SlideShare a Scribd company logo

On Smart Cards Security

Ilia Levin
Ilia Levin

slides from a talk about smart cards security on example of breaking once popular Cryptoflex cards.

Technology
1 of 19
Download to read offline
On Smart Cards Security Ilya O. Levin D’Crypt Pte Ltd Asiacrypt 2010
Common Beliefs Obscure security tokens have security issues An ISO-compliant smart card is more secure than an obscure security token Attacking smart cards is hard
Smart Cards Physicalize cryptographic secrets by having non-exportable objects (keys, PINs, etc.)
Schlumberger Cryptoflex
Cryptoflex Secrets Elementary Files with Read AC set to “Never Allowed” 0000 Cardholder Verification File (CHV1) 0001 Internal keys (DES, 3DES) 0011 External keys (AUT, DES, 3DES) 0012 RSA private keys (1012 – public) 0100 Cardholder Verification File (CHV2)
CHV File Format Byte(s) Description Length 1 File activation byte, LSB 1 2-3 RFU 2 4-11 PIN value 8 12 Number of verification attempts allowed 1 13 Remaining verification attempt counter 1 14-21 Unblocking PIN value 8 22 Number of unblocking attempts allowed (10) 1 23 Remaining unblocking attempt counter 1
Internal Key File Slot Format Byte(s) Description Length 1 RFU (!=0) 1 2 Key length or 1 00 = last slot 01 = empty slot 3 Algorithm ID 1 00 = Single-length DES, 56-bit 02 = Double-length 3DES, 112-bit 4-11 or 4-19 Key value 8/16 12 or 20 RFU (!=0) 1
External Key File Slot Format Byte(s) Description Length 1 RFU 1 2 Key length or 1 00 = last slot 01 = empty slot 3 Algorithm ID 1 00 = Single-length DES, 56-bit 02 = Double-length 3DES, 112-bit 4-11 or 4-19 Key value 8/16 12 or 20 Number of verification attempts allowed 1 13 or 21 Remaining verification attempts counter 1 14 or 22 Next key data, starting from a key length
RSA 1024-bit Private Key File Format Byte(s) Description Length 1 Key block length, MSB = 01 1 2 Key block length, LSB = 43h (323 bytes) 1 3 Key number 1 4-67 Public modulus secret prime factor P 64 68-131 Public modulus secret prime factor Q 64 132-195 Inverse of the factor P (a = Q-1 mod P) 64 196-259 Private subexponent (c = Ks mod (P-1)) 64 260-323 Private subexponent (f = Ks mod (Q-1)) 64 … … … EOF 00 00 00 3
Cryptoflex Authentication CHV1 User PIN CHV2 Admin PIN (optional) AUT1 Transport Key (2nd slot of 3f00/0011) Still cannot read EFs with Never Allowed AC
Cryptoflex Authentication We will skip the details of all related issues here Assume CHV and AUT1 are known Ask me offline if interested
Cryptoflex Secrets. The Fun Part The non-exportable secrets are stored in the elementary files We can bypass standard commands and modify content directly with Update Binary/Update Binary Enciphered
Cryptoflex Secrets. The Fun Part The non-exportable secrets are stored in the elementary files We can bypass standard commands and modify content directly with Update Binary/Update Binary Enciphered Elementary files are transparent, not linear We can modify anything in chunks of any size or one byte at a time at any offset
Cryptoflex Secrets. The Fun Part How to extract the first 112-bit 3DES encryption key from the Internal Key File? 1. Establish the card context and satisfy AC 2. Let E = DES_Block_Init(dummy) 3. for i in [4 … 19] 4. for b in [0 … 255] 5. Update the ith byte in EF 0001 with b 6. if ( DES_Block_Init(dummy) ≡ E ) print b
Cryptoflex Secrets. The Fun Part How to extract the first RSA-1024 private key? Same as a 3DES key. Use RSA Signature (Internal Auth) command instead of DES Block Init. Update bytes 4-67 in EF 0012 to recover the secret factor P and bytes 68-131 to recover the secret factor Q
Cryptoflex Secrets. The Fun Part The PoC code recovers a 3DES key in ~5 min and a private RSA-1024 key in ~20 min
Cryptoflex Anamnesis It is possible to recover cryptographic keys out of “non-exportable” objects Read access condition restrictions on key files are irrelevant “We do not consider this to be a security issue”
To conclude Smart cards are not that perfect in real life as we may believe Poking smart cards is fun, no shiny hardware required We may need more public research in this area
Thank you

Recommended

CRYPTOGRAPHY & NETWOK SECURITY- Symmetric key Ciphers
CRYPTOGRAPHY & NETWOK SECURITY- Symmetric key CiphersCRYPTOGRAPHY & NETWOK SECURITY- Symmetric key Ciphers
CRYPTOGRAPHY & NETWOK SECURITY- Symmetric key CiphersJyothishmathi Institute of Technology and Science Karimnagar
 
12 symmetric key cryptography
12 symmetric key cryptography12 symmetric key cryptography
12 symmetric key cryptographydrewz lin
 
Design and Simulation Triple-DES
Design and Simulation Triple-DESDesign and Simulation Triple-DES
Design and Simulation Triple-DESchatsiri
 
Classical cryptography
Classical cryptographyClassical cryptography
Classical cryptographyAravindharamanan S
 
Classical cryptography1
Classical cryptography1Classical cryptography1
Classical cryptography1Aravindharamanan S
 
Moein
MoeinMoein
Moeinitrraincity
 
Rsa diffi-network security-itt
Rsa diffi-network security-ittRsa diffi-network security-itt
Rsa diffi-network security-ittrameshvvv
 
Sasha Romijn - Everything I always wanted to know about crypto, but never tho...
Sasha Romijn - Everything I always wanted to know about crypto, but never tho...Sasha Romijn - Everything I always wanted to know about crypto, but never tho...
Sasha Romijn - Everything I always wanted to know about crypto, but never tho...Codemotion
 

Recommended

CRYPTOGRAPHY & NETWOK SECURITY- Symmetric key Ciphers
CRYPTOGRAPHY & NETWOK SECURITY- Symmetric key CiphersCRYPTOGRAPHY & NETWOK SECURITY- Symmetric key Ciphers
CRYPTOGRAPHY & NETWOK SECURITY- Symmetric key CiphersJyothishmathi Institute of Technology and Science Karimnagar
 
12 symmetric key cryptography
12 symmetric key cryptography12 symmetric key cryptography
12 symmetric key cryptographydrewz lin
 
Design and Simulation Triple-DES
Design and Simulation Triple-DESDesign and Simulation Triple-DES
Design and Simulation Triple-DESchatsiri
 
Classical cryptography
Classical cryptographyClassical cryptography
Classical cryptographyAravindharamanan S
 
Classical cryptography1
Classical cryptography1Classical cryptography1
Classical cryptography1Aravindharamanan S
 
Moein
MoeinMoein
Moeinitrraincity
 
Rsa diffi-network security-itt
Rsa diffi-network security-ittRsa diffi-network security-itt
Rsa diffi-network security-ittrameshvvv
 
Sasha Romijn - Everything I always wanted to know about crypto, but never tho...
Sasha Romijn - Everything I always wanted to know about crypto, but never tho...Sasha Romijn - Everything I always wanted to know about crypto, but never tho...
Sasha Romijn - Everything I always wanted to know about crypto, but never tho...Codemotion
 
Cryptography Attacks and Applications
Cryptography Attacks and ApplicationsCryptography Attacks and Applications
Cryptography Attacks and ApplicationsUTD Computer Security Group
 
13 asymmetric key cryptography
13 asymmetric key cryptography13 asymmetric key cryptography
13 asymmetric key cryptographydrewz lin
 
Computer security
Computer security Computer security
Computer security Harry Potter
 
IRJET- Data Analysis for Braking System in Time Domain for Fault Diagnosis
IRJET- Data Analysis for Braking System in Time Domain for Fault DiagnosisIRJET- Data Analysis for Braking System in Time Domain for Fault Diagnosis
IRJET- Data Analysis for Braking System in Time Domain for Fault DiagnosisIRJET Journal
 
Integer security analysis using smt solver
Integer security analysis using smt solverInteger security analysis using smt solver
Integer security analysis using smt solverDharmalingam Ganesan
 
Computer security module 2
Computer security module 2Computer security module 2
Computer security module 2Deepak John
 
