Paper 2020/780
The Long and Winding Path to Secure Implementation of GlobalPlatform SCP10
Daniel De Almeida Braga, Pierre-Alain Fouque, and Mohamed Sabt
Abstract
GlobalPlatform (GP) card specifications are defined for smart cards regarding rigorous security requirements. The increasingly more powerful cards within an open ecosystem of multiple players stipulate that asymmetric-key protocols become necessary. In this paper, we analyze SCP10, which is the Secure Channel Protocol (SCP) that relies on RSA for key exchange and authentication. Our findings are twofold. First, we demonstrate several flaws in the design of SCP10. We discuss the scope of the identified flaws by presenting several attack scenarios in which a malicious attacker can recover all the messages protected by SCP10. We provide a full implementation of these attacks. For instance, an attacker can get the freshly generated session keys in less than three hours. Second, we propose a secure implementation of SCP10 and discuss how it can mitigate the discovered flaws. Finally, we measure the overhead incurred by the implemented countermeasures.
Note: Experiment-related material is available at https://github.com/ddealmei/SCP10-attack
Metadata
- Available format(s)
-
PDF
- Category
- Implementation
- Publication info
- Published by the IACR in TCHES 2020
- DOI
- 10.13154/tches.v2020.i3.196-218
- Keywords
- SCP10Java cardBleichenbacherCoppersmith
- Contact author(s)
-
daniel de-almeida-braga @ irisa fr
pierre-alain fouque @ irisa fr
mohamed sabt @ irisa fr - History
- 2020-06-27: received
- Short URL
- https://ia.cr/2020/780
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2020/780,
author = {Daniel De Almeida Braga and Pierre-Alain Fouque and Mohamed Sabt},
title = {The Long and Winding Path to Secure Implementation of GlobalPlatform SCP10},
howpublished = {Cryptology ePrint Archive, Paper 2020/780},
year = {2020},
doi = {10.13154/tches.v2020.i3.196-218},
note = {\url{https://eprint.iacr.org/2020/780}},
url = {https://eprint.iacr.org/2020/780}
}
