1. InfoconDB
  2. Black Hat
  3. Black Hat Asia 2017
  4. Breaking Korea Transit Card with Side-Channel Attack - Unauthorized Recharging

Breaking Korea Transit Card with Side-Channel Attack - Unauthorized Recharging

Presented at Black Hat Asia 2017, March 30, 2017, 5 p.m. (30 minutes)

Recent side-channel attacks have shown that the security of smart devices is a matter of serious concern. Financial damage by attacking security systems can be the most fatal threat in the real world. We target a real-world smartcard widely used in Korea, embedding cryptographic features. Our attack was conducted in a black-box manner where everything is unknown for the target device except for public information such as standard documents and specifications. As a result of attack, a 128-bit secret key for mutual authentication required when a legitimate user uses functions served by card such as payment, refund, recharging et al. can be completely restored, even although our target device employs some countermeasures against side-channel attacks in hardware level. <br> <br> More specifically, we provide how to attack the target device in detail, and we show how to profile target information (i.e., cryptographic operation under attack) where only public information is known to an attacker. From the profiled information, we show how to extract the cryptographic key (used in encryption, digital signature, authentication and so on) from side-channel analysis.<br> <br> Finally, by using this recovered secret key, we constructed a hacking tool to facilitate illegal recharging of balance in the transit card. Therefore, we are able to free recharge balance on the card as much as we want without spending any money.<br> <br>The most important thing in our contributions is that we offer the know-how obtained by tremendous experiments in order to reduce trial and errors for attacking other secure devices in similar environments to ours. Our results demonstrate that side channel attacks have a serious real-world impact on the security on embedded systems.

Presenters:

  • Tae Won Kim - Senior researcher, SNTWORKS, Korea University
    Tae Won Kim is a senior engineer at SNTWORKS company. He focuses specifically on hacking real world devices such as smartcard, mobile phone , IoT devices etc .. using side -channel analysis attacks beyond theoretical research. Tae Won Kim has a lot of experience of analysis for smart devices such as printer, IC card, and USIM chip.

Links:

Similar Presentations: