SIM Card: A Security Stronghold in Networked ME · A Security Stronghold in Networked ME. SIM Card...
Transcript of SIM Card: A Security Stronghold in Networked ME · A Security Stronghold in Networked ME. SIM Card...
Nicolas T. Courtois 1, ex. 2
1 - University College of London, UK2 = [Axalto+Gemplus]
Mobile Equipment
SIM Card: A Security Stronghold
in Networked ME
SIM Card and Security
2 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Roadmap (1)
Smart Cards:• History, Philosophy• Industrial standards
– ISO 7816-X smart cards => => GSM 11.11 =>
=> 3GPP specs
SIM Card and Security
3 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Roadmap (2)
• Functionality and Application to GSM– File system, – Commands, – Access control,– GSM: - business perspective– GSM: - security perspective
• Encryption / Authentication– A demo of vulnerability of
certain Eastern European cards.
SIM Card and Security
4 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Some History / Business / Economics Considerations
SIM Card and Security
5 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Where to Learn About Security?From the Military????• Yes if we want to learn about mistakes…But actually we can learn much more from successful business
people [example: Bill Gates]. – They are the modern equivalent of the medieval knights…
Remember how Poland conquered the Malbork castle from the Teutonic Knights?– In 1457 bought it for 190 K florins.
• Polish budget was 70 K / year.
– Military: impossible to take. ••• Or just too costlyOr just too costlyOr just too costly………
SIM Card and Security
6 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
New Technology Business Gurus…First of all, even professional business “gurus” and top
managers are rather totally unable to anticipate how things can develop with new technology business…
Example: SMS• Predecessor: NMT-Text: first used in Russia, Bulgaria and
Poland, neglected in Nordic countries.• Many GSM operators started by offering this service for
free. – Never thought that SMS could earn them 1/10th of revenue it is
generating today…
Moreover business considerations are very hard to separate Moreover business considerations are very hard to separate Moreover business considerations are very hard to separate from the pure technology considerations. from the pure technology considerations. from the pure technology considerations. We need to cover them.We need to cover them.We need to cover them.
SIM Card and Security
7 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
GSM – A Child of the Common EU Market (!)GSM was started by France and Germany. Later Italy, UK and many other
countries joined…– At that time we are talking about a “cartel” of state monopolists (telcos)
interested in sharing the huge cost of developing this new technology. • Effort was estimated as 10 x price of going to the moon.• Developed in Europe, and Europe alone. US systems lagging far behind…• One should NOT think that anybody wanted to share their national market too..
BUT .. very importantly, the EU commission has endorsed this project as early as in 1984 and substantially helped to fund it too. Not without an agenda:
⇒ the GSM phones (April 1992) were the FIRST telecommunication equipments for which it was NOT necessary to ask for homologation in each individual country. ⇒ Before, the markets for telecom equipment were strictly national, heavily
regulated with barriers for entry and some degree of incompatibility…
⇒ Creation in 1989 of ETSI = European Tel. Standards Institute
SIM Card and Security
8 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
GSM – A Monopoly Breaker?So GSM, explicitly and from the start was
breaking the national telecom monopolies on hardware equipment (!). – It became clear that sooner or later, there will be only a few big industry
players manufacturing the phones. • Frankly, France [and UK, Italy, Germany], probably though that they would benefit
from this situation…
• Nobody have thought at the time that this industry will travel north (Sweden… and Finland!!!!) and finally east (China).
However, it was necessary to protect the income (for phone calls) of national telecom operators. This remained still possible for a long time.
• The business model is of national licenses (as for TV channels). – So each EU country could still protect their market. – Only big players can apply: the investment is incredibly huge.
Even bigger than running a TV station… Many operators had a terrible debt burden for up to 10 years…
SIM Card and Security
9 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Key Questions:If the phone is manufactured in a strange country (say Finland,
or China…)Q: How do we make sure that the client will pay the bill ?• Remember we are talking about a very major industry, worth
hundreds of billions of $$.
This is not a small problem: Take another industry: computer game consoles. • The game manufacturer does NOT want his game to
pirated. Yet the console manufacturer sees his sales go to the roof on the very day hackers found the way to circumvent the copy protection. As a result, piracy is strong, about 21 % for console games [source: Macrovision], and much higher in emerging countries…
SIM Card and Security
10 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Fact:
The fathers of GSM have adopted • a right business model and • security technologies that NEVER
were really pirated…– No SIM card clones
for any major operator so far (!).
How this became possible? It is precisely the object of this talk.
SIM Card and Security
11 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Adoption Barriers
The model had the right mix of very strong forces and incentives acting in opposite direction:
1) Subsidizing the phone and charging a lot for communications abolished adoption barriers: giving the phone for free or 1 €…like the French did with like the French did with like the French did with Minitel Minitel Minitel before, and before, and before, and this generated billions of revenue. this generated billions of revenue. this generated billions of revenue.
SIM Card and Security
12 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
“Temporary Monopoly” SystemBecause of this subsidy, all (still national) telecom regulators
had to agree and allow that a user would be tied for the phone for at least say 6,12,18 months. To pay back for the “free phone”.
• Traditional rules of consumer protection were bent.
This created market conditions in which most people, for sure, would be trapped into
• spending MUCH more than they would want to spend, but also
• want to switch to competition in exchange of a new phone, that obviously had to be much better so that people would want to switch.
=> A virtuous circle of innovation.
SIM Card and Security
13 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
****Two MarketsPhones:• Free market, perfectly competitive, high pressure
on prices, economies of scale, industry concentration…losers and winners.
Phone calls / subscription:• State-allocated pseudo-monopolies on each
territory? Yes:– market shares don’t change that much with time…– prices don’t change that much either year after year…
SIM Card and Security
14 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Encryption and Authentication in GSMEncryption: • Done by the phone. Voice privacy.• Governments: would like to break the encryption of each
phone…
Authentication: • Done by the SIM card. Billing. • Was never such a problem w.r.t. governments services
and national exportation / authorization laws that always allowed authentication to be MUCH stronger than encryption.
SIM Card and Security
15 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
GSM Encryption: weak design• Ross Anderson reported in 1994 that there was a big
dispute among NATO countries whether GSM should be strong [Germany’s wish] or not.
– The French design [not so secure] won.
• Fatal flow in the spec shown by Biham et al. at Crypto 2003.
• Redundant data is encrypted => allows ciphertext-only attacks.
• But there is extra complexity here (extra flaws / better protection, depending on country and operator), as will be explained later.
SIM Card and Security
16 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
The Genius in the BoxThe model of the SIM card:Two devices: • Perfect functional separation.
– Very good for security.
• Perfect separation of business interests, creating several totally disjoint markets.
– The telco cannot easily exclude people from using another phone compatible with GSM specs
=> more competition on features and innovation.
– The phone manufacturer can only lock people in for a limited time, through SIM locks.
SIM Card and Security
17 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
The Genius in the BoxVery nice both money and security-wise: • The SIM card does not NEED TO TRUST the phone,
nor its (foreign) manufacturer.• The phone does not NEED TO KNOW what security
mechanism the card using, for example what (secret) crypto algorithm it is using…
SIM Card and Security
18 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Security AdvantagesThe phone CANNOT breach the security of SIM card (in the
sense of authentication and making free calls). Impossible.
• BUT, both sides can in fact breach the confidentiality (hidden flaws) as it was later found out…
– Or have better security / competitive advantage.
Remember: Crypto algorithms are: • A sensitive area of exclusive national/corporate expertise,
and strict export regulations (mostly abolished c. 2000). Some countries spend much more on crypto research than other.
• A major source of inimitability for business today: make sure that one product will not be copied.
• Always a major defense against hackers…
SIM Card and Security
19 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Entering the World of Secrets
SIM Card and Security
20 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
What are Smart Cards ?The eternal tension in the industry:
competition � cooperation.
1. huge set of standards:• public bodies: ISO/IEC, ETSI, etc.• 10s of intra-industry standard bodies such as
GlobalPlatform, TCG
2. many industrial/commercial/trade/security secrets
SIM Card and Security
21 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Books About Smart Cards
1) Smart Card Handbook [Germany, 2002]• by Wolfgang Rankl and Wolfgang Effing
2) Smart Card Applications [Germany, 2007]• by Wolfgang Rankl
3) LATEST BOOK [RHUL, 2008]Smart Cards, Tokens, Security and Applications
• by Keith Mayes and Konstantinos Markantonakis (Editors)
SIM Card and Security
22 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Motivation in a Nutshell
SIM Card and Security
23 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Key RemarkSoftware CANNOT be protected by software.
SIM Card and Security
24 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Main Function of a Smart Card = = to be “a secure hardware device”.
1. ”intelligent” (Smart): the card – handles computations (e.g. crypto)– manages data (OS, file system, access rights)– takes informed security decisions (…block itself !)
2. Hopefully ”unbreakable”: nobody can know/modify what is inside.
USB interface ISO, [USB], [RF]
ISO, [USB,RFRFRF]
USB Token form factorSIM card form factor
credit card form factor
SIM Card and Security
25 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Philosophy / Model for Security of Smart Cards
SIM Card and Security
26 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Why Smart Cards Are Good
Or are they?
The classical model for smart card security[Schneier and Schostack 1999]
is about • Splitting the security perimeter:
• One entity cannot breach the other people’s security?
• Hardware barriers that cannot be breached by software,• Motto: Software cannot protect software.
• Physical control of the card, • By the user, if it is in my pocket, it is not being hacked…
• And trusting the entities involved…• Companies/people involved in this business can compromise it’s security (backdoors etc!)
slightproblem..
SIM Card and Security
27 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
“Slight Problem” - Example:
The secrecy of the product spec can be:• An extra security layer,
– if hackers need 3 months more to get it, this can be worth millions of dollars in revenue…
• A source of unexpected and critical security vulnerabilities – that by the fact of being hidden
gives an utterly false sense of security.
SIM Card and Security
28 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
History
SIM Card and Security
29 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Short Plastic Card History1878 US fiction writer Bellamy: In 2000 everybody will be paying
by a credit card (!). Cf. Edward Bellamy “Looking Backward, 2000 to 1887”.
1914-1940 Metal credit cards in the US, forbidden during WW2forbidden during WW2forbidden during WW21950 Invention of plastic money (PVC): Frank McNamara@Diners Club
[NY, USA] issues first universal plastic [charge] credit cards .
1967 First cash machines [DeLaRue] with punch cards.
1967 France: first magnetic stripe card for access control.
1972 [UK] First on-line ATM with magnetic stripe cards.
SIM Card and Security
30 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
History - Chip Cards1960s1. French science-fiction book “La nuit de temps” by
René Barjavel: A portable object/jewel that opens doors.
2. Plastic credit cards were standardized and used since the 50s [plastic money].
1970s: 1+2 = Embedding electronic components in credit cards: Many patents in USA, Germany, Japan and then France.
SIM Card and Security
31 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Historical Patents
SIM Card and Security
32 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Smart Card Odyssey
Two Key Patents:• Roland Moreno [France]:
– chip card [1974]– security limitations [1975]
• Michel Ugon, Bull CP8: – microprocessor card [1977]
10 years ago, half of chip cards in the world were French. Wider adoption around 2000.
SIM Card and Security
33 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
First Smart Card - Bull CP8
Around 1980, 2 chips, CPU+RAM, not very secure!
CP8 = Circuit Programmable 8 bits, CP8 = Circuit Programmable 8 bits, CP8 = Circuit Programmable 8 bits, Carte Carte Carte ààà Puce 8 bitsPuce 8 bitsPuce 8 bits
SIM Card and Security
34 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
SPOM, October 1981 - Bull CP8
Patented• NMOS 3,5 µ, • 42 K Transistors,• RAM: 36 bytes (!), • ROM: 1,6 Kbytes, • EPROM: 1 Kbyte
SIM Card and Security
35 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
History of Electronic Bank Cards - in 1984:Schlumberger pilot in Lyon, France: • a simple wired logic card
Bull CP8 pilot in Blois, France: • a microprocessor card
The banks adopted the Bull CP8 solution, the fore-father of current smart bank cards (EMV).
100% in France in 1992. 100% in the world around 2010 ?
=> Close the loophole.
Gemplus
SIM Card and Security
36 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Vocabulary, Typology, Features
SIM Card and Security
37 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Vocabulary
magnetic stripe card
IC= Integrated CircuitICC, chip card :• memory card
• wired logic card• smart card
carte à piste magnétique
puce, circuit intégrécarte à puce :• carte à mémoire• c. à logique câblée• carte à microprocesseur[+crypto co-processeur]
SIM Card and Security
38 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
More Vocabulary
card reader, CAD (Card Acceptance Device)
BO’ card [1985-2004]EMV card [1996-2020?]
lecteur carte
carte bancaire françaisenouveau standard
SIM Card and Security
39 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Types of cards
memory/wired logic microprocessor
micropr.+crypto contactless
Source: Gartner, 2005
0 CPU
2 CPU
1 CPU
1-2 CPU
SIM Card and Security
40 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Memory/Wired Logic CardMemory/Wired Logic Card
• Primitive• NVM – non-
volatile memory(E2PROM, Flash
memory)• simple function• e.g. prepay card
SIM Card and Security
41 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Smart CardSmart Card
• Microcontroller = CPU+memory
• Universal, Turing machine, software driven
• flexibility• security features• [Hardware DES]
SIM Card and Security
42 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
CryptoCrypto--processor IC Cardsprocessor IC Cards
• Additional crypto-processor for RSA or elliptic curves
• Hardware security counter-measures
SIM Card and Security
43 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
ContactContact--less Smart Cardless Smart Card
• with RF transceiver• 0.1 s transaction
– much less energy– even less computing
power
SIM Card and Security
44 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Memory on Smart Cards• ROM (‘hard mask’: C/Assembly, contains OS,
secure file access, I/O, libraries[crypto!], JVM) = 100 - 300 Kbytes now
• RAM = 4-16 K now(expensive, first Bull CP8 card had 36 bytes)
• NVM: (‘soft mask’, compiled C, more libraries…)– EPROM: 1980s, high voltage needed to erase it– E2PROM: 8-64 Kbytes,
recently 128-256 K GSM SIM.– New trend: Flash memory:
• Much cheaper, dense and shrinkable process.• Random read, harder to manage,
hard to re-write and very slow to erase.• Spansion 2006: 1 Giga in a SIM card!
≈≈≈≈≈≈≈≈10001000 times slower times slower to writeto write than RAMthan RAM
SIM Card and Security
45 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Life Cycle of a Smart Card [ISO 10202-1]• Manufacturing: [e.g. Infineon, Gemalto]
– ROM <= ‘hard mask’, remove test functionality
• Initialize: [e.g. Gemalto, Card Issuer]– E2PROM <= ‘soft mask’, completing O.S. install
• Personalize: [Card Issuer]– Init apps– E2PROM <= data, keys etc. for an individual user!
• Use it: [e.g. ATM]– issue commands (APDUs)
• Death: [e.g. local bank]– invalidate the chip / destroy the card.
SIM Card and Security
46 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
****Perso Process
SIM Card and Security
47 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Functionalities of Chip/Smart Cards
SIM Card and Security
48 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
*Advantages of Smart Card
• storage capacity• security functionalities• multiple functions• user acceptability, effective packaging• successful business model
SIM Card and Security
49 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Crypto Functionalities of a Smart Card (1)
• Cardholder verification by the card. – Check PIN or biometric data.– Typically necessary to activate the crypto
capabilities of the card.
• Key generation, its secure storage, safe “usage” and (why not) erasure.
• Encrypt data (public and secret key)– emails, files, etc… e.g. PGP PKI badge– secure messaging
SIM Card and Security
50 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Crypto Functionalities of a Smart Card (2)Authentication – from weaker to stronger:• Integrity checks (CRC, or better: cryptographic hash).• Origin checks (storing a static signature)• Dynamic Challenge-Reply card authentication (proof of
identity, should be a Zero-knowledge mechanism).• Dynamic authentication of any data with a 3-DES
cryptogram or a MAC (symmetric-key signatures).• Dynamic authentication of any data with a “real” (=public-
key) digital signature. – Provides authenticity and non-repudiation of every individual action
taken in a complex protocol !
• Also verification: the authenticity of a terminal / external word.
SIM Card and Security
51 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Smart Card Applications
SIM Card and Security
52 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Some Applications of a Smart Card
• PayTV - Broadcast Encryption and Traitor Tracing.– First PayTV Card: Philips+Bull, 1980-81
• Storing private data (emails, passwords etc…)• First phone cards with a chip: [1983 Schlumberger
Télécarte, France], [1984 G&D Telekarte, Germany], Remark: wired logic, contact placement later changed
• GSM / 3G phones – First SIM card: Gemplus 1989, MANY billions sold since
• Electronic passport, ID– PKI, Belgium by Axalto.– Biometry. All passports in October 2005 !
