Employing Security Channel Protocol in the NFC Environment
Total Page:16
File Type:pdf, Size:1020Kb
WHITEPAPER | Employing Security Channel Protocol In the NFC Environment ‘Global Platform’ (GP) created specifications that enabled different players to provide digital services and allow devices to be trusted and managed securely by protecting their privacy. In this regard, GP introduced Secure Channel Protocol (SCP) in smart cards to enable devices to exchange data in open channel and to protect against data skimming and establish secure communication. This white paper throws light on the comprehensive design and lucid implementation of Secure Channel Protocol variant three (SCP03) with a dedicated focus towards contactless smart cards. These cards are based on Near Field Communication (NFC) which is used for user authentication for a secure device. Every approach behind the secure communication, the management of ‘encryption keys’, creation of boundaries that form ‘security domain’s’ and how these enable to create a ‘secure channel’ has been discussed. The document lists out various NIST specification which sets the strength of the encryption keys and enables common compliance criteria. Read on. Authored by: Ravikiran HV Chaitra Patil Reviewed by: Shreeranganath Gupta © 2010-2020 PathPartner Technology Pvt. Ltd. • 1 www.pathpartnertech.com Whitepaper | Securing NFC Environment The Growth of NFC Short range wireless communication is a major feature of NFC technology. With this inherent nature of short range, smart cards evolved to become contactless smart card as it enabled to have contactless feature with communication happening in vicinity of user, which established physical level trust and security for data exchange. Rapid growth of NFC based mobile units and low-cost deployment allowed various industries to adopt this technology for financial transactions, user authentication, secure login to workplace, secure PC login etc. Like any other wireless communication systems, NFC has also witnessed the security threats of eavesdropping, data modification, denial of service, relay attacks etc. Figure 1 - Applications of NFC With a great adoption of ‘contactless devices - smart cards’ industry noticed an immediate spike in impulsive security threat revolving around NFC communication of smart cards. Presently, enabling both secure communication and interoperability between the various stakeholders such as banks and financial institution is a herculean task. We have discussed these topics in detail in our whitepaper. Formulating Guidelines to Secure the Environment GP specifications provided solutions to these problems via SCP as it enabled secure bidirectional communication between the participating entities (ex: a smartcard and a card reader). Identification, mutual authentication and secure messaging constitute the primary features of SCP03 towards securing the communication between the devices. In our © 2010-2020 PathPartner Technology Pvt. Ltd. • 2 www.pathpartnertech.com Whitepaper | Securing NFC Environment recent product “ORWL” the secure computer, GP compliant SCP03 has been seamlessly implemented as a key component of security and trust establishment between ORWL PC and its companion ‘keyfob’. In subsequent segments, we will discuss ORWL secure computer as a reference with keyfob acting as a ‘contactless smart card’ and ORWL as a NFC reader. Figure 2 - ORWL Desktop What is this Global Platform? Global Platform is a non-profit organization that develops specifications to facilitate secure and interoperable embedded application development for secure chip technology. It is a widely accepted standard for secure management of data and devices such as smart cards, secure elements, SD cards, application processors etc. GP specifications were defined considering stringent security requirements for sensitive data transfer and storage. More than 41% of the total secure element ecosystem [22+ billion devices] have already adopted this standard. GP specification introduced SCP to protect against data skimming in open channel. SCP03 evolved from legacy SCP01 and SCP02 protocols. SCP02 is vulnerable to a well-known security flaw caused by encrypting data using CBC mode with no random initialization vector (IV). GP added as an amendment to card specification v2.2 in 2014 to mitigate the possible attacks identified in predecessor SCP variants to secure the communication by altering few of the aspects to have true secure channel for communication. Secure Channel - how is it established? Secure channel is a communication mechanism to facilitate uncompromised exchange of sensitive data between trusted devices. Every secure channel session has three phases viz, Initiation, Operation and Termination. In the Initiation phase, entities participating in communication - typically