Month: September 2012

Going walletless and the NFC convergence

Wired magazine contributor Christina Bonnington has bravely committed herself to running a month long experiment in living without a traditional wallet, substituting a smart phone instead for all the functions associated with that familiar object.  That includes not only foregoing payments– neither cash or standard credit cards are permitted– but also identification, transit and coupons. At first sight, this is the type of cutting-edge experiment that could go two ways. In the best case it could become a remarkable exercise in pushing the envelope for existing mobile payments technologies, demonstrating how far one can get to pure digital wallet simply by leveraging options on the market today in creative ways. (Bonnington is armed with an iPhone and Galaxy Nexus capable of running Google Wallet. There are no unreleased/secret apps in the mix that would not be otherwise available to the audience, modulo the usual app  compatibility constraints.)

Or it could become the mobile-payments equivalent of failed Biosphere mission, where a group of scientists locked themselves into a sealed ecosystem that was going to be self-sufficient but eventually had to terminate the mission prematurely as conditions inside deteriorated. There is a risk to running such an experiment too early in the development cycle of a technology, before it has achieved a critical mass of adoption to wean off of competing legacy alternatives. In fairness the setting for this experiment is already optimized for success:  San Francisco boasts a dense urban core, and Bay Area has traditional served as an early-adopter of innovations. A quick check shows plenty of locations accepting pay-with-Square, MasterCard Paypass terminals compatible with Google Wallet (Peet’s Coffee, Walgreens and Whole Foods alone go a long ways) and Level-Up locations, among other popular mobile payment options.

With that in mind, one can optimistically look at other scenarios where smartphones hold the promise of some day replacing and consolidating their traditional equivalents:

  • Transit. From the introductory piece: “My usual modes of transport, San Francisco’s Muni bus lines and BART rail system, require a card. So I’ll be doing more walking, biking, and driving.” In an ideal world she need not give up on BART or Muni. After all both of them use the Clipper card, which is based on MIFARE DESfire technology running over NFC. Mifare emulation is already possible with Android phones, as demonstrated by offer redemption with Google Wallet using  single-tap transactions. There are compatibility issues with current generation of hardware as well as provisioning challenges– how to deliver the transit credentials safely to a phone over-the-air, comparable to handing users a plastic card.
  • Event badging. In this year alone, this blogger attended two conferences where the badges incorporated NFC (BlackHat briefings in Las Vegas, and RSA conference in San Francisco, both using Mifare classic tags) Lest we assume this trend is confined to technology conferences: the three-day music festival Outside Lands at Golden Gate Park used NFC tags for passes. In principle all of these roles can be relegated to the smartphone.
  • Physical access. Another observation from Blackhat: the Aria hotel uses NFC tags for room keys. Again this can be incorporated with Mifare emulation capability in NFC hardware, once the provisioning challenges are solved. That means one day checking into a hotel no longer requires a stop at the reception to pick up keys: credentials to unlock the room are delivered over-the-air to the guests’ smartphone before they arrive. Bonnington also noted in her disclaimers “I will not be ditching my house keys.” While Yale Locks announced a door lock that open via NFC,  hotels are more likely to see adoption of such solutions compared to private residences. The set of individuals with authorized access to a particular apartment or house change rarely. By comparison there is a lot more efficiency gains possible in the hotel industry from improving on the card-key access.
  • Employee badges. Closely related scenario for access to shared-spaces: office buildings. Many of these are transitioning from ancient proprietary 125Khz RFID tags pioneered by HID to more standard solutions running on the NFC frequency. In principle these can be replaced by smartphones as well. Popular card-readers controlling access to doors in office buildings are designed to accept NFC cards. For example many of the HID readers are compatible with the US government PIV standard, which uses standard NFC communication in ISO-7816 mode already supported by existing Andoid hardware.

CP

Digital River, Microsoft and code-signing failures

In the wake of the recent Adobe code-signing debacle, this is a good time to revisit other failure modes of code signing. Recently this blogger tried downloading an evaluation copy of Microsoft Office and noticed a strange warning dialog about the installer being signed by “Digital River.” (Granted, that could make the author one of 5 people in the world paying attention to such warnings– and not proceeding with running the installer as a result.)

