Overview about attacks on smart cards

When compared with data carriers such as cards with magnetic stripes or diskettes, the potential for protecting and securing data is one of the main advantages of cards with electronic chips (smart cards). Consequently, the chip hardware must be designed in an optimum fashion to meet this purpose; this includes the corresponding cryptographic procedures for securing the secret data. However, security is not only dependent on the specialised hardware of the microcontroller or on the cryptographic algorithms implemented in the operating system software. The security of applications for smart cards and the design principles applied by the developers to meet these security needs are of fundamental importance. The essential property of a smart card is its ability to offer a secure environment for data and programs. This article examines the range of possible attacks against smart cards, and the measures that can be used to protect against these attacks.     

SmartK: Smart cards in operating systems at kernel level

A smart card is a tamper-resistant miniature computer that performs some basic computations on input a secret information. So far, smart cards have been widely used for securing many digital transactions (e.g., pay television, ATM machines).We focus on the implementation of operating system security services leveraging on smart cards. This very challenging feature allows one to personalize some functionalities of the operating system by simply changing a smart card. Current solutions for integrating smart card features in operating system services require at least a partial execution of some of the operating system functionalities at “user level”. Unfortunately, system functionalities built on top of components lying at both kernel and user levels may negatively affect the overall system security, due to the introduction of multiple points of failure.In this work, we present the design and implementation of SmartK: a framework that integrates features of smart cards uniquely in the Linux kernel. In order to validate our approach, we propose a host of enhancements to the Linux operating system built on top of SmartK: 1) in-kernel clients' authentication with Kerberos; 2) execution of trusted code; 3) key management in secure network filesystems.In particular, we present an experimental Linux OS distribution (SalSA), which addresses the security issues related to downloading packages and to updating an operating system through the Internet.     

Chronicle of a Java Card death

Various attacks are designed to gain access to the assets of Java Card Platforms. These attacks use software, hardware or a combination of both. Manufacturers have improved their countermeasures to protect card assets from these attacks. In this paper, we attempt to gain access to assets of a recent Java Card Platform by combining various logical attacks. As we did not have any information about the internal structure of the targeted platform, we had to execute various attacks and analyze the results. Our investigation on the targeted Java Card Platform lead us to introduce two generic methods to gain access to the assets of Java Card Platforms. One of the new methods we present in this paper is based on the misuse of the Java Card API to build a type confusion and get access to the objects (including cryptographic keys) of a Java Card applet. The other method is a new approach to get access to the return address of the methods in Java Cards with Separate Stack countermeasure. We also propose a pattern that the targeted platform uses to store data and code of applets on the card plus the ability to read and write in the data and code area of the applets in different security contexts. These new attacks occur even in the presence of countermeasures such as Separate Stack for kernel and user data, indirect mapping for objects addressing and firewall mechanisms.     

智能卡加密鉴别协议

智能卡具有天然的安全性优势，由于可以在卡内实现相关的密码算法，使得用户的相关密钥不必读出卡外，从而最大程度的提高了系统的安全性。文中从智能卡的角度出发，讨论了一系列基于智能卡的加密鉴别协议，并根据智能卡的相关的特性进行了分析。     

基于I/O前后端模型的密码卡软件虚拟化

密码技术是云计算安全的基础,支持SR-IOV虚拟化的高性能密码卡适用于云密码机,可以为云计算环境提供虚拟化数据加密保护服务,满足安全需求.针对该类密码卡在云密码机使用过程中存在的兼容性不好、扩充性受限、迁移性差以及性价比低等问题,本文提出了基于I/O前后端模型的密码卡软件虚拟化方法,利用共享内存或者VIRTIO作为通信...     

Cryptographic key assignment schemes for any access control policy

The access control problem deals with the management of sensitive information among a number of users who are classified according to their suitability in accessing the information in a computer system. The set of rules that specify the information flow between different user classes in the system defines an access control policy. Akl and Taylor first considered the access control problem in a system organized as a partially ordered hierarchy. They proposed a cryptographic key assignment scheme, where each class is assigned an encryption key that can be used, along with some public parameters generated by a central authority, to compute the key assigned to any class lower down in the hierarchy. Subsequently, many researchers have proposed schemes that either have better performances or allow insertion and deletion of classes in the hierarchy.In this paper we show how to construct a cryptographic key assignment scheme for any arbitrary access control policy. Our construction uses as a building block a cryptographic key assignment scheme for partially ordered hierarchies. The security of our scheme holds with respect to adversaries of limited computing power and directly derives from the security of the underlying scheme for partially ordered hierarchies. Moreover, the size of the keys assigned to classes in our scheme is exactly the same as in the underlying scheme.     

Cryptographic protocols with everyday objects

Most security protocols appearing in the literature make use of cryptographic primitives that assume that the participants have access to some sort of computational device. However, there are times when there is need for a security mechanism to evaluate some result without leaking sensitive information, but computational devices are unavailable. We discuss here various protocols for solving cryptographic problems using everyday objects: coins, dice, cards, and envelopes.     

