Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Keep Your Enemies Close: Distance Bounding Against Smartcard

advertisement 
Keep Your Enemies Close:
Distance Bounding Against Smartcard Relay Attacks
Authors: Saar Drimer and Steven J. Murdoch
Presented in: Usenix Security Symposium 2007
Kishore Padma Raju
Today’s Talk
•
•
•
•
Smart Card
Relay Attacks
Defenses
Distance Bounding
Smart Card
• Sheet of plastic
– integrated circuit(microcontroller)
– Eight contact pads
•
•
•
•
•
Ground
Power
Reset
Clock
Bidirectional I/O signal
Payment system
is fully deployed in the UK since 2006, with banks making
grand claims of security
uses the EMV (Europay MasterCard Visa) protocol
1066 requires a correct 4 digit PIN input for authorizing
transactions
uses RSA for Static Data Authentication (SDA)
Payment Environment
• Four parties
– Cardholder
– merchant: control the payment terminal
– Issuer bank
• Contractual relation with cardholder
– Acquirer bank
• Contractual relation with merchant
A simplified smartcard transaction
Authentication
• Dynamic data authentication
– Merchant
• Verify signature with public key
• Static data authentication
– Merchant are not trusted
• Data is static
• Authorization is done online
RELAY ATTACK
IMPLEMENTATION
• Counterfeit Terminal
– Chip and pin terminals($10)
– Xilinx Spartan($200)
– USB GemPC twin reader($40)
IMPLEMENTATION
• Counterfeit Card
– Ground down the chip to card’s pad
– Maxim 1740/1 transistor($2)
• Controlling software
– Software developed in python
$500 worth of off-the-shelf
hardware, two laptops and moderate
engineering skill is all it takes.
Results
• VASCO Chip authentication program(CAP)
• Merchant in UK
Previously proposed defenses
Tamper resistant terminals
Protects banks by erasing keys upon tampering,
cardholders aren’t trained to tell the difference
Impose timing constraints on terminal-card interaction
A good start, but short timing advantages translate
into long distances; most interactions are predictable
Distance Bounding
• Parameters
– Prover P(Smart card)
– Verifier V(terminal)
Distance Bounding
Distance Bounding–initialization phase
Used Hancke-Kuhn
N(v) and N(p) provide freshness to the transaction and
prevent from replay attacks
Distance Bounding
– MACs are computed under shared key
– verifier loads a shift register with random bits
– prover splits MAC into two shift registers
Distance Bounding – bit exchange
phase
Timing critical phase:
– single bit challenge-response pairs are exchanged
– response bit is the next bit from the shift register corresponding to the
challenge bit’s content
– response bit is deleted at prover and stored at verifier
Distance Bounding – Verify Phase
The verifier checks that the responses are correct and
concludes, based on its timing settings, the maximum
distance the prover is away
Experimental Setup
Example of Rapid Bit-exchange phase
A
challenger 1010
Register0
Register1
Response
3 8 F 6 D 7 5
0011 1000 1111 0110 1101 0111 0101
x0x0 11xx x011 xxxx 0xx1 xx1x 1xxx 1x0x
1x0x xx10 1xxx 0001 x10x 01x0 x111 x1x0
1000 1110 1011 0001 0101 0110 1111 1100
8
E
B
1
5
6
F
C
A single bit-pair exchange:
challenge=1, response=0
Waveform
Possible attacks on distance bounding
• Guessing attack
–
–
–
–
Initiate bit-exchange phase
50% of challenges and 50% of responses
Totally 75% success
Probability (3/4)^64 using 64 bits
• Replay
– Revealing both response registers by running the
protocol twice
• Delay line manipulation
– Manipulate delay lines to expose both registers’ state
Future work
Working towars providing
secure distance bounding
protection for RFID.
STRENGTHS
• Low Cost
• Robust
Weakness
• Gave idea to attack their system
Related documents
IRJET- Object Detection and Recognition using Single Shot Multi-Box Detector
IRJET- Object Detection and Recognition using Single Shot Multi-Box Detector
Collision Detection & Acceleration Structures
Collision Detection & Acceleration Structures
Hand Detection using Multiple Proposals
Hand Detection using Multiple Proposals
slides
slides
IRJET-Weakly Supervised Object Detection by using Fast R-CNN
IRJET-Weakly Supervised Object Detection by using Fast R-CNN
Computational Geometry - ETH - D-INFK
Computational Geometry - ETH - D-INFK
Chapter 11 HW
Chapter 11 HW
www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242
www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242
Bounding Volume Hierarchies
Bounding Volume Hierarchies
Regionlets for Generic Object Detection
Regionlets for Generic Object Detection
Scalable upper bounding models for wireless networks Please share
Scalable upper bounding models for wireless networks Please share
A Verifiable Secret-Sharing and Distance
A Verifiable Secret-Sharing and Distance
Minimum Bounding Box
Minimum Bounding Box
Equivalent models for multi-terminal channels Please share
Equivalent models for multi-terminal channels Please share
Fast concurrent object localization and recognition Please share
Fast concurrent object localization and recognition Please share
Lecture Notes
Lecture Notes
www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242
www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242
Detecting partially occluded objects in images Samarth Manoj Brahmbhatt
Detecting partially occluded objects in images Samarth Manoj Brahmbhatt
Robust Object Co-Detection Xin Guo , Dong Liu , Brendan Jou
Robust Object Co-Detection Xin Guo , Dong Liu , Brendan Jou
Geometry Module Design and Implementation
Geometry Module Design and Implementation
Crowdsourcing Annotations for Visual Object Detection Computer Science Department, Stanford University Abstract
Crowdsourcing Annotations for Visual Object Detection Computer Science Department, Stanford University Abstract
MILCut: A Sweeping Line Multiple Instance Learning Paradigm for
MILCut: A Sweeping Line Multiple Instance Learning Paradigm for
Download
advertisement