Secure Hardware

1
Secure Hardware smart cards

• Main Topics
• why do we need it?
• Secure Requirements
• Application Market (One card can do everything)
• how does it work?
• Architecture
• Tamper Resistant Mechanism and Possible Attacks
• OS, application
• how to use it?
• Shared Key
• Public Key
• Encryption
• Java Card
• Multi-Application Card
• High-end crypto-processor will not be covered
  here
• Presented by Zhenxun Xiao

2
What is smart card

• A typical smart card is a credit-card size
  embedded system containing an 8-bit
  microprocessor or up to 32 bits processor, ROM to
  hold programs such as card operating system and
  immutable data, EEPROM to hold customer-specific
  data such as user name, secret keys as well as
  account numbers, RAM to hold transient data
  during computation and serial I/O, USB or PCMCIA
  to communicate with the host computer through
  card readers.

3
What are inside a smart card?

• Components inside a smart card
• Power, Ground, Reset, Clock and I/O are the
  inputs of a smart card
• Battery memory is possible

4
What are the advantages?

• Tamper-resistant
• stored data in smart card can be protected
  against unauthorized access
• Loose coupling to host
• Especially attractive for use as secret key
  storage when hosts cannot be trusted to
  themselves to store secrets keys
• Low cost
• Portability

5
What are the disadvantages?

• Low performance
• Slow processor
• Slow I/O channel
• Small memory (ROM, EEPROM and RAM)
• Unsuitable for computation-intensive task
  (cryptography)
• Executable code size is strictly limited, hence
  OS, security algorithms and protocols should be
  simplified
• New technologies may improve the performance
• Interoperation and standardization is relatively
  difficult
• Card specific attacks (invasive or non-invasive)
• Invalid card holder
• PIN smart card
• Biometric smart card

6
Why do we need it (1)?

• Secure Technique Point Of View
• Keys stored on hard disk or in memory are
  vulnerable
• Hard disks are not secure
• Adversary with administrative rights can access
  keys
• Data in a hard disk may be backed up in a storage
  device without protection
• Memory is not secure
• attacker can scan the whole memory
• Memory pages can be paged out to a hard disk
• Smart card is the real secure place for secret
  information

7
Why do we need it (2)?

• Secure Technique Point Of View
• Password based system (Kerberos) suffers from
  dictionary attack
• Create a list of words, names
• Derive keys from the words in the list
• Obtain a ltplaintext, ciphertextgt pair
• Decrypt ciphertext with the derived key
• Smart card is able to store long random key
  (password) in advance and provides it as login in

8
Why do we need it (3)?

• Application Point Of View
• Internet and electronic business prompts the
  distribution of smart card
• Platform (Hardware and OS) independent
  programming language (Java) matches the
  portability of smart card
• Multi-application cards make one card be able to
  do everything You do not need carry student ID,
  driver ID, credit card, ATM card, medical card
  and etc
• Potential market profits

9
Why do we need it (4)?

• Market trends

10
Basic Principle of Smart Card

1. Smart cards are tamper resistant and secret
   information can be stored inside safely even
   other hardware or software are comprised e.g.
   host OS and application
2. Place in smart card the secret components which
   are accessible only to smart card(Never leave
   smart card) such as private key, shared key, user
   name and account
3. Implement hash function, encryption algorithms
   (for RSA, DES and etc) to support authentication,
   digital signature and encryption in smart card
4. Simple OS support(I/O, stripped HTTP / TCP/IP
   stack)
5. Applications such as Java applet in Java card are
   built on OS and Secure modular.
6. Necessary communication protocol between card
   terminal (card reader) and smart card is
   constructed
7. Integrate the above as a whole to the entire
   system

