Detail publikace

Modeling of Contactless Smart Card Protocols and Automated Vulnerability Finding

Originální název

Modeling of Contactless Smart Card Protocols and Automated Vulnerability Finding

Anglický název

Modeling of Contactless Smart Card Protocols and Automated Vulnerability Finding

Jazyk

en

Originální abstrakt

We present a method of automated vulnerability finding in protocols that use contactless smart cards. We focus on smart cards with contactless interface because they are simpler than their counterparts with contact interface and provide less functionality, which can be modeled more easily. Our method uses model checking to find possible attacks in a model of the protocol implementation on particular smart card. There is a possibility to model arbitrary smart card, we demonstrate this method on one of the currently most widespread contactless smart cards - the Mifare DESFire. Using our method we were able to locate a couple of weaknesses of this smart card which may cause vulnerability if the protocol is not implemented properly. This method can be used by developers to evaluate security of their protocol implementation on particular smart card.

Anglický abstrakt

We present a method of automated vulnerability finding in protocols that use contactless smart cards. We focus on smart cards with contactless interface because they are simpler than their counterparts with contact interface and provide less functionality, which can be modeled more easily. Our method uses model checking to find possible attacks in a model of the protocol implementation on particular smart card. There is a possibility to model arbitrary smart card, we demonstrate this method on one of the currently most widespread contactless smart cards - the Mifare DESFire. Using our method we were able to locate a couple of weaknesses of this smart card which may cause vulnerability if the protocol is not implemented properly. This method can be used by developers to evaluate security of their protocol implementation on particular smart card.

BibTex


@inproceedings{BUT104512,
  author="Martin {Henzl} and Petr {Hanáček}",
  title="Modeling of Contactless Smart Card Protocols and Automated Vulnerability Finding",
  annote="We present a method of automated vulnerability finding in protocols that use
contactless smart cards. We focus on smart cards with contactless interface
because they are simpler than their counterparts with contact interface and
provide less functionality, which can be modeled more easily. Our method uses
model checking to find possible attacks in a model of the protocol implementation
on particular smart card. There is a possibility to model arbitrary smart card,
we demonstrate this method on one of the currently most widespread contactless
smart cards - the Mifare DESFire. Using our method we were able to locate
a couple of weaknesses of this smart card which may cause vulnerability if the
protocol is not implemented properly. This method can be used by developers to
evaluate security of their protocol implementation on particular smart card.",
  address="IEEE Computer Society",
  booktitle="2013 International Symposium on Biometrics and Security Technologies (ISBAST)",
  chapter="104512",
  edition="NEUVEDEN",
  howpublished="print",
  institution="IEEE Computer Society",
  year="2013",
  month="july",
  pages="141--148",
  publisher="IEEE Computer Society",
  type="conference paper"
}