Projects per year
Abstract / Description of output
Smart-cards are considered to be one of the most secure, tamper-resistant, and trusted devices for implementing confidential operations, such as authentication, key management, encryption and decryption for financial, communication, security and data management purposes. The commonly used RSA PKCS#11 standard defines the Application Programming Interface for cryptographic devices such as smart-cards. Though there has been work on formally verifying the correctness of the implementation of PKCS#11 in the API level, little attention has been paid to the low-level cryptographic protocols that implement it.
We present REPROVE, the first automated system that reverse-engineers the low-level communication between a smart-card and a reader, deduces the card's functionality and translates PKCS#11 cryptographic functions into communication steps. REPROVE analyzes both standard-conforming and proprietary implementations, and does not require access to the card. To the best of our knowledge, REPROVE is the first system to address proprietary implementations and the only system that maps cryptographic functions to communication steps and on-card operations. We have evaluated REPROVE on five commercially available smart-cards and we show how essential functions to gain access to the card's private objects and perform cryptographic functions can be compromised through reverse-engineering traces of the low-level communication.
We present REPROVE, the first automated system that reverse-engineers the low-level communication between a smart-card and a reader, deduces the card's functionality and translates PKCS#11 cryptographic functions into communication steps. REPROVE analyzes both standard-conforming and proprietary implementations, and does not require access to the card. To the best of our knowledge, REPROVE is the first system to address proprietary implementations and the only system that maps cryptographic functions to communication steps and on-card operations. We have evaluated REPROVE on five commercially available smart-cards and we show how essential functions to gain access to the card's private objects and perform cryptographic functions can be compromised through reverse-engineering traces of the low-level communication.
Original language | English |
---|---|
Title of host publication | ACSAC 2015 Proceedings of the 31st Annual Computer Security Applications Conference |
Place of Publication | New York |
Publisher | ACM |
Pages | 441-450 |
Number of pages | 10 |
ISBN (Electronic) | 978-1-4503-3682-6 |
DOIs | |
Publication status | Published - 5 Dec 2015 |
Keywords / Materials (for Non-textual outputs)
- Computer security
- smart cards
- reverse engineering
Fingerprint
Dive into the research topics of 'Getting to know your Card: Reverse-Engineering the Smart-Card Application Protocol Data Unit'. Together they form a unique fingerprint.Projects
- 1 Finished
-
The integration and interaction of multiple mathematical Reasoning Processes
Bundy, A., Aspinall, D., Colton, S., Fleuriot, J., Gow, J., Grov, G., Ireland, A., Jackson, P., Mcneill, F., Michaelson, G. & Smaill, A.
1/11/15 → 31/10/19
Project: Research
Profiles
-
Alan Bundy
- School of Informatics - Professor
- Artificial Intelligence and its Applications Institute
- Data Science and Artificial Intelligence
Person: Academic: Research Active
-
Fiona Mcneill
- School of Informatics - Reader in Computer Science Education
- Institute of Language, Cognition and Computation
- Language, Interaction, and Robotics
Person: Academic: Research Active