draft-urien-tls-psk-emv-01

Slides:



Advertisements
Similar presentations
draft-urien-tls-psk-emv-00
Advertisements

SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.
Mutual OATH HOTP Variants 65th IETF - Dallas, TX March 2006.
Cryptography and Network Security
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
IETF 76 – Hiroshima Internet Draft : EAP-BIO Pascal URIEN – Telecom ParisTech Christophe KIENNERT – Telecom ParisTech.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Cryptography and Network Security Chapter 17
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E 36th RIPE Meeting Budapest 2000 APNIC Certificate Authority Status Report.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
Chapter 8 Web Security.
Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.
Chapter 31 Network Security
Chapter 3 Mohammad Fozlul Haque Bhuiyan Assistant Professor CITI Jahangirnagar University.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
Secure Electronic Transaction (SET)
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Web Security : Secure Socket Layer Secure Electronic Transaction.
1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev ) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos.
Network Security7-1 CIS3360: Chapter 8: Cryptography Application of Public Cryptography Cliff Zou Spring 2012 TexPoint fonts used in EMF. Read the TexPoint.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
Ram Santhanam Application Level Attacks - Session Hijacking & Defences
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 /10 Pascal URIEN, IETF 80 th, Tuesday 29 th March 2011, Prague, Czech Republic draft-irtf-hiprg-rfid-02 HIP support for RFIDs
Security fundamentals Topic 5 Using a Public Key Infrastructure.
SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
1 /10 Pascal URIEN, IETF 72 rd, Monday July 28 th Dublin, Ireland draft-urien-tls-keygen-00.txt TLS Key Generation
Application support functions Chapter Introduction ASN.1 Security Data encryption Nonrepudiation Authentication Public key certification authorities.
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
K. Salah1 Security Protocols in the Internet IPSec.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Cryptography CSS 329 Lecture 13:SSL.
Online Decision Process
EMV Operation and Attacks Tyler Moore CS7403, University of Tulsa Reading: Anderson Security Engineering, Ch (136—138), (328—343) Papers.
Page 1 of 17 M. Ufuk Caglayan, CmpE 476 Spring 2000, SSL and SET Notes, March 29, 2000 CmpE 476 Spring 2000 Notes on SSL and SET Dr. M. Ufuk Caglayan Department.
Mar 18, 2003Mårten Trolin1 Agenda Parts that need to be secured Card authentication Key management.
Henric Johnson1 Chapter 7 WEB Security Henric Johnson Blekinge Institute of Technology, Sweden
1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 draft-urien-eap-smartcard-06.txt “EAP-Support in Smartcard”
Cryptography and Network Security
Digital Signatures Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document, establishing he is document owner/creator.
Cryptography and Network Security
Module 8: Securing Network Traffic by Using IPSec and Certificates
EMV® 3-D Secure - High Level Overview
Cryptography and Network Security
Web Security and Security
Cryptography and Network Security
My name is Pascal Urien, ENST
Protocol ap1.0: Alice says “I am Alice”
Module 8: Securing Network Traffic by Using IPSec and Certificates
Cryptography and Network Security
Presentation transcript:

draft-urien-tls-psk-emv-01 EMV support for TLS-PSK P.Urien, Telecom ParisTech Pascal.Urien@telecom-paristech.fr http://www.telecom-paristech.fr

Goal This draft describes an authentication protocol based on TLS pre-shared key (TLS-PSK), RFC 4279. Identity and psk attributes, defined in TLS-PSK are extracted from EMV chips, which are widely deployed for payments transactions. The goal of this protocol is to provide a strong mutual authentication transparent for the end users and guarantying the confidentiality and the integrity of exchanged data over Internet network. Version 01 includes minor corrections from version 00

Global architecture The user Holds an EMV device, whose card number is called PAN Works with TLS-PSK The EMV device is registered to the WEB site A database establishes a relation between the EMV-ID, used in TLS-PSK and the PAN (card number) The cryptogram (EMV-CTG) produced by the EMV-Device is checked by the EMV device issuer +-----------+ TLS-PSK +-------------+ +----------+ | |<------->| | (PAN,EMV-CTG) | ISSUER | | USER | EMV-ID | WEB | ------------> | AUTH. | | | EMV-CTG | SITE | OK | SERVER | | | EMV-PSK | | <----------- | | +----+------+ +------+------+ +-----+----+ ! ! ! +---v--+ ! DATABASE +--+--+ | EMV | +--------+-----+-------+ | HSM | |DEVICE| | EMV-ID | PAN | Other | +-----+ +------+ +--------+-----+-------+

EMV-Device structure An EMV smart card contains one or several EMV applications. An EMV application manages a set of information that can be freely read. These data are encoding according to the ASN.1 syntax. An EMV application produces cryptograms that authenticate payment transactions.  A Data Object List (DOL), is a list of tuples TAG value (one or two bytes) and object length (one byte)

