Top

Published in:

2016 | OriginalPaper | Chapter

Cryptanalysis of GlobalPlatform Secure Channel Protocols

Authors : Mohamed Sabt, Jacques Traoré

Published in: Security Standardisation Research

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

GlobalPlatform (GP) card specifications are the de facto standards for the industry of smart cards. Being highly sensitive, GP specifications were defined regarding stringent security requirements. In this paper, we analyze the cryptographic core of these requirements; i.e. the family of Secure Channel Protocols (SCP). Our main results are twofold. First, we demonstrate a theoretical attack against SCP02, which is the most popular protocol in the SCP family. We discuss the scope of our attack by presenting an actual scenario in which a malicious entity can exploit it in order to recover encrypted messages. Second, we investigate the security of SCP03 that was introduced as an amendment in 2009. We find that it provably satisfies strong notions of security. Of particular interest, we prove that SCP03 withstands algorithm substitution attacks (ASAs) defined by Bellare et al. that may lead to secret mass surveillance. Our findings highlight the great value of the paradigm of provable security for standards and certification, since unlike extensive evaluation, it formally guarantees the absence of security flaws.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Cross-Tool Semantics for Protocol Security Goals

next chapter NFC Payment Spy: A Privacy Attack on Contactless Payments

Available only for authorised users

Aumüller, C., Bier, P., Fischer, W., Hofreiter, P., Seifert, J.-P.: Fault attacks on RSA with CRT: concrete results and practical countermeasures. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 260–275. Springer, Heidelberg (2003). doi:10.1007/3-540-36400-5_20 CrossRef

Bard, G.V.: A challenging but feasible blockwise-adaptive chosen-plaintext attack on SSL. In: Proceedings of the International Conference on Security and Cryptography. SECRYPT 2006, pp. 7–10. INSTICC Press (2006)

Béguelin, S.Z.: Formalisation and verification of the GlobalPlatform card specification using the B method. In: Barthe, G., Grégoire, B., Huisman, M., Lanet, J.-L. (eds.) CASSIS 2005. LNCS, vol. 3956, pp. 155–173. Springer, Heidelberg (2006). doi:10.1007/11741060_9 CrossRef

Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: Proceedings of the 38th Annual Symposium on Foundations of Computer Science. FOCS 1997, pp. 394–403. IEEE (1997)

Bellare, M., Kilian, J., Rogaway, P.: The security of the cipher block chaining message authentication code. J. Comput. Syst. Sci. 61(3), 362–399 (2000)MathSciNetCrossRefMATH

Bellare, M., Kohno, T., Namprempre, C.: Authenticated encryption in SSH: provably fixing the SSH binary packet protocol. In: Proceedings of the 9th ACM Conference on Computer and Communications Security. CCS 2002, pp. 1–11. ACM (2002)

Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000). doi:10.1007/3-540-44448-3_41 CrossRef

Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. J. Cryptol. 21(4), 469–491 (2008)MathSciNetCrossRefMATH

Bellare, M., Paterson, K.G., Rogaway, P.: Security of symmetric encryption against mass surveillance. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 1–19. Springer, Heidelberg (2014). doi:10.1007/978-3-662-44371-2_1 CrossRef

10.

Bellare, M., Rogaway, P., Wagner, D.: The EAX mode of operation. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 389–407. Springer, Heidelberg (2004). doi:10.1007/978-3-540-25937-4_25 CrossRef

11.

Chen, Z.: Java Card Technology for Smart Cards: Architecture and Programmer’s Guide. Addison-Wesley Longman Publishing Co. Inc., Boston (2000)

12.

Dai, W.: An attack against SSH2 protocol, email to the SECSH Working Group. ftp://ftp.ietf.org/ietf-mail-archive/secsh/2002-02.mail

13.

Degabriele, J.P., Paterson, K., Watson, G.: Provable security in the real world. IEEE Secur. Priv. 9(3), 33–41 (2011)CrossRef

14.

Duong, T., Rizzo, J.: Here come the XOR Ninjas (2011). Unpublished

15.

Dworkin, M.: Recommendation for block cipher modes of operation: methods and techniques. National Institute of Standards and Technology (NIST), NIST Special Publication 800–38A., December 2001

16.

Dworkin, M.: Recommendation for block cipher modes of operation: the CMAC mode for authentication. National Institute of Standards and Technology (NIST), NIST Special Publication 800–38B, November 2001

17.

EMVCo: EMVCo Specification. https://www.emvco.com/specifications.aspx

18.

EMVCo: EMV card personalization specification - version 1.1. https://www.emvco.com/specifications.aspx?id=20

19.

Feix, B., Thiebeauld, H.: Defeating ISO9797-1 MAC Algo 3 by combining side-channel and brute force techniques. Cryptology ePrint Archive, Report 2014/702 (2014)

20.

