Potential Risks for Smart Cards Firmware

Slides:

Advertisements

Similar presentations

Java Card Programming: Overview Presented by: Raman Sharykin PISCES Group: Soumyadeb Mitra, Sruthi Bandhakavi, Ragib Hasan, Raman Sharikyn University.

Advertisements

Match On Card Technology and its use for PKI Mgr. Miroslav Valeš Sales Manager Eastern Europe May 9, 2001 CATE 2001 Security and Protection.

Technical Issues Regarding Near Field Communication Group 16 Tyler Swofford Matthew Kotan.

Java Card Technology Ch07: Applet Instructors: Fu-Chiung Cheng ( 鄭福炯 ) Associate Professor Computer Science & Engineering Computer Science & Engineering.

Jason Javacards as secure objects network by Richard Brinkman.

A simple remote user authentication scheme 1. M. S. Hwang, C. C. Lee and Y. L. Tang, “A simple remote user authentication.

ReferencesReferences DiscussionDiscussion Vulnerability Example: SQL injection Auditing Tool for Eclipse LAPSE: a Security Auditing Tool for Eclipse IntroductionIntroductionResultsResults.

University of Nijmegen Jaap-Henk Hoepman Department of Computer Science University of Nijmegen, the Netherlands Secure.

Wireless Networking. Wi-Fi or Uses radio waves (like cell phones, tv and radio). Just like wired networking except without the wires. A hot spot.

1 Financial Cryptography and Data Security 2013 Risks of Offline Verify PIN on Contactless Cards Martin Emms, Budi Arief, Nick Little, Aad van Moorsel.

Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?

CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.

Slide title In CAPITALS 50 pt Slide subtitle 32 pt Consumers’ Awareness of, Attitudes Towards and Adoption of Mobile Phone Security Stewart Kowalski, Ericsson.

Sophos Mobile Security

Java Card Open Platform Combines tomorrow's technology and platforms C:\Presentations - JavaCard_OpenPlatform.ppt - bsc page 1 Programming.

LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.

Masaryk U., Monet White-box attack resistant cryptography – mobility tickets Petr Švenda Masaryk University,

1 How to 0wn the Internet in Your Spare Time First paper in Internet worm research  Right after Code Red in July 2001, very important Showed that a simple.

Smart Card 李開振, 許家碩 Department of Computer Science National Chiao Tung University.

GSM Network Structure Lance Westberg.

Random Encryption Program Patrick Lowe EKU - Department of Technology CEN.

Gregorio Martínez Pérez University of Murcia PROVIDING SECURITY TO UNIVERSITY ENVIRONMENT COMMUNICATIONS.

Developing Secure Mobile Applications for Android CS 595 James Zachary Howland.

Hosted by: June 23-26, 2003 New York City Copyright Security On The Go Ensuring Safe Transportation.

Smart card security Nora Dabbous Security Technologies Department.

Где моя извозка, сударь? Глеб Чербов Ведущий аудитор Digital Security.

Data Security Overview. Data Security Periphery –Firewalls –Web Filtering –Intrusion Detection & Prevention Internal –Virus Protection –Anti Spy-ware.

RBAP G-Cash Services Training CONTINGENCY PLAN Rural Bankers Association of the Philippines & Microenterprise Access to Banking Services.

SCAMS & SCHEMES PROTECTING YOUR IDENTITY. SCAMS WHAT IS A SCAM? ATTEMPT TO TRICK SOMEONE, USUALLY WITH THE INTENTION OF STEALING MONEY OR PRIVATE INFORMATION.

SSL. Why Is Security Important ●Security is important on E-Commerce because it makes sure that your information gets from your computer to their server.

OBJECTIVES  To understand the concept of Electronic Payment System and its security services.  To bring out solution in the form of applications to.

1. U2F Case Study Examining the U2F paradox 3 What is Universal 2 nd Factor (U2F)?

Java Card Technology Ch08: Working with APDUs

Introduction Architecture Hardware Software Application Security Logical Attack Physical Attack Side channel Attack.

V /7 Mapping SKS into a TEE/SE "Combo" An SKS (Secure Key Store) may be self-contained like in a smart card, but it may also be architected.

