accessing secure information using export file fraudulence
play

Accessing Secure Information using Export file Fraudulence Guillaume - PowerPoint PPT Presentation

Nov 29, 2023 •214 likes •458 views

Accessing Secure Information using Export file Fraudulence Guillaume Bouffard 1 Tom Khefif 1 Jean-Louis Lanet 1 Ismael Kane 2 Sergio Casanova Salvia 2 1 Smart Secure Devices (SSD) Team University of Limoges Limoges, France

  1. Accessing Secure Information using Export file Fraudulence Guillaume Bouffard 1 Tom Khefif 1 Jean-Louis Lanet 1 Ismael Kane 2 Sergio Casanova Salvia 2 1 Smart Secure Devices (SSD) Team – University of Limoges – Limoges, France guillaume.bouffard @unilim.fr http://secinfo.msi.unilim.fr 2 Applus – LGAI Technological Center – Barcelona, Spain CRiSIS 2013 – PhD Workshop 1 / 16 Guillaume Bouffard (SSD Team) Accessing Secure Information using Export file Fraudulence 1/16

  2. Outline Introduction Smart Card Java Card Technology Java Card Linking Process Outside the Java Card Inside the Java Card Man-in-the-Middle Attack Objective Exploitation on the javacard.security API Conclusion 2 / 16 Guillaume Bouffard (SSD Team) Accessing Secure Information using Export file Fraudulence 2/16

  3. The Smart Card Widely used device • Credit Card; • (U)SIM Card; • Health Card (french Vitale card); • Pay TV; • . . . This device contains sensitive data 3 / 16 Guillaume Bouffard (SSD Team) Accessing Secure Information using Export file Fraudulence 3/16

  4. Java Card based Smart Card Applet Applet Applet • Created by Vendor and/or Schlumberger in 1996. Java Card Industry Spe- Runtime • Specified by Oracle cific Extensions Environ- • Provide a friendly Java Card Framework and APIs ment environment to develop Java Card Virtual Machine secured Java Card Operating System applications. Hardware 4 / 16 Guillaume Bouffard (SSD Team) Accessing Secure Information using Export file Fraudulence 4/16

  5. Java Card Security Model • Off-card Security Java Class Files Java Card Files Byte Code Verifier Byte Code Converter Byte Code Signer (BCV) 5 / 16 Guillaume Bouffard (SSD Team) Accessing Secure Information using Export file Fraudulence 5/16

  6. Java Card Security Model • Off-card Security Java Class Files Java Card Files Byte Code Verifier Byte Code Converter Byte Code Signer (BCV) • On-card Security Installed applet Java Card Files BCV Linker Firewall 5 / 16 Guillaume Bouffard (SSD Team) Accessing Secure Information using Export file Fraudulence 5/16

  7. Off-card compilation Application export File Java Archive Byte Code Con- verter, con- verter and signer API export Files Application Cap File 6 / 16 Guillaume Bouffard (SSD Team) Accessing Secure Information using Export file Fraudulence 6/16

  8. Off-card compilation Application export File Java Archive Byte Code Con- verter, con- verter and signer API export Files Application Cap File 6 / 16 Guillaume Bouffard (SSD Team) Accessing Secure Information using Export file Fraudulence 6/16

  9. Off-card compilation Java- Class Files Application export File • Non-optimized for embedded devices Java Archive • Itemized file Byte Code Con- • Each item is an UTF8-String verter, con- #1 - Class Reference: name=#2 verter and signer #2 - UTF8 Text: fr/unilim/MyApplet #3 - UTF8 Text: process #4 - UTF8 Text: (Ljavacard/framework/APDU)V #5 - Method Reference: class=#1 signature=#6 #6 - Name/Type: name=#3 type=#4 API export Files Application Cap File 6 / 16 Guillaume Bouffard (SSD Team) Accessing Secure Information using Export file Fraudulence 6/16

