Kasper & Oswald GmbH, Bochum, Germany

www.kasper-oswald.com

Berlin, 8. November 2016

Token, Transponder und RFID-Tags Angriffe auf elektronischeZugangskontrollsysteme

Timo Kasper

Forum Modernes Zutritts- undBerechtigungsmanagement

3

Dr.-Ing. Timo Kasper Dr.-Ing. David Oswald

Core Competence: Embedded Security

Research, Analysis, Development, Consulting, Training

Many years of Research and Development experience

5

Embedded Devices in the Internet of Things

NFC

6

Introduction to (Symmetric) Cryptography

Secret KeyG3H31M

plaintext

Simedia

Cipher

ciphertext9e%~@@²a

Alice

plaintext

Simedia

Cipher

ciphertext9e%~@@²a

Bob

Internet

Oscar

9e%~@@²a

8

The core of (IT-)Security

Security

Design AnalysisImprove

Report flaws

11

Implementation Attackson Embedded Devices

Fault Injection,Reverse Engineering

Side-Channel Analysis

20

Remote Keyless Entry (1)Uni-directional

First systems: Fixed code

123xbhdsgf …123xbhdsgf …123xbhdsgf …

23

Remote Keyless Entry (2)Uni-directional with Crypto

Industry reacts: Rolling code

encrypt(124)encrypt(125)

…

Cipher

BUT there are attacks ...

Option 1:Attack key management

Option 2:Attack crypto

KeeLoq(Crypto 2008)

25

Principle of Side-Channel Analysis(here: listen to Sound)

A Bank Robbery

26

Principle of Side-Channel Analysis

The world is changing…

27

Principle of Side-Channel Analysis(Monitor the power consumption / run-time)

The world is changing…

…the tools are, too.

32

Applied Side-Channel Analysis (Power)

32

Counter

Secret Key

Dynamic Code

Encryption(KeeLoq)

32

64?

secret cryptographic key of remote control !

Attack target (2008):KeeLoq remote controls

• very widespreadin cars and garages(world-wide)

33

Side-Channel Analysis of KeeLoq:Management Summary

Power-analysis attack (with physical access):

clone a remote control from 10 power measurements

obtain Manufacturer Key from 1 power measurement

Flaw of KeeLoq system:

Key derivation from Manufacturer Key kM

– kremote_control = f(#ser, kM)

– kM used in every receiver of manufacturer M

– Single point-of-failure

36

Flavio Garcia, David Oswald,Timo Kasper, Pierre Pavlidès

University of Birmingham / Kasper & Oswald GmbH

Automotive RKE(Usenix 2016)

44

VW Group: Affected Vehicles

• Audi: A1, Q3, R8, S3, TT, other types of Audi cars (e.g. remote control 4D0 837 231)

• VW: Amarok, (New) Beetle, Bora, Caddy, Crafter, e-Up, Eos, Fox, Golf 4, Golf 5, Golf 6, Golf Plus, Jetta, Lupo, Passat, Polo, T4, T5, Scirocco, Sharan, Tiguan, Touran, Up

• Seat: Alhambra, Altea, Arosa, Cordoba, Ibiza, Leon, MII, Toledo

• Skoda: City Go, Roomster, Fabia 1, Fabia 2, Octavia, Superb, Yeti

• In summary: probably most VW group vehicles between 1995 and today not using Golf 7 (MQB) platform

45

Hitag2 RKE Attack Demo

45

46

Vehicles we tested using Hitag2 RKE

Opel | Astra H | 2008Opel | Corsa D | 2009Fiat | Grande Punto | 2009

47

Management Summary

VW Group: secure crypto ≠ secure system

• extract a few worldwide keys

instantly copy a remote control from 1 signal

• RF attack highly practical and scalable

Hitag2: diversified keys but bad crypto

• eavesdrop ≈ 4 to 8 signals (key presses)

copy remote control with some computations

Poor crypto is bad, but poor key management is worse.

49

Embedded Devices in the Internet of Things

NFC

50

Authentication with Login Tokens

Past: One factor: Password/PIN

Today: Two factors: Password/PIN and an additional token:

51

52

Yubikey 2: Overview

Simulates USB keyboard

Generates and enters One-TimePassword (OTP) on button press

Based on AES w/ 128-bit key

53

Yubikey OTP Generation

...

dhbgnhfhjcrl rgukndgttlehvhetuunugglkfetdegjd

dhbgnhfhjcrl trjddibkbugfhnevdebrddvhhhlluhgh

dhbgnhfhjcrl judbdifkcchgjkitgvgvvbinebdigdfd

...