Cryptography 101
Cryptography 101Cryptography 101
Cryptography 101Aditya Kamat
 
Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...Codemotion
 
Lecture 2
Lecture 2Lecture 2
Lecture 2fadwa_stuka
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 
Cryptographic Algorithms: DES and RSA
Cryptographic Algorithms: DES and RSACryptographic Algorithms: DES and RSA
Cryptographic Algorithms: DES and RSAaritraranjan
 
Exploiting Cryptographic Misuse - An Example
Exploiting Cryptographic Misuse - An ExampleExploiting Cryptographic Misuse - An Example
Exploiting Cryptographic Misuse - An ExampleDharmalingam Ganesan
 
RSA Two Person Game
RSA Two Person GameRSA Two Person Game
RSA Two Person GameDharmalingam Ganesan
 
Computer security module 1
Computer security module 1Computer security module 1
Computer security module 1Deepak John
 
Altevie Technologies - SAP SuccessFactors Cloud offering
Altevie Technologies - SAP SuccessFactors Cloud offeringAltevie Technologies - SAP SuccessFactors Cloud offering
Altevie Technologies - SAP SuccessFactors Cloud offeringAltevie Technologies
 
Verebély Tibor - Informatikai integráció az agráriumban
Verebély Tibor - Informatikai integráció az agráriumbanVerebély Tibor - Informatikai integráció az agráriumban
Verebély Tibor - Informatikai integráció az agráriumbanAgroinform.com
 
Campaign finance
Campaign financeCampaign finance
Campaign financecomann25
 
Lawrence.erlbaum,.teaching.academic.esl.writing.practical.techniques.in.vocab...
Lawrence.erlbaum,.teaching.academic.esl.writing.practical.techniques.in.vocab...Lawrence.erlbaum,.teaching.academic.esl.writing.practical.techniques.in.vocab...
Lawrence.erlbaum,.teaching.academic.esl.writing.practical.techniques.in.vocab...ryandubai
 
Daily rutine
Daily rutineDaily rutine
Daily rutineLariin Milena Ojeda Gonzalez
 
Radici Plastics: innovation and wide range of materials in a global context
Radici Plastics: innovation and wide range of materials in a global contextRadici Plastics: innovation and wide range of materials in a global context
Radici Plastics: innovation and wide range of materials in a global contextRadiciGroup
 
*****OB
*****OB*****OB
*****OBYvette Gong
 
Population Census Web Access System
Population Census Web Access SystemPopulation Census Web Access System
Population Census Web Access SystemPrognoz
 

More Related Content

What's hot

13 asymmetric key cryptography
13 asymmetric key cryptography13 asymmetric key cryptography
13 asymmetric key cryptographydrewz lin
 
Computer security
Computer security Computer security
Computer security Harry Potter
 
IRJET- Data Analysis for Braking System in Time Domain for Fault Diagnosis
IRJET- Data Analysis for Braking System in Time Domain for Fault DiagnosisIRJET- Data Analysis for Braking System in Time Domain for Fault Diagnosis
IRJET- Data Analysis for Braking System in Time Domain for Fault DiagnosisIRJET Journal
 
Integer security analysis using smt solver
Integer security analysis using smt solverInteger security analysis using smt solver
Integer security analysis using smt solverDharmalingam Ganesan
 
Computer security module 2
Computer security module 2Computer security module 2
Computer security module 2Deepak John
 
Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...Codemotion
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 
Cryptographic Algorithms: DES and RSA
Cryptographic Algorithms: DES and RSACryptographic Algorithms: DES and RSA
Cryptographic Algorithms: DES and RSAaritraranjan
 
Exploiting Cryptographic Misuse - An Example
Exploiting Cryptographic Misuse - An ExampleExploiting Cryptographic Misuse - An Example
Exploiting Cryptographic Misuse - An ExampleDharmalingam Ganesan
 
Computer security module 1
Computer security module 1Computer security module 1
Computer security module 1Deepak John
 

What's hot (14)

Cryptography Attacks and Applications
Cryptography Attacks and ApplicationsCryptography Attacks and Applications
Cryptography Attacks and Applications
 
13 asymmetric key cryptography
13 asymmetric key cryptography13 asymmetric key cryptography
13 asymmetric key cryptography
 
Computer security
Computer security Computer security
Computer security
 
IRJET- Data Analysis for Braking System in Time Domain for Fault Diagnosis
IRJET- Data Analysis for Braking System in Time Domain for Fault DiagnosisIRJET- Data Analysis for Braking System in Time Domain for Fault Diagnosis
IRJET- Data Analysis for Braking System in Time Domain for Fault Diagnosis
 
Integer security analysis using smt solver
Integer security analysis using smt solverInteger security analysis using smt solver
Integer security analysis using smt solver
 
Computer security module 2
Computer security module 2Computer security module 2
Computer security module 2
 
Cryptography 101
Cryptography 101Cryptography 101
Cryptography 101
 
Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...Everything I always wanted to know about crypto, but never thought I'd unders...
Everything I always wanted to know about crypto, but never thought I'd unders...
 