  10. Off-card compilation API export Files Application export File • Class ’ item to Java Card token Java Archive • 1 export file/Java-Package Byte Code Con- • The Java Card toolchain uses the verter, con- first find, first used export file. verter and signer class_info { // javacard/framework/APDU token #10 access_flags public final name_index 172 // javacard/framework/APDU export_supers_count 1 API export Files ... Application Cap File 6 / 16 Guillaume Bouffard (SSD Team) Accessing Secure Information using Export file Fraudulence 6/16

  11. Off-card compilation Application export File Java Archive Byte Code Con- verter, con- verter and signer API export Files Application Cap File 6 / 16 Guillaume Bouffard (SSD Team) Accessing Secure Information using Export file Fraudulence 6/16

  12. Off-card compilation Program export File Application export File • Describe each public methods shared Java Archive by the built application or API. Byte Code Con- verter, con- verter and signer API export Files Application Cap File 6 / 16 Guillaume Bouffard (SSD Team) Accessing Secure Information using Export file Fraudulence 6/16

  13. Off-card compilation Program CAP File Application export File • Tokenized file Java Archive • Optimized for embedded devices Byte Code Con- verter, con- verter and signer API export Files Application Cap File 6 / 16 Guillaume Bouffard (SSD Team) Accessing Secure Information using Export file Fraudulence 6/16

  14. On-Card Linking Step Reference Location Component Import Component ... packages[0]{ // javacard.framework offset_to_byte2_indices: { version: 1.2 ... @32 ... AID: 0xA0000000620101 } } ... Method Component Constant Pool Component ... ... /*0030*/ aload_2 Token: 2 => CONSTANT_VirtualMethodRef: /*0031*/ invokevirtual 0002 external method: 0x80 , 0x12, 0x00 ... ... 7 / 16 Guillaume Bouffard (SSD Team) Accessing Secure Information using Export file Fraudulence 7/16

  15. Man-In-The-Middle • Attacks aims to: ◦ Abuse the Off-card Java Card toolchain; ◦ Link a malicious library instead of the legitimate one. • Hypothesis: ◦ The Java Card Export folder can be corrupted; ◦ The Smart Card’s loading keys are known. 8 / 16 Guillaume Bouffard (SSD Team) Accessing Secure Information using Export file Fraudulence 8/16

  16. Principle Applet Attacker’s applet Fake API API buildKey buildKey Key Store key Key getKeys Keys stored 9 / 16 Guillaume Bouffard (SSD Team) Accessing Secure Information using Export file Fraudulence 9/16

  17. Modus Operandi I 1. A copy of API to confuse is developed: ◦ Same classes’ prototype; ◦ Same methods’ prototype; ◦ Package’s name?/AID? 2. The developer downloaded the fake export file: ◦ The Java Card uses the first find, first used policy. 3. The Java- Class file to be converted is linked with our malicious export file 4. The Applet is linked with the malicious Java Card API. 10 / 16 Guillaume Bouffard (SSD Team) Accessing Secure Information using Export file Fraudulence 10/16

  18. Modus Operandi II Card Faulty API Java- Cap File API Conversion Faulty API Loading 1 Applet Use Same AID Fake API Fake Export Conversion Loading 2 Java- Cap Conversion Applet file Export Export Fake ... 1 2 Export 3 11 / 16 Guillaume Bouffard (SSD Team) Accessing Secure Information using Export file Fraudulence 11/16

  19. A Piece of a Java Card Crypto. Application ✞ ☎ this .desKey = (javacard.security.DESKey) javacard.security.KeyBuilder.buildKey (KeyBuilder.TYPE_DES , // key’s type KeyBuilder.LENGTH_DES , // key’s length true ); // key value is encrypted // DES Key initialization this .desKey.setKey(DES_KEY_VALUE , //PIN code init. OFFSET_DES_KEY_VALUE ); ✝ ✆ • Exploitation: ◦ Develop a fake javacard.security export file; ◦ The fragment of Crypto Application is linked with our malicious export file ◦ Problem: Can the application be correctly executed? 12 / 16 Guillaume Bouffard (SSD Team) Accessing Secure Information using Export file Fraudulence 12/16