SIM Card and Security
53 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
More Applications of a Smart Card
• Bank Cards [since 1984, Bull CP8]• Home Banking, Internet Shopping• PC access, corporate badge, secure email
PGP• Electronic purse, parking: [1996-] Proton[Be],
Geldkarte, later integrated with bank cards• First student card [restaurant, library, etc.]
– First in 1988, Italy, Bull CP8
SIM Card and Security
54 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Smart Cards Market
SIM Card and Security
55 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
**Actors and Value Chain
SIM Card and Security
56 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
***2007 Market Segments
Source: Gartner, 2005
[source: eurosmart.com]
SIM Card and Security
57 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Industrial Standards [1]:=> Cards
SIM Card and Security
58 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
What is a Smart Card ?
Set of standards ISO.• cards with contacts:
– ISO 7816-1..16
• contact-less [later]:––– ISO 14443 AISO 14443 AISO 14443 A---..C [Oyster]..C [Oyster]..C [Oyster]
––– ISO 15693 [NFC]ISO 15693 [NFC]ISO 15693 [NFC]
––– ISO 18000 [RFID]ISO 18000 [RFID]ISO 18000 [RFID]
SIM Card and Security
59 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
ISO 7816-1
Size matters! Like a credit card.
SIM Card and Security
60 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
ISO 7816-1
Physical Characteristics:• Operating temperature, humidity, etc…
» below are very severe requirements:
• bending properties (the chip can break• torsion properties or take-off)
» Consequences for the chip:
• silicon surface ≤ 25 mm2, ≤ 0.3 mm depth• small computing power, not Pentium 4…
SIM Card and Security
61 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Manufacturing
SIM Card and Security
62 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Die bonding
• The chip is glued to the contact.
• Connections with gold wire (20 µm)
SIM Card and Security
63 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Encartage
• Embed in a ¾ mm card.
SIM Card and Security
64 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Encartage
• Embed in a ¾ mm card.
SIM Card and Security
65 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Plastic Matters
SIM Card and Security
66 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
ISO 7816-2
Contacts1.7 x 2 mm
[changed in 1990]
old AFNOR standard
SIM Card and Security
67 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
ISO 7816-2=> Freedom
SIM Card and Security
68 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Contact Quality
• “Friction force” readers scratch the cards [contacts frottants]
• Landing contacts – much better [contacts atterrissants]
SIM Card and Security
69 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
ISO 7816-2 - Historical
C1 – VCC (+) C5 – GND (-)C2 – Reset C6 – VPP for EPROMC3 – CLK C7 – I/O (serial port a.k.a. ISO)C4 – ??? C8 - ???
SIM Card and Security
70 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
ISO 7816-2 – Evolution@2005-2009
C1 – VCC C5 – GNDC2 – RST C6 – [SWP/antenna?]C3 – CLK C7 – I/OC4 – [USB] C8 - [USB]
USB USB Samsung S-SIMsupports both+NAND+InterChip USB
SIM Card and Security
71 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
ISO 7816-3 and EMV/GSMVoltage and current supplied [I~clock freq.]:
• Class A: 5 V ±10% / 60 mA @5 MHz [ex. 200 mA]
• Class B: 3 V ±10% / 50 mA @ 4 MHz• Class C: 1.8 V ±10% / 30 mA @ 4 MHz
• EMV bank cards: always 5V, 50 mA• GSM cards: class A-C max current respectively:
10 / 6 / 4 mA ONLY! (heat, phone battery life).
SIM Card and Security
72 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Power MattersSummary: • …• Bank card: 5 V, 50 mA• GSM SIM class C card (the latest): 4 mA• …• Even much less for contact-less cards !!!
(power supplied by an alternative magnetic field)
=>Very Low computing power !!! In contrast: modern PC CPU – up to 50 000 mA !
SIM Card and Security
73 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Power MattersSummary: • Several 1000 x less power than an Intel CPU…
• Low surface (≤ 25 mm2)• Lower density (0.09 µm
vs. 0.065 µ SOI process for recent CPUs)
• 8 and 16-bit CPUs for very long time• 32 bits CPU only since 2003-4
SIM Card and Security
74 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
ISO 7816-3
CLK: • transition time < Max( 0,5 µs, 9% x period T)• at 1 during 40 % - 60 % of time.
– The card security should block if short impulses !
Clock speed:• First cards [1996]: 3.579545 MHz
(still@begin)
SIM Card and Security
75 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Clock and Maximum Computing Power Avail.
Clock speed, NO co-processor:• 1990: 3.5 MHz, RSA-512, 2 minutes
Clock speed with co-processor:• 1996: 3.5 MHz, RSA-1024 in 500 ms• 2000: 7 MHz, RSA-2048 in 500 ms• 2004: 60-100 MHz, RSA-2048 in 50 ms • 200-400 MHz today, RSA-2048 in 10 ms
SIM Card and Security
76 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
I/O - ISO 7816-3Known as “ISO interface” of a card: simplified UART (serial port)Transmission of bytes:
Time duration of 1 bit = 1 Elementary Time Unit [etu]
N specified by TC1 in ATR
SIM Card and Security
77 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
ETU
etu = duration of 1 bit, by default 1 etu = 372 / Clock frequency Examples:• 3.5712 MHz/372=9600 bit/s• 3.5712 MHz/186=19200 bit/s• 3.5712 MHz/93=38400 bit/s• 3.5712 MHz/32=111600 bit/s
SIM Card and Security
78 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
ISO 7816-3Defines the ATR: answer to reset. Up to 33 bytes.
Must happen at 400 … 40,000 clocks after RST. ATR = a series of bytes transmitted in order b8..b1:• TS • T0 [presence of TA1-TD1 and 0..15 historical bytes]
– TA1– TB1 – TC1– TD1: like T0, specifies the presence of extra objects…
• TA2• etc…
SIM Card and Security
79 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
ATR Structure
XOR checksum
SIM Card and Security
80 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
TS specifies:TS [A+8+Z bits]: specifies the relationship between A/Z and 0/1 Z=high voltage, A=low voltage• Direct convention [Germany], where A=0, Z=1:
TS = ‘3B’; b1:b8= A(ZZAZZZAA)Z• Inverse convention [France], with A=1, Z=0:
TS = ‘3F’; b8:b1= A(ZZAAZZZZ)Z
SIM Card and Security
81 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
ISO 7816-3 - Highlights
In particular ATR specifies the comm. capacities: • T=0 or T=1• half[/full] duplex• clock speed• baud rate
SIM Card and Security
82 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
ISO 7816-3Communication Protocols Main two: synchronous, half/duplex
– T=0 (byte-oriented, e.g. GSM SIM), – T=1 (block-oriented, e.g. bank cards)
––– T=14 (proprietary for German phone cards)T=14 (proprietary for German phone cards)T=14 (proprietary for German phone cards)Recent developments: • T=2 (block-oriented, full duplex, cf. ISO 10536-4).
••• T=4, expansion of T=0T=4, expansion of T=0T=4, expansion of T=0
••• T=USBT=USBT=USB
SIM Card and Security
83 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
T=CL
• T=CL is used for talking to ISO 14443A/B cards with APDUs translated by the reader (totally hides the RF interface from the programmer, the card seems to be a card with contact!)
SIM Card and Security
84 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
T=0 or T=1?
Remark: – T=0 (byte-oriented)
• parity bits only
– T=1 (block-oriented) is ‘more modern’. • More error detection too: parity +
each block also has a CRC.
SIM Card and Security
85 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
ISO 7816-3
Baud rate:• 1996: 9.6 K bit/sec default, @beginning.• Then: 115 K bits/sec
• Outdated by Axalto patent: USB smart card: – First Axalto USB: 700 K bits/sec– Full-speed USB – up to 12 Mbit/s [since 2005].
• Not USB 2.0., it is just USB 1.0. full-speed.