AES encrypted = secure?!

54

128-bit AES key of the Yubikey 2 can be recovered(700 EM measurements = 1 hour physical access)

Attacker can compute OTPs w/o Yubikey

Impersonate user:Username and password still needed

Side-Channel Analysis of Yubikey2:Management Summary

55

Countermeasures

Side-channel attacks are a threat in practice

FW version 2.4 for Yubikey 2 comes with countermeasures

Newly produced Yubikeys are more secure

Improve

Report flaws

57

• can be extended for mutual authentication

• challenge must be random and big enough

ek(Ci) = Ri

Ci

challenge

response

1. computes: R’i = ek(Ci)

2. verifies: R’i = Ri?

Remote Keyless Entry (3)Bi-Directional: Challenge-Response

58

Embedded Devices in the Internet of Things

NFC

59

Used in

• access control systems

• electronic passports

• payment systems

• ticketing / public transport

• Near Field Communication (NFC)

One insecure example:Mifare Classic

Contactless Smartcards / RFIDISO 14443 / ISO 15693 @ 13.56 MHz

KeeLoq(Crypto 2008)

61

Analysis of the ID-Card 1/2 Extracting Keys

• test our key-recovery on ID-Card extraction of all secret keys

• another ID-Card contains the same keys

• a third ID-Card contains the same keys

...• surprising discovery:

All ID-Cards have identical keys !

61

64

• disguised reader, e.g., near a waiting line at the cash desk

• Evil attacker: sets credit of any card in its proximity to 0€ (in 40 ms)

• “Nice“ attacker : charges cards of “victims”

A Practical Threat:Denial of Service

65

My favourite Attack:Converting Bits to Cash

• get anonymous ID-Card (10 € deposit)

• modify credit balance

• return card at cash desk

deposit and up to 150 € paid out in cash!

anonymous

66

new issued cards are Mifare DESfire (EV1)

old Mifare Classic cards are still working

improved backend: shadow accounts are used(…and still manually checked…)

Analysis of a Contactless Payment System5 years after the Attack ….

Improve

Report flaws

A Versatile NFC Emulator and more

69

2006: Kaffeetassen Transponder(Coffee Cup Tag)

72

Fake Tag

75

The Primal- (2011)

A Versatile Emulator for Contactless Smartcards

Mifare Classic: Crypto1 stream cipher

Mifare DESFire MF3ICD40: Auth. with (3)DES

Mifare DESFire EV1: Auth. with AES-128, (3)DES

… and other ISO14443 / ISO15693 cards

Atmel ATXmega32

76

Rev.D

79

Rev.D

80

Rev.E

open source project: https://github.com/emsec/ChameleonMini

• 8 card slots

• Breakableantenna

• Improved USBcommand set

• Widespread

89

Rev.E is not enough:Upgrade MCU and FRAM Rev. F

91

Crowdfunding via Kickstarter, Day 45

• Project successfully funded.

92

Crowdfunding via Kickstarter

…. 6 months later: Production finished.

94

Rev.G

• (Basic) RFID Reader• ATXMega128 + FRAM• Li-Ion Battery

• ISO 14443/ ISO 15693• Sniffing• Log Mode

95

Rev.GLog Mode / Sniffing

• Emulation: Log reader and Chameleon data• Sniffing: Chameleon is „invisible“ during recording• Precise time stamps• Live logging

97

Card Emulator

open source project: https://github.com/emsec/ChameleonMini

Source Code/Firmware and Hardware Layout of Rev.GNow online!

98

Creative Usage of (Florian Bache @ RUB)

99

Long Range Contactless Card

100

A Useful BookReading Range: more than 70 cm

101

Chameleon and the Magic DragonPUFF!

CHES 2015 paper:The Gap Between Promise and Reality: On theInsecurity of XOR Arbiter PUFs (Georg T. Becker)

Chameleon clonesa PUF (Physically

Unclonable Function)

105

Embedded Devices in the Internet of Things

NFC

Case Study:

An Electronic Locking System

(CRYPTO 2013)

111

Electronic Locking Systemwith Bi-Directional Authentication Scheme

Token Lock

115

Electronic Locking Systemwith Bi-Directional Authentication Scheme

Black-box analysis: Token and lock perform authentication protocol

Token LockAuthenticationprotocol

???

