Java Card 101 - Black Hat USABruce Potter [email protected] Senior Security Consultant Cigital, Inc.
Download ReportTranscript Java Card 101 - Black Hat USABruce Potter [email protected] Senior Security Consultant Cigital, Inc.
Java Card 101 - Black Hat USA 2003 Bruce Potter [email protected] Senior Security Consultant Cigital, Inc. Who Am I and Why Care About this Talk? 3 years of Java Card security experience Other security foo Senior Security Consultant at Cigital Founder of The Shmoo Group Smart cards gaining traction… finally. Post 9/11 security concerns US Gov’t deploying 11k smart cards a day Java card puts smart card tech within reach Last talk before heavy drinking Hopefully a good segue Broad coverage of Smart Cards security and Java Card Technology November 6, 2015 2 What is a Smart Card Originally, there were mag stripes cards Predefined card shape, strength, etc Information encoded on a magnetic stripe on card You’ve seen a credit card, right? Easily copied Data is static Physical and electronic characteristics defined by ISO7816 Same form factor as mag stripe Now, “punch outs” for phone like applications Many other specifications.. EMV talks about financial trans Integrated Circuit Card (embedded microprocessor) Not a memory card! November 6, 2015 3 What is a Smart Card Receives clock and power from external source Never trust your environment Contact and contact-less Three types of memory ROM (64KB-ish) EEPROM (32KB-ish) RAM (8KB-ish) Used to be much less memory But we’ll never need more than 640KB November 6, 2015 4 Talking to a Smart Card - Entities Terminal Contains off-card application Card is useless without something to interact with it Reader Physically interface with card “smart” and “dumb” readers Sometimes contained within the terminal Card Surprise! Application Creator Card Issuer November 6, 2015 5 Uses of Smart Cards Stored Value It’s money in there, ma… Wallet Applet Cuz carrying your regular wallet is hard Loyalty Applications Keeping track of your airline miles Identity Access Control Secure storage All of the above? November 6, 2015 6 Talking to a Smart Card - Conversation Command - Response based I ask, you tell… no independent thought Application Protocol Data Unit (APDU) Basic building block of a conversation ISO 7816-4 There’s lower level (encoding) specs too… T=0 - byte oriented (real simple) T=1 - block oriented (no so simple) Answer to Reset (ATR) On power-on, card tells about protocol and other low-level comms parameters November 6, 2015 7 Command APDU CLA - Class of the APDU INS - Particular instruction within the class P1, P2 - Parameters (case 1 ends here) Lc - # of bytes of data (case 3 and case 4) Data - as you would expect Le - # of byes expected (case 2 and 4) November 6, 2015 8 Response APDU Data - Sent if Le was set in command APDU SW - Status word. Like an exit code, but with more info (2 bytes) November 6, 2015 9 Attacks Against Smart Cards First off… just because you use smart cards doesn’t make you secure Just like using SSL, etc… Glitching Pulling power at appropriate times Under/over clocking Under/over volting Differential power analysis Kocher et al - http://www.cryptography.com/ Watching the power draw over repeated cryptographic operations Performing differential cryptanalysis November 6, 2015 10 Attacks Against Smart Cards Ross Andersen’s work - http://www.cl.cam.ac.uk/users/rja14/ Low budget but sophisticated attacks Inducing errors with a lightbulb! Using laser cutters and microprobes to change data within card Shaving the ICC Yes Virginia, there are physical changes to registers Able to see 1’s and 0’s in memory Vendor Response? Make ICC’s more complicated Multi-dimensional tangle of circuits Still, with time and tools, ICC can be mapped Difficult to interact with ICC November 6, 2015 11 Attacks Against Smart Cards Systems The card may not be the weak point Reverse-engineering *gasp* really lame protocols Watch yourself…. DMCA is being used as a hammer By-passing smart card system Some systems use mag-stripes as backups Much easier to dupilicate November 6, 2015 12 Java Card So, you still want to deploy them? Back in the day, cards were made from a mask that contained the program Cards were single vendor and fixed applications Application mistake in the mask meant reissuance More advanced operating systems now allow for applications to be added post-fabrication Lots can be done with multi-application, dynamic cards Sounds like a good place for Java, eh? A really, really, really stripped down version of Java Applets need to be compiled to a few KB of bytecode Smaller than J2ME November 6, 2015 13 New uses for Smart Cards Thanks to JC Smaller, custom deployments for Access Control and Identification Cheaper, large scale deployments Buy a vendors Java Card implementation All you need to do is write some card code, terminal code, and backend code Spoofing for other Smart Card systems If you know the APDU’s and transaction structure for another system (say stored value), write an applet to subvert terminal Nice hacking too, eh? November 6, 2015 14 Java Card API Java.lang - a subset of the java language Objects No double, long, chars Exceptions Javacard.framework - classes for the core functionality of an applet APDU PIN JCSystem Javacard.security - Security Classes Keys Random Data Javacardx.crypto - mad crypto foo November 6, 2015 15 Java Card Virtual Machine Actually split into two parts Off card Converter (yes.. Part of the VM is off card) Performs security checks Creates optimized bytecode Initializes static variables Creates class datastructures Final Result: CAP file… like a shrunken JAR file On card installer On card interpreter For execution, bytecode is interpreted by on-card VM Handles memory allocation and very limited garbage collection November 6, 2015 16 Java Card Virtual Machine November 6, 2015 17 Java Card Runtime Environment Think of it as “the OS” Lifetime of JCRE is lifetime of card A bit non-intuitive… unlike Java on a PC Instantiation of an applet usually only happens once Applet and Runtime remain between card resets Subset of the JRE Focused on things that matter to card in