keep your enemies close: distance bounding against smartcard relay attacks authors: saar drimer and...
TRANSCRIPT
![Page 1: Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks Authors: Saar Drimer and Steven J. Murdoch Presented in: Usenix Security Symposium](https://reader030.vdocuments.mx/reader030/viewer/2022032606/56649e995503460f94b9c393/html5/thumbnails/1.jpg)
Keep Your Enemies Close:Distance Bounding Against Smartcard Relay Attacks
Authors: Saar Drimer and Steven J. MurdochPresented in: Usenix Security Symposium 2007
Kishore Padma Raju
![Page 2: Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks Authors: Saar Drimer and Steven J. Murdoch Presented in: Usenix Security Symposium](https://reader030.vdocuments.mx/reader030/viewer/2022032606/56649e995503460f94b9c393/html5/thumbnails/2.jpg)
Today’s Talk
• Smart Card• Relay Attacks• Defenses• Distance Bounding
![Page 3: Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks Authors: Saar Drimer and Steven J. Murdoch Presented in: Usenix Security Symposium](https://reader030.vdocuments.mx/reader030/viewer/2022032606/56649e995503460f94b9c393/html5/thumbnails/3.jpg)
Smart Card
• Sheet of plastic – integrated circuit(microcontroller) – Eight contact pads • Ground • Power• Reset• Clock• Bidirectional I/O signal
![Page 4: Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks Authors: Saar Drimer and Steven J. Murdoch Presented in: Usenix Security Symposium](https://reader030.vdocuments.mx/reader030/viewer/2022032606/56649e995503460f94b9c393/html5/thumbnails/4.jpg)
Payment system
is fully deployed in the UK since 2006, with banks making grand claims of security
uses the EMV (Europay MasterCard Visa) protocol
1066 requires a correct 4 digit PIN input for authorizing transactions
uses RSA for Static Data Authentication (SDA)
![Page 5: Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks Authors: Saar Drimer and Steven J. Murdoch Presented in: Usenix Security Symposium](https://reader030.vdocuments.mx/reader030/viewer/2022032606/56649e995503460f94b9c393/html5/thumbnails/5.jpg)
Payment Environment
• Four parties– Cardholder– merchant: control the payment terminal– Issuer bank• Contractual relation with cardholder
– Acquirer bank• Contractual relation with merchant
![Page 6: Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks Authors: Saar Drimer and Steven J. Murdoch Presented in: Usenix Security Symposium](https://reader030.vdocuments.mx/reader030/viewer/2022032606/56649e995503460f94b9c393/html5/thumbnails/6.jpg)
A simplified smartcard transaction
![Page 7: Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks Authors: Saar Drimer and Steven J. Murdoch Presented in: Usenix Security Symposium](https://reader030.vdocuments.mx/reader030/viewer/2022032606/56649e995503460f94b9c393/html5/thumbnails/7.jpg)
Authentication
• Dynamic data authentication– Merchant • Verify signature with public key
• Static data authentication– Merchant are not trusted• Data is static• Authorization is done online
![Page 8: Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks Authors: Saar Drimer and Steven J. Murdoch Presented in: Usenix Security Symposium](https://reader030.vdocuments.mx/reader030/viewer/2022032606/56649e995503460f94b9c393/html5/thumbnails/8.jpg)
RELAY ATTACK
![Page 9: Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks Authors: Saar Drimer and Steven J. Murdoch Presented in: Usenix Security Symposium](https://reader030.vdocuments.mx/reader030/viewer/2022032606/56649e995503460f94b9c393/html5/thumbnails/9.jpg)
IMPLEMENTATION
• Counterfeit Terminal– Chip and pin terminals($10)– Xilinx Spartan($200)– USB GemPC twin reader($40)
![Page 10: Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks Authors: Saar Drimer and Steven J. Murdoch Presented in: Usenix Security Symposium](https://reader030.vdocuments.mx/reader030/viewer/2022032606/56649e995503460f94b9c393/html5/thumbnails/10.jpg)
IMPLEMENTATION
• Counterfeit Card– Ground down the chip to card’s pad– Maxim 1740/1 transistor($2)
• Controlling software– Software developed in python
$500 worth of off-the-shelf hardware, two laptops and moderateengineering skill is all it takes.