Who was Digital River and why would software published by MSFT carry a signature of any corporate entity other than MSFT itself? From a pure authentication perspective, the situation looked indistinguishable from a man-in-the-middle attack, where some nebulous attacker on the network observed the download request and clumsily substituted a Trojaned application instead, hoping the user would not notice the difference. The code was downloaded straight from the official Office website, a page that is not served over SSL. Or perhaps the servers hosting the application had been breached and started distributing malware to unsuspecting users hoping for free copies of Office.

Cursory Googling revealed a more benign, mundane explanation that did not involve malfeasance: Digital River hosts the official online MSFT store, serving as the distribution channel for purchasing software via direct download model. (Top search results include a forum post from 2009 featuring an irate customer titled “digital river does not deserve to be microsoft default agent”) But the same search also turned up a disturbing presentation on F-Secure website by Jarno Niemelä, dating back to 2010. The good news: it confirmed that Digital River does in fact handle software distribution for many published besides MSFT, and even digitally signs the applications on their behalf– that would explain the Authenticode dialog above. That alone does not make it safe to proceed past the dialog: all it means is that trust in the purposed Office installer is only as good as the trust in all other software signed by DR. After all any one of the other applications bearing the identical signature could have been substituted in its place, if the only criteria for establishing trust is that certificate. What else has DR signed? That is the really bad news: DR had been caught signing malware, as well as installers which were effectively open-ended: meta-installers designed to invoke other installers from third-party URLs that DR had no control over.

Vouching for the integrity of applications one has no control over is at best extreme naivete, and at worst, willful negligence under the guise of solving a problem for software publishers. There is no question that unsigned code is a user-experience problem: web browsers and A/V react differently, and present  danger-Will-Robinson warnings when confronted with applications of unknown origin. That is by design. “Solving” that problem by having another company sign anything thrown its way undermines any security benefit of code authentication. These technologies are rooted in the principle that trust– or lack thereof– in software  is derived from trust in the identity/brand of the publisher. When that identity is laundered by having some other entity such as Digital River putting its own brand on the product without conducting due diligence, it removes any semblance of accountability from the original author.

Returning to the example that served as the jumping point for this post, Office derives its credibility from having been authored by MSFT– not by virtue of being distributed by Digital River. That same code carry  exactly same degree of trust regardless of its download location. In fact being signed by Digital River subtracts from the credibility of the code, which is exactly the opposite of intended effect. An up-and-coming software company with no brand recognition might benefit from using the service: after all, anything beats the unsigned  code warning. (But then again, Digital River is not exactly a household name either. The only reasons to prefer that over having  your own certificate could be the cost and difficulty of implementing code signing– just ask Adobe.) In the case of MSFT, there is net loss of trust in the end product.

Luckily Office 2013 preview is also available for download. It carries the expected MSFT signature.

CP

Bringing cloud identity to the PC (2/2)

With Windows 8 released to manufacturing and available for download from MSDN, this is a good time to complete the post on using cloud identity in a traditional PC operating system. As MSFT announced on the Building Windows blog almost a year ago, Windows 8 will support signing in with Windows Live ID, now rebranded as Microsoft ID. Instead of creating local accounts, users can now authenticate to a Windows 8 machine using their existing cloud account.

Of course such integration is far from novel, with many examples of familiar consumer devices that had tight integration with a cloud authentication service, in some cases requiring that users authenticate with such an account to setup the device in the first place:

  •  iOS and its use of an Apple account on iPod/iPhone/iPad
  • Android and its integration with Google accounts systems. In fact Android has an extensible account manager concept: it allows defining additional cloud identity providers by having installed applications act as account authenticators, which can be invoked by any other app. (Looked another way, Android re-invented SSPI model that Windows supported since NT4 but never quite at the level of interchangeability its designers hoped– no new ideas under the sun.)
  • More recently Chrome OS and similar integration with Google accounts

In all cases, this identity becomes an integral part of device functionality when accessing cloud-based functionality: for example it is used to backup settings, migrate to new device, download email and calendar entries, make purchases in the respective app markets. This requires a level of integration between the OS and applications, such that after logging into the OS once, the user is automatically also logged into cloud services without having to explicitly type their password again. Without such automatic transfer of authentication state, the initial login would become pure window dressing that only grants access to local system resources. Luckily such seamless integration exists in Windows 8: after logging in, the mail application transparently downloads mail from Hotmail, Sky Drive can access saved files, Messenger can display presence information for contacts and Internet Explorer can open web pages requiring Live ID as already authenticated. In fact since as long as the functionality is implemented as standard SSP, it becomes available to third-party applications to use for creating apps that access user-data stored in the MSFT cloud.

