Unpicking PLAID A Cryptographic Analysis of an ISO-standardstrack Authentication Protocol SSR 2014, RHUL, United Kingdom
Jean Paul Degabriele Kenneth G. Paterson
Information Security Group, Royal Holloway, University of London December 16th , 2014 | SSR 2014 | Victoria Fehr | 1
Victoria Fehr Marc Fischlin Tommaso Gagliardoni Felix Günther Giorgia Azzurra Marson Arno Mittelbach
Cryptoplexity, TU Darmstadt
Protocol for Lightweight Authentication of IDentity
I
Okay. You may enter.
ICC
December 16th , 2014 | SSR 2014 | Victoria Fehr | 2
IFD
contactless authentication protocol
Protocol for Lightweight Authentication of IDentity
ISO/IEC 25185-1
PLAID AS-5185-2010
“Fast Track”
2006
2010
December 16th , 2014 | SSR 2014 | Victoria Fehr | 2
2014
I
contactless authentication protocol
I
developed by Centrelink
I
AS 5185-2010
I
submitted to ISO via fast track as ISO/IEC 25185-1
The PLAID Protocol (34, 7, ... ) IFD
ICC RSApk7 (7, “Smarty”, RND1, RND1)
index RSA AES
index RSA AES 2 7
pk2 pk7 . . .
K2ID K7ID
AESK ID (AuthReq, RND2, payload, ksession ) 7
AESksession (AuthResp, payload, “Smarty”) ksession = SHA(RND1||RND2)
7
sk7
K7
34
sk34 . . .
K34
K7ID = AESK7 (“Smarty”) ksession = SHA(RND1||RND2)
Channel secured with ksession (optional) December 16th , 2014 | SSR 2014 | Victoria Fehr | 3
ISO/IEC 25185-1 – PLAID
“PLAID [...] is cryptographically stronger, faster and more private [...]” Centrelink PLAID Specification v8.0, 2009
“[...] strong authentication [...] in a fast, highly secure and private fashion without the exposure of [...] identifying information or any other information which is useful to an attacker.” ISO/IEC 25185-1.2, 2014
There is no security proof! December 16th , 2014 | SSR 2014 | Victoria Fehr | 4
Keyset Fingerprinting Attack
KeySetID = (34, 7)
index 2 7
ICC messages RSA AES are not authenticated! pk2 pk7
K2ID
RSApk7 (7, “Smarty”, RND1, RND1)
K7ID
December 16th , 2014 | SSR 2014 | Victoria Fehr | 5
IFD index RSA AES 7
sk7
K7
34
sk34
K34
Keyset Fingerprinting Attack
KeySetID = (34)
IFD
ICC
index RSA AES
index RSA AES 2
pk2
K2ID
7
pk7
K7ID
∗
pk ∗
K∗
RSApk ∗ ($)
Attack I
Delete Keyset IDs in the first message
I
Card uses first known Key or ShillKey
I
Check if terminal responds with third message
December 16th , 2014 | SSR 2014 | Victoria Fehr | 5
7
sk7
K7
34
sk34
K34
Keyset Fingerprinting Attack
KeySetID = (2, 34, 7)
IFD
ICC
index RSA AES
index RSA AES 2
pk2
K2ID
7
pk7
K7ID
∗
pk ∗
K∗
RSApk2 (2, “Smarty”, RND1, RND1)
Attack I
Add/Delete Keyset IDs in the first message
I
Card uses first known Key or ShillKey
I
Check if terminal responds with third message
⇒ Determine entire Keyset of a card (= Capabilities) December 16th , 2014 | SSR 2014 | Victoria Fehr | 5
7
sk7
K7
34
sk34
K34
Privacy. . .
“[...] strong authentication [...] in a fast, highly secure and private fashion without the exposure of [...] identifying information or any other information which is useful to an attacker.” ISO/IEC 25185-1.2, 2014
December 16th , 2014 | SSR 2014 | Victoria Fehr | 6
ShillKey Fingerprinting Attack
?
?
