cool smartcard hacks peter honeyman citi university of michigan ann arbor.
-
Upload
patrick-mccormick -
Category
Documents
-
view
220 -
download
5
Transcript of cool smartcard hacks peter honeyman citi university of michigan ann arbor.
![Page 1: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/1.jpg)
cool smartcard hackspeter honeymancitiuniversity of michiganann arbor
![Page 2: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/2.jpg)
a little bit about citi
center for information technology integration founded in 1986 as part of information
technology division now in cio office
![Page 3: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/3.jpg)
citi staff
faculty and staff scientists (3) researchers and programmers (3) students (13)
– doctoral (4)– masters (1)– undergraduate (7)– high school (1)
![Page 4: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/4.jpg)
a little more about citi
mission: advance umich info tech environment, transfer results to university, government, industry– research and development “skunkworks”
for cio– externally funded, primarily by short-term
industry contracts
![Page 5: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/5.jpg)
citi core competencies
middleware enterprise-scale info tech integration
– distributed file systems– integrated security
mobile and wireless computing
![Page 6: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/6.jpg)
major advances of the 20th century
computing transportation mobile computing
– newton, pilot– superslims– pcs, e.g., nokia, qualcomm, sprint, etc.
smartcards– a little computing– a lotta mobility
![Page 7: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/7.jpg)
smartcards are cool because
they are tamper resistant they can do a little crypto they have a restricted (albeit
bizarre) (yet functional) api that can protect secrets
they can store keys– in fact, they have special key files
![Page 8: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/8.jpg)
principal applications
stored value– phone cards– electronic purse
secure identification– challenge/response protocols– gsm phone identity
![Page 9: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/9.jpg)
how smartcards are used
e-purse, e.g., mcard, visacash, mondex– many spectacular failures
gsm authentication information control
– german healthcard closed market applications
– DoD card– welfare card
![Page 10: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/10.jpg)
impediments to use
infrastructure requirements integration with contemporary
computing environments– especially security middleware
![Page 11: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/11.jpg)
outline
smartcard ip kerberos client smartcard-based file systems secure booting palm pilot hacks
![Page 12: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/12.jpg)
ip on smartcard
expand smartcard accessibility to the internet
network protocols on smartcard– network service unmodified
smartcard as a mobile computer– bring your ip address with you
![Page 13: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/13.jpg)
javacard web server
minimal functional server one connection at a time minimal state maintenance
– tcp port– file name– tcp statetcp state
![Page 14: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/14.jpg)
platform
schlumberger cyberflex access 16 KB eeprom iso 7816 smartcard java card 2.0 1.2 KB ram
![Page 15: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/15.jpg)
http only
subset of http 1.0 (or higher) GET method only
![Page 16: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/16.jpg)
tcp only
three states– listen, established, finwait1– actually, tcp state is never used
no! – options– retransmission– checksum validation– hosts requirements compliance
use sequence number as file offset
![Page 17: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/17.jpg)
ip only
no!– options– reassembly
~ 250 byte mtu
![Page 18: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/18.jpg)
tunnel daemon
“near” side: webcard ip address “far” side: iso 7816 framing openbsd implementation
![Page 19: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/19.jpg)
cardlet details
~ 1200 byte codes leaves about 13k for content
![Page 20: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/20.jpg)
webcard summary
performance: ~ 130 bytes/sec. copy content to card with scfs open source http://smarty.citi.umich.edu
![Page 21: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/21.jpg)
secure internet smartcards
extend webcard to secure ip stack personal security assistant
– secure key storage– personal crypto engine
internet addressable– fixed domain name
![Page 22: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/22.jpg)
why a smartcard on the internet?
convenient– e.g., one office, many computers, one
reader secure
– smartcard has excellent physical security mobile
– you can even sit on it
![Page 23: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/23.jpg)
how?
establish secure, authenticated channel to card– PIN for authentication– session key established with SPEKE
![Page 24: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/24.jpg)
SPEKE
DH + PIN-based common base DH
– A B: gx mod r– B A: gy mod r– K=gxy mod r
SPEKE: g = f(PIN)
![Page 25: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/25.jpg)
performance
local remoteKerberos 3.33 12.8 sec.SSH 3.43 12.6 sec.
