HES2011 - Gabriel Gonzalez - Man In Remote PKCS11 for fun and non profit

2,194 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,194
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
76
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

HES2011 - Gabriel Gonzalez - Man In Remote PKCS11 for fun and non profit

  1. 1. Remotely Using the Spanish National Electronic ID
  2. 2. ToC• Introduction to DNIe• Man In Remote• Live Demo!• MiR Reloaded• Solution
  3. 3. Introduction• Law to promote online transactions• Administrative Tasks Online• Citizen-Friendliness #fail
  4. 4. Introduction• General Purpose Microprocessor• CriptoChip• Serial Port Communication
  5. 5. Introduction• Biometric System: Match On Card• Authentication Certificates• Non-Repudiation Certificates• Component Certificates
  6. 6. Introduction• PC / SC – Integration of SmartCards with PCs – API for Communication – Multiplataform – Functionality • Initialization • Readers Management • State • Sending/Receiving Command (APDUs)
  7. 7. Introduction• Secure Channel – UNE 14890 – APDUs are encrypted – Peers mutually authenticated • Public Key Exchange • Authentication • Channel’s Key Derivation
  8. 8. Introduction• CSP Applications – Microsoft Propossal CSP PC / SC – CryptoAPI Extensions DNIe Reader
  9. 9. Introduction• PKCS#11 – RSA standard Applications (http://www.rsa.com/rsalabs/node.asp?id=2133) – Generic API to access crypto- PKCS#11 devices – Token as access unit PC / SC – Manages Several Objects DNIe • Public, Private Keys Reader • Data & Certs
  10. 10. Introduction• Authenticating Users in Web Services – Java Applet • Intrusive method – SSL + Client Certificate • “Transparent”
  11. 11. Introduction• Java Applet – User needs to download an Applet – Annoying Security Warnings
  12. 12. IntroductionDNIe WebBrowser Web Server OCSP Init Session Get Client Cert Validate PIN Get Auth Cert Sign Msgs Validate Cert
  13. 13. Introduction• Physhical Security – Power Sensors – Glitch Detection – Passivation Layer – Clock Frequency Changes Detection – Current Changes Detection• EAL4+ Level
  14. 14. Man In Remote• Motivation• Definition• Description• Demo
  15. 15. Man In Remote• Motivation – Systems using physical devices – Duplication – Remote Authentication
  16. 16. Man In Remote• Definition Live usage of the functionalities provided by a security device when this is plugged into a different computer
  17. 17. Man In Remote Web Browser PKCS#11
  18. 18. Man In Remote WebBrowser PKCS#11 PKCS#11 PKCS#11 Tunneling MiR MiR
  19. 19. Man In Remote WebBrowser PKCS#11 PKCS#11 PKCS#11 Tunneling MiR MiR
  20. 20. Man In Remote• MiR - Attacker – Library interfacing with PKCS#11 – No Local Operations – Remote Object Interface
  21. 21. Man In Remote• MiR - Attacker 1. Data Packaging 2. Method Invokation 3. Data Unpackaging
  22. 22. Man In Remote• MiR - Victim – Client of the official PKCS#11 – Waits for Attaker’s Requests – Remote Object
  23. 23. Man In Remote• MiR - Victim 1. Data Unpacking 2. Invoking Methods from the Official PKCS#11 3. Retrieve results and pack them back
  24. 24. Man In Remote - Attacker’s SrcCK_DEFINE_FUNCTION(CK_RV,C_Initialize)(…){#ifdef _REMOTE_PKCS11_ { DataMarshalling *d = NULL; […] if (connect(client, (struct sockaddr *)&sock, sizeof(sock))== SOCKET_ERROR) {[…]} d = new DataMarshalling(client); d->setMsgType("C_Initialize"); d->packInt((char *)&a); d->sendData(); delete d; }
  25. 25. Man In Remote - Attacker’s Src#else InicializarFunciones("UsrPKCS11.dll"); rv = pFunctionList->C_Initialize(pInitArgs);#endif#ifdef _DEBUG_PKCS11_ fprintf(fout, "C_Initialize ret: %dn", rv);#endifexit: return rv;}