11
Example 1 Smart Card Kerberos (1)

• Kerberos is a shared key secure system
• Authentication Service Exchange to obtain TGT
• Client ? AS or KDC IDc ID tgs TS1
• AS ?Client E(Kc) Kc, tgs IDtgs TS2
  Lifttime2 Tickettgs
• Ticket-Granting Service Exchange to obtain SGT
• Client ? TGS IDv Tickettgs
  Authnticatorc
• TGS ? Client E(Kc,tgs) IDv TS4
  Ticketv
• Tickettgs E(Ktgs) Kc,tgs IDc
  IDtgs
• Ticketv E(Kv) Kc,v
• Authenticatorc E(Kc,tgs) IDc ADc
  TS3
• Client-Server Authentication Exchange
• Client ? V Ticketv

12
Example 1 Smart Card Kerberos (2)

• A key in a workstation can be vulnerable
• A user chosen password is prone to attack

13
Example 1 Smart Card Kerberos (3)

• A randomly generated bits as password is stored
  in smart card

14
Example 2 Smart Card PKI (1)

• Private Key is stored in smart card to generate
  certificate
• Netscape Communicator support RSA for smart card
• Access protected data (e.g. corporate network)
  from anywhere (exploit portability of smart card)
• Host can also authenticate smart card by sending
  a challenge to smart card through card terminal
  and use the public key to decrypt the received
  response from smart card
• PKCS11 is a standard for this case

15
Example 3 Smart Card Cryptography (1)

• Smart card has slow CPU and slow I/O channel,
  hence it is not suitable for encrypting large
  plaintext and then decrypting by using a general
  cryptography algorithm in real time environment.
• (3)DES, RSA, MD5 are implemented mainly for
  authentication and digital signature (Many smart
  cards even do not support these either)
• Possible solutions
• Major cryptography task can be performed at host
  side, smart card only performance a minor
  cryptography task for each large message
• New efficient block ciphers take in place

16
Example 3 Smart Card Cryptography (2)

• Remotely Keyed Encryption Protocol (RKEP)
• Move major task to host
• Host and card share encryption algorithm (e.g.
  DES)
• For each data block, card encrypt/decrypt fixed
  length data which are deducted from the original
  variant length data by using the secret key
  stored in card and as a result generate a
  per-block key to host
• Host perform encryption/decryption on the full
  length data by using the per-block key
• Smart card MUST be present while
  encrypting/decrypting

17
Example 3 Smart Card Cryptography (3)

• Remotely Keyed Encryption Protocol (RKEP)

18
Example 3 Smart Card Cryptography (4)

• Remotely Keyed Encryption Protocol (RKEP)

19
Example 3 Smart Card Cryptography (5)

• Efficient Block Ciphers for Smart Cards
• Similar principle to DES (hide characteristics of
  plaintext), but simpler, reducing computation and
  saving memory
• Special design to resist card specific attacks
• Is it more vulnerable than DES from protocol or
  mathematics point of view? (I do not know now)
• The round transformation based on round key
• Diffusion step (Matrix Multiplication,
  Coefficients are selected carefully, use shifting
  and addition)
• dispersion step (Individual Byte, shifting rows)
• nonlinear step (Individual Byte, table lookup)
• round key addition (Individual Byte, XOR)

20
Example 4 Smart Card CFS

• Use smart card to generate per-file secret key
  for cryptography file system
• Smart card stores the user key
• Leverage efficient cryptography algorithm (e.g.
  RKEP as above) to encrypt or decrypt files
• Smart card must be present while acting

21
Example 5 Smart Card Session Key

• Smart card can store the session key obtained
  after authentication
• Leverage efficient cryptography algorithm (RKEP
  as above) to encrypt or decrypt messages from
  host
• The secret key used inside smart card in Slide17
  18 is session key exchanged after authenticating
  process in PKI or shared key infrastructure
• The partner host on the other end should support
  the same cryptography algorithms, hence making
  some changes to the secure infrastructure
• Is this right?

22
Example 6 Java Card

• Java byte codes can reside in smart cards and
  perform predetermined tasks
• A simple Java Virtual Machine is support in smart
  card
• Simple HTTP/TCP/IP stack is support
• Smart card is a server responding to requests
  from hosts
• Possible small databases like medical records,
  financial information exists in smart cards
• Easy to standardize, program and develop
• How to make it secure then?

23
Example 7 Multi-Application Smart Card

• One card can have multi-application for multiple
  purpose one card is enough?
• Card issuer has full control of the card and can
  add other applications from card service
  providers to smart card
• Download Java Applets to smart card
• How to shared codes and how to make applications
  be secure to one another?

24
Tamper Resistant Principle (1)

• Tamper Resistant hardware is NOT absolutely safe
  and various tampering techniques exist
• Micro-probing access chip surface directly, thus
  opponents can observe, manipulate, interfere with
  the integrated circuit
• Eavesdropping monitor the analog characteristics
  of all supply and interface connections and other
  electromagnetic radiation produced by the
  processor during normal operation
• Fault generation use abnormal environmental
  conditions to generate malfunctions in the
  processor that provide additional access
• Software Attacks employs the normal communication
  interface of the processor and exploit security
  vulnerabilities in the protocols, cryptographic
  algorithms or their implementation.

25
Tamper Resistant Principle (2)

• Micro-probing
• Invasive attack, the card is damaged but provide
  useful information for non-invasive attacks such
  as eavesdropping, Fault generation
• Probing workstation or manually
• Unpack smart cards and reconstruction layout of
  IC (ALU, instruction decoder, EEPROM ROM
  memory cells)
• Memory Read-out, observe the entire bus to
  discover the values in memory
• Non-invasive attacks (Eavesdropping, Fault
  Generation, Software)
• Every transistor and interconnection have a
  capacitance and resistance, certain temperature,
  power supply voltage,
• Circuit current change, signal propagation delays

26
Tamper Resistant Principle (3)

• Glitch Attacks
• Deliberately generate a malfunction that causes
  one or more flipflop to adopt the wrong state,
  hence replace one instruction with another,
  affect conditional jumps, test instruction, loop
  counter
• Clock-signal glitches, increase clock frequency
  for one or more half cycles
• Current Analysis
• Different operations generate different currents,
  conditional branch instruction is different from
  arithmetic instructions
• Same operations under different input values
  generate different currents, e.g. instruction
  decoder for different instruction, ALU for
  different input value

27
Tamper Resistant Principle (4)

• Countermeasures
• Sensor to sense unpacking or other examinations,
  erase all secret data automatically
• Make IC more complex to be be reconstructed
• High-frequency detectors low frequency sensor
• Randomized Clock Signal by inserting random
  delays at clock level, unable to predict the time
  at which a certain instruction is executed
• Randomized Multithreading, introduce
  non-determinism into the execution of algorithms,
  multiple copies of all registers for switch
  between threads
• Restricted Program Counter
• Carefully design algorithms (Efficient Block
  Cipher), CPU time and power consumption are
  independent of cipher key and plaintext

28
OS support for smart cards (1)

• OS support
• SCFS (Smart Card File System), Smart Card is
  considered as a directory of a host OS
• Window card By Microsoft
• 3com PalmOS
• MultOS for multi-application
• Java Virtual Machine By Sun
• Friendly development environment (Compiling and
  Loading) at hosts

29
OS support for smart cards (2)

• SCFS (Smart Card File System)

30
Smart Card Standardization (1)

• ISO7816 (1,2,3,4,5,6)
• Open Card Framework OCF1.2
• Java Card 2.0 Specification by sun
• PKCS11 for PKI

31
Smart Card Standardization (2)

• ISO7816
• 1 to 3 Physical Properties dimension ,
  mechanical stress, power, resistant to static
  electronic and radiation, electronic signal and
  transmission protocol
• 4 a set of commands across all industries to
  provide access, security and transmission of card
  data, e.g. commands to read, write and update
  records

32
Smart Card Standardization (3)

• OpenCard Framework
• functions and roles of smart cards can vary
  widely by service
• OpenCard Framework (OCF) separates terminal
  software into terminal specific components and
  card specific components, thus making it possible
  to add or remove components on demand
• application developer simply uses the APIs
  provided by CardService, enabling the application
  to be shared across multiple platforms that
  support OCF