HES2011 - Gabriel Gonzalez - Man In Remote PKCS11 for fun and non profit

  • 1,587 views
Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,587
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
73
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Remotely Using the Spanish National Electronic ID
  • 2. ToC• Introduction to DNIe• Man In Remote• Live Demo!• MiR Reloaded• Solution
  • 3. Introduction• Law to promote online transactions• Administrative Tasks Online• Citizen-Friendliness #fail
  • 4. Introduction• General Purpose Microprocessor• CriptoChip• Serial Port Communication
  • 5. Introduction• Biometric System: Match On Card• Authentication Certificates• Non-Repudiation Certificates• Component Certificates
  • 6. Introduction• PC / SC – Integration of SmartCards with PCs – API for Communication – Multiplataform – Functionality • Initialization • Readers Management • State • Sending/Receiving Command (APDUs)
  • 7. Introduction• Secure Channel – UNE 14890 – APDUs are encrypted – Peers mutually authenticated • Public Key Exchange • Authentication • Channel’s Key Derivation
  • 8. Introduction• CSP Applications – Microsoft Propossal CSP PC / SC – CryptoAPI Extensions DNIe Reader
  • 9. Introduction• PKCS#11 – RSA standard Applications (http://www.rsa.com/rsalabs/node.asp?id=2133) – Generic API to access crypto- PKCS#11 devices – Token as access unit PC / SC – Manages Several Objects DNIe • Public, Private Keys Reader • Data & Certs
  • 10. Introduction• Authenticating Users in Web Services – Java Applet • Intrusive method – SSL + Client Certificate • “Transparent”
  • 11. Introduction• Java Applet – User needs to download an Applet – Annoying Security Warnings
  • 12. IntroductionDNIe WebBrowser Web Server OCSP Init Session Get Client Cert Validate PIN Get Auth Cert Sign Msgs Validate Cert
  • 13. Introduction• Physhical Security – Power Sensors – Glitch Detection – Passivation Layer – Clock Frequency Changes Detection – Current Changes Detection• EAL4+ Level
  • 14. Man In Remote• Motivation• Definition• Description• Demo
  • 15. Man In Remote• Motivation – Systems using physical devices – Duplication – Remote Authentication
  • 16. Man In Remote• Definition Live usage of the functionalities provided by a security device when this is plugged into a different computer
  • 17. Man In Remote Web Browser PKCS#11
  • 18. Man In Remote WebBrowser PKCS#11 PKCS#11 PKCS#11 Tunneling MiR MiR
  • 19. Man In Remote WebBrowser PKCS#11 PKCS#11 PKCS#11 Tunneling MiR MiR
  • 20. Man In Remote• MiR - Attacker – Library interfacing with PKCS#11 – No Local Operations – Remote Object Interface
  • 21. Man In Remote• MiR - Attacker 1. Data Packaging 2. Method Invokation 3. Data Unpackaging
  • 22. Man In Remote• MiR - Victim – Client of the official PKCS#11 – Waits for Attaker’s Requests – Remote Object
  • 23. Man In Remote• MiR - Victim 1. Data Unpacking 2. Invoking Methods from the Official PKCS#11 3. Retrieve results and pack them back
  • 24. Man In Remote - Attacker’s SrcCK_DEFINE_FUNCTION(CK_RV,C_Initialize)(…){#ifdef _REMOTE_PKCS11_ { DataMarshalling *d = NULL; […] if (connect(client, (struct sockaddr *)&sock, sizeof(sock))== SOCKET_ERROR) {[…]} d = new DataMarshalling(client); d->setMsgType("C_Initialize"); d->packInt((char *)&a); d->sendData(); delete d; }
  • 25. Man In Remote - Attacker’s Src#else InicializarFunciones("UsrPKCS11.dll"); rv = pFunctionList->C_Initialize(pInitArgs);#endif#ifdef _DEBUG_PKCS11_ fprintf(fout, "C_Initialize ret: %dn", rv);#endifexit: return rv;}
