lecture: Car immobilizer hacking
Car manufacturers nicely illustrate what _not_ to do in cryptography.
Immobilizers have for a long time increased the difficulty of stealing cars. Older immobilizer transponders defeated thieves by requiring non-trivial RF skills for copying keys. Current transponders go one step further by employing cryptographic functions with the potential of making car cloning as difficult as breaking long-standing mathematical problems. Cryptography, however, is only as strong as the weakest link of key management, cipher strength, and protocol security. This talk discusses weak links of the main immobilizer technologies and their evolution over time.
Speaker: Karsten Nohl
Event: SIGINT 2013 by the Chaos Computer Club [CCC] Cologne
Location: KOMED; Im Mediapark 7; 50670 Cologne; Germany
Begin: 05.07.2013 17:00:00 +02:00
SIM cards are the de facto trust anchor of mobile devices worldwide. The cards protect the mobile identity of subscribers, associate devices with phone numbers, and increasingly store payment credentials, for example in NFC-enabled phones with mobile wallets.
With over seven billion cards in active use, SIMs may well be the most widely used security token in the world. Through over-the-air (OTA) updates deployed via SMS, the cards are even extensible through custom Java software. While this extensibility is rarely used so far, its existence already poses a critical hacking risk.
Cracking SIM update keys. OTA commands, such as software updates, are cryptographically-secured SMS messages, which are delivered directly to the SIM. While the option exists to use state-of-the-art AES or the somewhat outdated 3DES algorithm for OTA, many (if not most) SIM cards still rely on the 70s-era DES cipher. DES keys were shown to be crackable within days using FPGA clusters, but they can also be recovered much faster by leveraging rainbow tables similar to those that made GSM’s A5/1 cipher breakable by anyone.
To derive a DES OTA key, an attacker starts by sending a binary SMS to a target device. The SIM does not execute the improperly signed OTA command, but does in many cases respond to the attacker with an error code carrying a cryptographic signature, once again sent over binary SMS. A rainbow table resolves this plaintext-signature tuple to a 56-bit DES key within two minutes on a standard computer.
The security of embedded devices often relies on the secrecy of proprietary cryptographic algorithms. These
algorithms and their weaknesses are frequently disclosed through reverse-engineering software, but it is
commonly thought to be too expensive to reconstruct designs from a hardware implementation alone. This
paper challenges that belief by presenting an approach to reverse-engineering a cipher from a silicon implementation. Using this mostly automated approach, we reveal a cipher from an RFID tag that is not known
to have a software or micro-code implementation. We reconstruct the cipher from the widely used Mifare
Classic RFID tag by using a combination of image analysis of circuits and protocol analysis. Our analysis reveals that the security of the tag is even below the level that its 48-bit key length suggests due to a number of
design ﬂaws. Weak random numbers and a weakness in the authentication protocol allow for pre-computed
rainbow tables to be used to ﬁnd any key in a matter of seconds. Our approach of deducing functionality from circuit images is mostly automated, hence it is also feasible for large chips. The assumption that
algorithms can be kept secret should therefore to be avoided for any type of silicon chip.
Il faut qu’il n’exige pas le secret, et qu’il puisse sans inconvenient tomber entre les mains de l’ennemi. ´
([A cipher] must not depend on secrecy, and it must not matter if it falls into enemy hands.)
August Kerckhoffs, La Cryptographie Militaire, January 1883 
Publicado el 14/08/2012 por SecurityTubeCons
This video is part of the Infosec Video Collection at SecurityTube.net:http://www.securitytube.net
Deepsec – Debugging GSM
Slides : –https://deepsec.net/docs/Slides/DeepSec_2010_Debugging_GSM.pdf Dieter Spaar, Karsten Nohl, Security Research Labs, BerlinThe popular GSM cell phone standard uses outdated security and provides much less protection than its increasing use in security applications suggests. Our research aims to correct the disconnect between technical facts and security perception by creating a GSM tool that allows users to record and analyze GSM data to see what security features were really implemented by their operator. The talk discusses a GSM debugging tool that consists entirely of open source software and open radio hardware. We will demonstrate how to record and decode GSM calls, even encrypted ones.Dieter reverse-engineers systems to an open source equivalents. Currently, his work focus is GSM where he contributed to the OpenBSC, OsmocomBB and Airprobe projects.
Deepsec – The Future of Social Engineering
Publicado el 04/05/2012 por en4rab
Mifare are the most widely deployed brand of secure RFID chips, but their security relies on proprietary and secret cryptographic primitives. We analyzed the hardware of the Mifare tags and found weaknesses in several parts of the cipher.
Chaos Computer Club
Speaker: Karsten Nohl
Speaker: Henryk Plötz