SIM Card and Security
86 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Example of GSM SIM ATR‘3B894014474732344D35323830’
Decoded:TS= ‘3B’ => direct encodingT0= ’89’= ‘1000’ll’1001’ => TD1 + 9 historical bytes
TD1= ’40’= ‘0010’ll’0000’ => TC2 present and protocol is T=0TC2= ’14’= ‘0001’ll’1110’ => waiting time 14 * 100 msT1…T9: ’47’ll’47’ll’32’ll’34’ll’4D’ll’35’ll’32’ll’38’ll’30’ =>
“GG24M5520” (these are the 9 historical bytes, sort of unique ID of this SIM card)
SIM Card and Security
87 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
ATR - More Examples"3B8F8001804F0CA000000306030001000000006A"
=> "Philips MIFARE Standard 1 K and London Oyster card””3B6500009C02020702"
=> “US Department of Defense Common Access Card,Axalto Cyberflex Access 32K V2, Sun Microsystems employee card”
"3B898001006404150102009000EE" => "German e-Passport April 2007",
"3B6D00000031C071D66438D00300849000" => HSBC MasterCard
"3F6525082204689000"
=> "France Telecom card“"3F65250052096A9000"
=> "French carte Vitale", "3BEF00FF8131FE4565631104010280000F274000030100E1"
=> “German Postbank Geldkarte","3FFF9500FF918171A04700444E415350303131205265764230423A"
=> "NagraVision card for StarHub Digital Cable DVB-C Singapore",
SIM Card and Security
88 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Industrial Standards [1B]:=> Other Form Factors
SIM Card and Security
89 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Form Factors and InterfacesUSB interface ISO, [USB], [RF]
ISO, [USB,RFRFRF]
USB Token form factorSIM card form factor
a.k.a. ID-000 credit card form factor, a.k.a. ID-1
3FF - [telecom, not widely used]
ISO, [USB,RFRFRF]
VISA-mini a.k.a. ID-00
ISO, [USB,RFRFRF]
SIM Card and Security
90 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Dimensions
SIM Card and Security
91 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Industrial Standards [1C]:=> Contact-less
SIM Card and Security
92 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
ComparisonComparison
SIM Card and Security
93 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
AntennaAntenna
large loop antenna
SIM Card and Security
94 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Embedding the AntennaEmbedding the Antenna• Must be a LARGE coil
• SIM card: must be external (“NFC enabled mobile phone”)
SIM Card and Security
95 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Double/Triple Interface Cards
E.g. corporate badge– Functionalities:
• Enter doors, • PC log-in, • PGP decrypt and sign
– Adopted worldwide, e.g. U.S. Army
ISO, USB, RF
ISO, RF
SIM Card and Security
96 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Low-Level and Physical Security
SIM Card and Security
97 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Main Function of a Main Function of a Main Function of a Smart Cards ==== to be = to be = to be “““a a a secure hardware devicehardware devicehardware device”””...
1.1.1. ”””intelligentintelligentintelligent””” (Smart): the card (Smart): the card (Smart): the card ––– handles computations (e.g. crypto)handles computations (e.g. crypto)handles computations (e.g. crypto)––– manages data (OS, file system, access rights)manages data (OS, file system, access rights)manages data (OS, file system, access rights)––– takes informed security decisions (takes informed security decisions (takes informed security decisions (………block itself !)block itself !)block itself !)
2. Hopefully ”unbreakable” : nobody can know/modify what is inside.
USB interface ISO, [USB], [RF]
ISO, [USB]
USB Token form factorSIM card form factor
credit card form factor
SIM Card and Security
98 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Remark:
There is no defense against an adversary that has several millions of €…
SIM Card and Security
99 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Removing the Chip
SIM Card and Security
100 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Some Firms Make it Harder:
Oberthur Potting™ claims:• improves durability [harder to break] • any attempt to remove the module from the
card would result in totally destroying it
SIM Card and Security
101 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Reverse Engineering
SIM Card and Security
102 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Open-source � Closed-source
Industry: competition � cooperation
Standards
�
Industrial/commercial/trade/security secrets
SIM Card and Security
103 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
*Open Source vs. Closed Source
SIM Card and Security
104 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Kerckhoffs Principle
Dutch cryptologist, wrote his book in French.
In June 2006 Dutch researchers De Gans et all, have published several cloning attacks on MiFare Classic chips [London Oyster card + 200 M other].
[first cloning attack: Courtois, Nohl and O’Neil, April 2008].
SIM Card and Security
105 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Kerckhoffs principle: [1883]
“The system must remain secure should it fall in enemy hands …”
SIM Card and Security
106 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
*Remark:
Smart Cards:
They are already in ‘enemy’ hands
- even more for RFID…
SIM Card and Security
107 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Kerckhoffs’ principle: [1883]
Most of the time: incorrectly understood.
No obligation to disclose.
• Security when disclosed.• Better security when not disclosed???
SIM Card and Security
108 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Yes (1,2,3):
1. Military: layer the defences.
SIM Card and Security
109 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Yes (2):
2) Basic economics:
these 3 extra months(and not more �)
are simply worth a a lot of money.
SIM Card and Security
110 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Yes (3):
3) Prevent the erosion of profitability
/ barriers for entry for competitors / “inimitability”
SIM Card and Security
111 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Kerckhoffs principle is kind of WRONG in the world of smart cards
Reasons: • side channel attacks are HARD and COSTLY to
prevent when the algo is known• in some applications, for example Pay TV the
system is broken immediately when the cryptographic algorithms are public.
SIM Card and Security
112 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
*Silicon Hacking
SIM Card and Security
113 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Tarnovsky Lab
Only few thousands of dollars of equipment
SIM Card and Security
114 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Tarnovsky (and Other Professional Chip Hackers)
Few thousands of dollars of equipment• Surface polishing• HydroBromic acid to eat away the passivation layers• A microscope for pictures:
– the successive layers of silicon are revealed with acids and lasers
• Doping guns to cut/add traces to a working IC• Stinger: bypassing the protections with long microscopic needles.
SIM Card and Security
115 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
More Expensive:
• Atomic Force Microscope(20 K€ - 1 M€)
• FIB device (Focused Ion Beam, 0.5 M€)Canal+ Technologies Lab
SIM Card and Security
116 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
FIB:Example resolution: 10 nm Classical applications: failure analysis of ICC
But also: circuit modification:• Local material removal:
– cutting metal lines, milling, gas enhanced etching
• Local rebuilding/rewiring of the device– new metal interconnects
– new insulating layers
• Fine tuning of analog components: decrease/increase R or C…
• Reading (electron image)• Art: writing on the nm scale:
SIM Card and Security
117 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Clear and Present Danger
Reverse engineering is NOT that hard.
No no need for a FIB device (Focused Ion Beam, 0.5 M€).
A few thousand dollars microscope will suffice.
SIM Card and Security
118 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Reverse Engineering MiFare [Nohl, Plotz, 2007]
SIM Card and Security
119 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Hardware Defences
SIM Card and Security
120 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Hardware Countermeasures:
Make the life of the hacker much harder.
Financial sector requirements:• attacks should cost more than
say 25 K$ per card…
SIM Card and Security
121 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Functionality + Security
SIM Card and Security
122 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Hardware Countermeasures
Detection:• Detect under/over-clocking (stop the clock, read the (stop the clock, read the (stop the clock, read the
RAM)RAM)RAM)
• Random instructions, and Random Wait States [e.g. Infineon SLE66].
• Detect low/high voltage [<2.3 V or >6.3 V].• Glitch/spike detect• Detect UVs, light, alpha particles, high/low
temp etc.
SIM Card and Security
123 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Intrusion Detection
SIM Card and Security
124 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
More Hardware Countermeasures
• Shield/coating. – Detect if “passivation layer” was removed.
• R/C measurements.
• Metallic layer: screens for charges/radiation.– Needed and monitored:
• R/C measurements.
• Active shields=detect tampering with.– Mesh of wires: prevents probing, attacks with a
laser cutter, etc.– Chemical traps: SiShell [Axalto patent].
SIM Card and Security
125 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Active Shield
Source:Infineon. Problem: back side attacks.Problem: back side attacks.Problem: back side attacks.
SIM Card and Security
126 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
**Intrusion Detection on PEDs (Pin Entry Device)
Anderson et al. UCAM-CL-TR-711
2/2008this way
not this way…
works!
SIM Card and Security
127 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Design Obfuscation• Restricted circulation of specs.• Non-standard instruction set. • Custom crypto algorithms.• ROM and busses in lower layers of silicon.
– Only “ion-implanted ROM” is used, not visible with UV light.
• Scrambling the data busses.– in each chip different lines, on certain chips the busses location changes during the execution of the code.
• Dummy structures in silicon.• Duplication• Symmetry -> same power consumption.• Memory Obfuscation:
– Encrypt the memory addresses.– Encrypt the memory data.
SIM Card and Security
128 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Robustness and RedundancyGoals:• Avoid perturbation at logical level:
– Control bits, error correcting– Dual logic, also protects against power attacks.
• Detect perturbation at the OS and software level and block the card…– Data checksums, – Redo DES twice, – Etc..
Security of file system and OS: later.
SIM Card and Security
129 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
More and Higher-Level Security Countermeasures
SIM Card and Security
130 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Motivation:
Most Bank Cards have a PIN verification function.