Fouque, P.-A., Joux, A., Martinet, G., Valette, F.: Authenticated on-line encryption. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 145–159. Springer, Heidelberg (2004). doi:10.1007/978-3-540-24654-1_11 CrossRef

21.

GlobalPlatform: The standard for managing applications on secure chip technology. https://www.globalplatform.org

22.

GlobalPlatform: Secure channel protocol ‘3’ - card specification v2.2 - amendment d v1.1.1. http://www.globalplatform.org/specificationscard.asp

23.

GlobalPlatform: GlobalPlatform card specification v2.3. http://www.globalplatform.org/specificationscard.asp

24.

GlobalPlatform: About GlobalPlatform - security task force activities and achievements - 2016 activities and priorities (2016). https://www.globalplatform.org/aboutustaskforcesSecurity.asp

25.

Hemme, L.: A differential fault attack against early rounds of (triple-)DES. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 254–267. Springer, Heidelberg (2004). doi:10.1007/978-3-540-28632-5_19 CrossRef

26.

ISO/IEC JTC 1/SC 27: Information technology - security techniques - modes of operation for an n-bit block cipher. Technical report, International Organization for Standardization, February 2006

27.

ISO/IEC JTC 1/SC 6: Information technology - ASN.1 encoding rules: specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER). Technical report, International Organization for Standardization, December 2002

28.

Iwata, T., Kurosawa, K.: OMAC: one-key CBC MAC. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 129–153. Springer, Heidelberg (2003). doi:10.1007/978-3-540-39887-5_11 CrossRef

29.

Joux, A., Martinet, G., Valette, F.: Blockwise-adaptive attackers revisiting the (in)security of some provably secure encryption modes: CBC, GEM, IACBC. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 17–30. Springer, Heidelberg (2002). doi:10.1007/3-540-45708-9_2 CrossRef

30.

Katz, J., Lindell, Y.: Introduction to Modern Cryptography, 2nd edn. Chapman & Hall Book, Boca Raton (2015)MATH

31.

Katz, J., Yung, M.: Unforgeable encryption and chosen ciphertext secure modes of operation. In: Goos, G., Hartmanis, J., Leeuwen, J., Schneier, B. (eds.) FSE 2000. LNCS, vol. 1978, pp. 284–299. Springer, Heidelberg (2001). doi:10.1007/3-540-44706-7_20 CrossRef

32.

Liskov, M., Rivest, R.L., Wagner, D.: Tweakable block ciphers. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 31–46. Springer, Heidelberg (2002). doi:10.1007/3-540-45708-9_3 CrossRef

33.

Markantonakis, C.: The case for a secure multi-application smart card operating system. In: Okamoto, E., Davida, G., Mambo, M. (eds.) ISW 1997. LNCS, vol. 1396, pp. 188–197. Springer, Heidelberg (1998). doi:10.1007/BFb0030420 CrossRef

34.

Mitchell, C.J.: Error Oracle attacks on CBC Mode: is there a future for CBC mode encryption? In: Zhou, J., Lopez, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 244–258. Springer, Heidelberg (2005). doi:10.1007/11556992_18 CrossRef

35.

NXP Semiconductors Germany Gmbh: Nxp j3e081_m64, j3e081_m66, j2e081_m64, j3e041_m66, j3e016_m66, j3e016_m64, j3e041_m64 secure smart card controller. Common Criteria for Information Technology Security Evaluation, certification Report: NSCIB-CC-13-37761-CR2, August 2014

36.

Oracle: Java card protection profile - closed configuration. Common Criteria for Information Technology Security Evaluation, certification Report: ANSSI-CC-PP-2010/07, December 2012

37.

Paterson, K.G., Watson, G.J.: Authenticated-encryption with padding: a formal security treatment. In: Naccache, D. (ed.) Cryptography and Security: From Theory to Applications. LNCS, vol. 6805, pp. 83–107. Springer, Heidelberg (2012). doi:10.1007/978-3-642-28368-0_9 CrossRef

38.

Rankl, W., Effing, W.: Smart Card Handbook, 4th edn. Wiley, Chichester (2010)CrossRef

39.

Rogaway, P.: Nonce-based symmetric encryption. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 348–358. Springer, Heidelberg (2004). doi:10.1007/978-3-540-25937-4_22 CrossRef

40.

Rogaway, P.: Evaluation of some blockcipher modes of operation. Technical report, Cryptography Research and Evaluation Committees (CRYPTREC) for the Government of Japan (2011)

Title: Cryptanalysis of GlobalPlatform Secure Channel Protocols
Authors: Mohamed Sabt
Jacques Traoré
Publisher: Springer International Publishing
Book: Security Standardisation Research
Print ISBN: 978-3-319-49099-1

Electronic ISBN: 978-3-319-49100-4

Copyright Year: 2016
DOI: https://doi.org/10.1007/978-3-319-49100-4_3

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner