smartcard protocol sniffing
play

Smartcard protocol sniffing Introduction to the theoretical and - PowerPoint PPT Presentation

Introduction Logging the communication Re-engineering the protocol Creating a simulacrum Smartcard protocol sniffing Introduction to the theoretical and practical issues involved in cloning/simulating existing smartcards Bernd Fix,


  1. Introduction Logging the communication Re-engineering the protocol Creating a simulacrum Smartcard protocol sniffing Introduction to the theoretical and practical issues involved in cloning/simulating existing smartcards Bernd Fix, Marc-André Beck Bernd Fix, Marc-André Beck Smartcard protocol sniffing

  2. Introduction Logging the communication Re-engineering the protocol Creating a simulacrum Outline Introduction 1 Recap of last years lecture about the swiss Postcard This talk is about What is a smartcard? Everyone can build its own Logging the communication 2 Hardware-based logging RFID Relay / Logging Agent Software-based logging Comparison between methods Re-engineering the protocol 3 Principle of communication logging Hands on example Data structure for a logging application Creating a simulacrum 4 Bernd Fix, Marc-André Beck Smartcard protocol sniffing

  3. Introduction Recap of last years lecture about the swiss Postcard Logging the communication This talk is about Re-engineering the protocol What is a smartcard? Creating a simulacrum Everyone can build its own Outline Introduction 1 Recap of last years lecture about the swiss Postcard This talk is about What is a smartcard? Everyone can build its own Logging the communication 2 Hardware-based logging RFID Relay / Logging Agent Software-based logging Comparison between methods Re-engineering the protocol 3 Principle of communication logging Hands on example Data structure for a logging application Creating a simulacrum 4 Bernd Fix, Marc-André Beck Smartcard protocol sniffing

  4. Introduction Recap of last years lecture about the swiss Postcard Logging the communication This talk is about Re-engineering the protocol What is a smartcard? Creating a simulacrum Everyone can build its own Recap of last years lecture about the swiss Postcard I 1979 Start design of P IN protected memory card (Bull CP8) 1983 French banking card with 320 bit RSA authentification 1989 Introduction of french banking card ( Carte Bleue ) 1998 Serge Humpich re-engineered the Carte Bleue Bernd Fix, Marc-André Beck Smartcard protocol sniffing

  5. Introduction Recap of last years lecture about the swiss Postcard Logging the communication This talk is about Re-engineering the protocol What is a smartcard? Creating a simulacrum Everyone can build its own Recap of last years lecture about the swiss Postcard II 2002 Found that the security measures of the swiss Postcard were similar 2006 Re-checked the security measures 2006 Presentation of initial results at the 23C3: A not so smart card 2007 initiated academic response eg. http://lis.fh-aargau.ch/ecsem/ECSeminar/SS07.html low impact, small media coverage Bernd Fix, Marc-André Beck Smartcard protocol sniffing

  6. Introduction Recap of last years lecture about the swiss Postcard Logging the communication This talk is about Re-engineering the protocol What is a smartcard? Creating a simulacrum Everyone can build its own This talk is about PostFinance Flawed signatures not used in authentication scheme Goal Build a working Postcard clone based on known facts For an introduction into the design flaws take a look at postcard-sicherheit.ch Bernd Fix, Marc-André Beck Smartcard protocol sniffing

  7. Introduction Recap of last years lecture about the swiss Postcard Logging the communication This talk is about Re-engineering the protocol What is a smartcard? Creating a simulacrum Everyone can build its own This talk is about PostFinance Flawed signatures not used in authentication scheme Goal Build a working Postcard clone based on known facts For an introduction into the design flaws take a look at postcard-sicherheit.ch Bernd Fix, Marc-André Beck Smartcard protocol sniffing

  8. Introduction Recap of last years lecture about the swiss Postcard Logging the communication This talk is about Re-engineering the protocol What is a smartcard? Creating a simulacrum Everyone can build its own What is a smartcard? External clock, ground and energy source I/O (input - output), reset Microcontroller with an internal E EPROM External E EPROM Bernd Fix, Marc-André Beck Smartcard protocol sniffing

  9. Introduction Recap of last years lecture about the swiss Postcard Logging the communication This talk is about Re-engineering the protocol What is a smartcard? Creating a simulacrum Everyone can build its own What is a smartcard? External clock, ground and energy source I/O (input - output), reset Microcontroller with an internal E EPROM External E EPROM Bernd Fix, Marc-André Beck Smartcard protocol sniffing