PIN
Y/Nnot authenticated except in EMV DDA cards
not encrypted except in some EMV DDA cards
SIM Card and Security
131 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Critical Bits and Pieces
• Example: PIN verification.• Can be implemented in asynchronous logic
[dedicated transistors/gates]– much lower power consumption, – in a lower layer and much harder to localize– require a dedicated hardware attack as apposed
to a generic attack on CPU registers, busses, loading to memory, etc..
SIM Card and Security
132 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
PIN code – Simple Hacker Attack [1992]
• Enter the PIN with a home terminal.• “Listen to” card radiation/power consumption to
detect early in time that it was wrong.• Switch the voltage off very quickly.
Countermeasure [used in all bank cards]:• Increment the ratification counter first• Check the PIN• The decrement it(!).
SIM Card and Security
133 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Timing Attack on PINs
[old, worked before c. 1990]• Bad programming: compare PIN digits one
after one, if first is incorrect, abort! • Good programming: write a program such
that the execution time is constant.
SIM Card and Security
134 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
PINs and Keys – Storage in RAM
• E2PROM of the smart card: assume addresses and data are encrypted.
Attack 1: read it (assume it’s possible)• Solution 1: store h(PIN)?
– Attack 2: dictionary attack.
• Solution 2A: store R, h(PIN,UID,R)• Solution 2B: store R, E_K(PIN,R)
where K is a key specific to this card only
SIM Card and Security
135 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Protocol/Software Countermeasures
• Typically, the chaining of commands is strictly controlled. Each command can be issued only once, and in a certain order. – Assured by a finite state machine.– Example: don’t accept commands in clear-text
once secure messaging is established.
• The spec should not allow buffer overflows.
SIM Card and Security
136 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
***Example: Conformity Test
The test verifies the enforcement of Secure Messaging:
Afterwards the chip denies to send data in an unencrypted way and answers with 6X XX (error).
Not enough: make sure that the same error code is sent in the same situation!
SIM Card and Security
137 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Example:
Eric Poll [Nijmegen] Attacks on e-passports.Send various ISO commands, observe the error messages:
SIM Card and Security
138 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Clone Attacks
SIM Card and Security
139 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
More Hardware Countermeasures
• Unique serial number– Written in WORM (Write Once Read Many)
a.k.a. OTP (One Time Programmable). – Example: Oyster card UID=32 bits – Benefits are:⇒ clone harder to make⇒ can blacklist all similar cards⇒ card-dependent memory encryption and
hashing
SIM Card and Security
140 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Threats (1.)Assume that we have all the data. Clone the card? 1. Card Emulation on a card – defenses:
• unique ID, cards that can be personalized not available => • requires a special re-programmable card,
• or a pirate emulator
-speed, +size, +cost, etc.
SIM Card and Security
141 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Threats (2.):Assume that we have all the data. Clone the card? 1. Card Emulation on a card ???2. Card Emulation on a PC!
SIM Card and Security
142 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Threat 3. Relay AttackLow-tech, always works!
No Need to Break Anything !!!
SIM Card and Security
143 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Economics Aspects
SIM Card and Security
144 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
*Cost of Some Attacks [source: RFI Global]
SIM Card and Security
145 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
*Cost of Fault Attacks [source: ST]
SIM Card and Security
146 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Security Management -the Development Process
SIM Card and Security
147 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Secure Hardware Dev. Management[In smart cards] one design criterion differs from the criteria used
for standard chips but is nonetheless very important is that absolutely no undocumented mechanisms or functions must be present in the chip ('that's note a bug, that's a feature').
Since they are not documented, they can be unintentionally overlooked during the hardware evaluation and possibly be used later for attacks.
The use of such undocumented features is thus strictly prohibited[...]
[pages 518-519 in the Smart Card handbook by Wolfgang Rankl and Wolfgang Effing, 1088 pages, Wiley, absolute reference in the industry]
SIM Card and Security
148 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Testing• White-box tests are prohibited, no debugging commands
must be left in the hard-mask and soft-mask. • Tests must be black-box tests and test suites include
scanning for hidden [debugging] commands.
SIM Card and Security
149 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Application Development ManagementGoals:• Avoid backdoors, Trojans, covert channels, bugs
etc.• Kleptography: techniques to leak keys to the
attacker, • form of perfect crime.
Means:• Segregation of duties.• Monitoring.
SIM Card and Security
150 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Segregation of Duties
• Never one developer works alone on an application.
• he knows only some parts of the spec (partial secrecy, “need to know”).
• Some critical security mechanisms can be distributed: part in hard mask(ROM), part in soft mask, harder to know both…– the chip manufacturer does NOT have the full
spec either.
SIM Card and Security
151 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Monitoring / Checks and Balances• Internal quality and security audits within each company.• The entire source code is frequently inspected by an
independent company: – government agency [DCSSI in France] or – an evaluation (or hacker) lab [such as CEA-LETI]
• mandated and paid by the customer [to avoid conflicts of interests].
• Some countries have a process to evaluate these labs (they have to prove that they can break smart cards as well as other people do).
• External security audits (auditor from the customer: large bank).
SIM Card and Security
152 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
File System
SIM Card and Security
153 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Data in smart cardsThink about sequences of bytes.BER-TLV conventions [ISO 8825]
T – Tag, for example “90” in hex.L – 1 or 3 bytes. Let L[0] be the first byte
MSB(L[0])=0, L[0] = length 0-127,MSB(L[0])=1, L[1-2] = length 0..65535
V – value, a string bytes.
TLV objects can be nested !
SIM Card and Security
154 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
ISO 7816-6
Specifies how to encode different data elements as BER-TLV objects,
For example:• Name of the credit card holder• Expiration date• Etc.
SIM Card and Security
155 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
ISO 7816-4
File names FID: • 2 bytes• example: ‘3F 00’
Short file names (SFID): – 5 bits, 1..30, used as
a parameter in certain commands
SIM Card and Security
156 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
ISO 7816-4
• MF: Master File(root directory “3F00”)
• DF: Dedicated Files(directories+some data)
• EF: Elementary Files(data files)
SIM Card and Security
157 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Elementary Files
EF: Elementary FilesNot all files are visible for applications(!)
– Internal EF: card private files, card O.S. only can see them
– Working EF: data accessible to applications that communicate with the external world.
SIM Card and Security
158 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Example: GSM Card [incomplete picture](cf. 3GPP TS 51.011
standard)
SIM Card and Security
159 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Some Directories in a GSM CardImportant directories:
• root directory : 3F 00
• DFGSM = 7F 20
• DFTELECOM = 7F 10.
First byte: • '3F': Master File;
• '7F': 1st level Dedicated File
• '5F': 2nd level Dedicated File
• '2F': Elementary File under the Master File
• '6F': Elementary File under a 1st level Dedicated File
• '4F': Elementary File under 2nd level Dedicated File
SIM Card and Security
160 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
ISO 7816-4 – Files (EFs)
4 types
like RAM, or a string of bytes
“records”, with specific instructions and applications…
SIM Card and Security
161 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
2 Types of Fixed-Size Entry Records
2 types of records:
• Linear Fixed file– Like a list
• Cyclic Fixed file: – Motivation:
• fixed E2PROM size, scarcity
– Applications: • Bank card history
– e.g.150 last transactions
• all SMS sent/received• etc..
Record 1
Record n
Record 2
.
.Body
Structure of a linear fixed file
Header
Record n-1
Record n-2
Record n
Record 1
Record 2..
Body
Last updated record
Structure of a cyclic file EN726-3
Oldest record
Header
SIM Card and Security
162 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
GSM Card: Some Files Inside DFGSM• EFIMSI (6F07)• Le fichier EFLOCI (6F7E) contains TMSI, LAI etc.• EFLP(Language preference)• EFKc = Ciphering key Kc + sequence number• EFSST (6F38) = SIM service table = 1byte = [s1present, s1active, …]
= ‘services’ present/not active/not in this card, these are:– Service n°1 : disable user’s PIN == CHV1
– Service n°2 : Abbreviated Dialing Numbers (ADN)– Service n°3 : Fixed Dialing Numbers (FDN)– Service n°4 : Short Message Storage (SMS)
• EFACM = Accumulated Call Meter, in units• EFMSISDN = the subscriber’s MSISDN.• etc..
present inDFTELECOM
SIM Card and Security
163 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Some Files Inside DFTELECOMThis directory is protected by PIN(!)
