

3 The SCP02 protocol

SCP02 aims at establishing a secure link between an “oﬀ-card entity” and a card [

Glo18

SCP02 is based on symmetric-key algorithms. The card and the server share one or several

sets of symmetric keys. A set is made of three keys (which value may be equal). From that

set, session keys are computed each time a new channel is established. The card manages a

sequence counter related to a given keyset. Its initial value is 0 and incremented after each

successful session (established with that keyset). Once the sequence counter has reached

its maximum value, the card must not start anymore a session with the corresponding

keyset.

Depending on the security level negotiated during the key exchange

, the commands

sent by the server and the responses sent by the card are encrypted and protected with a

MAC

tag. Regarding the commands, the lowest security level is data integrity. Moreover

data encryption solely is not allowed.

PLAINTEXT

HDR

CIPHERTEXT TAGHDR’

Kcmac

MAC

| {z }

PAD

MAC

PAD

ENC

z }| {

Kenc

ENC

= 00

ENC

Figure 1: Encryption and MAC computation of a command data with SCP02

Data encryption is done with

3DES

CBC

mode with a null IV [

ISO17

]. Prior to

encryption the plaintext is (always) padded with a ﬁxed string of bytes according to the

method described in [

ISO11

]: a byte equal to

is appended to the plaintext, then as

For simplicity, we will use the term “server” to refer to the party involved in the communication with

the card.

Since the operations done during the key exchange phase are not signiﬁcant for the remainder of this

paper, we skip the corresponding description. The interested reader is referred to the SCP02 speciﬁcation

[Glo18].

In the remainder of the paper we consider that the commands are encrypted and MAC-protected.

剩余21页未读，继续阅读

评论收藏

内容反馈

It小蜂

粉丝: 722
资源: 4

Attacking GlobalPlatform SCP02-compliant Smart Cards

Global Platform card specification v2.3.1

GlobalPlatform规范中的密码学算法总结

GlobalPlatform TEE 规范文档合集

GlobalPlatform卡片规范(中文翻译版)

Global Platform 2.2.1

GlobalPlatform Card Specification v.2.2.1.pdf

Attacking-the-Windows-Kernel

AS-23-Cao-Attacking-WebAssembly-Compiler-of-Webkit.pdf

「技术分析」eu-16-Liang-Attacking-Windows-By-Windows - 安全研究.zip

藏经阁-Adventures-In-Attacking-Wind-Farm-Control-Networks.pdf

Attacking.Intel.TXT-slides

JCOP – TM The IBM GlobalPlatform JavaCard implementation

SCP03中文版

GP卡 SCP02安全通道 更新

信息安全_数据安全_mbs-w02-cheapscate-attacking-iot.pdf

AS-23-Chen-New-Wine-in-an-Old-Bottle-Attacking-Chrome-WebSQL.pdf

tsp遗传算法matlab代码-Attacking-Travelling-Salesman-Problem:GAPSOACASA解决旅行商问题

attacking-and-auditing-docker-containers-and-kubernetes-clusters:Appsecco有关攻击和审核Dockers容器和Kubernetes集群的培训课程内容

Packt.Web.Penetration.Testing.with.Kali.Linux.3rd.Edition.1788623371.epub

信息安全_数据安全_eu-16-Liang-Attacking-Windows-By.pdf

non-attacking-queens:[WIP]皇后区不应该互相残杀！

A two-stage attacking scheme for low-sparsity unobservable attacks in smart grid

「安全资讯」Attacking Kerberos - 安全认证.zip

Attacking.Network.Protocols.2017.12

Oracle 数据库攻防 英文原版

藏经阁-Adventurs in Attacking-Wind.pdf

「无线安全」Do_Not_Trust_Me_Using_Malicious_IdPs_for_Analyzing_and_

Attacking Network Protocols

最新资源

GP卡 SCP02安全通道更新

Oracle 数据库攻防英文原版