cool smartcard hacks n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
cool smartcard hacks PowerPoint Presentation
Download Presentation
cool smartcard hacks

Loading in 2 Seconds...

play fullscreen
1 / 58

cool smartcard hacks - PowerPoint PPT Presentation


  • 90 Views
  • Uploaded on

cool smartcard hacks. peter honeyman citi university of michigan ann arbor. a little bit about citi. center for information technology integration founded in 1986 as part of information technology division now in cio office. citi staff. faculty and staff scientists (3)

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

cool smartcard hacks


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
    Presentation Transcript
    1. cool smartcard hacks peter honeyman citiuniversity of michiganann arbor

    2. a little bit about citi • center for information technology integration • founded in 1986 as part of information technology division • now in cio office

    3. citi staff • faculty and staff scientists (3) • researchers and programmers (3) • students (13) • doctoral (4) • masters (1) • undergraduate (7) • high school (1)

    4. a little more about citi • mission: advance umich info tech environment, transfer results to university, government, industry • research and development “skunkworks” for cio • externally funded, primarily by short-term industry contracts

    5. citi core competencies • middleware • enterprise-scale info tech integration • distributed file systems • integrated security • mobile and wireless computing

    6. major advances of the 20th century • computing • transportation • mobile computing • newton, pilot • superslims • pcs, e.g., nokia, qualcomm, sprint, etc. • smartcards • a little computing • a lotta mobility

    7. smartcards are cool because • they are tamper resistant • they can do a little crypto • they have a restricted (albeit bizarre) (yet functional) api that can protect secrets • they can store keys • in fact, they have special key files

    8. principal applications • stored value • phone cards • electronic purse • secure identification • challenge/response protocols • gsm phone identity

    9. how smartcards are used • e-purse, e.g., mcard, visacash, mondex • many spectacular failures • gsm authentication • information control • german healthcard • closed market applications • DoD card • welfare card

    10. impediments to use • infrastructure requirements • integration with contemporary computing environments • especially security middleware

    11. outline • smartcard ip • kerberos client • smartcard-based file systems • secure booting • palm pilot hacks

    12. ip on smartcard • expand smartcard accessibility to the internet • network protocols on smartcard • network service unmodified • smartcard as a mobile computer • bring your ip address with you

    13. javacard web server • minimal functional server • one connection at a time • minimal state maintenance • tcp port • file name • tcp state

    14. platform • schlumberger cyberflex access • 16 KB eeprom • iso 7816 smartcard • java card 2.0 • 1.2 KB ram

    15. http only • subset of http 1.0 (or higher) • GET method only

    16. tcp only • three states • listen, established, finwait1 • actually, tcp state is never used • no! • options • retransmission • checksum validation • hosts requirements compliance • use sequence number as file offset

    17. ip only • no! • options • reassembly • ~ 250 byte mtu

    18. tunnel daemon • “near” side: webcard ip address • “far” side: iso 7816 framing • openbsd implementation

    19. cardlet details • ~ 1200 byte codes • leaves about 13k for content

    20. webcard summary • performance: ~ 130 bytes/sec. • copy content to card with scfs • open source • http://smarty.citi.umich.edu

    21. secure internet smartcards • extend webcard to secure ip stack • personal security assistant • secure key storage • personal crypto engine • internet addressable • fixed domain name

    22. why a smartcard on the internet? • convenient • e.g., one office, many computers, one reader • secure • smartcard has excellent physical security • mobile • you can even sit on it

    23. how? • establish secure, authenticated channel to card • PIN for authentication • session key established with SPEKE

    24. SPEKE • DH + PIN-based common base • DH • A  B: gx mod r • B  A: gy mod r • K=gxy mod r • SPEKE: g = f(PIN)

    25. performance

    26. performance timeline

    27. EKE comparison • EKE • A  B: DES(PIN, PUBKEY) • B  A: RSA(PRIVKEY, K) • EKE setup: 4.47 sec • (SPEKE: 3.56) • ~1.5 sec to manufacture key pair

    28. smartcard integration with kerberos • university of michigan computing environment is protected by kerberos • So are mit, cmu, stanford, cornell, … • product offerings from microsoft, ibm, oracle ... • public key cryptography is not practical • (yet) • kerberos security limitations: • lacks external encryption device • lacks secure key storage • passwords vulnerable to dictionary attack • smartcards can solve these problems

    29. ticket decrypt need for encryption device kerberos kdc ticket password • key is exposed to user and workstation • workstation may not be trusted • sniffer, trojan horse, virus ...

    30. need for secure storage • keys stored on hard disk or in memory are vulnerable • hard disks are not secure • adversary with administrative rights can access keys • data in a hard disk may be backed up in an unprotected mass storage device • memory is not secure • adversary can scan memory • data in memory can be paged out to a hard disk

    31. dictionary attack • create a list of english words, names, etc. • Also star wars, german, shakespeare, … • thx1138 is a vulnerable password! :-( • derive keys from the words in the list • obtain a <plaintext, ciphertext> pair • kerberos gives up <plaintext, ciphertext> easily • decrypt ciphertext with the derived key • if plaintext recovered, password is exposed • umich: > 4,000 vulnerable accounts in 1997 • 2,400 in 1999

    32. ticket ticket decrypt countermeasures - use a smartcard kerberos kdc • key is not exposed to user, workstation, or network • no password ticket

    33. ticket ticket decrypt smartcard kerberos client kerberos kdc • key is not exposed to user, workstation, or network • no password ticket

    34. implementation • starcos v. 2.1 from giesecke & devrient • cyberflex access from schlumberger • mit kerberos v5-1.0.5 client • kerberos server unmodified for global interoperability … well, almost • ticket length > 200 bytes, requires cbc • des_cbc_crc method uses key as ivec • modify server to permit des_cbc_md5

    35. kerberos+smartcard performance enddecryption kinit start card reset start decryption kinitend • smartcard time: g&d: 0.9 sec, slb: 2.48 sec • communication cost: 0.05 sec, 0.10 sec with 115 kbps and 56 Kbps • javacard performance is ok g&d 0 0.16 0.36 1.06 1.09 0 0.38 0.74 2.86 2.89 slb time in sec.

    36. kerberos+smartcard w-i-p • udp/ip implementation • store ticket on smartcard • pc/sc library for interoperability • server ticket generation • using ibm 4758 secure pci 486

    37. smartcard filesystem (scfs) • iso-7816 • standard smartcard interface • message framing protocol (too primitive to be usable) • many vendor dependencies • smartcard programming toolkits • ibm mfc, microsoft pc/sc, opencard framework, emv’96, pkcs#11, … • smartcard-specific everything: language, api, toolkit, library, application, etc. • hassle learning toolkit after toolkit • api dependencies

    38. scfs goals and policies • integrate a smartcard with unix • vfs: unix filesystem api • take advantage of unix environment • allows sophisticated unix commands (cd, ls, cat ...) and systems calls (open, close, read, write …) • access through symlinks • any iso-7816 smartcard • easy integration with applications • netscape cookies • pgp private keyring • kerberos tickets • ssh private key

    39. application to ssh citi% mount_scfs /dev/scfs0 /smartcard citi% ln -s ~/.ssh/identity /smartcard/ss/id citi% ssh sin.citi.umich.edu Enter PIN: sin% logout

    40. scfsd smartcard application VFS XFS scfs design • kernel vfs assisted by user process user kernel • XFS handles application requests • scfsd translates requests to ISO-7816 APDUs • No caching

    41. scfs performance • scfs overhead under 1ms

    42. scfs problem areas • order of remove • directories and metadata

    43. directory entry file • iso-7816 does not have the right metadata • file type, size, age • required for ls, cat • Hack: “.i” in every directory

    44. abstraction mismatch • some iso-7816-4 features do not fit the unix filesystem abstraction • creat(), mkdir() need size • crypto commands (authentication, verify key, …) • hack: ioctl()

    45. comparing pc/sc and scfs PC/SC: Application modified or created Application Application PC/SC OS OS SCFS: Application not modified Application Application OS OS SCFS

    46. pc/sc and scfs (cont’d) • pc/sc supports more cards and readers • scfs can take advantage of it • work in progress Application Application OS OS SCFS PC/SC

    47. scfs extensions • encrypted file system • key per file, derived from smartcard master key • 300 msec. overhead to derive key • caching keys helps

    48. scfs conclusion • powerful, flexible api • overhead is small • useful as a low-level development tool • ls, cd, pwd, emacs, etc. • secure storage for user profiles, web cookies, kerberos tickets, private keys, etc.

    49. secure booting with smartcard • netboot aegis from rom to load an integrity-checked specialized os • os checks macs stored on a smartcard • so check the kernel image integrity • and boot • check integrity of important applications (kerberos kdc, databases, etc.) with the smartcard • can boot linux, openbsd, win9x, …

    50. secure bootstrap with smartcard • signed executables for software integrity check • hardware-based solutions • secure coprocessor, aegis (from upenn) • secure, but hard to configure • software-based solutions • tripwire, authenticode • but is os trusted?