![Page 26: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/26.jpg)
performance timeline
kinit start 0.00send QA 0.03recv QB 2.07recv card ready 3.56recv key num 5.88recv tgt block 1 9.93recv tgt block 2 12.8
![Page 27: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/27.jpg)
EKE comparison
EKE– A B: DES(PIN, PUBKEY)– B A: RSA(PRIVKEY, K)
EKE setup: 4.47 sec (SPEKE: 3.56) ~1.5 sec to manufacture key pair
![Page 28: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/28.jpg)
smartcard integration with kerberos
university of michigan computing environment is protected by kerberos– So are mit, cmu, stanford, cornell, …– product offerings from microsoft, ibm,
oracle ... public key cryptography is not practical
– (yet) kerberos security limitations:
– lacks external encryption device– lacks secure key storage– passwords vulnerable to dictionary attack
smartcards can solve these problems
![Page 29: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/29.jpg)
decrypt
need for encryption device
kerberoskdc
key is exposed to user and workstationworkstation may not be trustedsniffer, trojan horse, virus ...
passwordticket
ticket
![Page 30: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/30.jpg)
need for secure storage
keys stored on hard disk or in memory are vulnerable
hard disks are not secure – adversary with administrative rights can
access keys– data in a hard disk may be backed up in
an unprotected mass storage device memory is not secure
– adversary can scan memory– data in memory can be paged out to a
hard disk
![Page 31: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/31.jpg)
dictionary attack
create a list of english words, names, etc.– Also star wars, german, shakespeare, …– thx1138 is a vulnerable password! :-(
derive keys from the words in the list obtain a <plaintext, ciphertext> pair
– kerberos gives up <plaintext, ciphertext> easily
decrypt ciphertext with the derived key– if plaintext recovered, password is
exposed umich: > 4,000 vulnerable accounts in
1997– 2,400 in 1999
![Page 32: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/32.jpg)
decrypt
countermeasures - use a smartcard
key is not exposed to user, workstation, or network no password
kerberoskdc
ticket
ticket
ticket
![Page 33: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/33.jpg)
decrypt
smartcard kerberos client
key is not exposed to user, workstation, or network no password
kerberoskdc
ticket
ticket
ticket
![Page 34: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/34.jpg)
implementation
starcos v. 2.1 from giesecke & devrient cyberflex access from schlumberger mit kerberos v5-1.0.5 client kerberos server unmodified for global
interoperability … well, almost– ticket length > 200 bytes, requires cbc– des_cbc_crc method uses key as ivec – modify server to permit des_cbc_md5
![Page 35: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/35.jpg)
kinitstart
card reset
enddecryption
kinitend
startdecryption
0 0.16 0.36 1.06 1.09
kerberos+smartcard performance
smartcard time: g&d: 0.9 sec, slb: 2.48 sec communication cost: 0.05 sec, 0.10 sec
with 115 kbps and 56 Kbps javacard performance is ok
time in sec.
g&d
slb 0 0.38 0.74 2.86 2.89
![Page 36: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/36.jpg)
kerberos+smartcard w-i-p
udp/ip implementation store ticket on smartcard pc/sc library for interoperability server ticket generation
– using ibm 4758 secure pci 486
![Page 37: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/37.jpg)
smartcard filesystem (scfs) iso-7816
– standard smartcard interface– message framing protocol (too primitive
to be usable)– many vendor dependencies
smartcard programming toolkits– ibm mfc, microsoft pc/sc, opencard
framework, emv’96, pkcs#11, …– smartcard-specific everything: language,
api, toolkit, library, application, etc. – hassle learning toolkit after toolkit– api dependencies
![Page 38: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/38.jpg)
scfs goals and policies
integrate a smartcard with unix – vfs: unix filesystem api
take advantage of unix environment– allows sophisticated unix commands (cd,
ls, cat ...) and systems calls (open, close, read, write …)
– access through symlinks any iso-7816 smartcard easy integration with applications
– netscape cookies– pgp private keyring– kerberos tickets– ssh private key
![Page 39: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/39.jpg)
application to ssh
citi% mount_scfs /dev/scfs0 /smartcardciti% ln -s ~/.ssh/identity /smartcard/ss/idciti% ssh sin.citi.umich.eduEnter PIN:sin% logout
![Page 40: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/40.jpg)
scfs design
kernel vfs assisted by user process
XFSVFS
application scfsd smartcard
XFS handles application requests scfsd translates requests to ISO-
7816 APDUs No caching
userkernel
![Page 41: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/41.jpg)
scfs performance
scfs overhead under 1ms
![Page 42: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/42.jpg)
scfs problem areas
order of remove directories and metadata
![Page 43: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/43.jpg)
directory entry file
iso-7816 does not have the right metadata– file type, size, age
required for ls, cat Hack: “.i” in every directory
![Page 44: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/44.jpg)
abstraction mismatch
some iso-7816-4 features do not fit the unix filesystem abstraction
creat(), mkdir() need size crypto commands (authentication,
verify key, …) hack: ioctl()
![Page 45: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/45.jpg)
comparing pc/sc and scfs
PC/SC
SCFS: Application not modified
OS
Application
OS
Application
PC/SC: Application modified or created
OS
Application
OS
Application
SCFS
![Page 46: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/46.jpg)
pc/sc and scfs (cont’d) pc/sc supports more cards and readers scfs can take advantage of it work in progress
PC/SC
OS
Application
OS
Application
SCFS
![Page 47: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/47.jpg)
scfs extensions
encrypted file system key per file, derived from
smartcard master key 300 msec. overhead to derive key
– caching keys helps
![Page 48: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/48.jpg)
scfs conclusion
powerful, flexible api overhead is small useful as a low-level development tool
– ls, cd, pwd, emacs, etc. secure storage for user profiles, web
cookies, kerberos tickets, private keys, etc.
