The SmartLogic Tool: Analysing and Testing Smart Card Protocols



Similar documents
CONTACTLESS PAYMENTS. Joeri de Ruiter. University of Birmingham. (some slides borrowed from Tom Chothia)

Formal analysis of EMV

Formal models of bank cards for free

A Guide to EMV. Version 1.0 May Copyright 2011 EMVCo, LLC. All rights reserved.

Securing Card-Not-Present Transactions through EMV Authentication. Matthew Carter and Brienne Douglas December 18, 2015

Credit Card Processing Overview

Requirements for an EMVCo Common Contactless Application (CCA)

Designed to Fail: A USB-Connected Reader for Online Banking

Overview of Contactless Payment Cards. Peter Fillmore. July 20, 2015

CardControl. Credit Card Processing 101. Overview. Contents

Reverse engineering Internet Banking

EMV (Chip-and-PIN) Protocol

What is EMV? What is different?

MasterCard PayPass. M/Chip, Acquirer Implementation Requirements. v.1-a4 6/06

SIM Toolkit In Practice

Euronet s EMV Chip Solutions Superior Protection with Enhanced Security against Fraud

Extending EMV payment smart cards with biometric on-card verification

EMV (Chip and PIN) Project. EMV card

Risks of Offline Verify PIN on Contactless Cards

Interoperability Specification for ICCs and Personal Computer Systems

Smart Card APDU Analysis

A Guide to EMV Version 1.0 May 2011

Exercise 1: Set up the Environment

Smart Card Application Standard Draft

M/Chip Functional Architecture for Debit and Credit

Chip and PIN Programme. Guideline G18. Configuring Integrated Systems

Joeri de Ruiter Sicco Verwer

EMV and Small Merchants:

The EMV Readiness. Collis America. Guy Berg President, Collis America

Strong Authentication Protocol using PIV Card with Mobile Devices

EMV FAQs. Contact us at: Visit us online: VancoPayments.com

Smart Card. Smart Card applications

APPLICATION PROGRAMMING INTERFACE

Relay attacks on card payment: vulnerabilities and defences

Using EMV Cards to Protect E-commerce Transactions

EMVCo Letter of Approval - Contact Terminal Level 2

EMV mobile Point of Sale (mpos) Initial Considerations

Enhancing Payment Card Security New Measures to be Phased in from 2 nd Quarter 2010 to 1 st Quarter 2011

Acquirer Device Validation Toolkit (ADVT)

MOBILE CHIP ELECTRONIC COMMERCE: ENABLING CREDIT CARD PAYMENT FOR MOBILE DEVICES

Frequently Asked Questions (FAQ) on HSBC Chip Credit Cards

THE APPEAL FOR CONTACTLESS PAYMENT 3 AVAILABLE CONTACTLESS TECHNOLOGIES 3 USING ISO BASED TECHNOLOGY FOR PAYMENT 4

NFC Hacking: The Easy Way

Application Programming Interface

Chip & PIN is definitely broken. Credit Card skimming and PIN harvesting in an EMV world

Formal Analysis of the EMV Protocol Suite

toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard

The Smart Card Detective: a hand-held EMV interceptor

NFC Hacking: The Easy Way

Visa Recommended Practices for EMV Chip Implementation in the U.S.

Security Failures in Smart Card Payment Systems: Tampering the Tamper-Proof

Chip and PIN is Broken a view to card payment infrastructure and security

Strong Authentication in details

EMV 96 Integrated Circuit Card Terminal Specification for Payment Systems

Significance of Tokenization in Promoting Cloud Based Secure Elements

COMPUTING SCIENCE. Risks of Offline Verify PIN on Contactless Cards. Martin Emms, Budi Arief, Nicholas Little and Aad van Moorsel

Android pay. Frequently asked questions

EMV Chip Card Payment Standard: Perspective

EMV : Frequently Asked Questions for Merchants

EMV Frequently Asked Questions for Merchants May, 2014

Secure Over the Air (OTA) Management Of Mobile Applications

FAQ on EMV Chip Debit Card and Online Usage

Heartland Secure. By: Michael English. A Heartland Payment Systems White Paper Executive Director, Product Development

PCI and EMV Compliance Checkup

PCI 3.1 Changes. Jon Bonham, CISA Coalfire System, Inc.

Mobile Near-Field Communications (NFC) Payments

Java Card. Smartcards. Demos. . p.1/30

ACR122 NFC Contactless Smart Card Reader

How To Protect A Smart Card From Being Hacked

How To Use A Cloud 2700 R Smart Card Reader On A Pc Or Mac Or Ipad (For Microsoft) With A Microsoft Power Card (For Pc) With An Ipad Or Microsoft Memory Card (Microsoft)

73S1215F, 73S1217F Device Firmware Upgrade Host Driver/Application Development User s Guide April 27, 2009 Rev UG_12xxF_029

Open Mobile API Test Specification for Transport API

a leap ahead in analog

BGS MOBILE PLATFORM HCE AND CLOUD BASED PAYMENTS

JCB Terminal Requirements

The Adoption of EMV Technology in the U.S. By Dave Ewald Global Industry Sales Consultant Datacard Group

Java Applet and Terminal Application for Financial transactions

EMV and Restaurants: What you need to know. Mike English. October Executive Director, Product Development Heartland Payment Systems

ERserver. iseries. Secure Sockets Layer (SSL)

Securing Mobile Payment Protocol. based on EMV Standard

Electronic Payment Systems case studies

UM PN7462 Reference POS Application. User manual COMPANY PUBLIC. Rev March Document information

Chip & PIN is definitely broken v1.4. Credit Card skimming and PIN harvesting in an EMV world

MDG. MULTOS Developer's Guide. MAO-DOC-TEC-005 v MAOSCO Limited. MULTOS is a registered trademark of MULTOS Limited.