There are also differences: first one is that Windows supports local accounts and the user may be upgrading a Windows 7 box– because nobody is running Vista– already configured with one. This introduces a requirement to retroactively associate an existing account with a cloud identity. Mobile devices started out with the assumption of cloud connectivity, and a clean slate to define their identity scheme. Second the user experience is different: for mobile devices user authentication is rare for good reasons: phones have awful virtual keyboards that make typing plain English painful, much less a strong password that containing  random mixture of symbols and digits. (While Android screen-lock can be configured with a passphrase, this is logically not the same as the Google account password.) With Windows 8 and Chrome OS even unlocking the screen locally can involve some type of authentication, making this ritual more frequent. That also creates a challenge in having to support offline mode: since the device may not have network connectivity at all times, it still has to authenticate the user’s cloud identity without the benefit of reaching the cloud.

Offline mode is not a new problem, as similar issues existed for the bread-and-butter protocols Windows supported before (NTLM and Kerberos) and can be solved by locally caching password hashes, at the well-known risk of introducing brute-force attacks against these cached copies. But some credentials can not be checked offline: an example is the one-time password or OTP codes used for Google 2-step verification: since these are meant to be dynamically generated each time, caching is not applicable and only Google knows what the next code in the sequence is. MSFT has a different concept called single-use codes for Live ID, which is not a secondary factor but replaces the password. It is unclear if these still work for login in connected state; they will likely not work for offline mode.

Stepping back, such tight-coupling between the OS and a particular cloud-identity provider also creates a natural “nudge” for users to favor cloud services authenticated by that identity, since the applications “just work” naturally without additional setup. Consider the difference between having to sign-in to a third-party email or instant-email service, verses going with the path of least resistance using the built-in variant that is automatically signed in. Granted most applications “solve” this problem with a strong bias for saving passwords (as well as annoying opt-out settings to automatically launch as soon as  the user logs in) This may level the playing field for user experience at the expense of security: instead of refreshing credentials over time, they rely on a password or long-lived token to create the illusion of automatic sign-in. Of course in the case of Windows 8, those cached credentials are already at the mercy of Live ID if the user enables one of the highly  touted-features: synchronization of saved passwords across multiple machines, as long as the user is signing in with the same Live ID, similar to Chrome synchronizing website passwords.

 

CP

Credit card authorization: compatibility of CVC1 and CVC3

As discussed in the second post in the series, the magnetic-stripe profile of certain EMV payment protocols such as Paypass produces data in a format similar to what swiping a traditional plastic card might yield. This backwards compatibility has undeniable advantages for transitioning to the more advanced protocols. For example, point-of-sale terminals can have an NFC capability added as bolt-on accessory, without altering the transaction further downstream.

The downside of this seamless transition is that there is no strict firewall separating NFC payments with dynamic CVV3 from swipe-transactions that rely on static CVV1 for authorization. It is possible, albeit inconvenient, to encode NFC transaction data on a plain card and use it at a regular point-of-sale terminal. This explains the replay demonstration that Kristin Padgett performed at Shmoocon in January in 2012. Intended to prove the ease of skimming information from contactless credit cards, this stunt actually serves as an unintended proof of the interchangeability of CVV1 and CVV3. The researcher executed one round of the payment protocol between a hypothetical victim’s contactless plastic card and an NFC reader controlled by the researcher. This transaction does not actually cause any money to exchange hands. It is never reported to the payment network. It is only used to record the transcript of the protocol.  (This is the often hyped “skimming” part: in the US many cards have no additional protection such as PIN required to complete the transaction, unlike in Europe where it is common to have PIN entry above certain transaction threshold.) The transcript is then used to construct track data, encoded on a plastic card and swiped through a Square reader, to conduct the actual “fraudulent” transaction.