![Page 49: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/49.jpg)
secure booting with smartcard
netboot aegis from rom to load an integrity-checked specialized os
os checks macs stored on a smartcard so check the kernel image integrity and boot check integrity of important applications
(kerberos kdc, databases, etc.) with the smartcard
can boot linux, openbsd, win9x, …
![Page 50: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/50.jpg)
secure bootstrap with smartcard
signed executables for software integrity check
hardware-based solutions– secure coprocessor, aegis (from
upenn)– secure, but hard to configure
software-based solutions– tripwire, authenticode– but is os trusted?
![Page 51: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/51.jpg)
code signing with smartcard
use aegis to boot a specialized os (boot os)
store macs in a smartcard check the kernel integrity (second
os) with the smartcard check integrity of important
applications (kerberos kdc, databases, etc.) with the smartcard
![Page 52: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/52.jpg)
secure booting summary
multi-level bootstrap, with assurance at each level
can boot linux, openbsd, win9x
![Page 53: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/53.jpg)
palm pilot hacks
palmreader, software tools smartcard explorer blaze rke cipher
– appropriate cipher for length-preserving file encryption using smartcard
s/key calculator value checker (mcard, visacash,
mondex)– and transfer?
encrypted beam?
![Page 54: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/54.jpg)
projects under incubation extend ip stack
– sun rpc on smartcard (rmi wrapper? shrpc?) ldap server on ip smartcard pki based user authentication ssl between smartcard and web server
(to send data securely), or ssl between client and smartcard web server
cyberflex simera. (ip over sms?) new os for javacard
![Page 55: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/55.jpg)
summary: citi’s focus
secure computing– secure storage– authentication– secure booting– application integration
convenient use of smartcard– operating system extensions– internet access– pda integration
![Page 56: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/56.jpg)
publications N. Itoi and P. Honeyman, “Practical Security
Solutions with Smartcards,” in Proc. 7th IEEE Workshop on Hot Topics in Operating Systems, Rio Rico, AZ (March 1999)
N. Itoi and P. Honeyman, "Smartcard Integration with Kerberos V5," in Proc. USENIX Workshop on Smartcard Technology, Chicago (May 1999)
N. Itoi, P. Honeyman, and J. Rees, "SCFS: A UNIX Filesystem for Smartcards,” in Proc. USENIX Workshop on Smartcard Technology, Chicago (May 1999)
![Page 57: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/57.jpg)
publications N. Itoi, "Secure Coprocessor Integration with
Kerberos V5,” in Proc. USENIX Security'2000, Denver (July 2000).]
N. Itoi, P. Honeyman, and T. Fukuzawa, “Secure Internet Smartcards,” in Proc. Java Card Workshop, Cannes (September 2000).
J. Rees and P. Honeyman, "Webcard: a Java Card web server," in Proc. IFIP CARDIS 2000, Bristol, UK (September 2000)
P. Honeyman, “New I/O Models for Smartcards” (in preparation).
![Page 58: cool smartcard hacks peter honeyman citi university of michigan ann arbor.](https://reader035.fdocuments.in/reader035/viewer/2022062516/56649e615503460f94b5c30b/html5/thumbnails/58.jpg)
any questions?http://www.citi.umich.edu/