Application Note. Introduction AN2471/D 3/2003. PC Master Software Communication Protocol Specification

Transaction Security. Test Tools & Simulators

Chip & PIN notes on a dysfunctional security system

White Paper. EMV Key Management Explained

Getting to know your card: Reverse-Engineering the Smart-Card Application Protocol Data Unit for PKCS#11 Functions

What is a Smart Card?

999GPS Tracking Platform Operation Guide

SECURITY OF WIRELESS HOME AUTOMATION SYSTEMS A WORLD BESIDE TCP/IP

AN2598 Application note

SOSSE. Matthias Brüstle Simple Operating System for Smartcard Education. Kommunikationsnetz Franken e.v.

Electronic Payments Part 1

How To Secure A Paypass Card From Being Hacked By A Hacker

Transcription:

The SmartLogic Tool: Analysing and Testing Smart Card Protocols Gerhard de Koning Gans, Joeri de Ruiter Digital Security, Radboud University Nijmegen

The SmartLogic Tool A tool to analyse, emulate and modify communication between smart cards and terminals 2 / 19

Smart cards Master-slave communication ISO/IEC 7816 Answer To Reset (ATR) T=0 and T=1 Application Protocol Data Units Commands CLA INS P1 P2 Lc Data Le Responses Data SW1 SW2 3 / 19

The SmartLogic Tool ISO/IEC 7816 Emulation Relay Eavesdropping Active Man-in-the-middle Sharing Client-server architecture Automatic detection of baudrate 4 / 19

The SmartLogic Tool 5 / 19

The SmartLogic Tool FPGA board POS terminal Smart card board Banking card 6 / 19

Setup - Hardware Around 100 Client FPGA (ZTEX) Smart card circuit board Server (optional) card reader 7 / 19

Setup - Software Firmware FPGA Client Java Connected to FPGA Server Java Connected to card reader Emulation and modification of communication 8 / 19

Example MitM public byte[] getresponse(cardservice card, byte[] readermessage) { byte[] reply = {}; try { CommandAPDU command = new CommandAPDU(readerMessage); ResponseAPDU response = card.transmit(command); reply = response.getbytes(); byte CLA = readermessage[0]; byte INS = readermessage[1]; byte P1 = readermessage[2]; byte P2 = readermessage[3]; byte P3 = readermessage[4]; if (CLA == (byte) 0x00 && INS == (byte) 0xB2 && P1 == (byte) 0x01 && P2 == (byte) 0x0C && P3 == (byte) 0x8A) { reply[46] = (byte) 0x01; reply[47] = (byte) 0x00; reply[75] = (byte) 0xFF; } } catch (Exception e) { reply = new byte[0]; } return reply; } } 9 / 19

Experiment - Relay Chipknip Electronic purse Performed payment Relayed communication over 20km Estimation on maximal distance Terminal / reader Waiting time Measured VASCO DIGIPASS 810 3410 ms 3560 ms e.dentifier2 1790 ms 1910 ms Ingenico 5300 730 ms 1100 ms Chipknip Charging Terminal 970 ms 1200 ms Chipknip Payment Terminal 730 ms 500 ms 10 / 19

Experiment - Sharing 11 / 19

Experiment - Sharing Event Party Message 574 580 899 905 1107 1113 1169 PHONENR: +3161267**** DATE: 03-06-11 TIME: 13:56:36 GMT: +08 SMS: Test 01 1297 1652 2070 PHONE.1 4264 PHONE.1 PHONENR: +3161267**** DATE: 03-06-11 TIME: 14:01:39 GMT: +08 SMS: Test 02 4287 PHONE.1 PHONENR: +3161267**** DATE: 03-06-11 TIME: 14:05:31 GMT: +08 SMS: Test 03 9215 PHONE.1 9285 12 / 19

Experiment - EMV Electronic payments Initiated in 1990s Europay, MasterCard and Visa EMVCo 13 / 19

Experiment - EMV Transaction Initialisation Cardholder verification Data authentication Transaction Exception handling On failure transaction not always aborted 14 / 19

Experiment - EMV Attack by Barisani et al. Data modified Forced fallback to plaintext PIN Payment network in Netherlands down due to update Tried on Dutch POS terminal 15 / 19

Experiment - EMV 16 / 19

Experiment - EMV PIN code retrieved Transaction not successfully finished Shop contacted within hours by bank Terminal was not yet patched 17 / 19

Current work SIM toolkit Commands from SIM card to phone 18 / 19

Thanks for your attention! 19 / 19

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information