Lecture 2
Lecture 2Lecture 2
Lecture 2
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithms
 
Cryptographic Algorithms: DES and RSA
Cryptographic Algorithms: DES and RSACryptographic Algorithms: DES and RSA
Cryptographic Algorithms: DES and RSA
 
Exploiting Cryptographic Misuse - An Example
Exploiting Cryptographic Misuse - An ExampleExploiting Cryptographic Misuse - An Example
Exploiting Cryptographic Misuse - An Example
 
RSA Two Person Game
RSA Two Person GameRSA Two Person Game
RSA Two Person Game
 
Computer security module 1
Computer security module 1Computer security module 1
Computer security module 1
 

Viewers also liked

Altevie Technologies - SAP SuccessFactors Cloud offering
Altevie Technologies - SAP SuccessFactors Cloud offeringAltevie Technologies - SAP SuccessFactors Cloud offering
Altevie Technologies - SAP SuccessFactors Cloud offeringAltevie Technologies
 
Verebély Tibor - Informatikai integráció az agráriumban
Verebély Tibor - Informatikai integráció az agráriumbanVerebély Tibor - Informatikai integráció az agráriumban
Verebély Tibor - Informatikai integráció az agráriumbanAgroinform.com
 
Campaign finance
Campaign financeCampaign finance
Campaign financecomann25
 
Lawrence.erlbaum,.teaching.academic.esl.writing.practical.techniques.in.vocab...
Lawrence.erlbaum,.teaching.academic.esl.writing.practical.techniques.in.vocab...Lawrence.erlbaum,.teaching.academic.esl.writing.practical.techniques.in.vocab...
Lawrence.erlbaum,.teaching.academic.esl.writing.practical.techniques.in.vocab...ryandubai
 
Radici Plastics: innovation and wide range of materials in a global context
Radici Plastics: innovation and wide range of materials in a global contextRadici Plastics: innovation and wide range of materials in a global context
Radici Plastics: innovation and wide range of materials in a global contextRadiciGroup
 
Population Census Web Access System
Population Census Web Access SystemPopulation Census Web Access System
Population Census Web Access SystemPrognoz
 
Tugas pendahuluan 2 open erp
Tugas pendahuluan 2 open erpTugas pendahuluan 2 open erp
Tugas pendahuluan 2 open erpAprill Yozha
 
RadiciGroup Chemicals Presentations
RadiciGroup Chemicals Presentations RadiciGroup Chemicals Presentations
RadiciGroup Chemicals Presentations RadiciGroup
 
007 t econanalysis projects
007 t econanalysis projects007 t econanalysis projects
007 t econanalysis projectsToan Vn
 
La sostenibilità come modello di business per il tessile italiano ed europeo
La sostenibilità come modello di business per il tessile italiano ed europeoLa sostenibilità come modello di business per il tessile italiano ed europeo
La sostenibilità come modello di business per il tessile italiano ed europeoRadiciGroup
 
La Sperimentazione della Metodologia PEF (Product Environmental Footprint) pe...
La Sperimentazione della Metodologia PEF (Product Environmental Footprint) pe...La Sperimentazione della Metodologia PEF (Product Environmental Footprint) pe...
La Sperimentazione della Metodologia PEF (Product Environmental Footprint) pe...RadiciGroup
 
To Be Glocal 2012 - RadiciGroup Corporate Brochure
To Be Glocal 2012 - RadiciGroup Corporate BrochureTo Be Glocal 2012 - RadiciGroup Corporate Brochure
To Be Glocal 2012 - RadiciGroup Corporate BrochureRadiciGroup
 