To be more precise, and this is where details of the protocol become important, it is not the case that a CVV3 can be substituted whenever the CVV1 appears on track data. The individual fields are not identical between the standard plastic card and emulated stripe from a contactless payment. (Among other things, a contactless payment include a transaction counter or ATC that is echoed in track data, incrementing for each transaction.) Rather the complete, unaltered track-data containing one-time generated CVV3 can to be substituted in place of static track data containing CVV1. The Shmoocon demonstration was a beautiful example of how the entire payment stack, starting with the custom hardware of the Square reader, the payment processing backend of Square and the acquiring bank involved (Chase Paymentech, for all Square transactions) were oblivious to the change in form factor. The whole point of backwards compatibility is that at some point far enough downstream from the terminal, everything looks identical. Square is likely not alone in creating this type of avenue for contactless payments to be tunneled over plain magnetic stripes via swipe transactions.

That is not to say that the discrepancy could not have been detected along the way by one of the participants in the chain. Backwards compatibility is same as indistinguishability. Specifically the track-data format includes a service code with different values defined for cards containing chips, designated as “integrated circuit” in the standards. Track data containing this value arriving over a magnetic stripe reader is immediately suspect. In principle either the Square hardware or if track data is visible at all within the application, the associated mobile app could have rejected it right away.  Even further upstream, the payment processor often knows exactly what type of point-of-sale terminal exists at a merchant location– because the hardware is provisioned as part of a packaged offering from the processor. Arrival of track-data containing CVV3 from that merchant would then serve as strong signal of a problem if the merchant is known to be not capable of contactless payments. (One complication is whether card issuers have taken care to define different service codes for cards that have both traditional magnetic-stripe and IC component. If the standard magnetic stripe on the card has same service code as the one emulated by the chip, this heuristic fails. In that case additional heuristics can be used, such as presence of ATC or the appearance of CVV on two tracks, as opposed to track #2 only.)

One final point about replaying CVV3 track data: each protocol execution can only be used to create one valid magnetic-stripe. This is because of the ATC or transaction counter, which is incremented for each time the payment protocol is run. In principle that means the enterprising criminal has to capture multiple transactions when in the vicinity of the contactless card, and then go through the trouble of re-encoding the magnetic stripe with different track data between purchases. This is independent of any other restrictions the issuing bank may have around ATC that creates additional defenses against fraud. For example if the victim uses their card after skimming but before the attacker has gotten around to conducting a transaction. In that case all of the track-data captured by the attacker sports a counter less than the most recent one the bank has observed in a succesful transaction.

CP

CVV3: Demystifying credit card verification (part 2)

Completing an earlier post where we discussed CVV1 and CVV2, this second part looks at CVV3 or colloquially “dynamic CVV.”

One of the obvious security limitations of CVV1 and CVV2 is that they are constant for the life of a particular payment instrument. Because every transaction involves revealing these “secrets” to anther party, namely the merchant where the card-holder is making a payment, the odds are strongly against CVV1/CVV2 remaining secret for a very long time. Indeed card-holders have parted with their CVV via an array of impressive attack vectors over the years: from crude devices masquerading as fake card readers that skim entire magnetic stripes, to phishing attacks that brazenly ask unsuspecting users to input their card number CVV2 and plain incompetent ecommerce merchants that manage to get their entire customer database 0wned. PCI standards try to improve the situation by imposing restrictions against cavalier handling of card data– for example CVV2 can not be stored permanently, only used for authorizing the transaction in real time. But such measures are similar to devising incremental improvements for managing passwords, without fundamentally altering the limitations of a password based approach. Much of that is a limitation of the plastic card technology: the magnetic stripe is considered essentially a static, passive container for small amount of data; there are no “smarts” anywhere in the card.

(** Strictly speaking this is no longer true: several companies have introduced programmable magnetic stripes, where the information can be changed by a chip residing on the card. Similarly the printed CVV2 can be replaced by an LCD screen that flashes a code varying over time. Such cards have never seen widespread deployment.)

