1 / 26

Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks

Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks. Authors: Saar Drimer and Steven J. Murdoch Presented in: Usenix Security Symposium 2007 Kishore Padma Raju. Today’s Talk. Smart Card Relay Attacks Defenses Distance Bounding. Smart Card. Sheet of plastic

bishop
Download Presentation

Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Keep Your Enemies Close:Distance Bounding Against Smartcard Relay Attacks Authors: Saar Drimer and Steven J. Murdoch Presented in: Usenix Security Symposium 2007 Kishore Padma Raju

  2. Today’s Talk • Smart Card • Relay Attacks • Defenses • Distance Bounding

  3. Smart Card • Sheet of plastic • integrated circuit(microcontroller) • Eight contact pads • Ground • Power • Reset • Clock • Bidirectional I/O signal

  4. Payment system is fully deployed in the UK since 2006, with banks making grand claims of security uses the EMV (Europay MasterCard Visa) protocol 1066 requires a correct 4 digit PIN input for authorizing transactions uses RSA for Static Data Authentication (SDA)

  5. Payment Environment • Four parties • Cardholder • merchant: control the payment terminal • Issuer bank • Contractual relation with cardholder • Acquirer bank • Contractual relation with merchant

  6. A simplified smartcard transaction

  7. Authentication • Dynamic data authentication • Merchant • Verify signature with public key • Static data authentication • Merchant are not trusted • Data is static • Authorization is done online

  8. RELAY ATTACK

  9. IMPLEMENTATION • Counterfeit Terminal • Chip and pin terminals($10) • Xilinx Spartan($200) • USB GemPC twin reader($40)

  10. IMPLEMENTATION • Counterfeit Card • Ground down the chip to card’s pad • Maxim 1740/1 transistor($2) • Controlling software • Software developed in python $500 worth of off-the-shelf hardware, two laptops and moderate engineering skill is all it takes.

  11. Results • VASCO Chip authentication program(CAP) • Merchant in UK

  12. Previously proposed defenses Tamper resistant terminals Protects banks by erasing keys upon tampering, cardholders aren’t trained to tell the difference Impose timing constraints on terminal-card interaction A good start, but short timing advantages translate into long distances; most interactions are predictable

  13. Distance Bounding • Parameters • Prover P(Smart card) • Verifier V(terminal)

  14. Distance Bounding

  15. Distance Bounding–initialization phase Used Hancke-Kuhn N(v) and N(p) provide freshness to the transaction and prevent from replay attacks

  16. Distance Bounding – MACs are computed under shared key – verifier loads a shift register with random bits – prover splits MAC into two shift registers

  17. Distance Bounding – bit exchange phase Timing critical phase: – single bit challenge-response pairs are exchanged – response bit is the next bit from the shift register corresponding to the challenge bit’s content – response bit is deleted at prover and stored at verifier

  18. Distance Bounding – Verify Phase The verifier checks that the responses are correct and concludes, based on its timing settings, the maximum distance the prover is away

  19. Experimental Setup

  20. Example of Rapid Bit-exchange phase A 3 8 F 6 D 7 5 challenger 1010 0011 1000 1111 0110 1101 0111 0101 Register0 x0x0 11xx x011 xxxx 0xx1 xx1x 1xxx 1x0x Register1 1x0x xx10 1xxx 0001 x10x 01x0 x111 x1x0 Response 1000 1110 1011 0001 0101 0110 1111 1100 8 E B 1 5 6 F C

  21. A single bit-pair exchange:challenge=1, response=0

  22. Waveform

  23. Possible attacks on distance bounding • Guessing attack • Initiate bit-exchange phase • 50% of challenges and 50% of responses • Totally 75% success • Probability (3/4)^64 using 64 bits • Replay • Revealing both response registers by running the protocol twice • Delay line manipulation • Manipulate delay lines to expose both registers’ state

  24. Future work Working towars providing secure distance bounding protection for RFID.

  25. STRENGTHS • Low Cost • Robust

  26. Weakness • Gave idea to attack their system

More Related