What's a Firewall? A security system that acts as a protective boundary between a network and the outside world Isolates computer from the internet using.

Lecture 15 Page 1 CS 236 Online Evaluating Running Systems Evaluating system security requires knowing what’s going on Many steps are necessary for a full.

E-Commerce E-Commerce Security?? Instructor: Safaa S.Y. Dalloul E-Business Level Try to be the Best.

HOTP IETF Draft David M’Raihi IETF Meeting - March 10, 2005.

Digital Security Jesline James! 9cc. Contents  The CREATORS!!!! =] The CREATORS!!!! =]  What is Digital Security? What is Digital Security?  How does.

Presented by: © 2015 Jacob Beningo All Rights Reserved Writing Portable and Robust Firmware in C September 4, 2015 Jacob Beningo, CSDP Class 5: Robust.

Mar 18, 2003Mårten Trolin1 Agenda Parts that need to be secured Card authentication Key management.

Doc.: IEEE /552r0 Submission July 2003 Jon Edney, NokiaSlide 1 Protection of Action Frames Jon Edney Nokia

1. Presentation Agenda  Identify Java Card Technology  Identify Elements of Java Card applications  Communicating with a Java Card Applet  Java Card.

Find Cheap Samsung S7 Wallet Case

CS101 Home Network Basics.

Security of Digital Signatures

PV204 Security technologies LABS

SMS module HDL-MGSM.431.

Information Security.

PV204 Security technologies LABS

Phone: + 40 (728) | +40 (733)

Google 2 Step Verification Backup Codes Google 2 Steps Verification Backup Codes is very important to get access Gmail account. Backup codes is usually.

Fix ipad Error Code

null, true, and false are also reserved.

Setting up an online account

Mcafee Antivirus Setup

The main cause for that are the famous phishing attacks, in which the attacker directs users to a fake web page identical to another one and steals the.

Encryption and Hacking

ELECTRONIC PAYMENT SYSTEM.

Workshop on algorithms and parameters for Electronic Signatures draft ETSI TS V ( ) November 25, Brussels.

C.2.10 Sample Questions.

C.2.8 Sample Questions.

C.2.8 Sample Questions.

Improving Data Security & Protection Using Data Provenance Figure 1

WP1 Conclusions and a look ahead MIMOD

I have… I have… Who has 3:40? Who has 12:20? I have… I have…

Types of Errors And Error Analysis.

Presentation transcript:

Potential Risks for Smart Cards Firmware martin.kakona@i.cz S.ICZ Security and Protection of Information Brno 2005

Measuring Arrangement

Filtering

Real SIM Begin End Life Verify

Real Attack Life Difference Difference Life Life Difference

The Sample of Source Code private void PulsePIN(APDU apdu, byte[ ] pbuffer) { byte byteRead =(byte)(apdu.setIncomingAndReceive()); byte BlockPWD [ ]={(byte)0x00}; byte BlockPWDLen = 1; MyPin.check(pbuffer, ISO7816.OFFSET_CDATA, byteRead); }

The Result 1x private void PulsePIN(APDU apdu, byte[ ] pbuffer) { byte byteRead =(byte)(apdu.setIncomingAndReceive()); byte BlockPWD [ ]={(byte)0x00}; byte BlockPWDLen = 1; MyPin.check(pbuffer, ISO7816.OFFSET_CDATA, byteRead); } 2x 3x

Another Sample of Program private void PulsePIN(APDU apdu, byte[ ] pbuffer) { byte byteRead =(byte)(apdu.setIncomingAndReceive()); byte BlockPWD [ ]={(byte)0x00}; byte BlockPWDLen = 1; // Good PIN MyPin.check(BlockPWD, (byte)0x01020304, BlockPWDLen); // Try PIN if (!MyPin.check(pbuffer, ISO7816.OFFSET_CDATA, byteRead)) short tries = MyPin.getTriesRemaining(); // send error counter in APDU back ISOException.throwIt( (short) (SW_PIN_FAILED + tries)); }

Bad X Good PIN

Public Phone Card

Conclusion Inexpensive Noninvasive Attacks Complexity X Security Side channels program tracing MyPin.check(pbuffer, ISO7816.OFFSET_CDATA, byteRead);