  • 26. Man In Remote - Attacker’s SrcCK_DEFINE_FUNCTION(CK_RV,C_OpenSession)(){ CK_RV rv = CKR_OK; DataMarshalling *d = new DataMarshalling(client); d->setMsgType("C_OpenSession"); { /* * Open session */ unsigned int sessionId = 0; DataMarshalling *d2 = new DataMarshalling(client); d->packInt((char *)&slotID); d->packInt((char *)&flags); d->sendData();
  • 27. Man In Remote - Attacker’s Src d2->recvData(); if (strcmp(d2->getMsgType(), d->getMsgType())) { rv = CKR_CANCEL; goto exit; } rv = d2->unpackInt(); sessionId = d2->unpackInt(); delete d2; *phSession = sessionId; } delete d;exit: return rv;}
  • 28. Man In Remote - Victim’s Src} else if (!strcmp(d->getMsgType(), "C_OpenSession")) { slotId = d->unpackInt(); flags = d->unpackInt(); { DataMarshalling *d2 = new DataMarshalling(client); /* * Opening session */ ret = C_OpenSession(slotId, flags, NULL, NULL, &sessionId); d2->setMsgType(d->getMsgType()); d2->packInt((char *)&ret); d2->packInt((char *)&sessionId); d2->sendData(); delete d2; }}
  • 29. Man In Remote - Live Demo! Social Security WebBrowser PKCS#11 PKCS#11 PKCS#11 Tunneling MiR MiR
  • 30. Man In Remote• PKCS#11 Flow: InitializationC_Initialize C_OpenSessionC_GetInfo C_GenerateRandomC_GetSlotList C_SeedRandom C_FindObjectsInitC_GetSlotList C_FindObjectsC_GetSlotInfo C_FindObjectsFinalC_GetTokenInfo C_GetSlotInfoC_GetMechanismList C_GetSessionInfoC_GetMechanismList
  • 31. Man In Remote• PKCS#11 Flow: LoginC_FindObjectsInit C_GetSessionInfoC_FindObjects C_GetSessionInfoC_FindObjectsFinal C_FindObjectsInit C_FindObjectsC_GetSlotInfo C_FindObjectsFinalC_GetSessionInfo C_GetSlotInfoC_Login C_GetAttributeValueC_GetSlotInfo C_GetAttributeValueC_GetSessionInfo C_GetSessionInfo
  • 32. Man In Remote• PKCS#11 Flow: SigningC_SignInitC_SignC_GetSlotInfoC_CloseSessionC_GetSessionInfoC_GetSlotInfoC_GetSessionInfo
  • 33. Man In Remote• Dialog when using non-Repudiation Cert
  • 34. Man In Remote• Bypassing the dialog
  • 35. MiR Reloaded• Moving Victim’s part to a Java Applet• Security Warning
  • 36. MiR Reloaded• Java Version – Sun PKCS#11 – Easy distribution as Phishing Attack – iframe + applet
  • 37. MiR Reloaded• Till now we have achieve – Remote Authentication – Remote Signing – An Attacker with the PIN has full access to DNIe
  • 38. MiR Reloaded• Second method of Authentication: Applet – Token Signing – Signed Token Uploaded via POST – No need of PKCS#11 Tunneling – Send Token and Get it Signed
  • 39. MiR Reloaded Web Browser <form> <form> <input id=“token” <input id=“token” value=“AAAAAA”> value=“903234”> </form> </form>
  • 40. MiR Reloaded Web Browser<form><input id=“token” 1 Token Phishing /value=“903234”>value=“AAAAAA”> Trojan</form> 2 Signed Token
  • 41. MiR: Solution• Complex Solution• We can’t trust the PC• Servers can’t do any extra check• Smart Cards are not so “smart”
  • 42. MiR: Solution• Based on Response Times• Fixed Processing Times• Network Latency• DNIe could abort a potential attack
  • 43. MiR: Solution t R1 t R2 t p ( R1 ) tlocal t R1 Local Processing t R2 t p ( R1 )
  • 44. MiR: Solution t R1 t R2 t p ( R1 ) tlocal 2t RTT t R1 tRTT LocalProcessing MiR tRTT t R2 t p ( R1 )
  • 45. MiR: Solution t R1 t R2 t p ( R1 ) tlocal t R1 t R2 t p ( R1 ) tlocal 2t RTT t R1 t R2 t R1 t R2
  • 46. MiR: “Is this real Life?”• Similar Attacks – http://www.itworld.com/security/134958/smart- cards-no-match-online-spies