KeySetID = (34, 7)
IFD
ICC
index RSA AES
index RSA AES 2
pk2
K2ID
∗
pk ∗
K∗
RSApk ∗ ($)
What is ShillKey? I
“distress” key to prevent error messages
I
randomly chosen per card during system setup
I
unique per card (with high probability)
⇒ possibility of identifying cards! I.e., tracing cards! December 16th , 2014 | SSR 2014 | Victoria Fehr | 7
7
sk7
K7
34
sk34
K34
ShillKey Fingerprinting – Scenario 1 c ICC1
0
pk1∗ = (N1 , e1 ) I
c KeySetID c c = (“3!4$”) cc c cc
22047
22048
N1
1 ≤ RSApk1∗ ($) < N1
Attacker N1 N2 N3
Phase 1 – Identification Phase: I I
for every card i receive k1 encryptions RSApki∗ ($) estimate Ni according to samples “German Tank Problem”
naive approach: Ni = 2 · µ c better: Ni = max c + max k1
December 16th , 2014 | SSR 2014 | Victoria Fehr | 8
ShillKey Fingerprinting – Scenario 1
?
KeySetID = (“value”)
ICC? pk ∗ = (N ∗ , e∗ )
I
Phase 1 – Identification Phase: I I
I
Attacker RSApk ∗ ($)
for every card i receive k1 encryptions RSApki∗ ($) estimate Ni according to samples
Phase 2 – Challenge Phase: I I I
receive k2 encryptions RSApk ∗ ($) estimate N ∗ as in Phase 1 guess card j with minj |N ∗ − Nj |
December 16th , 2014 | SSR 2014 | Victoria Fehr | 8
c
0
c
c
cc c c
N1 N2 22047
N3 22048
ShillKey Fingerprinting – Scenario 1 – Results
Figure: Simulation with k1 = 100 samples
December 16th , 2014 | SSR 2014 | Victoria Fehr | 9
Figure: Simulation with k1 = 1000 samples
ShillKey Fingerprinting – Scenario 2
Let t = #Cards in the System. I
Phase 1 – Identification Phase: I receive k1 · t random samples RSApk ∗ ($)
I
Phase 2 – Challenge Phase:
I
I I I
estimate Ni according to samples receive k2 encryptions RSApk ∗ ($) estimate N ∗ as in Scenario 1 Phase 1 guess card j with minj |N ∗ − Nj |
December 16th , 2014 | SSR 2014 | Victoria Fehr | 10
ShillKey Fingerprinting – Scenario 2
?
KeySetID = (“value”)
ICC?
Attacker RSApk?∗ ($)
pk?∗ = (N? , e? )
I
N1 N2 N3 N4
standard clustering technique based on k -means algorithm cc 0
c 22047
December 16th , 2014 | SSR 2014 | Victoria Fehr | 11
c
cc
c cc
N1
N2
N3
c
c
N4
22048
ShillKey Fingerprinting – Scenario 2 – Results
Figure: Simulation with k1 = 100 samples
December 16th , 2014 | SSR 2014 | Victoria Fehr | 12
Figure: Simulation with k1 = 1000 samples
not authenticated!
→ Key Legacy Attack → Key Revocation?
General Concerns non-standard use of PKE
(KeySetIDs)
PKCS#1.5 Padding used IFD
ICC index RSA AES 2
pk2
index RSA AES
RSApk#i (#i, ID, RND1, RND1)
K2ID
trial-decryptions?! ID
7
pk7
K7
∗
pk ∗
K∗
AESK ID (AuthReq, RND2, payload, ksession )
CBC-mode with IV= 0
#i
n
no forward secrecy!
7
sk7
K7
34
sk34
K34
sending payload to the card
static entity authentication AESksession (AuthResp, payload, ID) reusing session key Channel secured with ksession (optional) non-standard Padding December 16th , 2014 | SSR 2014 | Victoria Fehr | 13
Timeline
ISO/IEC 25185-1
RWC PLAID AS-5185-2010
?
“Fast Track”
2006
2010
December 16th , 2014 | SSR 2014 | Victoria Fehr | 14
2014
2015
Thank you for your attention!