1 / 37

Towards Disclosing the Private Key of an e-Passport

Towards Disclosing the Private Key of an e-Passport. Martin Hlaváč and Tomáš Rosa Department of Algebra, MFF UK in Prague PPF banka a.s. and eBanka, a.s. Agenda. Technology and platform overview LF and HF bands interface Unique ID transponders Electronic passport Relay attack

tyrone
Download Presentation

Towards Disclosing the Private Key of an e-Passport

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Towards Disclosingthe Private Key of an e-Passport Martin Hlaváč and Tomáš Rosa Department of Algebra, MFF UK in Prague PPF banka a.s. and eBanka, a.s.

  2. Agenda • Technology and platform overview • LF and HF bands interface • Unique ID transponders • Electronic passport • Relay attack • SCH attack on Active Authentication

  3. Passive RF Chips Overview • Contact-less chips radio-classification • LF range chips (100 to 150 kHz) • HF range vicinity cards (13.56 MHz) • HF range proximity cards (13.56 MHz) • UHF range chips (800 MHz and higher) • Huge variety of designs • Cards, keychains, stickers, implants, … • RFID – Radio Frequency Identification • Viewed as a specific application of RF chips

  4. LF and HF Band Physical Layer • Employs the behavior of so-called near field of the transmitter • Classical wave not fully formed, yet • Magnetic component takes care of the energy transport • Arrangement „terminal antenna – chip antenna“ can be seen as a high frequency transformer

  5. Talking with the Transponder transponder RFID terminal RFID internal network transponder field terminal field

  6. Ordinary Operational Distance

  7. When the Distance Matters • Attacking techniques and ranges for HF band according to ISO 14443

  8. Active Attacks Reviewed • It is practically feasible to feed up a typical LF/HF chip at a distance of order of meters • The problem is, however, to hear the transponder’s response • Increasing terminal’s field can significantly decrease the SNR – Signal to Noise Ratio • Possible way for “write-only” attacks…

  9. Terminal is Speaking (prox. HF)

  10. Chip is Speaking (prox. HF)

  11. Unique ID Transponders • Popular in access protection to buildings, offices, garages, etc. • Examples: EM4x02, HID Isoprox II, Indala, etc. • LF Band • Serial memory with several dozens bits • Sends repeatedly its identifier when in terminal’s field • No cryptographic protection • Security almost non-existing in many cases

  12. LF Band Skimmer – Terminal Mode Transmitter Receiver Digital part

  13. LF Band Skimmer – Emulator Mode Load modulator Carrier sensing Digital part

  14. Contactless Smartcard • Important sub-class of RFID transponders • Function-wise and security-wise in par with classical (contact) smartcards • Platform – proximity card (13.56 MHz)

  15. ISO 14443 • Standardizes proximity cards • Usual operational distance 10 cm • Sub-groups A, B • Differ in communication protocol details (modulation, coding, frames, semantics) • Transport platform for contactless smartcards

  16. ISO 7816 • Describes • contact card communication interface • contact(-less) card application protocol • Effort to unify the view of a smartcard regardless the communication interface • Combination of ISO 14443 (communication) and ISO 7816 (application commands) • From the point of view of ISO 7816 there is a new communication protocol identified with T = CL (Contact-Less) • Application platform of contact(-less) smartcards

  17. Contact or Contactless • Hierarchy of standards for contact and contact-less smartcards

  18. Electronic Passport • Equipped with a contact-less smartcard chip • Compatible with ISO 14443 and ISO 7816 • Application code: A0 00 00 02 47 10 01 • Data files • DG1 to DG15: related to the travel document (DG1 – copy of machine readable zone (MRZ), DG2 – photo of the face, DG15 public key for active authentication) • EF.COM, EF.SOD, EF.DIR: service data

  19. P5CD072

  20. Security Mechanisms • Required by ICAO • Passiveauthentication – digital signature of all data files DG1, …, DG15 • Required in EU members • BAC – basic access control to data files and selected functions (e.g. active authentication) • Optional • Active authentication – challenge-response authentication of the chip (e.g. used in Czech Republic, not in Germany)

  21. Apparent Weaknesses of ICAO e-Passport • Detectability of passport presence • Markers: presence of application A0 00 00 02 47 10 01, BAC protocol support, etc. • Brute force attack on BAC • Apparently low main password entropy • Listening to terminal is sufficient • Partial weaknesses of BAC and SM • Detectability of passport with known password (MRZ) • SM does not protect the command headers and status error answers

  22. Relay Attack on Active Authentication • Passport asks to extend the answer time to 4949 ms. • If not acknowledged or if shorter time acknowledged, passport terminated the communication in our experiments • Presumably, terminals on country borders have to accept 5s delay • Passport responded within 1s during the experiments • Remaining 4 s can be used to relay the challenge from the counterfeit to real passport and send back the response

  23. Attack Illustration terminal fakepassport faketerminal passport RF channel 1 channel 2 RF channel 3 initialization initialization file reading AA challenge challenge relay AA challenge S(WTX) S(WTX) AA response response relay AA response