  20. A Piece of a Java Card Crypto. Application ✞ ☎ this .desKey = (javacard.security.DESKey) javacard.security.KeyBuilder.buildKey (KeyBuilder.TYPE_DES , // key’s type KeyBuilder.LENGTH_DES , // key’s length true ); // key value is encrypted // DES Key initialization this .desKey.setKey(DES_KEY_VALUE , //PIN code init. OFFSET_DES_KEY_VALUE ); ✝ ✆ Object javacard.security malicious.API � = DESKey DESKey 12 / 16 Guillaume Bouffard (SSD Team) Accessing Secure Information using Export file Fraudulence 12/16

  21. How to Execute an Ill-Linked Applet? I Applet malicious.API.DESKey javacard.security.DESKey desKey.setKey() desKey.setKey() ok ok 13 / 16 Guillaume Bouffard (SSD Team) Accessing Secure Information using Export file Fraudulence 13/16

  22. How to Execute an Ill-Linked Applet? II ✞ ☎ public class DESKey extends malicious.API.DESKey { private javacard.security.DESKey desKey; // Default constructor MyDESKey (javacard.security.DESKey desKey) public { this .desKey = desKey; } // Implementation of the setKey function setKey( byte [] keyData , short kOff) { public void this .desKey.setKey(keyData , kOff); } // ... } ✝ ✆ 14 / 16 Guillaume Bouffard (SSD Team) Accessing Secure Information using Export file Fraudulence 14/16

  23. The End • What we did? ◦ A Man-in-the-Middle attack on Java Card was presented; ◦ The javacard.security API was exploited; • How to prevent that? ◦ Sign the export file! 15 / 16 Guillaume Bouffard (SSD Team) Accessing Secure Information using Export file Fraudulence 15/16

  24. Thank you for your attention! Do you have any questions? ? guillaume.bouffard@unilim.fr http://secinfo.msi.unilim.fr 16 / 16 Guillaume Bouffard (SSD Team) Accessing Secure Information using Export file Fraudulence 16/16

Recommend

Secure file transmission of PHI, RHI and sensitive information Background File Transfer

Secure file transmission of PHI, RHI and sensitive information Background File Transfer

Secure file transmission of PHI, RHI and sensitive information Background File Transfer Application (FTA) Web Application Use Outlook Plug In Use Workspace Use 2 Information Privacy & Security Executive Committee

318 views • 20 slides
Secure file transmission of PHI, RHI and sensitive information My work processes require use of

Secure file transmission of PHI, RHI and sensitive information My work processes require use of

Secure file transmission of PHI, RHI and sensitive information My work processes require use of the FTA plug in for Outlook. How do I obtain this? Use of the FTA Plug In requires installation on the users workstation and will

231 views • 9 slides
Secure, Managed File Transfer and Automation _ Moving

Secure, Managed File Transfer and Automation _ Moving

Secure, Managed File Transfer and Automation _ Moving Files is Business-critical Legal Documents Loan Information XML Data Files X-Rays Purchase Orders Patient Records Insurance Test Results Large

632 views • 37 slides
Benefits 2020 1 01 Accessing My HR E - File Internally at Wesco 1. Before Enrolling in

Benefits 2020 1 01 Accessing My HR E - File Internally at Wesco 1. Before Enrolling in

My E-File Tutorial: How to Enroll in Benefits How to add / change benefits elections, contacts and beneficiaries Benefits 2020 1 01 Accessing My HR E - File Internally at Wesco 1. Before Enrolling in Benefits, please ensure your

321 views • 18 slides
IP Flow Information eXport IP Flow Information eXport (IPFIX) (IPFIX)

IP Flow Information eXport IP Flow Information eXport (IPFIX) (IPFIX)

IP Flow Information eXport IP Flow Information eXport (IPFIX) (IPFIX) elisa.boschi@hitachi-eu.com {boschi, zseby, mark, hirsch}@fokus.fraunhofer.de Outline Outline IPFIX Terminology Applicability Initial Goals

212 views • 19 slides
Advanced Export Reports Trade Outreach Branch Agenda Overview of ACE Export Reports

Advanced Export Reports Trade Outreach Branch Agenda Overview of ACE Export Reports