• EFADN(6F3A) your short phone directory (10 entries),• EFFDN(6F3B) your phone directory• EFSMS(6F3C) all the SMS received and sent, cyclic file
Record n-1
Record n-2
Record n
Record 1
Record 2..
Body
Last updated record
Structure of a cyclic file EN726-3
Oldest record
Header
SIM Card and Security
164 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
File Access and Access Conditions
SIM Card and Security
165 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Accessing Files: SELECT FILE – FCI/90 00General philosophy: Almost always one must select a file before any operation on it… (MF is
selected at the start)• SELECT FILE + params• Response: either:
– 90 00
– FCI = File Control Info = status of the file selected, • exact spec [attributes and their encoding]: depends on the smart card, e.g. GSM.
• STATUS command (C0 F2) - GSM specific: – allows to know (to avoid confusion) what file was selected with the last
SELECT command.
SIM Card and Security
166 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
VariantsThere are MANY methods to address a file with SELECT FILE:• by 2 bytes FID (for MF, DF and EF)
– 0_ A4 00 …• By DF name or AID (for DF only or an application)
– 0_ A4 04 …– 0_ A4 02 …
• by absolute path from MF– 0_ A4 08 …
• by a relative path from current DF– 0_ A4 09 …
••• Switch to higher level DF? (equiv to ../ in PC OS)Switch to higher level DF? (equiv to ../ in PC OS)Switch to higher level DF? (equiv to ../ in PC OS)
••• ……… another DF when partial AID is transferred?another DF when partial AID is transferred?another DF when partial AID is transferred?
SIM Card and Security
167 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Examples: SELECT FILE1. Example of a SELECT FILE with FID and FCI, for a GSM card:
• Command: A0 A4 00 00 02 6F 07
• Response: This command returns the FCI.
2. Example of a SELECT FILE with AID and no FCI (widely used for accessing files AND applications by their unique identifier):
• Command: 00 A4 02 00 05 [AID]
empty params.SELECT FILE
GSM cardlength + FID == file identifier on 2 bytes‘6F 07’ = IMSI file of this SIM card
specific params.SELECT FILEISO command
length + AID, if no ambiguity, a prefix of a valid AID can also be accepted
SIM Card and Security
168 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
FCI and Access Conditions for EF files
SIM Card and Security
169 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Status of EF Files
SELECT FILE command for an EF file =>returns:
1. an error command:• 62 83 – file deactivated• 64 00 – execution error
• 6A 81 – function not supported• 6A 82 – file not found• etc..
OR2. an FCI (File Control Information) + 90 00(each EF file in a card has specified access conditions):
SIM Card and Security
170 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
FCI (File Control Information) for EF files
May contain (examples, mostly optional)• “80”+2 bytes: size of the file• “82” + 2 bytes: file descriptors, e.g.
– shareable/not – type of file: DF/working EF/internal EF– EF structure
• “83” + 2: file identifier.• “84” + 1-16: DF name.• “86” + security attributes (proprietary coding).• etc..
SIM Card and Security
171 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
*FCI Attributes [contd.]• “86” + security attributes (proprietary coding).Files can be:• WORM (Write Once, Read Many time)
– implemented in hardware or software
• EDC (Error Detection Code)• atomic write access
– Security: must written entirely or not at all (!!!)
• multiple storage attribute– for frequently used files in the card, ‘wear-level’ usage of E2PROM
• data transfer selection attribute– on dual-contact cards, to make file accessible only via contact or
contact-less interface
SIM Card and Security
172 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Examples of FCINot 100% compatible, depends on products…• 6F 07 80 02 00 58 82 01 01 90 00
– EF with transparent structure, file size: 88 (0x0058)
Example of GSM FCI (22 bytes = 0x16):• 00 00 00 01 7F 20 02 00 00 00 00 00 09 91 00 11 08 00 83 8A 83 8A
Can be decoded according to GSM spec: Can be decoded according to GSM spec: Can be decoded according to GSM spec: ••• ………••• Byte 14: The most significant bits of is 0 if an only if PIN1 isByte 14: The most significant bits of is 0 if an only if PIN1 isByte 14: The most significant bits of is 0 if an only if PIN1 is disabled.disabled.disabled.••• ………••• Byte 19 = is the "CHV1 statusByte 19 = is the "CHV1 statusByte 19 = is the "CHV1 status“““. . .
––– Typically the value of this byte is '83' where 8 means that the Typically the value of this byte is '83' where 8 means that the Typically the value of this byte is '83' where 8 means that the PIN1 has been PIN1 has been PIN1 has been initialized, and that there are 3 cardholder verification attempinitialized, and that there are 3 cardholder verification attempinitialized, and that there are 3 cardholder verification attempts left for this ts left for this ts left for this PIN.PIN.PIN.
SIM Card and Security
173 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Files Security Status
SIM Card and Security
174 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Security of Files in Directories“Security status” of a file results from the sequence of commands
performed (e.g. authentication of entities) and their results. It can be:• Global: may be modified after a completion of a certain authentication
command (or other secure functionality), • Examples (studied later):
» VERIFY + PIN, » GET CHALLENGE + EXTERNAL AUTHENTICATE)» only if the commands are embedded inside SECURE MESSAGING channel (normal APDUs
with encryption AND authentication with a MAC)
• a secret key/value stored in the MF is used to perform this cryptographic command.
• File-specific, • then the key/PIN used is stored in the same DF.
• File-specific (EF).• Command-specific and ephemeral.
Example:
SIM Card and Security
175 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Security of Files in DirectoriesExample: Access conditions for a given file
+ given access mode (e.g. WRITE):
• PRO: An external command can write a file if the MAC of this command is valid. • AUT: File accessible R/W if the terminal authentication have been done before.• CHV: This file can be read if the user have entered the Pin and if it was correct.
••• CHV2: The same with the second PIN (exists in GSM).CHV2: The same with the second PIN (exists in GSM).CHV2: The same with the second PIN (exists in GSM).
••• ADM: requires the admin code number (up to 14 exist in GSM, TelcADM: requires the admin code number (up to 14 exist in GSM, TelcADM: requires the admin code number (up to 14 exist in GSM, Telcooo’’’s access)s access)s access)• NEV (access to some files can be disabled forever)
• ALW (always), public access (at least in this mode, e.g. READ).• Other conditions may exist in a specific card…
SIM Card and Security
176 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Security and Access to Files:
Example [root directory]:
SIM Card and Security
177 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
MACs = “Secret-Key Signatures”
MAC algorithm
m
sk(secret key)
MAC algorithm
sk(secret key)
σ
(m,σ)
yes/no
forgery
SIM Card and Security
178 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
*Example – how a card will enter mode PRO:Terminal Card
ASK RANDOMcommand
Challengegeneration
(T)DEScalculation
Challenge
PRO key
Cryptogram
PRO command
OK?
Compare thecryptograms
Delete flag randompresent
Data + cryptogram
EF key
PRO Key
Challenge
PRO mode OK
Bad Authentication
N
Y
(T)DEScalculation
Data tosent
Data
Receivedbytes
Data
ReceivedCryptogram
Decreaseratification counter
Reset ratificationcounter if needed
SIM Card and Security
179 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
*Example – entering mode AUT:
Terminal Card
ASK RANDOMcommand
Challengegeneration
(T)DEScalculationAUT mode
Challenge
TerminalKey
(T)DEScalculationAUT mode
Certificate
EXTERNALAUTHENTICATE
command
Compare thecryptograms
Delete flag randompresent
Cryptogram
EF keyKey number
+Cryptogram
Card Key
Receivedbytes
Keynumber
OK?
Authenticationsuccessful
Bad Authentication
N
Y
Decreaseratification counter
Reset ratificationcounter if needed
SIM Card and Security
180 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Commands (APDUs)
SIM Card and Security
181 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Commands - ISO 7816-4APDU = Application Protocol Data Unit
Master-slave principle. Half-duplex. • The card never starts anything.
SIM Card and Security
182 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
ISO 7816-4APDU = Application Protocol Data Unit
CLA = 1 byte, identifies the applicationINS = 1 byte, instruction codeLc = size of data, 1 or 3 bytes
Le = size of the expected answer, 1-3 bytes.