called cards and readers or cards and the off-card entity - exchange credentials to start a secure session. © 2010-2020 PathPartner Technology Pvt. Ltd. • 3 www.pathpartnertech.com Whitepaper | Securing NFC Environment While in Operation phase, data is exchanged with cryptographic protection based on mutual agreement in the initiation phase. Termination, the last phase of communication is triggered by anyone of the two communicating parties to close the secure channel. Post termination, no further communication is possible between the two parties unless a new secure session is established between the same. Figure 3 - Evading Hacking Attempts The Key Behind Secure Channel Establishment At the core of any secure channel, security keys play a vital role in enabling a trusted environment. NFC cards are preloaded with certain secret keys which act as a unique factor for each card while generating session keys. It’s the Key Management unit that is solely responsible for managing the keys securely. In fact, Key management is the foundation of the security architecture. It defines: • Non-repeatable key generation (randomness) • secure storage (confidential) • and replacement of the cryptographic keys. 1. Key Types The different key types are: Key Type Purpose Static Secure Channel Encryption Does Encryption/Decryption during secure channel Key (Key-ENC) authentication resulting in the generation of session key Static Secure Channel Message Does MAC generation/verification during secure channel Authentication Code Key (Key-MAC) authentication resulting in the generation of session key © 2010-2020 PathPartner Technology Pvt. Ltd. • 4 www.pathpartnertech.com Whitepaper | Securing NFC Environment Data Encryption Key (Key-DEK) Carries out Sensitive Data Encryption Session Secure Channel encryption Maintains Data confidentiality key (S-ENC) [Session keys] Session Secure Channel Message Ensures Data integrity Authentication Code (S-MAC) 2. How are the Keys Generated? Standard Key Derivation Functions (KDF) are used to generate the necessary cryptographic keys. Keys are derived as per NIST 800-108 with CMAC referred in NIST 800-38B specification. 3. How do they get Loaded on the Card? Generated Keys on the off-card entity are then loaded to the card securely using the GP defined PUTKey command. Based on the selected security level (Refer section 5.4.1), PUTKey command is also encrypted with the Key-DEK. Using this command, off-card entity or authorized key loader secures the right to add a new key set to the domain or replace the existing version of the keys. 4. Where are they Stored? Secure elements (SE) enable absolute secure storage of data and applications on the device memory. It helps to protect the memory content on both reader and the card to prevent malicious attacks. Only a genuine user is vested with the right to access the content after authentication. GP defines domain specific access strategy to store and access the data securely. Figure 4 - The Keys' Cycle © 2010-2020 PathPartner Technology Pvt. Ltd. • 5 www.pathpartnertech.com Whitepaper | Securing NFC Environment 5. How does the Key Replacement take place? [ORWL - specific approach] Static keys cannot afford to be a part of the open source software since the software is accessible to the entire developer community and possibilities of a compromise are always looming. Such a threat enforces the vendors to replace the security keys in runtime. In one of our recent works, we relied on dynamic security keys instead of static keys and the results were quite encouraging. Take a look at the steps involved: • Initially, reader and the card establish an unsecure connection and generate key pairs using ‘Elliptic curve Diffie-Hellman (ECDH) Key Establishment protocol. Keys generated using ECDH are considered as base ‘shared secret’ for all subsequent communications • Reader encrypts all the three keys (‘K-ENC, K-MAC, K-DEK’) - based upon mutually agreed symmetric encryption algorithm [AES128 recommended by SCP03] - with the generated shared secret loads on to the card using PUTKey command Note: Since command payload is encrypted with the shared secret, it can only be decrypted by the entities participating in the ECDH secret generation • Upon receiving the encrypted keys, the Card decrypts the payload voluntarily and loads these keys to its own security domain Figure 5 - Representation of a KMS Server This approach ensures that each device - called smart card - has its own ‘unique key’ loaded on to its security domain which guarantees further secure messaging. The only known disadvantage of this method is that the Reader is compulsively required to store all the ‘unique keys’ mapped to each individual card thereby adding additional memory footprint. SCP03 recommended key size for AES is 16-Bytes. If we gauge the footprints