Trade Outreach Branch Automated Commercial Environment (ACE) Advanced Export Reports Trade Outreach Branch Agenda Overview of ACE Export Reports Demonstration of: Accessing Export Reports Creating an Ad Hoc Report Modifying

356 views • 31 slides
File Management File Management File is a named collection of information The file

File Management File Management File is a named collection of information The file

File Management File Management File is a named collection of information The file manager administers the collection by: Storing the information a device Mapping the block storage to the logical view

461 views • 28 slides
K Pre-Post Cloud Tutorial for accessing the K Global File Storage RIKEN R-CCS JULY 2, 2018

K Pre-Post Cloud Tutorial for accessing the K Global File Storage RIKEN R-CCS JULY 2, 2018

K Pre-Post Cloud Tutorial for accessing the K Global File Storage RIKEN R-CCS JULY 2, 2018 Access the GFS using SFTP (1/2) Users can access the K global file storage (GFS) via GFS-GW (GFS-gateway). In this slide, we explain a way to

51 views • 4 slides
Distributed File Systems Accessing files FTP, telnet Explicit access User-directed

Distributed File Systems Accessing files FTP, telnet Explicit access User-directed

Distributed File Systems Accessing files FTP, telnet Explicit access User-directed connection to access remote resources We want more transparency Allow user to access remote resources just as local ones Focus on file system for

1k views • 66 slides
Box Overview Box Enables Secure File Sync and Sharing from Any Device Intuitive end-user web,

Box Overview Box Enables Secure File Sync and Sharing from Any Device Intuitive end-user web,

Box Overview Box Enables Secure File Sync and Sharing from Any Device Intuitive end-user web, Box natively previews desktop and mobile apps 120+ file types Comprehensive security controls by user, content, device Not familiar with Box? 57K

580 views • 34 slides
Secure Information Exchange for Secure Information Exchange for Omniscience Omniscience Chung

Secure Information Exchange for Secure Information Exchange for Omniscience Omniscience Chung

Secure Information Exchange for Secure Information Exchange for Omniscience Omniscience Chung Chan (CityU) Joint work with Navin Kashyap (IISc), Praneeth Kumar Vippathalla, (IISc) and Qiaoqiao Zhou (CUHK) Audio slides:

443 views • 17 slides
Archive Large File ile Sets to Mic icrosoft Azure Quickly and Seamlessly DefendX.com Secure

Archive Large File ile Sets to Mic icrosoft Azure Quickly and Seamlessly DefendX.com Secure

Archive Large File ile Sets to Mic icrosoft Azure Quickly and Seamlessly DefendX.com Secure File Management Doc#DFXS1197EF The Value of Archiving to Cloud Primary Storage Files Stubs 100Mb connection Files 80TB: ~90 days 1PB: ~3

420 views • 10 slides
Derived Virtual Devices: A Secure Distributed File System Mechanism Rodney Van Meter, Steve Hotz

Derived Virtual Devices: A Secure Distributed File System Mechanism Rodney Van Meter, Steve Hotz

Derived Virtual Devices: A Secure Distributed File System Mechanism Rodney Van Meter, Steve Hotz and Gregory Finn USC/Information Sciences Institute {rdv,hotz,finn}@isi.edu Fifth NASA Goddard Space Flight Center Conference on Mass Storage

339 views • 16 slides
File Systems: Semantics & Structure What is a File a file is a named collection of

File Systems: Semantics & Structure What is a File a file is a named collection of

5/16/2018 File Systems: Semantics & Structure What is a File a file is a named collection of information 11A. File Semantics primary roles of file system: 11B. Namespace Semantics to store and retrieve data 11C. File

373 views • 13 slides
File Systems: Semantics & Structure What is a File a file is a named collection of

File Systems: Semantics & Structure What is a File a file is a named collection of

5/15/2017 File Systems: Semantics & Structure What is a File a file is a named collection of information 11A. File Semantics primary roles of file system: 11B. Namespace Semantics to store and retrieve data 11C. File