SIM Card and Security
183 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
CLA byte and ‘Logical Channels’
CLA is 1 byte that:
• identifies the application – so remains constant (though 1 application can have several ‘channels’),
• is an indication to what extent the command and the response complies with ISO 7816-4– Examples: ‘0X’ standard ISO, ‘A0’ in GSM,
‘80’ e-purse EN1546-3, ‘BC’ old EMV bank cards, ‘80’ and ‘84’: EMV bank cards ‘8X’: proprietary commands
CLA=‘0X’, 48X’ and ‘9X’, ‘AX’ use so called ‘logical channels’: • Let X=b4b3b2b1
– b4 b3 indicate if Secure Messaging is used and if the command header is also authenticated
– b1 b2 indicate the number of logical channel 0..3• Application: concurrent communication with multiple applications (or concurrent
execution of multiple tasks). Example: mobile phone talking to phone book another application [can be Java] stored on the SIM card.
SIM Card and Security
184 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Command APDUs
Lc = size of data, 1 or 3 bytes
Le = size of the expected answer, 1-3 bytes.
4 cases
SIM Card and Security
185 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
C-APDU INS ExamplesWhen CLA=0X0E2070828488A4B0B2C0C2CAD0D2D6DADCE2
Erase Binary Verify Manage Channel External AuthenticateGet Challenge Internal AuthenticateSelect File Read Binary Read Record(s) Get Response Envelope Get Data Write Binary Write Record Update Binary Put Data Update Record Append Record
SIM Card and Security
186 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Response = R-APDUResponse structure:
• SW1: 90=completed/OK with warning/error during exec/checking error;?NVM changed[63,65]
• SW2: error number
90 00 = All OK
SIM Card and Security
187 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
IMPORTANT:In many cases, and in all cases where the size
of the answer is not known in advance,The response is NOT given,
the terminal must ask for it (another C-APDU).
Example (for a bank card):
SIM Card and Security
188 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
5 Possible Cases:Case 1: No input data/no output data
Case 2: No input data/Output size known in advance:
Case 3: No input data/Output size not known:
SIM Card and Security
189 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Case 3: 2 x C-APDU, 2 x R-APDU:Card
ACK = 9000
2 status bytes
ACK = 9000
Data
2 status bytes
TerminalCommand APDU
Data
Request the Answer APDU
wait for completion
wait for completion
SIM Card and Security
190 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
[…] 5 Possible Cases
Case 4: Input data/no output:
Case 5: Input data/Output size known or unknown:
SIM Card and Security
191 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
ISO 7816-4 Inter-industry Commands
For transparent linear files: • READ BINARY• WRITE BINARY* • UPDATE BINARY = real WRITE• ERASE BINARY• SEARCH BINARY
**VERY SPECIAL:VERY SPECIAL:as Eas E22PROM isPROM is10001000times times slowerslowerto writeto write than RAM, than RAM, and it is the change from and it is the change from
00→→1 that is slow (requires 1 that is slow (requires erasing)erasing)
Thus the command WRITE Thus the command WRITE performs a logical AND performs a logical AND
with the current file with the current file content!!!!content!!!!
SIM Card and Security
192 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Syntax: Read/Write
• READ BINARY
• UPDATE BINARY (overwrite)
SIM Card and Security
193 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
ISO 7816-4 Inter-industry CommandsFor records (2 types): • READ RECORD• WRITE RECORD• APPEND RECORD• UPDATE RECORD• APPEND RECORD• SEEK• SEARCH RECORD
SIM Card and Security
194 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
ISO 7816-4 standard commands
For application-specific data objects.• GET DATA• PUT DATA
SIM Card and Security
195 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Security Commands
SIM Card and Security
196 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Read/Write => Secure Read/Write, CLA=04
SIM Card and Security
197 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
ISO 7816-4 Security Commands
Authentication Card Holder => Card
• VERIFY + password/CHV/PINBTW. CHV == Card Holder Verification == PIN
• Example: 00 20 00 00 04 70 61 70 61
4 bytes password = ‘papa’)
no L_e, no data in reply expected, result will be visible in two status bytes SW1SW2
must be 0INS
CLA authenticates the whole MF if b7=0, PIN stored in MF
SIM Card and Security
198 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
ISO 7816-4 Security Commands
Authentication Card => Terminal
• INTERNAL AUTHENTICATE + random challenge algo nb. + key nb.– Produces a cryptogram/MAC, proves the identity of the
card.• Example: 00 88 00 00 04 A3 02 AF D1 04
crypto algo nb.
authenticates the whole MF if b7=0, key stored in MF
INS
CLA
random challenge on 4 digits
the reply should be 3 digits/bytes too
SIM Card and Security
199 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
ISO 7816-4 Security Commands
Challenge-Response Authentication:Terminal => Card
• GET CHALLENGE
• EXTERNAL AUTHENTICATE + algo nb. + key nb. + cryptogram
SIM Card and Security
200 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Example:
• GET CHALLENGE• Example: 00 84 00 00 10
• EXTERNAL AUTHENTICATE • Example: 00 82 00 00 04 01 02 03 04
crypto algo nb.
authenticates the whole MF if b7=0, key stored in MF
INSCLA
our cryptogram on 4 bytes
no data to recover in reply, OK/not OK seen as 2 status bytes.
LE = it expects 16 digits randomboth are 0INS
CLA
SIM Card and Security
201 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
ISO 7816-4 Security Commands
Mutual Authentication:Terminal <=> Card
The sequence:• GET CHIP NUMBER• GET CHALLENGE• MUTUAL AUTHENTICATE + params
SIM Card and Security
202 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Encapsulation of ISO 7816-4 Commands
Commands and answers contain another embedded APDU command (or part of it):
• GET RESPONSE for an embedded command
• ENVELOPE – sent an encrypted APDU• Example: 00 C2 00 00 10 ……………
some data, length 16both are 0INS
CLA
no data to recover in reply, only 2 status bytes.
SIM Card and Security
203 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Some More GSM Commands (CLA=‘A0’)
CHV1=user PINCHV2=second PIN
SIM Card and Security
204 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Concrete Example: Your Own GSM Card
SIM Card and Security
205 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Some Directories in a GSM CardImportant directories:
• root directory : 3F 00
• DFGSM
= 7F 20
• DFTELECOM = 7F 10.
First byte: • '3F': Master File;
• '7F': 1st level Dedicated File
• '5F': 2nd level Dedicated File
• '2F': Elementary File under the Master File
• '6F': Elementary File under a 1st level Dedicated File
• '4F': Elementary File under 2nd level Dedicated File
SIM Card and Security
206 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
How To Access These in Practice?We use very basic open-source software
(and all it does to call function of Microsoft smart card API, which are implemented inside winscard.dll, included in every version of windows)
Spring Card tools: Quick install: http://www.springcard.com/download/usr/sdd4c0-ae.exeThis program installs 3 different working tools, we use C# Scriptor here.
SIM Card and Security
207 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Minimal GSM Phone Call:The VERY strict minimum… in fact thousands of
commands can be exchanged in modern phones…
1. Select the le DFGSM directory.2. Verify the PIN (not needed if PIN inactive).3. Run the GSM algorithm to obtain cryptographic
keys for the authentication and encryption during the current phone call.
SIM Card and Security
208 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Minimal GSM Phone Call:1. Select the le DFGSM directory.
SIM Card and Security
209 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
SELECT FILE1. Example of a SELECT FILE with FID and FCI, for a GSM card:
• Command: A0 A4 00 00 02 7F 20
Response: This command returns the FCI.Well not quite. Done in 2 stages:
empty params.SELECT FILE
GSM cardlength + FID == file identifier on 2 bytes‘6F 07’ = IMSI file of this SIM card
SIM Card and Security
210 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Details:
SIM Card and Security
211 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Decoding This FCI
Example of GSM FCI (22 bytes = 0x16):• 00 00 00 01 7F 20 02 00 00 00 00 00 09 91 00 11 08 00 83 8A 83 8A
Can be decoded according to GSM spec: • …• Byte 14: The most significant bits of is 0 if an only if PIN1 is disabled.• …• Byte 19 = is the "CHV1 status“.
– Typically the value of this byte is '83' where 8 means that the PIN1 has been initialized, and that there are 3 cardholder verification attempts left for this PIN.
SIM Card and Security
212 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Verifying the PIN in GSM
Authentication Card Holder => Card
• VERIFY + CHV1• Example: A0 20 00 01 08 33 37 37 36 FF FF FF FF
8 bytes PIN in ASCII ‘3776’ +
FF FF FF FF
no L_e, no data in reply expected, result will be visible in two status bytes SW1SW2
must be 0INS
CLA=GSM
here b7=1
SIM Card and Security
213 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Answer Codes:
Card Holder => Card
VERIFY + CHV1A0 20 00 01 08 33 37 37 36 FF FF FF FF
Reply:9000 - the PIN is correct9802 - CHV is not initialized9808 - in contradiction with CHV status (inactive PIN!)9810 - in contradiction with invalidation status)9804 - unsuccessful CHV verification, at least 1 attempt left9840 - unsuccessful CHV verification,
no attempt left or this CHV is blocked now
SIM Card and Security
214 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Beware:
Danger:• After 3 presentations of an incorrect PIN (that can be in
different sessions, this counter is preserved in non-volatile memory) the card will be blocked (but can be unblocked with UNBLOCK CHV function).