![Page 11: Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks Authors: Saar Drimer and Steven J. Murdoch Presented in: Usenix Security Symposium](https://reader030.vdocuments.mx/reader030/viewer/2022032606/56649e995503460f94b9c393/html5/thumbnails/11.jpg)
Results
• VASCO Chip authentication program(CAP)• Merchant in UK
![Page 12: Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks Authors: Saar Drimer and Steven J. Murdoch Presented in: Usenix Security Symposium](https://reader030.vdocuments.mx/reader030/viewer/2022032606/56649e995503460f94b9c393/html5/thumbnails/12.jpg)
Previously proposed defenses
Tamper resistant terminalsProtects banks by erasing keys upon
tampering, cardholders aren’t trained to tell the difference
Impose timing constraints on terminal-card interactionA good start, but short timing advantages translateinto long distances; most interactions are predictable
![Page 13: Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks Authors: Saar Drimer and Steven J. Murdoch Presented in: Usenix Security Symposium](https://reader030.vdocuments.mx/reader030/viewer/2022032606/56649e995503460f94b9c393/html5/thumbnails/13.jpg)
Distance Bounding
• Parameters– Prover P(Smart card)– Verifier V(terminal)
![Page 14: Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks Authors: Saar Drimer and Steven J. Murdoch Presented in: Usenix Security Symposium](https://reader030.vdocuments.mx/reader030/viewer/2022032606/56649e995503460f94b9c393/html5/thumbnails/14.jpg)
Distance Bounding
![Page 15: Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks Authors: Saar Drimer and Steven J. Murdoch Presented in: Usenix Security Symposium](https://reader030.vdocuments.mx/reader030/viewer/2022032606/56649e995503460f94b9c393/html5/thumbnails/15.jpg)
Distance Bounding–initialization phase
Used Hancke-Kuhn N(v) and N(p) provide freshness to the transaction and prevent from replay attacks
![Page 16: Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks Authors: Saar Drimer and Steven J. Murdoch Presented in: Usenix Security Symposium](https://reader030.vdocuments.mx/reader030/viewer/2022032606/56649e995503460f94b9c393/html5/thumbnails/16.jpg)
Distance Bounding
– MACs are computed under shared key– verifier loads a shift register with random bits– prover splits MAC into two shift registers
![Page 17: Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks Authors: Saar Drimer and Steven J. Murdoch Presented in: Usenix Security Symposium](https://reader030.vdocuments.mx/reader030/viewer/2022032606/56649e995503460f94b9c393/html5/thumbnails/17.jpg)
Distance Bounding – bit exchange phase
Timing critical phase:– single bit challenge-response pairs are exchanged– response bit is the next bit from the shift register corresponding to thechallenge bit’s content– response bit is deleted at prover and stored at verifier
![Page 18: Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks Authors: Saar Drimer and Steven J. Murdoch Presented in: Usenix Security Symposium](https://reader030.vdocuments.mx/reader030/viewer/2022032606/56649e995503460f94b9c393/html5/thumbnails/18.jpg)
Distance Bounding – Verify Phase
The verifier checks that the responses are correct and concludes, based on its timing settings, the maximum distance the prover is away
![Page 19: Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks Authors: Saar Drimer and Steven J. Murdoch Presented in: Usenix Security Symposium](https://reader030.vdocuments.mx/reader030/viewer/2022032606/56649e995503460f94b9c393/html5/thumbnails/19.jpg)
Experimental Setup
![Page 20: Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks Authors: Saar Drimer and Steven J. Murdoch Presented in: Usenix Security Symposium](https://reader030.vdocuments.mx/reader030/viewer/2022032606/56649e995503460f94b9c393/html5/thumbnails/20.jpg)
Example of Rapid Bit-exchange phase
A 3 8 F 6 D 7 5challenger 1010 0011 1000 1111 0110 1101 0111 0101
Register0 x0x0 11xx x011 xxxx 0xx1 xx1x 1xxx 1x0x
Register1 1x0x xx10 1xxx 0001 x10x 01x0 x111 x1x0
Response 1000 1110 1011 0001 0101 0110 1111 1100
8 E B 1 5 6 F C
![Page 21: Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks Authors: Saar Drimer and Steven J. Murdoch Presented in: Usenix Security Symposium](https://reader030.vdocuments.mx/reader030/viewer/2022032606/56649e995503460f94b9c393/html5/thumbnails/21.jpg)
A single bit-pair exchange:challenge=1, response=0
![Page 22: Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks Authors: Saar Drimer and Steven J. Murdoch Presented in: Usenix Security Symposium](https://reader030.vdocuments.mx/reader030/viewer/2022032606/56649e995503460f94b9c393/html5/thumbnails/22.jpg)
Waveform
![Page 23: Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks Authors: Saar Drimer and Steven J. Murdoch Presented in: Usenix Security Symposium](https://reader030.vdocuments.mx/reader030/viewer/2022032606/56649e995503460f94b9c393/html5/thumbnails/23.jpg)
Possible attacks on distance bounding
• Guessing attack– Initiate bit-exchange phase– 50% of challenges and 50% of responses– Totally 75% success– Probability (3/4)^64 using 64 bits
• Replay– Revealing both response registers by running the
protocol twice• Delay line manipulation– Manipulate delay lines to expose both registers’ state
![Page 24: Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks Authors: Saar Drimer and Steven J. Murdoch Presented in: Usenix Security Symposium](https://reader030.vdocuments.mx/reader030/viewer/2022032606/56649e995503460f94b9c393/html5/thumbnails/24.jpg)
Future work
Working towars providing secure distance bounding protection for RFID.
![Page 25: Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks Authors: Saar Drimer and Steven J. Murdoch Presented in: Usenix Security Symposium](https://reader030.vdocuments.mx/reader030/viewer/2022032606/56649e995503460f94b9c393/html5/thumbnails/25.jpg)
STRENGTHS
• Low Cost• Robust
![Page 26: Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks Authors: Saar Drimer and Steven J. Murdoch Presented in: Usenix Security Symposium](https://reader030.vdocuments.mx/reader030/viewer/2022032606/56649e995503460f94b9c393/html5/thumbnails/26.jpg)
Weakness
• Gave idea to attack their system