Title :
A concept of automated vulnerability search in contactless communication applications
Author :
Henzl, Martin ; Hanacek, Petr ; Jurnecka, Peter ; Kacic, Matej
Author_Institution :
Dept. of Intell. Syst., Brno Univ. of Technol., Brno, Czech Republic
Abstract :
Designing and implementing secure applications which use contactless communication link is difficult even when secure hardware is used. Many current proximity devices, such as contactless smart cards or near field communication devices, are verified to be highly secure; however, inappropriate protocol implementation may result in the leak of sensitive information, even if the protocol is also secure by itself. In this paper we show a concept of automated vulnerability search in protocol implementation by using verification methods, which should help developers to verify their applications. We also show simple example of possible attack on seemingly secure payment protocol implemented using seemingly secure smart card to show the way the adversary can abuse improper implementation. The vulnerability the attacker exploits can be in one command or in a combination of commands, which are not vulnerable individually. It is not easy to find such combinations manually, this is where the automated verification methods are put to use. A model checker, provided with an appropriate model, can automatically find vulnerabilities which are not likely to be found manually. The model can be created by the actual communication analysis. We wanted to show that the adversary does not have to have the access to the source code of the application to perform a successful attack, so a platform for the application analysis from the actual contactless communication was developed. The platform provides eavesdropping, altering data for man-in-the-middle attack, and emulating of both communication parties. The source code can help the analysis, but would not be sufficient by itself, so creating model from source code was left for future research. When the model checker finds vulnerability, an attack can be executed. The attack can be either successful, revealing real vulnerability which must be fixed, or unsuccessful, which would result in the model refinement and another model checker run.
Keywords :
cryptographic protocols; near-field communication; radiofrequency identification; smart cards; source coding; telecommunication security; RFID tags; automated vulnerability search; communication analysis; contactless communication link; contactless smart cards; man-in-the-middle attack; model checker; model refinement; near field communication devices; protocol implementation; proximity devices; radiofrequency identification tags; secure hardware; secure payment protocol; seemingly secure smart card; source code; verification methods; Mifare DESFire; NFC; contactless; near field communication; proximity; security; smart card; vulnerability;
Conference_Titel :
Security Technology (ICCST), 2012 IEEE International Carnahan Conference on
Conference_Location :
Boston, MA
Print_ISBN :
978-1-4673-2450-2
Electronic_ISBN :
1071-6572
DOI :
10.1109/CCST.2012.6393556