121

Lock

Embedded code?

Read-out protection!

Token

Electronic Locking System:PIC Microcontroller in Token and Lock

122

Decapping an IC (1)

123

Decapping an IC (2)

124

Decapping an IC (3)

125

Decapping an IC (4)

126

Microscopic View of the Silicon Die

127

Exposure to UV-C: Disable Read-Out Protection (1)

128

Exposure to UV-C: Disable Read-Out Protection (2)

129

Exposure to UV-C: Disable Read-Out Protection (2)

130

Read Out the Contentof the PIC Microcontroller

• Use standard programmer• Reverse-Engineer (e.g., IDA)

all secrets known

131

𝑰𝑫𝑳

𝑰𝑫𝑻

challenge 𝑪

𝑫

both: compute 𝑹𝑲𝑻(𝑪, 𝑫, 𝑰𝑫𝑻, 𝑰𝑫𝑳) = 𝑹𝑻 𝑹𝑳

(verify 𝑹𝑳)

𝑲𝑻 𝑲𝑳

compute 𝑲𝑻 = 𝑺𝑲𝑳(𝑰𝑫𝑻, 𝑫)

response 𝑹𝑻

response 𝑹𝑳

(verify 𝑹𝑻)

88

32

32

24

32

80

136

Weaknesses and Attacks (1)Hardware

Each lock stores installation-wide cryptographic key

UV-C attack in ~ 30 min (decap PIC)

EM - side-channel attack in ~ 15 min (close to PIC)

Attacking one lock gives access to all doors

139

𝑰𝑫𝑳

𝑰𝑫𝑻

challenge 𝑪

𝑫

both: compute 𝑹𝑲𝑻(𝑪, 𝑫, 𝑰𝑫𝑻, 𝑰𝑫𝑳) = 𝑹𝑻 𝑹𝑳

(verify 𝑹𝑳)

𝑲𝑻 𝑲𝑳

compute 𝑲𝑻 = 𝑺𝑲𝑳(𝑰𝑫𝑻, 𝑫)

response 𝑹𝑻

response 𝑹𝑳

(verify 𝑹𝑻)

88

32

32

24

32

80

142

𝑰𝑫𝑻

𝑫

𝑲𝑳

O*64DES*

1..64O

65..128

128

128 𝑲𝑻128

128

𝑹𝑻 𝑹𝑳𝑫𝑪 O

128

128 64

128

O DES*1..64

65..128

128

𝑰𝑫𝑻

𝑰𝑫𝑳

Cryptographic Functions R and S

144

𝑰𝑫𝑻

𝑫

𝑲𝑳

O*64DES*

1..64O

65..128

128

128 𝑲𝑻128

128

𝑹𝑻 𝑹𝑳𝑫𝑪 O

128

128 64

128

O DES*1..64

65..128

128

𝑰𝑫𝑻

𝑰𝑫𝑳

𝒁𝑹

𝒁𝑺

Cryptographic Functions R and SSecurity Vulnerabilities

1.) 40 Bits of 𝒁𝑹 reused as C leaks internal value

2.) 128-Bit key 𝑲𝑻 computedfrom 64 unknown bits

3.) O has bad cryptographic properties

145

Protocol Runs Run-Time Key Candidates

3 3,36 min 21,34

4 11,5 s 1

5 1,2 s 1

6 650 ms 1

Weaknesses and Attacks (2) Wireless Lock-only attack

Efforts for computing 𝑲𝑻 on a PC:

• initiate some (not successful) protocol runs• compute valid 𝑲𝑻 open door(s)

153

A System Designer‘s Perspective:How to Secure the Internet of Things?

Use peer-reviewed crypto and random numbers

Do not educate your attacker

– Do not start with a weak product that must be upgraded

Implementation attacks: Practical threat, but:

– Use certified devices (secure hardware)

– Algorithmic countermeasures (secure software)

System level: Second line of defense!

– Shadow accounts / Logging (detect fraud)

– Key diversification (minimize impact)

Expect the Unexpected

Thank you!

Questions? Comments?

Contact: info@kasper-oswald.com

www.kasper-oswald.com

156

Secure Against Cyber Attacks

157

Kasper & Oswald Prüfsiegel

• Unabhängige Sicherheitsanalyse

• Verbesserungsvorschläge

• Diskretion über Firmeninterna

www.kasper-oswald.de