This is where EMV which stands for EuroPay, MasterCard and Visa enters into the picture. EMV defines a suite of protocols employing strong cryptography, where the card is not simply a glorified low-density storage medium but contains a chip capable of performing complex payment protocols including the series informally known as chip & PIN. Unfortunately as every engineer who ever proposed a new protocol soon realizes, breaking from the past is not that easy. Migration to EMV suite of protocols presents a formidable triad of challenges: nudge issuing banks to mail out new cards to their customers, convince merchants to replace their point-of-sale terminals with newer models that accept these cards,  and finally ensure that the payment processors those merchants connect to are aware of the improved protocols. Omit any of these steps and all the fraud risks inherent in a static secret return: this is what happens when an American customer travels overseas and hands over an old-fashioned magnetic stripe card to a merchant set up to process a chip & PIN transaction.

Backwards compatibility is a very appealing feature. Its promise is upgrading only part of the system at lower total cost, in such a way that the change remains transparent to other “legacy” components in place, while still attaining some of the benefits realized from a full upgrade. In the case of contactless payments, this takes the form of a “profile” of the original protocol that creates the appearance of having swiped an old-fashioned magnetic stripe card. Called mag-stripe profile appropriately enough, this variant of contactless payment protocols are distinguished by producing output that looks very similar to track-data obtained from plain plastic cards.

The main difference is a challenge-response step added to dynamically generate a different CVV value for each transaction. Instead of containing a fixed CVV1 for every swipe, this scheme instead computes the integrity check using cryptographic keys stored on the chip, as a function of card data as well as a challenge issued by the payment terminal. This constantly changing value is the CVV3 and it takes the place of CVV1 on the emulated track-data resulting from the transaction. (“Emulated” because it is assembled by the terminal from multiple individual card responses sent over NFC during a contactless payment.)

Backwards compatibility is served by keeping the remainder of the transaction identical, once the protocol exchange between card and NFC reader is complete. In that sense the changes required are minimal compared to full chip & PIN implementation. NFC reader is fully aware of the new protocol but beyond that point, there is only track-data returned to the point-of-sale terminal. This information is in exactly the same format as it appears on classic magnetic stripe cards. It is processed in the same manner, passed on to the payment processor for verification, who in turn will typically forward it to the issuer for final authorization. This level compatibility is what allows adding NFC-payments as bolt-on option to existing payment terminals configured for swipe transactions: at some level of abstraction, the new payment flow over NFC using the dynamic CVV3 merges with the existing flow for processing magnetic stripes with CVV1. That interchangeability has surprising security consequences, which will be explored in a subsequent post.

CP

NFC in US passports– verifying the random ID

One final post to conclude the series on reading data from recent US passports with an Android phone. In this post, we will look at the way the “unique ID” or UID emitted by the chip varies each time the chip is brought into the presence of an RF field.

Every NFC tag has a unique identifier that is burnt-in at the factory and constant throughout the lifetime of the hardware. Contrary to mistaken impressions, this identifier is intended for anti-collision eg distinguishing multiple tags when they are all in the presence of an RF field, rather than security applications to authenticate the tag. Devices such as ProxMark can forge an arbitrary UID. There are even off-the-shelf counterfeit MIFARE tags that allow overwriting the UID while still preserving the desired form factor.

While the UID falls short of being a reliable way to authenticate a particular tag, it is still problematic for privacy because it constitutes a persistent identifier that can be used for tracking. Each time the tag is scanned, it emits a constant value that permit correlating with previous times when that tag was scanned– this is true regardless of the higher level transaction. For example even a blank, unused tag completely void of data emits a UID. (Introducing application level protocols on top of the basic NFC transport can only make privacy worse: for example the standard contactless payment protocols will transmit stable identifiers such as the credit card number that are far less privacy-friendly, because unlike UID they can be correlated to many existing databases.)

This is where random UIDs enter into the picture. Instead of emitting the same UID, the hardware can be configured to generate a different one on each activation eg each time the tag is brought into the range of an RF field. A specific range of four-byte UIDs starting with 0x08 is reserved to designate such UID, and to disambiguate that from fixed UID assignments. The US passport is an example of hardware using this feature.

Going back to our NFC TagInfo application, scanning the same passport twice– removing it from the RF field of the phone between the two scans– shows the UID indeed changing:

    

CP