A secure file sharing service for distributed computing environments

Distributed cryptographic file systems enable file sharing among their users and need the adoption of a key management scheme for the distribution of the cryptographic keys to authorized users according to their specific degree of trust. In this paper we describe the architecture of a basic secure file sharing facility relying on a multi-party threshold-based key-sharing scheme that can be overlaid on top of the existing stackable networked file systems, and discuss its application to the implementation of distributed cryptographic file systems. It provides flexible access control policies supporting multiple combination of roles and trust profiles. A proof of concept prototype implementation within the Linux operating system framework demonstrated its effectiveness in terms of performance and security robustness.     

具有WIM功能的智能卡实现

AP论坛定义了WIM规范 ,将WIM作为WAP协议系统的安全令牌。智能卡是实现WIM功能的良好平台。结合ISO7816系列标准和RSA实验室系列标准 ,本文给出了一个通用的WIM智能卡目录文件系统 ,实现了对各种对象实例文件的存储。通过WIM规范中定义的服务原语 ,可以实现WIM智能卡数据访问接口 ;结合WIM智能卡的文件系统和访问接口 ,可以实现重要的安全功能 :身份认证、数字签名和数据保密     

对白盒SMS4实现的一种有效攻击

传统的密码模型都假设密码系统的运行终端和计算环境是可信任的,但是,随着攻击方式的发展,这样的模型显得越来越脆弱.而白盒攻击环境是指攻击者除了能够获得与传统密码模型同样的资源以外,还对密码系统的内部运行完全可见,并完全掌控执行环境.因此,能够抵抗白盒攻击的密码算法具有更高层次的安全意义.2009 年提出的SMS4 算法的白盒实现,其目标是在白盒攻击环境下能够防止SMS4 算法的密钥被恢复.在回顾已有研究的基础上,针对该SMS4 算法的白盒实现提出了一种有效的攻击,并详细解释了如何以低于2⁴⁷ 的时间复杂度找出嵌入其中的轮密钥,说明了该白盒设计方法的不可靠性,并为设计安全的白盒实现提供了一种参考.     

基于安全操作系统的透明加密文件系统的设计

1 引言随着Internet的飞速发展,信息资源的共享程度进一步加强,随之而来的信息安全问题也日益突出。但是现在的系统越来越复杂,系统中总是存在着各种各样的漏洞,以及一些人为的因素(如:没有合理配置防护墙规则,口令比较弱等)。这些都有可能被黑客利用,入侵到系统中去。     

Kernel-Kernel communication in a shared-memory multiprocessor

In the standard kernel organization on a bus-based multiprocessor, all processors share the code and data of the operating system; explicit synchronization is used to control access to kernel data structures. Distributed-memory multicomputers use an alternative approach, in which each instance of the kernel performs local operations directly and uses remote invocation to perform remote operations. Either approach to interkernel communication can be used in a large-scale shared-memory multiprocessor. In the paper we discuss the issues and architectural features that must be considered when choosing between remote memory access and remote invocation. We focus in particular on experience with the Psyche multiprocessor operating system on the BBN Butterfly Plus. We find that the Butterfly architecture is biased towards the use of remote invocation for kernel operations that perform a significant number of memory references, and that current architectural trends are likely to increase this bias in future machines. This conclusion suggests that straightforward parallelization of existing kernels (e.g. by using semaphores to protect shared data) is unlikely in the future to yield acceptable performance. We note, however, that remote memory access is useful for small, frequently-executed operations, and is likely to remain so.     

Remote Attestation on Legacy Operating Systems With Trusted Platform Modules

A lot of progress has been made to secure network communication, e.g., through the use of cryptographic algorithms. However, this offers only a partial solution as long as the communicating end points still suffer from security problems. A number of applications require remote verification of software executing on an untrusted platform. Trusted computing solutions propose to solve this problem through software and hardware changes, typically a secure operating system and the addition of a secure coprocessor respectively. On the other hand, timed execution of code checksum calculations aims for a solution on legacy platforms, but can not provide strong security assurance. We present a mixed solution by using the trusted computing hardware, namely the time stamping functionality of the trusted platform module, in combination with a timing based remote code integrity verification mechanism. In this way, we do not require a secure operating system, but at the same time the overall security of the timed execution scheme can be improved.     

Representation inheritance: a safe form of “White box”code inheritance

There are two approaches to using code inheritance for defining new component implementations in terms of existing implementations. Black box code inheritance allows subclasses to reuse superclass implementations as-is, without direct access to their internals. Alternatively, white box code inheritance allows subclasses to have direct access to superclass implementation details, which may be necessary for the efficiency of some subclass operations and to prevent unnecessary duplication of code. Unfortunately, white box code inheritance violates the protection that encapsulation affords superclasses, opening up the possibility of a subclass interfering with the correct operation of its superclass methods. Representation inheritance is proposed as a restricted form of white box code inheritance where subclasses have direct access to superclass implementation details, but are required to respect the representation invariant(s) and abstraction relation(s) of their ancestor(s). This preserves the protection that encapsulation provides, while allowing the freedom of access that component implementers sometimes desire     