  24. Side Channels • SCH is any unwanted information exchange between the cryptographic module and its surroundings • Physical principles of passive RF chips greatly facilitate existence of many SCH • Electromagnetic field is a primary concern

  25. Active Authentication I (CZ) • Terminal: • Generates 8B random number V and sends it to passport • Passport: • Generates 106B random numberU • Computesw = SHA-1( U || V ). • Setsm = 6A || U || w || BC, (21022 < m < 21024) • Computess = md mod N, where (N, d) is private RSA key of the passport • Sends s to terminal

  26. Active Authentication II (CZ) • Message m is chosen jointly by the passport and terminal, i.e. can not be conveniently chosen by neither side • Existing chosen-plaintext attacks (e.g. Schindler, Tomoeda) can not be employed

  27. FAME-XE Exposure in the Field s = md mod N S M S M S M S M S M S Measurements by doc. Lórencz’s team, KP FEL ČVUT in Prague, april 2007

  28. Chinese Remainder Theorem (CRT) • private RSA operation mdmodN is computed using CRT as follows • 4x faster than simple exponentiation • use of secret p,q makes CRT more vulnerable

  29. Montgomery exponentiation • exponentiation Input: c, p, d (=dn-1dn-2…d1d0)2) Output: x = cdmodp • ucRmodp • zu • for i = n-2 to 0 • z mont(z,z,p) • if di == 1 then • z mont(z,u,p) • else • z’ mont(z,u,p) • endfor • z mont(z,1,p) • return z • multiplication (mont) • Input: x,yZp • Output: w = xyR-1modp • wxy • t s(-p-1) modR • gs + tp • wg/R • if w>p then • ww – p (final substitution) • return w • operations mod/div R=2512, i.e. it’s fast • leaks information about secret p in final substitution

  30. Amount of Final Substitutions • we suspect the amount of FS leaks from the passport in EM channel • More higher-quality measurements are needed to support this hypothesis If this hypothesis is correct the Active Authentication can be broken

  31. lin. algebra Outline of the attack approximations of secret q # FS (known) Experiments indicate some approximations are good enough. function of p (unknown) The relationship between the number of FS during the computation mcmodN and the value miRmodp. (Tomoeda, 2006) precision in bits # FS app. 2%

  32. HNP Problem • Given the approximations where only unknown value is x • Find hidden number x • How? Theory of numbers, LLL algorithm.

  33. Key Recovery • Construct lattice L(B) and approximation vector • Reduce its basis with LLL algorithm • Hope to find hidden vector and hidden number x

  34. Experiments • Hardware setup: 16x Opteron 246 • Measurements: 150 filtered from 7000 • Time: app. 40 minutes • Result: private RSA key found

  35. Conclusion • EM side channel on e-passport exists • New cryptanalytic technique using this side information is elaborated • Higher quality measurements needed • If our hypothesis is correct, AA can be broken, i.e. e-passport can be duplicated, in order of hours

  36. Thank you for your attention … Martin Hlaváč Department of Algebra MFF UK, PPF banka, a.s. hlavm1am@artax.karlin.mff.cuni.cz Tomáš Rosa eBanka, a.s. Department of Algebra MFF UK, trosa@ebanka.cz

  37. References • ČSN ISO/IEC 14443-1..4 • ČSN ISO/IEC 7816-3, 4 • Development of a Logical Data Structure – LDS for Optional Capacity Expansion Technologies, ICAO, ver. 1.7, 2004 • Hancke, G.: A Practical Relay Attack on ISO 14443 Proximity Cards, IEEE Symposium on Security and Privacy 2006 • Heydt-Benjamin, T.-S., Bailey, D.-V., Fu, K., Juels, A., and O'Hare, T.: Vulnerabilities in First-Generation RFID-Enabled Credit Cards, In Proc. of Eleventh International Conference on Financial Cryptography and Data Security, Lowlands, Scarborough, Trinidad/Tobago, February 2007 • Kirschenbaum, I., Wool, A.: How to Build a Low-Cost, Extended-Range RFID Skimmer, USENIX 2006 • Lee, Y.: Antenna Circuit Design for RFID Applications, AN 710, Microchip Tech. Inc., 2003 • Lórencz, R., Buček, J. a Zahradnický, T.: osobní komunikace, 2007 • MIFARE DESFire MF3 IC D40, Preliminary Short Form Specification v. 2.0, Philips Semiconductors, September 2003 • MIFARE MF1 IC S50, Rev 5.1, Philips Semiconductors, May 2005 • Nohl, K, and Plötz, H.: MIFARE – Little Security, Despite Obscurity, 24th Chaos Communication Congress, 2007, http://events.ccc.de/congress/2007/Fahrplan/events/2378.en.html • PKI for Machine Readable Travel Documents offering ICC Read-Only Access, IACO, ver. 1.1, 2004 • Rašek, L.: Elektronické pasy – jak fungují, kopie internetových stránek z roku 2006 • SmartMX – P5CD072 Secure Dual Interface PKI Smart Card Controller, Short Form Specification v. 1.2, Philips Semiconductors, October 2004 • Šiková, M.: Biometrie v osobních dokladech – cestovní doklady s biometrickými údaji, Konference CARDS, Praha 13. září 2006

More Related