• However if the PIN is correct, the counter for the number of CHV attempts will be reset to 3.
SIM Card and Security
215 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
GSM Security
A3
Mobile Equipment
GSM OperatorAuthentication Center
A8
A5
A3
A8
A5
Ki Ki
challenge RAND
KcKc
mi Encrypted Data mi
SIM card
Signed RESponse (SRES)
SRESSRES
Fn Fnare = ?
precomputed triples:(RAND,SRES,Kc)
Base Station
SIM Card and Security
216 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
SIM Card Side
secret key
Triples RAND, SRES, Ki are stored in BS
Data with redundancy: terrible mistake…
data block of 114 bits.
SIM Card and Security
217 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Running the Secret Algorithm (with secret key)
Both remain secret at all times.
Custom-made!
SIM Card and Security
218 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Authentication Algorithms
Some operators used COMP128 v1, the default algorithm.• Very bad, there are several attacks
[Briceno,Goldberg,Wagner].• Some never published attacks existed only in a form of an
exe file, better than any published attack – less queries to the card!– I’ve developed such attacks myself, they were never published
(sorry…).– Gemplus patented and commercialized a strong key solution
Encryption AlgorithmsIn the phone.
SIM Card and Security
219 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Embarrassing Discovery
What was discovered before [SDA-Berkeley 04/98].• Keys generated were not 64 bits.
– 10 bits fixed to 0 => 54 effective bits.
• The limitation was implemented in both AuC (authentication Centers) and in SIM cards.
• Later most operators have, by now, increased the size of their keys to 64 bits (also changing the algorithms or not). – It appears that the key is 64 bits starting from COMP 128 v3 and also
in most recent proprietary algorithms. – But one should check if they did!
Let’s do it.
SIM Card and Security
220 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Embarrassing Discovery
• Keys generated by typical UK and French cards (I’ve checked many): 64 bits.
• Key in Polish Orange card: 64 bits.• All Chinese cards checked: 64 bits.
• Card bought in Russia in 2007 (operator = “MTC”): – 54 bits only
• What about Estonia, member of the EU?– I went to Estonia this year (2009).– Bought a SIM card from “simpel”:
• The key also is restricted to 54 bits.– The weakest GSM keys in the EU…
SIM Card and Security
221 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Smart Card O.S.
SIM Card and Security
222 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Modern Multi-Application O.S.• MULTOS
– originally developed for e-purse Mondex [UK]– High level of security, EAL6 for some chips
• Open Platform – promoted by Visa et al.
• JavaCard• popular in GSM• banks never wanted 3rd party applications on their
cards… problems: branding, ownership, risks…
• Windows for Smartcards– commercial fiasco, abandoned
SIM Card and Security
223 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Further Smart Card Standards
SIM Card and Security
224 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
ISO 7816-5Specifies AIDs (Application IDentifier)• 16 bytes (128 bits)
– [RID(5)+PIX(0..11)]– RID: Registered Application Provider– PIX: Proprietary Identifier Extension
• Can uniquely identify one smart card application. • Also used to identify files in the smart card.
SIM Card and Security
225 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
*Accessing Files and Applications by AID: SELECT FILE
As for files, applications are selected by the same method with an APDU ‘XX A4 …’ to select a file by its AID: Example:
• 00 A4 02 00 0E 31 50 41 59 2E 53 59 53 2E 44 44 46 30 31
• Response: 90 00 if all OK…
specific params.
SELECT FILE
ISO command
length + AID, "1.PAY.SYS.DDF01"
SIM Card and Security
226 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
RID: Registered Application ProviderExamples:• A0 00 00 00 87
– 3GPP (3G USIM application)
• A0 00 00 00 09– ETSI (e.g. GSM SIM with Java)
SIM Card and Security
227 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
ISO 7816-12 – 12/2005
USB on smart cards!• Two versions, still evolving• Bridge the connectivity gap between PCs
and smart cards!
SIM Card and Security
228 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Standards
• PC/SC: communication between Ms Windows and smart card readers [developed in 1997]
• Microsoft Cryptographic API (CryptoAPI).– enables application developers to add cryptography and certificate management functionality to
their Win32 applications without knowing anything about the hardware configuration
SIM Card and Security
229 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Smart Cards under Linux?
PC/SC works and has drivers under Linux too.
Libraries? check out • M.U.S.C.L.E. at www.linuxnet.com• OpenSC library• Etc…
SIM Card and Security
230 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Standards• JavaCard [later].
– OCF [OpenCard Framework]: a Java-based set of APIs for smart cards
– JavaCard 2.2
• ISO 15408: product evaluation derived from the ‘common criteria’
SIM Card and Security
231 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Mobile Phone Card Standards
SIM Card and Security
232 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
***GSM Phone Card Standards• GSM 11-11: specifies the standard SIM-ME interface• GSM 11-14: more: « SIM Application Toolkit »• GSM 03.19: API JavaCardTM for programming SIM cards• GSM 03.40: how to implement Short Message Service
(SMS) in Point to Point (PP) mode• GSM 03.48: security mechanisms for the SIM card
application toolkit
SIM Card and Security
233 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
***3G Phone Card Standards• TS 51.011: specifies the 3G SIM-ME interface• ETSI TS 102 221: terminal-card physical and logical
characteristics• 3GPP: 31.101 V4.0.0, 31.102 V4.0.0 (Release 99)- 3G
cards (W-CDMA)• 3GPP2-C00-1999-1206-1208: specification of RUIM
modules for CDMA 2000
SIM Card and Security
234 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
3G Phone Security StandardsPrinciples, objectives and requirements• TS 33.120 Security principles and objectives• TS 21.133 Security threats and requirementsArchitecture, mechanisms and crypto algorithms• TS 33.102 Security architecture• TS 33.103 Integration guidelines• TS 22.022 Personalization of mobile equipment• TS 33.105 Cryptographic algorithm requirements• TR 33.900 A guide to 3G security• TR 33.901 Criteria for cryptographic algorithm design process• TR 33.902 Formal analysis of the 3G authentication protocol• TR 33.908 General report on the design, specification and evaluation of3GPP standard confidentiality and integrity algorithms• Document 1: f8 & f9• Document 2: KASUMI• Document 3,4: test dataLawful interception• TS 33.106 Lawful interception requirements• TS 33.107 Lawful interception architecture and functions
SIM Card and Security
235 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
JavaCardWrite Once, Run Anywhere™
SIM Card and Security
236 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Motivation• Portable code, hardware-independent• Time to market: add new applications
to the card at any moment! • Easier to develop• Open platform,
=> specs of smart card chip are usually confidential(!!)
• Third party applications => much more security needed!!!– Hide the smart card OS and resources from the developer [not
trusted]– Java language has inherently better security…
• Much of current application insecurity comes from C language [exceptions, printf, goto, buffer overflow etc..]
• Provide “built-in security” for developers• Cons: slow + expensive…
SIM Card and Security
237 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
History
• Java Card 1.0: Schlumberger. APIs only. • Later, Bull+Gemplus+Schlumberger formed
the Java Card Forum. • + Sun Microsystems => develop Java Card
2.0.Still a SMALL subset of JavaTM
Some 2 billion Java cards to date(mainly in GSM…)
SIM Card and Security
238 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Working Principle [source: Sun website]
SIM Card and Security
239 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
CommunicationSpecial subset of APDUs [ISO 7816-3..4] are used.
SIM Card and Security
240 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Conclusion
SIM Card and Security
241 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Future:
• Insecure software, hackers => One Cannot live without Smart Cards or some
other secure portable hardware device.» Bill Gates recognized it publicly in 2005…
SIM Card and Security
242 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
Major Problems
• cost effectiveness• adoption of new technology
– which standards will win? – a very tricky game…
SIM Card and Security
243 Nicolas T. Courtois, WMNC Gdansk, 11/09/09
How Secure Are Smart Cards?
There is no better technology on this planet.
…Succeeding requires tamper-proof hardware. But• no security professional will speak of tamper-proof devices,
as opposed to tamper-resistant ones. • Security is a matter of economics, and not just technology.
[Steve Bellovin blog, 24/08/07]