Petrik Máté - Kis- és középgazdaságok irányítása informatikai eszközökkel
Petrik Máté - Kis- és középgazdaságok irányítása informatikai eszközökkelPetrik Máté - Kis- és középgazdaságok irányítása informatikai eszközökkel
Petrik Máté - Kis- és középgazdaságok irányítása informatikai eszközökkelAgroinform.com
 
PET NARRATOR
PET NARRATORPET NARRATOR
PET NARRATORpigson
 

Viewers also liked (20)

Altevie Technologies - SAP SuccessFactors Cloud offering
Altevie Technologies - SAP SuccessFactors Cloud offeringAltevie Technologies - SAP SuccessFactors Cloud offering
Altevie Technologies - SAP SuccessFactors Cloud offering
 
Verebély Tibor - Informatikai integráció az agráriumban
Verebély Tibor - Informatikai integráció az agráriumbanVerebély Tibor - Informatikai integráció az agráriumban
Verebély Tibor - Informatikai integráció az agráriumban
 
Campaign finance
Campaign financeCampaign finance
Campaign finance
 
Lawrence.erlbaum,.teaching.academic.esl.writing.practical.techniques.in.vocab...
Lawrence.erlbaum,.teaching.academic.esl.writing.practical.techniques.in.vocab...Lawrence.erlbaum,.teaching.academic.esl.writing.practical.techniques.in.vocab...
Lawrence.erlbaum,.teaching.academic.esl.writing.practical.techniques.in.vocab...
 
Daily rutine
Daily rutineDaily rutine
Daily rutine
 
Radici Plastics: innovation and wide range of materials in a global context
Radici Plastics: innovation and wide range of materials in a global contextRadici Plastics: innovation and wide range of materials in a global context
Radici Plastics: innovation and wide range of materials in a global context
 
*****OB
*****OB*****OB
*****OB
 
Population Census Web Access System
Population Census Web Access SystemPopulation Census Web Access System
Population Census Web Access System
 
JDBC
JDBCJDBC
JDBC
 
Tugas pendahuluan 2 open erp
Tugas pendahuluan 2 open erpTugas pendahuluan 2 open erp
Tugas pendahuluan 2 open erp
 
RadiciGroup Chemicals Presentations
RadiciGroup Chemicals Presentations RadiciGroup Chemicals Presentations
RadiciGroup Chemicals Presentations
 
007 t econanalysis projects
007 t econanalysis projects007 t econanalysis projects
007 t econanalysis projects
 
La sostenibilità come modello di business per il tessile italiano ed europeo
La sostenibilità come modello di business per il tessile italiano ed europeoLa sostenibilità come modello di business per il tessile italiano ed europeo
La sostenibilità come modello di business per il tessile italiano ed europeo
 
Storybook final
Storybook finalStorybook final
Storybook final
 
Powerpoint 1
Powerpoint 1Powerpoint 1
Powerpoint 1
 
La Sperimentazione della Metodologia PEF (Product Environmental Footprint) pe...
La Sperimentazione della Metodologia PEF (Product Environmental Footprint) pe...La Sperimentazione della Metodologia PEF (Product Environmental Footprint) pe...
La Sperimentazione della Metodologia PEF (Product Environmental Footprint) pe...
 
To Be Glocal 2012 - RadiciGroup Corporate Brochure
To Be Glocal 2012 - RadiciGroup Corporate BrochureTo Be Glocal 2012 - RadiciGroup Corporate Brochure
To Be Glocal 2012 - RadiciGroup Corporate Brochure
 
Petrik Máté - Kis- és középgazdaságok irányítása informatikai eszközökkel
Petrik Máté - Kis- és középgazdaságok irányítása informatikai eszközökkelPetrik Máté - Kis- és középgazdaságok irányítása informatikai eszközökkel
Petrik Máté - Kis- és középgazdaságok irányítása informatikai eszközökkel
 
PET NARRATOR
PET NARRATORPET NARRATOR
PET NARRATOR
 
Waste Powerpoint
Waste PowerpointWaste Powerpoint
Waste Powerpoint
 

Similar to On Smart Cards Security

Trible data encryption standard (3DES)
Trible data encryption standard (3DES)Trible data encryption standard (3DES)
Trible data encryption standard (3DES)Ahmed Mohamed Mahmoud
 
Data Encryption standard in cryptography
Data Encryption standard in cryptographyData Encryption standard in cryptography
Data Encryption standard in cryptographyNithyasriA2
 