352 views • 16 slides
File Systems Chi Zhang czhang@cs.fiu.edu 1 File Attributes Name only information kept

File Systems Chi Zhang czhang@cs.fiu.edu 1 File Attributes Name only information kept

COP 4225 Advanced Unix Programming File Systems Chi Zhang czhang@cs.fiu.edu 1 File Attributes Name only information kept in human-readable form. Type Extension-based Magic numbers stored at the beginning of a file (Unix)

251 views • 23 slides
EPA Hazardous Waste Exports Pilot Filing Information as of January 2017 Pilot Status Export Pilot

EPA Hazardous Waste Exports Pilot Filing Information as of January 2017 Pilot Status Export Pilot

EPA Hazardous Waste Exports Pilot Filing Information as of January 2017 Pilot Status Export Pilot Status Hazardous Waste OPEN all ports, no pilot call needed but can be done on request. BEFORE you file Test! Make sure you can pass the

148 views • 11 slides
(Secure File Transfer Protocol) Demo/Training July 2014 GDOT SFTP Replaces existing GDOT

(Secure File Transfer Protocol) Demo/Training July 2014 GDOT SFTP Replaces existing GDOT

GDOT SFTP (Secure File Transfer Protocol) Demo/Training July 2014 GDOT SFTP Replaces existing GDOT File Exchange System More user friendly and less complicated Uses same GADOT Username and Password that you use for GDOT File

657 views • 12 slides
Linux File Permissions Engineering Secure Software Last Revised: August 26, 2020 SWEN-331:

Linux File Permissions Engineering Secure Software Last Revised: August 26, 2020 SWEN-331:

Linux File Permissions Engineering Secure Software Last Revised: August 26, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Review: Principle of Least Privilege Every user, thread, process, module needs permissions to run

459 views • 29 slides
YFS 1.0 is the next generation distributed file system for secure private, public and hybrid

YFS 1.0 is the next generation distributed file system for secure private, public and hybrid

YFS 1.0 is the next generation distributed file system for secure private, public and hybrid cloud storage deployments. YFS 1.0 is not a hardware appliance. Backward compatible with IBM AFS 3.6 and OpenAFS. No flag day required

359 views • 16 slides
www.inforsense.com Outline Part I Import & Export Import data from different data

www.inforsense.com Outline Part I Import & Export Import data from different data

www.inforsense.com Outline Part I Import & Export Import data from different data sources and file types Query from a relational database Export data to different locations Part II Pre-processing Description of

937 views • 59 slides
How to export Image and Animation 1. When we finished our design, we need export it. Sometimes we

How to export Image and Animation 1. When we finished our design, we need export it. Sometimes we

How to export Image and Animation 1. When we finished our design, we need export it. Sometimes we need export a picture, sometimes we need export to video, GIF or SWF, sometimes we need the transparent background, sometimes we dont. So, we

207 views • 3 slides
File Syst ems Last t ime we t alked about disk int ernals 11: File Syst em Basics Despit

File Syst ems Last t ime we t alked about disk int ernals 11: File Syst em Basics Despit

File Syst ems Last t ime we t alked about disk int ernals 11: File Syst em Basics Despit e complex int ernals, disks export a simple array of sect ors Last Modif ied: How do we go f rom t hat t o a f ile syst em? 6/ 15/ 2004

356 views • 6 slides
~FILE SYSTEM~ SUNU WIBIRAMA OUTLINE FILE SYSTEM ACCESS METHODS DIRECTORY STRUCTURE FILE

~FILE SYSTEM~ SUNU WIBIRAMA OUTLINE FILE SYSTEM ACCESS METHODS DIRECTORY STRUCTURE FILE

~FILE SYSTEM~ SUNU WIBIRAMA OUTLINE FILE SYSTEM ACCESS METHODS DIRECTORY STRUCTURE FILE SYSTEM MOUNTING PROTECTION EXTERNAL VIEW OF THE FILE MANAGER FILE MANAGEMENT FILE, IS A NAMED AND ORDERED COLLECTION OF INFORMATION COMPUTER SHOULD

341 views • 33 slides

More recommend