230 likes | 397 Views
2. Smart Card Cryptography. Smart cards are ideal for cryptographic operationsBut not all cryptographic operations can (or should) be implemented on smart cardsQuestion: How to subdivide securely between smart cards and other components?. 3. Security Assumptions. Typical assumptions about opponen
E N D
1. Subdividing Crypto with Smart Cards Burt Kaliski, RSA LaboratoriesMay 2, 2000
CardTech/SecurTech 2000
2. 2 Smart Card Cryptography Smart cards are ideal for cryptographic operations
But not all cryptographic operations can (or should) be implemented on smart cards
Question: How to subdivide securely between smart cards and other components?
3. 3 Security Assumptions Typical assumptions about opponent:
1. Knows specification of operation
2. Has full knowledge of output
3. May have full knowledge of input
“known input” attack
4. May have full control of input
“chosen input” attack
5. Has no access to internals
Design goal: prove operation secure under these assumptions
4. 4 Achieving the Goal Typical security proofs focus on full operation, not individual elements
i.e., “no access to internals”
With a smart card implementation, proof must focus on how operations are subdivided
Most methods can have acceptable security if subdivided, but some need special modifications
5. 5 Attack Model Generally, a user may control access to smart card operations with a PIN
Access to operations is thus limited to opponents who know the PIN
But what if a hostile reader?
What if a hostile user?
e.g., private key on smart card owned by someone else
Opponent’s goal: one or more undetected results
extreme case: total compromise of private key
6. 6 Example Scenarios Signature generation
Key unwrapping
… both operations with private key
7. 7 Signature Generation User signs message with private key:
? = SignK(M)
Typical model: hash, pad, signature primitive
1. h = Hash(M)
2. x = Pad(h)
3. ? = SigPrimK(x)
Security generally based on full SignK operation
8. 8 Example: PKCS #1 v1.5 Signature method based on RSA algorithm, in widespread use
Hash = MD5 or SHA-1
Pad(h) = 00 01 ff ff … ff ff 00 . HashID . h
SigPrim(x) = xd mod n
9. 9 Signature Generation
10. 10 Signature Generation
11. 11 Signature Generation
12. 12 Signature Generation
13. 13 Assessment Full operation may be impractical, because message may be too long
Signature primitive only may be insecure, because “raw” access given to private key
at least a loss of assurance
potential loss of “tracing,” e.g., via blind signatures
Primitive + pad is “just about right”
short input
no raw access
but a security proof would be even better
and smart card must know about padding method
14. 14 Hash vs. Message Hostile reader can change the hash
But if card does the hashing, reader can still change the message
? Hash, message essentially the same w.r.t. message integrity
If card needs to “know” what it’s signing, should sign a smaller message containing critical fields, hash of rest
15. 15 Key Unwrapping User recovers symmetric key with private key:
k = UnwrapK(c)
(presumably, another user has wrapped k)
Typical model: decryption primitive, unpad
1. x = DecPrimK(c)
2. k = Unpad(x)
Security generally based on full UnwrapK operation
16. 16 Assessment Decryption primitive only may be insecure, because “raw” access given to private key
Primitive + unpad is “just about right” (with appropriate padding method)
short input
no raw access
security proof is often available, e.g., OAEP encryption
(OAEP = Optimal Asymmetric Encryption Padding [Bellare and Rogaway, 1994], as in PKCS #1 v2.0)
17. 17 Symmetric Key vs. Message Hostile reader can read the symmetric key
But if card does the decryption, reader can read the message
? Key, message essentially the same w.r.t. message confidentiality, if one message per key
If more than one message per key, then card should keep the key
18. 18 Case Study: PSS New signature method with provable security (Bellare and Rogaway, 1996) based on RSA algorithm
proposed for PKCS #1 v2.1, IEEE P1363a,ISO/IEC 9796-2
Initial model: randomized hash, pad, signature primitive
1. h = Hash(M, salt), where salt random
2. x = Pad(h, salt)
3. ? = SigPrimK(x)
Security based on full SignK operation
19. 19 Details of Initial PSS Hash = SHA-1, etc.
Pad(h, salt) = 00 . h . (G(h) xor (salt . 00 … 00))
where G is mask generation function
SigPrim(x) = xd mod n
Provable security under random oracle model
Hash, G viewed as “black box”
assumes opponent can only control message, not hash value
“heuristic” security if opponent can control hash
20. 20 Assessment Full operation may be impractical, because message may be too long
Signature primitive only may be insecure, because “raw” access given to private key
Primitive + pad is not “just about right”
security proof assumes that attacker cannot control hash value
21. 21 Revised PSS Alternative model to accommodate subdivision: hash, (randomized) pad, signature primitive
1. h = Hash(M)
2. x = Pad(h)
3. ? = SigPrimK(x)
Security for full SignK operation, and for primitive + pad
Additional benefit: protection against fault analysis attacks
22. 22 Details of Revised PSS Hash = SHA-1, etc.
Pad(h) = 00 . w . (G(w) xor (salt . 00 … 01))
where w = Hash(h, salt)
salted hash has been moved inside
some details omitted, e.g., header and trailer fields
SigPrim(x) = xd mod n
Provable security, even if attacker can control hash value
23. 23 Conclusions Smart cards are ideal for cryptographic operations
But cryptographic methods haven’t always been designed for smart cards
New methods, like PSS, should take subdivision of operations into account