Jaimin chp-8 - network security-new -use this - 2011 batch
Jaimin chp-8 - network security-new -use this - 2011 batchJaimin chp-8 - network security-new -use this - 2011 batch
Jaimin chp-8 - network security-new -use this - 2011 batchJaimin Jani
 
symet.crypto.hill.cipher.2023.ppt
symet.crypto.hill.cipher.2023.pptsymet.crypto.hill.cipher.2023.ppt
symet.crypto.hill.cipher.2023.ppthalosidiq1
 
Next generation block ciphers
Next generation block ciphersNext generation block ciphers
Next generation block ciphersRoman Oliynykov
 
Topic4 data encryption standard(des)
Topic4 data encryption standard(des)Topic4 data encryption standard(des)
Topic4 data encryption standard(des)MdFazleRabbi18
 
BCS_PKI_part1.ppt
BCS_PKI_part1.pptBCS_PKI_part1.ppt
BCS_PKI_part1.pptUskuMusku1
 
when AES(☢) = ☠ --- a crypto-binary magic trick
when AES(☢) = ☠ --- a crypto-binary magic trickwhen AES(☢) = ☠ --- a crypto-binary magic trick
when AES(☢) = ☠ --- a crypto-binary magic trickAnge Albertini
 
Overview on Cryptography and Network Security
Overview on Cryptography and Network SecurityOverview on Cryptography and Network Security
Overview on Cryptography and Network SecurityDr. Rupa Ch
 
Different types of Symmetric key Cryptography
Different types of Symmetric key CryptographyDifferent types of Symmetric key Cryptography
Different types of Symmetric key Cryptographysubhradeep mitra
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_cryptoHarry Potter
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_cryptoJames Wong
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_cryptoYoung Alista
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_cryptoDavid Hoen
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_cryptoTony Nguyen
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_cryptoLuis Goldster
 

Similar to On Smart Cards Security (20)

Trible data encryption standard (3DES)
Trible data encryption standard (3DES)Trible data encryption standard (3DES)
Trible data encryption standard (3DES)
 
Data Encryption standard in cryptography
Data Encryption standard in cryptographyData Encryption standard in cryptography
Data Encryption standard in cryptography
 
Network security
Network securityNetwork security
Network security
 
Jaimin chp-8 - network security-new -use this - 2011 batch
Jaimin chp-8 - network security-new -use this - 2011 batchJaimin chp-8 - network security-new -use this - 2011 batch
Jaimin chp-8 - network security-new -use this - 2011 batch
 
unit 2.ppt
unit 2.pptunit 2.ppt
unit 2.ppt
 
symet.crypto.hill.cipher.2023.ppt
symet.crypto.hill.cipher.2023.pptsymet.crypto.hill.cipher.2023.ppt
symet.crypto.hill.cipher.2023.ppt
 
Next generation block ciphers
Next generation block ciphersNext generation block ciphers
Next generation block ciphers
 
Topic4 data encryption standard(des)
Topic4 data encryption standard(des)Topic4 data encryption standard(des)
Topic4 data encryption standard(des)
 
BCS_PKI_part1.ppt
BCS_PKI_part1.pptBCS_PKI_part1.ppt
BCS_PKI_part1.ppt
 
when AES(☢) = ☠ --- a crypto-binary magic trick
when AES(☢) = ☠ --- a crypto-binary magic trickwhen AES(☢) = ☠ --- a crypto-binary magic trick
when AES(☢) = ☠ --- a crypto-binary magic trick
 
Overview on Cryptography and Network Security
Overview on Cryptography and Network SecurityOverview on Cryptography and Network Security
Overview on Cryptography and Network Security
 
section-8.ppt
section-8.pptsection-8.ppt
section-8.ppt
 
Different types of Symmetric key Cryptography
Different types of Symmetric key CryptographyDifferent types of Symmetric key Cryptography
Different types of Symmetric key Cryptography
 
Pki by Steve Lamb
Pki by Steve LambPki by Steve Lamb
Pki by Steve Lamb
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 

Recently uploaded

TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 

Recently uploaded (20)

TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 

On Smart Cards Security

  • 1. On Smart Cards Security Ilya O. Levin D’Crypt Pte Ltd Asiacrypt 2010
  • 2. Common Beliefs Obscure security tokens have security issues An ISO-compliant smart card is more secure than an obscure security token Attacking smart cards is hard
  • 3. Smart Cards Physicalize cryptographic secrets by having non-exportable objects (keys, PINs, etc.)
  • 5. Cryptoflex Secrets Elementary Files with Read AC set to “Never Allowed” 0000 Cardholder Verification File (CHV1) 0001 Internal keys (DES, 3DES) 0011 External keys (AUT, DES, 3DES) 0012 RSA private keys (1012 – public) 0100 Cardholder Verification File (CHV2)
  • 6. CHV File Format Byte(s) Description Length 1 File activation byte, LSB 1 2-3 RFU 2 4-11 PIN value 8 12 Number of verification attempts allowed 1 13 Remaining verification attempt counter 1 14-21 Unblocking PIN value 8 22 Number of unblocking attempts allowed (10) 1 23 Remaining unblocking attempt counter 1
  • 7. Internal Key File Slot Format Byte(s) Description Length 1 RFU (!=0) 1 2 Key length or 1 00 = last slot 01 = empty slot 3 Algorithm ID 1 00 = Single-length DES, 56-bit 02 = Double-length 3DES, 112-bit 4-11 or 4-19 Key value 8/16 12 or 20 RFU (!=0) 1
  • 8. External Key File Slot Format Byte(s) Description Length 1 RFU 1 2 Key length or 1 00 = last slot 01 = empty slot 3 Algorithm ID 1 00 = Single-length DES, 56-bit 02 = Double-length 3DES, 112-bit 4-11 or 4-19 Key value 8/16 12 or 20 Number of verification attempts allowed 1 13 or 21 Remaining verification attempts counter 1 14 or 22 Next key data, starting from a key length
  • 9. RSA 1024-bit Private Key File Format Byte(s) Description Length 1 Key block length, MSB = 01 1 2 Key block length, LSB = 43h (323 bytes) 1 3 Key number 1 4-67 Public modulus secret prime factor P 64 68-131 Public modulus secret prime factor Q 64 132-195 Inverse of the factor P (a = Q-1 mod P) 64 196-259 Private subexponent (c = Ks mod (P-1)) 64 260-323 Private subexponent (f = Ks mod (Q-1)) 64 … … … EOF 00 00 00 3
  • 10. Cryptoflex Authentication CHV1 User PIN CHV2 Admin PIN (optional) AUT1 Transport Key (2nd slot of 3f00/0011) Still cannot read EFs with Never Allowed AC
  • 11. Cryptoflex Authentication We will skip the details of all related issues here Assume CHV and AUT1 are known Ask me offline if interested
  • 12. Cryptoflex Secrets. The Fun Part The non-exportable secrets are stored in the elementary files We can bypass standard commands and modify content directly with Update Binary/Update Binary Enciphered
  • 13. Cryptoflex Secrets. The Fun Part The non-exportable secrets are stored in the elementary files We can bypass standard commands and modify content directly with Update Binary/Update Binary Enciphered Elementary files are transparent, not linear We can modify anything in chunks of any size or one byte at a time at any offset
  • 14. Cryptoflex Secrets. The Fun Part How to extract the first 112-bit 3DES encryption key from the Internal Key File? 1. Establish the card context and satisfy AC 2. Let E = DES_Block_Init(dummy) 3. for i in [4 … 19] 4. for b in [0 … 255] 5. Update the ith byte in EF 0001 with b 6. if ( DES_Block_Init(dummy) ≡ E ) print b
  • 15. Cryptoflex Secrets. The Fun Part How to extract the first RSA-1024 private key? Same as a 3DES key. Use RSA Signature (Internal Auth) command instead of DES Block Init. Update bytes 4-67 in EF 0012 to recover the secret factor P and bytes 68-131 to recover the secret factor Q
  • 16. Cryptoflex Secrets. The Fun Part The PoC code recovers a 3DES key in ~5 min and a private RSA-1024 key in ~20 min
  • 17. Cryptoflex Anamnesis It is possible to recover cryptographic keys out of “non-exportable” objects Read access condition restrictions on key files are irrelevant “We do not consider this to be a security issue”
  • 18. To conclude Smart cards are not that perfect in real life as we may believe Poking smart cards is fun, no shiny hardware required We may need more public research in this area