Qmunity: Your Colleagues. Your Connections. Your Content.
Print

Sykipot & Smartcard Security???

As some of you may be aware, Ron Lapedis and I are providing the Biometrics and Access Token Technology, 10 Years Later session  at the 2012 RSA Conference. Our original thought in proposing the session was that given the various hacks, attacks, and leaks of last year there was too much snake oil oozing out of the security industry. IMHO some of the technologies would stand a better chance at solving the budget deficit than providing single sign on or security solutions, but I digress. The value in a retrospect session is that it allows attendees to see where we have been and if things have really changed. Then last week, I saw the Sykipot / defense sector announcement.

The original article I read said "Recently security researchers uncovered a new varient of Sykipot that targeted Smartcards and the defense sector". Of course I was curious so I looked on the web; before any of my friends ask - no I did not click or cut and paste the link that was attached in the email, I did a google search. According to eWeek:

The attack begins with a spear-phishing email message with a corrupted PDF document attached. When opened, the file exploits a recently patched Adobe vulnerability to install the Sykipot Trojan code onto the victim's computer. When installed, the malware uses a keylogger to steal the card's PIN, according to Blasco. Along with smart card log-in credentials, the malware variant can also list the public key infrastructure certificates on the computer's local certificate store. ...
The variant is capable of using the PIN and digital certificates to "silently use the card to authenticate to secure resources, so long as the card remains physically present in the card reader," Blasco wrote.

What does this mean? It looks like someone targeted the US Common Access Card (CAC) with a modified keylogger. The keylogger would not only capture the pin, used to unlock the card, but do its own messages and other transactions.

Once again, social engineering has surpassed the conventional issues of a poorly implemented protocol or component. For example, in the past, in order for me to accomplish the same result I would need to depend on the implementation of a weak Random Number Generator (RNG) facility of the card and on the availability of two transactions to the card.

The RNG was especially important because the Session Key was derived from the card random number. Hence the more often the random number repeated, the more often the session key would duplicate and the better the chances of success the attack had. (As a historical note, 10 years ago the cards repeated their random numbers from 3% to 5% across a 1,000,000 event test sample. The preferred transactions were the select secure file/purse and the following transaction to the file/purse. Given this information one could create their own transactions. The attack looks something like this:

The User sends a random number to the card, and the commands to initiate a secure conversation. The card responds with the random number that was sent to it, a random number that was generated on the card, and the low 4 bytes of a session key. The response is HMAC'ed. The User would then encrypt their random number with the card random number. This in turn would be encrypted with the shared secret. The low four bytes, that were sent with the card response, would be compared against this session key. All subsequent commands would have a 3 byte HMAC (as calculated with the session key).
So the transaction would look like this:

80 28 00 01 08 MyRandom - <initiate transaction and send random #>

<return value plus length of data returned>

<read data length>

 CardRand VC## - <Recieve card random number + 4byte Verification Code .>

Then you capture the next command. After which you can replay the transaction whenever you want by sending MyRandom and waiting until it returns a duplicate CardRand. This, while fun is not as good as being able to write your own commands. So you can try and guess the System Key.

In reality, VC## is the low 4 bytes of the session key.  This is used for validation that you have the correct session key.  You can calculate the session key by doing the following:

TempKey = DES[MyRandom,SystemKey]

SessKey = DES[CardRnd, TempKey)

In order to guess the SystemKey, we still have 264 number of combinations to go through and even with the 4 bytes of the SessKey to validate against, it would take a 'long time'.  This having been said, what if we attacked the SessKey?  The transaction command (next command after session key) provides a 3 byte HMAC... The HMAC is an keyed (encrypted) checksum, which is derived from the Session Key. Since we have the low 4 bytes of the session key (VC##), and a checksum to compare against the attack becomes reduces from 264 to 232.  Thus all one would have to do is cycle through 232 bits and append VC## to get a candidate session key.  The session key can then be validated by calculating the HMAC. If the HMACs match that is a possible session key.  

By now someone may mention that most cards lock out after a maximum number of attempts for a secure session. This is not a problem, because the session key transaction is not a validation request and so the lockout never comes into effect.

At the end of the day, while doing this still requires access to a couple of transactions, it would give you the ability to generate your own commands, but would require you to wait until the random #s duplicate. Then again, who would have thought that it would be so easy to get someone to install a key logger ? 

Posted Jan 25 2012, 03:15 PM by Michael F. Angelo
Filed under: , , , , , , , ,

Comments

John P wrote re: Sykipot & Smartcard Security???
on Jan 25, 2012 8:27 PM

Snake oil seems to be the order of the day Michael, not just in the computer security area either.  In hard times it seems to be easy to sell oil, rather than clear thinking.

I cannot say that I understand how to crack security measures, I was always on the other side of the fence, so to speak.  But one thing that shines out of your explanation is that leaving the Smartcard in the reader is vastly silly.  Yet it is just the sort of thing most users do, for various personal reasons.