  26. 26. Man In Remote - Attacker’s SrcCK_DEFINE_FUNCTION(CK_RV,C_OpenSession)(){ CK_RV rv = CKR_OK; DataMarshalling *d = new DataMarshalling(client); d->setMsgType("C_OpenSession"); { /* * Open session */ unsigned int sessionId = 0; DataMarshalling *d2 = new DataMarshalling(client); d->packInt((char *)&slotID); d->packInt((char *)&flags); d->sendData();
  27. 27. Man In Remote - Attacker’s Src d2->recvData(); if (strcmp(d2->getMsgType(), d->getMsgType())) { rv = CKR_CANCEL; goto exit; } rv = d2->unpackInt(); sessionId = d2->unpackInt(); delete d2; *phSession = sessionId; } delete d;exit: return rv;}
  28. 28. Man In Remote - Victim’s Src} else if (!strcmp(d->getMsgType(), "C_OpenSession")) { slotId = d->unpackInt(); flags = d->unpackInt(); { DataMarshalling *d2 = new DataMarshalling(client); /* * Opening session */ ret = C_OpenSession(slotId, flags, NULL, NULL, &sessionId); d2->setMsgType(d->getMsgType()); d2->packInt((char *)&ret); d2->packInt((char *)&sessionId); d2->sendData(); delete d2; }}
  29. 29. Man In Remote - Live Demo! Social Security WebBrowser PKCS#11 PKCS#11 PKCS#11 Tunneling MiR MiR
  30. 30. Man In Remote• PKCS#11 Flow: InitializationC_Initialize C_OpenSessionC_GetInfo C_GenerateRandomC_GetSlotList C_SeedRandom C_FindObjectsInitC_GetSlotList C_FindObjectsC_GetSlotInfo C_FindObjectsFinalC_GetTokenInfo C_GetSlotInfoC_GetMechanismList C_GetSessionInfoC_GetMechanismList
  31. 31. Man In Remote• PKCS#11 Flow: LoginC_FindObjectsInit C_GetSessionInfoC_FindObjects C_GetSessionInfoC_FindObjectsFinal C_FindObjectsInit C_FindObjectsC_GetSlotInfo C_FindObjectsFinalC_GetSessionInfo C_GetSlotInfoC_Login C_GetAttributeValueC_GetSlotInfo C_GetAttributeValueC_GetSessionInfo C_GetSessionInfo
  32. 32. Man In Remote• PKCS#11 Flow: SigningC_SignInitC_SignC_GetSlotInfoC_CloseSessionC_GetSessionInfoC_GetSlotInfoC_GetSessionInfo
  33. 33. Man In Remote• Dialog when using non-Repudiation Cert
  34. 34. Man In Remote• Bypassing the dialog
  35. 35. MiR Reloaded• Moving Victim’s part to a Java Applet• Security Warning
  36. 36. MiR Reloaded• Java Version – Sun PKCS#11 – Easy distribution as Phishing Attack – iframe + applet
  37. 37. MiR Reloaded• Till now we have achieve – Remote Authentication – Remote Signing – An Attacker with the PIN has full access to DNIe
  38. 38. MiR Reloaded• Second method of Authentication: Applet – Token Signing – Signed Token Uploaded via POST – No need of PKCS#11 Tunneling – Send Token and Get it Signed
  39. 39. MiR Reloaded Web Browser <form> <form> <input id=“token” <input id=“token” value=“AAAAAA”> value=“903234”> </form> </form>
  40. 40. MiR Reloaded Web Browser<form><input id=“token” 1 Token Phishing /value=“903234”>value=“AAAAAA”> Trojan</form> 2 Signed Token
  41. 41. MiR: Solution• Complex Solution• We can’t trust the PC• Servers can’t do any extra check• Smart Cards are not so “smart”
  42. 42. MiR: Solution• Based on Response Times• Fixed Processing Times• Network Latency• DNIe could abort a potential attack
  43. 43. MiR: Solution t R1 t R2 t p ( R1 ) tlocal t R1 Local Processing t R2 t p ( R1 )
  44. 44. MiR: Solution t R1 t R2 t p ( R1 ) tlocal 2t RTT t R1 tRTT LocalProcessing MiR tRTT t R2 t p ( R1 )
  45. 45. MiR: Solution t R1 t R2 t p ( R1 ) tlocal t R1 t R2 t p ( R1 ) tlocal 2t RTT t R1 t R2 t R1 t R2
  46. 46. MiR: “Is this real Life?”• Similar Attacks – http://www.itworld.com/security/134958/smart- cards-no-match-online-spies

×