  10. Introduction Recap of last years lecture about the swiss Postcard Logging the communication This talk is about Re-engineering the protocol What is a smartcard? Creating a simulacrum Everyone can build its own What is a smartcard? External clock, ground and energy source I/O (input - output), reset Microcontroller with an internal E EPROM External E EPROM Bernd Fix, Marc-André Beck Smartcard protocol sniffing

  11. Introduction Recap of last years lecture about the swiss Postcard Logging the communication This talk is about Re-engineering the protocol What is a smartcard? Creating a simulacrum Everyone can build its own What is a smartcard? External clock, ground and energy source I/O (input - output), reset Microcontroller with an internal E EPROM External E EPROM Bernd Fix, Marc-André Beck Smartcard protocol sniffing

  12. Introduction Recap of last years lecture about the swiss Postcard Logging the communication This talk is about Re-engineering the protocol What is a smartcard? Creating a simulacrum Everyone can build its own Everyone can build its own Comparable to an old 8bit PC (but with fewer passive elements). Bernd Fix, Marc-André Beck Smartcard protocol sniffing

  13. Introduction Hardware-based logging Logging the communication RFID Relay / Logging Agent Re-engineering the protocol Software-based logging Creating a simulacrum Comparison between methods Outline Introduction 1 Recap of last years lecture about the swiss Postcard This talk is about What is a smartcard? Everyone can build its own Logging the communication 2 Hardware-based logging RFID Relay / Logging Agent Software-based logging Comparison between methods Re-engineering the protocol 3 Principle of communication logging Hands on example Data structure for a logging application Creating a simulacrum 4 Bernd Fix, Marc-André Beck Smartcard protocol sniffing

  14. Introduction Hardware-based logging Logging the communication RFID Relay / Logging Agent Re-engineering the protocol Software-based logging Creating a simulacrum Comparison between methods Protocol is mostly known Most cards use ISO-7816 protocol to communicate with terminal ISO-7816 defines all aspects (physical/logical specs) Compatibility leads to tolerance (timing less relevant if within range) Still necessary even if protocol is published (like EMV) ? Bernd Fix, Marc-André Beck Smartcard protocol sniffing

  15. Introduction Hardware-based logging Logging the communication RFID Relay / Logging Agent Re-engineering the protocol Software-based logging Creating a simulacrum Comparison between methods Hardware-based logging PC Pro Capture the communication on physical 25132756 level (timing) MEIER MUSTER 60-134597-1 03/12 Orginal Con Not feasable outdoors Terminal Bernd Fix, Marc-André Beck Smartcard protocol sniffing

  16. Introduction Hardware-based logging Logging the communication RFID Relay / Logging Agent Re-engineering the protocol Software-based logging Creating a simulacrum Comparison between methods RFID Relay / Logging Agent RFID Pro Full processing power and PC 60-134597-1 03/12 comfort MEIER MUSTER 25132756 Original 25132756 Con No known implementation MEIER MUSTER 60-134597-1 03/12 yet Terminal Communicate with inserted card via R FID form notebook. Bernd Fix, Marc-André Beck Smartcard protocol sniffing

  17. Introduction Hardware-based logging Logging the communication RFID Relay / Logging Agent Re-engineering the protocol Software-based logging Creating a simulacrum Comparison between methods Software-based logging Clone 60-134597-1 03/12 MEIER MUSTER 25132756 Pro (Quite) easy to program and use (secrecy) Terminal Con Step-by-step approach (time consuming) PC 60-134597-1 03/12 Clone MEIER MUSTER Original 25132756 25132756 MEIER MUSTER 60-134597-1 03/12 Use programmable smartcards to capture communication. Bernd Fix, Marc-André Beck Smartcard protocol sniffing

  18. Introduction Hardware-based logging Logging the communication RFID Relay / Logging Agent Re-engineering the protocol Software-based logging Creating a simulacrum Comparison between methods Javacard / Processorcard Processorcard Javacard Pro Can be customized to any Pro No special programmer sort of communication needed Con Needs special programmer Con Can’t log direct convention (Money) or T1 Bernd Fix, Marc-André Beck Smartcard protocol sniffing

  19. Introduction Hardware-based logging Logging the communication RFID Relay / Logging Agent Re-engineering the protocol Software-based logging Creating a simulacrum Comparison between methods Comparison between methods Property HW JC PC Capture timing X T1 protocol X X Direct convention X X Indirect convention X X X Ease of use lo hi med* Secrecy lo hi hi Special hardware X X *Increase with ISO-7816/T0 library Bernd Fix, Marc-André Beck Smartcard protocol sniffing

Recommend


More recommend