So I would suggest that security is more of a social problem than a mathematical one.  Once you have people provided with a solution that ensures that they cannot do the wrong thing, then the task for providing a more secure transaction is eased.  If it is even possible to leave the Smartcard in the reader, then it is a poor solution.

The other thing that I have seen change steadily over the years is the relationship between checksum strength, and similar security measures, and computer performance.  The performance of current computers means that "long time" is counted in ever shorter periods.

On a related topic; some clown act here is promoting a very convenient bank debit card that the user only has to wave over a reader to pay for goods.  IMHO that is grossly irresponsible, whatever the security of the system behind that payment process.

John

Wael Ibrahim wrote re: Sykipot & Smartcard Security???
on Jan 26, 2012 2:00 AM

Michael,

Very interesting…

Obviously attacks are no longer “simple”; they are compound.

Social engineering – open an attachment (privileged user?), Adobe vulnerability – buffer overflow, install a key logger (non persistent? OS integrity check, trusted boot)

Since I do not know the details I will not ask where the 2^64 came from. As far as I know, if you reduce the work factor to 2^32, it does not mean you have 32 bits to play with! That would be 2^5… But maybe that is not a work factor here - not sure.

3 byte HMAC? The lowest used is 20 bytes (160 bits output of SHA1, for example). Seems like a bad protocol design.

I would think a PIN should be entered from a secure appliance (an application running directly on a hypervisor separate from the OS.) If the OS is compromised with a key logger, it does not matter. The PIN is only sent to the smart card to authenticate an action. This PIN need not go through the key-logger infected OS – if the design is correct.

Looks like IT screwed up (firewalling, quarantining emails that contain malware), did not patch Adobe reader when the vulnerability was known. Users screwed up (open an unknown attachment). Security software solution allowed the PIN to go through the OS (exposed to key loggers)

Some, not all, key loggers are kernel mode that require a privileged account to install a device driver. So users are advised to use unprivileged accounts for normal activities.

Sometime ago, I was speaking to some “security expert” to point out a security vulnerability I found. He played it down and said it’s not important! Who is going to find that out? I saw a sign on his desk that said: “No more half-baked security”.  I said: Very optimistic, aren’t we? Your sign should say: “No more half baked security… Quarter baked security”. I was being nice. I should have said:

“No more half-baked security. It's One eighth baked, with

the wrong recipe (missing ingredients, sequence of mixing, wrong proportions, extra unneeded ingredients). And the wrong oven temperature too”. And that is assuming you had an oven and know what it is used for.

But I digress ...

Michael F. Angelo wrote re: Sykipot & Smartcard Security???
on Jan 26, 2012 9:43 AM

Wael,

Since I do not know the details I will not ask where the 2^64 came from.

The 64 bits comes from the 8 byte pin that most of the cards use.

As far as I know, if you reduce the work factor to 2^32, it does not mean you have 32 bits to play with! That would be 2^5… But maybe that is not a work factor here - not sure.

I was referring to the gross number of combinations required to brute force (aka guess the first 32 bits of the key).  Hence if there were 2^64 number of bits in the key, and half of them are given to you, you still have to guess the remaining 32 bits.

3 byte HMAC? The lowest used is 20 bytes (160 bits output of SHA1, for example). Seems like a bad protocol design

It could be a bad protocol implementation, but then again if the card provided the full HMAC, it would make things easier to tell which session key was correct... :-)

I would think a PIN should be entered from a secure appliance (an application running directly on a hypervisor separate from the OS.)

Absolutely would / could work, but that could cost additional money.  (There are a number of secure pin entry devices out there today).  But then again, if the operating system implemented a trusted path - similar to ctrl alt delete on Windows machines - for PIN entry it could also work.

As for the cause and rest of the attack, yes, it was embarassing .  :-|...

Great comments Wael!!

Michael F. Angelo wrote re: Sykipot & Smartcard Security???
on Jan 26, 2012 11:28 AM

Hi John P,

Thanks for the comment.

But one thing that shines out of your explanation is that leaving the Smartcard in the reader is vastly silly.  

On the one hand it is silly to leave the card in the system, however in an effort handle the issue of people leaving the system logged in while unattended they may require the card to be present for access to the system.  Hence the issue is that, in some cases, removing the card will lock the system.  So, they have to leave the card in the reader while they are in front of the system.

As for your comment about contactless token technology it has been around for a while.  There are a number of attacks against it.  To begin the transaction between the contactless device and the reader can be listened to (at a distance - it is all about the antennae right Smile ).  In addition, with a little effort you can make a portable device that would initiate a conversation to communicate directly with a little bit of hardware.  Finally depending on the protocol, there are some published attacks - (google contactless attacks). 

--
Michael

Join the Discussion - Sign in | Register

Footer Border
Home  |   Terms of Use  |   Privacy Policy  |   NetIQ.com  |   Attachmate.com
NetIQ, an Attachmate Business