Smart-cards are considered to be one of the most secure, tamper-resistant, and trusted devices for implementing confidential operations, such as authentication, key management, encryption and decryption for financial, communication, security and data management purposes. The commonly used RSA PKCS#11 standard defines the Application Programming Interface for cryptographic devices such as smart-cards. Though there has been work on formally verifying the correctness of the implementation of PKCS#11 in the API level, little attention has been paid to the low-level cryptographic protocols that implement it.\ud\udWe present REPROVE, the first automated system that reverse-engineers the low-level communication between a smart-card and a reader, deduces the card's functionality and translates PKCS#11 cryptographic functions into communication steps. REPROVE analyzes both standard-conforming and proprietary implementations, and does not require access to the card. To the best of our knowledge, REPROVE is the first system to address proprietary implementations and the only system that maps cryptographic functions to communication steps and on-card operations. We have evaluated REPROVE on five commercially available smart-cards and we show how essential functions to gain access to the card's private objects and perform cryptographic functions can be compromised through reverse-engineering traces of the low-level communication.
展开▼
机译:智能卡被认为是用于实施机密操作(例如身份验证,密钥管理,出于财务,通信,安全性和数据管理目的的加密和解密)的最安全,防篡改和受信任的设备之一。常用的RSA PKCS#11标准定义了用于加密设备(如智能卡)的应用程序编程接口。尽管已经在形式上正式验证PKCS#11实现的正确性方面的工作,但对实现它的低级加密协议的关注却很少。\ ud \ ud我们介绍了REPROVE,这是第一个自动系统对智能卡和读取器之间的低级通信进行逆向工程,推断出智能卡的功能,并将PKCS#11密码功能转换为通信步骤。 REPROVE同时分析符合标准和专有的实现,并且不需要访问卡。据我们所知,REPROVE是第一个解决专有实现的系统,并且是唯一一个将密码功能映射到通信步骤和卡片操作的系统。我们已经对五种市售智能卡进行了REPROVE评估,并展示了如何通过对底层通信的反向工程痕迹来破坏访问卡的私有对象和执行加密功能的基本功能。
展开▼