EMV details1/2 Application Primary Account Number (PAN) The card number Tag 5A, Length 08, Value: 49 73 01 97 61 90 02 78 Application PAN Sequence Number (PSN) An additional identifier for the card Tag 34, Length 01, Value: 00 Signed Static Application Data (SSAD) A signature for a set of information stored in the card. Tag 93

EMV Details 2/2 Card Risk Management Data 1 (CDOL1) CDOL1 is the list of objects required for the generation of a transaction cryptogram Tag 8C, Length 1B, Value: 9F 02 06 9F 03 06 9F 1A 02 95 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F 45 02 9F 4C 08 Card Risk Management Data 2 (CDOL2) CDOL2 is the list of objects required for the completion of a transaction. It is the concatenation of the Authorization Response Code (TAG 8A, length 02) and the CDOL1 value. Tag 8D, Length 1A, Value: 8A 02 9F 02 06 9F 03 06 9F 1A 02 95 05 5F 2A 02 9A 03 9C 01 9F 37 04 9F 4C 08

ARQC & AAC ARQC The Authorization Request Cryptogram (ARQC) starts an EMV transaction. A set of values, whose elements are listed by the CDOL1 object, and without TAG or length information, are pushed towards the card. The content of CDOL1 is noted xCDOL1 and the response to ARQC is noted yCDOL1. xCDOL1 comprises an Unpredictable Number (TAG 9F37, length 04), i.e. a random value of 32 bits. The response yCDOL1, includes an 8 bytes cryptogram and additional information. AAC The Application Authentication Cryptogram ends an EMV transaction. A set of values, whose elements are listed by the CDOL2 object, and without TAG or length information, are pushed towards the card. The content of CDOL2 is noted xCDOL2 and the response to AAC is noted xCDOL2.

ARQC & AAC example ARQC xCDOL1 yCDOL1 AAC xCDOL2 yCDOL2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 00 00 00 01 01 01 00 00 00 00 00 = r32 = 32 bits random number 00 00 00 00 00 00 00 00 00 00 yCDOL1 77 21 9F 27 01 80 9F 36 02 01 2E 9F 26 08 3F 79 8C 12 3E F2 9A 51 = AC1 9F 10 0A 06 16 0A 03 A4 80 00 02 00 00 AAC xCDOL2 5A 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 00 00 00 01 01 01 00 00 00 00 00 = 32 bits random number 00 00 00 00 00 00 00 00 yCDOL2 77 21 9F 27 01 00 9F 36 02 01 2E 9F 26 08 82 8E 0A 3E 70 D4 4A D4 = AC2 9F 10 0A 06 16 0A 03 25 80 00 02 00 00

TLS-PSK-EMV The basic idea of this protocol is to used the PAN, i.e. the card number as a static PSK. However the PAN entropy is small, about 36 bits, so brute force attacks are possible. In order to avoid these issues, the PAN value is replaced by others parameters stored in the card and providing sufficient entropy, e.g. greater than 80 bits. The psk-identity is a list of information proving that the client holds the card associated with the PAN. This proof is based on an ARQC associated with a 32 bits random number, which is noted r32. 

TLS-PSK-EMV definitions EMV-ID EMV-ID = h(h(SSAD)), where SSAD is the Signed Static Application Data, and h is a digest function EMV-CPG The EMV cryptogram (emv-cpg) is the response (yCDOL1) to an ARQC associated with the r32 random number. The ARQC request is followed by an AAC operation that cancels the EMV transaction. Values used for ARQC and AAC (xCDOL1 and xCDOL2) are fix, apart from the unpredictable number set to r32. By convention, the R32 number is a concatenation of multiple r32i values (up to four), and EMV-CPG is the concatenation of associated emv-cpgi, with the index i ranging between 1 and R32-length/4. EMV-PSK EMV-PSK = h(SSAD), where

TLS-PSK psk = EMV-PSK. psk-identity RH = h(ClientRandom | ServerRandom), where h is a digest function.  R32 is the 32 less significant bits of RH. The psk-identity is the concatenation of the following values: uint16(length) | R32 uint16(length) | EMV-ID unit16(length) | PSN uint16(length) | CDOL1 uint16(length) | EMV-CPG 

TLS-PSK-RSA & TLS-PSK-DH psk = EMV-PSK psk-identity RH = h(ClientRandom | ServerRandom | ServerPublicKey), where h is a digest function. R32 is the 32 (or more) less significant bits of RH. The psk-identity is the concatenation of the following values: uint16(length) | R32 uint16(length) | EMV-ID unit16(length) | PSN uint16(length) | CDOL1 uint16(length) | EMV-CPG

Questions ?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.