hostile environment Protects applets from each other and the world November 6, 2015 18 Java Card Runtime Environment Command Processing APDU dispatch to the applet’s process() method Handling of Transient objects Allows objects to be created and used in RAM for security and performance Transactions and atomicity Any single field write is made atomic by JCRE Futher, JCRE provides for safety within transactions boundaries Interrupting a transaction can be profitable if not properly handled November 6, 2015 19 Java Card Runtime Environment Applet isolation via applet firewall Unlike standard java, applets cannot invoke other applet’s methods Each applet in a package (basically a CAP file in JC case) runs in its own context Applet firewall forces applets to explicitly share interfaces to allow external access Exception Handling Key for a safe and secure application, card, and system November 6, 2015 20 Java Card Security Architecture Type-safety Most important verification done off-card Byte code verified during compile Checks for language violation No bad datatypes, no threatds Once code on the card, most of the checks are runtime issues During the interim period, code (and ergo the cards, ultimately) are vulnerable Malicious bytecode a real problem Needs extra juice Applet firewall prevents silliness If properly implemented, remarkably effective November 6, 2015 21 Controlling Code So… it’s good that anyone can load an applet, right? Situation: Credit Card Vendor gives you a smart card which allows post-issuance applet loading Wallet applet Loyalty program Attack: Malicious applet loaded on card to attack other applets Attack: Malicious terminal terminates wallet applet Attack: Legit terminal tries to load code on card… code changed in transit Need a higher level controls to limit post-issuance code loading Also, due to off card validation, need some code signing mechanism to verify that code can be trusted November 6, 2015 22 Controlling Code Enter Global Platform (from Visa originally) APDU MAC’ing Cryptographically signed CAP file Authentication process for loading and installing code If multi-application, multi-vendor smart cards ever take off in the consumer financial industry.. They’ll use GP November 6, 2015 23 Issuing Smart Cards Pre-issuance - card assumed physically secure Post-issuance - Wild Wild West Card needs to protect itself No native methods may be declared Direct interaction with ICC would compromise all Java card security - no verification mechanism November 6, 2015 24 Important Methods Skipping a complete sample applet… install() Called when card installer wants to install a new Applet Instantiates applet (basically like regular Java) public static void install ( byte[] bArray, short bOffset, byte bLength) { new myApplet(null); } Note: myApplet must call register() so the JCRE knows the new applet has been instantiated November 6, 2015 25 Important Methods select() When an off card entity wants to use an applet, it must be selected first Upon reception of SELECT APDU, JCRE calls applets select() method Applet verifies it is selectable and gets ready to receive more commands deselect() When another applet is selected, previous JCRE calls deselect() on previous applet first JCRE will not allow previous applet to block and stop deselection No DoS for you! November 6, 2015 26 Important Methods process() The real meat of the thing When an APDU is received and the applet is selected, its process method is called by the JCRE and the passes it an APDU object. Now you can parse the APDU, do what you need to do with it and then respond. November 6, 2015 27 Example Execution # power on card and select AID 1 2 3 4 5 6 7 8 poweron: card turned on; connection establish sendraw: transmitting (raw) (13): 0x80 0x50 0x00 0x00 0x08 0x01 0x02 0x03 0x04 0x05 0x06 0x07 0x08 sendraw: receiving: (2): 0x61 0x1c # there are 27 bytes of data to get. Get them. sendraw: transmitting (raw) (5): 0x00 0xc0 0x00 0x00 0x1c sendraw: receiving: (30): 0x00 0x00 0x02 0x80 0x00 0x00 0x29 0x31 0x00 0xa7 0x0d 0x01 0x59 0x11 0xfe 0x51 0x49 0x45 0x4e 0x09 0x19 0x35 0xec 0x2c 0x5a 0x8e 0xe0 0xb4 0x90 0x00 November 6, 2015 28 Secure Coding Guidelines A bad applet can destroy the system Use some manner of code signing… home brewed or otherwise Barring that, verify chain of custody of code before installing Velocity Checking Note: Not like typical Velocity checking On a smart card, time has no meaning Any sensitive activity should only be allowed a reasonable number of times… then lock/terminate Don’t forget harvesting “random” data Only share what you need to Watch out for transitivity issues with Shared Interface Objects November 6, 2015 29 Secure Coding Guidelines Proper exception handling Hacking a smart card may rely on making bad things happen Detect, throw, protect Use transient data where needed. Use transactions where needed When updating sensitive information, wrap in a transaction boundary Check commit capacity first JCSystem.beginTransaction(); JCSystem.endTransaction(); Don’t forget to abortTransaction() if things go wrong November 6, 2015 30 Secure Coding Guidelines Remember things are smaller on smart cards Int may not be supported Keep your code tight When designing your protocol… think like an attacker Both terminal and card can be forged How does a fake terminal effect the card Vice-versa A simple Command-ACK protocol will likely be subverted Cryptographically sign sensitive operations Lots of prior art here See resent Blackboard ID hack http://features.slashdot.org/article.pl?sid=03/04/14/1846 250 November 6, 2015 31 Extra bits MUSCLE Project Movement for Use of Smart Cards in Linux Environments www.linuxnet.com PC/SC Daemon Lots of reader drivers Sun’s stuff http://java.sun.com/products/javacard/ “Java Card Technology for Smart Cards” - Zhiqun Chen November 6, 2015 32 Card Vendors Oberthur - http://www.oberthurcs.com/ Gemplus - http://www.gemplus.com/ Low priced development kits with reader/cards Schlumberger - http://www.smartcards.net $50 readers / $12 a card Cards with USB logic imbedded in card November 6, 2015 33 Questions? Buy some books! November 6, 2015 34