Model checking Trampoline OS: a case study on safety analysis for automotive software

Model checking is an effective technique used to identify subtle problems in software safety using a comprehensive search algorithm. However, this comprehensiveness requires a large number of resources and is often too expensive to be applied in practice. This work strives to find a practical solution to model‐checking automotive operating systems for the purpose of safety analysis, with minimum requirements and a systematic engineering approach for applying the technique in practice. The paper presents methods for converting the Trampoline kernel code into formal models for the model checker SPIN, a series of experiments using an incremental verification approach, and the use of embedded C constructs for performance improvement. The conversion methods include functional modularization and treatment for hardware‐dependent code, such as memory access for context switching. The incremental verification approach aims at increasing the level of confidence in the verification even when comprehensiveness cannot be provided because of the limitations of the hardware resource. We also report on potential safety issues found in the Trampoline operating system during the experiments and present experimental evidence of the performance improvement using the embedded C constructs in SPIN. Copyright © 2012 John Wiley & Sons, Ltd.     

Linux随机数生成器的原理及缺陷

Linux操作系统是目前最流行的开源项目之一。Linux的随机数生成器是所有类Linux操作系统内核的重要组成部分,生成器的输入来自于操作系统中随机事件的熵值,输出几乎涵盖系统中的每一个安全协议,例如生成TLS/SSL的密钥、TCP的序列号,以及用于对文件系统和电子邮件进行加密。尽管随机数生成器是开源项目的一部分,它的源代码(大约2500行)却没有很好的文档支持,并且分散于多个代码片段当中。文中将学习随机数生成器原理与应用。详细阐述了随机数生成器的算法,并指出了算法中所隐藏的安全漏洞。还展示了如何对生成器进行攻击从而让其计算出系统先前的状态与输出。最后指出了生成器在设计上的一些缺陷,并提出了在此缺陷上如何进行攻击以及如何防御攻击的方法。     

Facilitating the development of cross-platform software via automated code synthesis from web-based programming resources

When a mobile application is supported on multiple major platforms, its market penetration is maximized. Such cross-platform native applications essentially deliver the same core functionality, albeit within the conventions of each supported platform. Maintaining and evolving a cross-platform native application is tedious and error-prone, as each modification requires replicating the changes for each of the application׳s platform-specific variants. Syntax-directed source-to-source translation proves inadequate to alleviate the problem, as native API access is always domain-specific.In this paper, we present a novel approach—Native-2-Native—that uses program transformations performed on one platform to automatically synthesize equivalent code blocks to be used on another platform. When a programmer modifies the source version of an application, the changes are captured. Based on the changes, Native-2-Native identifies the semantic content of the source code block and formulates an appropriate query to search for the equivalent target code block using popular web-based programming resources. The discovered target code block is then presented to the programmer as an automatically synthesized target language source file for further fine-tuning and subsequent integration into the mobile application׳s target version. We evaluate the proposed method using common native resources, such as sensors, network access, and canonical data structures. We show that our approach can correctly synthesize more than 74% of iOS code from the provided Android source code and 91% of Android code from the provided iOS source code. The presented approach effectively automates the process of extracting the source code block׳s semantics and discovering existing target examples with the equivalent functionality, thus alleviating some of the most laborious and intellectually tiresome programming tasks in modern mobile development.     

基于操作系统安全的恶意代码防御研究述评

总结了安全操作系统实现恶意代码防御的典型理论模型,分析了它们的基本思想、实现方法和不足之处,指出提高访问控制类模型的恶意代码全面防御能力和安全保证级别、从操作系统安全体系结构的高度构建宏病毒防御机制以及应用可信计算技术建立操作系统的恶意代码免疫机制将是该领域的研究方向.     

A framework for secure execution of software

The protection of software applications is one of the most important problems to solve in information security because it has a crucial effect on other security issues. We can find in the literature many research initiatives that have tried to solve this problem, many of them based on the use of tamperproof hardware tokens. This type of solution depends on two basic premises: (i) increasing the physical security by using tamperproof devices and (ii) increasing the complexity of the analysis of the software. The first premise is reasonable. The second one is certainly related to the first one. In fact, its main goal is that the pirate user not be able to modify the software to bypass an operation that is crucial: checking the presence of the token. However, experience shows that the second premise is not realistic because analysis of the executable code is always possible. Moreover, the techniques used to obstruct the analysis process are not enough to discourage an attacker with average resources.In this paper, we review the most relevant works related to software protection, present a taxonomy of those works, and, most important, introduce a new and robust software protection scheme. This solution, called SmartProt, is based on the use of smart cards and cryptographic techniques, and its security relies only on the first of the premises given above; that is, SmartProt has been designed to avoid attacks based on code analysis and software modification. The entire system is described following a lifecycle approach, explaining in detail the card setup, production, authorization, and execution phases. We also present some interesting applications of SmartProt as well as the protocols developed to manage licences. Finally, we provide an analysis of its implementation details.