import of old now defunct presentation slides svn repo

1 files changed, 410 insertions, 0 deletions

diff --git a/2014/simtrace-openfest2014/part-sim.tex b/2014/simtrace-openfest2014/part-sim.tex
new file mode 100644
index 0000000..a8f737a
--- /dev/null
+++ b/2014/simtrace-openfest2014/part-sim.tex
@@ -0,0 +1,410 @@
+\section{SIM Cards}
+
+\subsection{Smart Card Basics}
+
+\begin{frame}{Terminology}
+\begin{description}
+	\item[SIM] Subscriber Identity Module
+	\item[USIM] Universal Subscriber Identity Mdoule
+	\item[UICC] Universal Integrated Chip Card
+	\item[MS] GSM Mobile Station (phone, modem)
+	\item[UE] UMTS User Equipment
+	\item[ME] GSM Mobile Equipment (MS + SIM)
+	\item[OTA] Over The Air
+	\item[SAT] SIM Application Toolkit
+	\item[CAT] Card (UICC) Application Toolkit
+	\item[USAT] USIM Application Toolkit
+	\item[TAR] Toolkit Application Reference
+\end{description}
+\end{frame}
+
+\begin{frame}{Relevant Specification Bodies}
+\begin{itemize}
+	\item ISO (ISO 7816) smart cards
+	\item ETSI (Eurpoean Telecomms Standardisation Institute)
+	\begin{itemize}
+		\item Classic GSM SIM
+		\item UICC card as basis for various telecom ID purposes
+		\item Card Application Toolkit (CAT)
+	\end{itemize}
+	\item 3GPP (3rd Generation Partnership Project)
+	\begin{itemize}
+		\item USIM Application
+		\item USIM Application Toolkit (USAT)
+		\item API based applet interworking
+	\end{itemize}
+	\item Global Platform
+	\begin{itemize}
+		\item Overall spec for SIM/USIM with Java
+	\end{itemize}
+	\item Sun Microsystems (now Oracle)
+	\begin{itemize}
+		\item Java Card Virtual Machine
+		\item Java Card Runtime Environment
+	\end{itemize}
+\end{itemize}
+\end{frame}
+
+\begin{frame}{The Subscriber Identity Module (SIM)}
+\begin{itemize}
+	\item Basic idea was to store cryptographic identity of subscriber inside smart card
+	\item User can thus migrate identity from one device to another
+	\item User can furthermore use different SIM in same device (e.g. local prepaid SIM while travelling)
+	\item Original SIM card design mostly ISO 7816-4 filesystem and single command to execute A3/A8 algorithm inside card
+	\begin{itemize}
+		\item This could even be done in logic, no processor required
+	\end{itemize}
+\end{itemize}
+\end{frame}
+
+\begin{frame}{The modern SIM}
+The modern SIM is an entirely different beast
+\begin{itemize}
+	\item Cryptographic processor smart card
+	\begin{itemize}
+		\item Symmetric cryptography such as DES, 3DES, AES
+		\item Public key cryptography such as RSA, ECC
+	\end{itemize}
+	\item Java Card including a small Java VM and Java RE
+	\item Multiple application support
+	\item Ability to download applications (Applets) into card
+\end{itemize}
+\end{frame}
+
+\begin{frame}{Smart Card Basics}
+\begin{itemize}
+	\item microprocessor with RAM, Flash and Operating System
+	\item Interface: Electrical + Logical Protocol (ISO7816-3, ISO7816-4)
+	\item File System based representation of information
+	\item Protocol describes remote operations on the file system
+	\item Few non-filesystem related commands for e.g.  authentication
+\end{itemize}
+\end{frame}
+
+\begin{frame}{Smart Card Filesystem}
+\begin{itemize}
+\item Hierarchical file system like on PC
+\begin{description}[MF]
+	\item[MF] (master file): root directory
+	\item[DF] (dedicated file): subdirectory
+	\item[EF] (entry file): actual file
+	\begin{itemize}
+		\item transparent or record oriented
+		\item record linear fixed/variable or record cyclic
+	\end{itemize}
+\end{description}
+\item File names don't exist on card. 16bit FID (File ID) or 8bit SFID used instead
+\end{itemize}
+\end{frame}
+
+\begin{frame}{Smart Card Filesystem Hierarchy}
+\begin{figure}[h]
+	\centering
+	\includegraphics[width=110mm]{sim-mf-df_gsm.png}
+\end{figure}
+\end{frame}
+
+
+%\begin{frame}{Smart Card Filesystem Permissions}
+%\begin{itemize}
+%	\item similar to 'permission bits' on Linux or other PC OS
+%	\item each file can define separate read/write permissions
+%	\item some cards are permanently read-only
+%	\item other files can be written to after regular PIN verification
+%	\item yet another set of files e.g. needs one of the ADM PINs
+%\end{itemize}
+%\end{frame}
+
+
+%\begin{frame}{Smart Card Logical Channels}
+%\begin{itemize}
+%	\item Initially Smart Cards had only one interface (UART)
+%	\item This means that only one application on the host side can interact with it, as there's sharde state
+%	\item logical channels introduce a concept where this connection is virtualized, and multiple separate states (including with different access privileges) can exist in parallel
+%\end{itemize}
+%\end{frame}
+
+\begin{frame}{SIM Card APDU Commands}
+Classic SIM card commands include the following
+\begin{itemize}
+	\item SELECT (change directory / open file)
+	\item READ BINARY, UPDATE BINARY (read/write transparent EF)
+	\item READ RECORD, UPDATE RECORD (read/write record EF)
+	\item ENABLE CHV, DISABLE CHV, CHANGE CHV (enable, disable or change PIN)
+	\item VERIFY CHV, UNBLOCK CHV (verify or unblock PIN)
+	\item RUN GSM ALGORITHM (A3/A8 authentication)
+\end{itemize}
+\end{frame}
+
+\begin{frame}{Smart Card Filesystem}
+Typical operations of the phone include
+\begin{itemize}
+	\item navigating inside filesystem by SELECT on DF/EF
+	\item authenticating the user PIN
+	\item reading/updating files
+	\begin{itemize}
+		\item reading IMSI
+		\item old-school SMS and contact storage
+		\item storing session keys (Kc/KcGPRS, ...)
+		\item storing last cell on power-off
+	\end{itemize}
+\end{itemize}
+\end{frame}
+
+\begin{frame}{Smart Card PINs}
+The level of access to the filesystem and other card features is
+determined by authentication using a shared secret, called 'PIN'.
+\begin{itemize}
+	\item Regular PIN for normal use of the card by the end user
+	\item PUK for resetting the pin after too many retries
+	\item ADM1..n PIN for access by the operator only
+\end{itemize}
+\end{frame}
+
+%\begin{frame}{Multi-Application Smart Cards}
+%\begin{itemize}
+%	\item Classic SIM cards are single application, accessing the
+%		GSM related files works by entering the known DF.GSM
+%	 	directory with its well-known FID
+%	\item Later the idea of multi-application smart cards entered
+%		the market
+%	\item A multi-application smart card contains an EF.DIR in the
+%		MF
+%	\item EF.DIR contains records with the AIDs of all applications
+%		on the card.
+%	\item AID prefix is well-known to the application, AID suffix is
+%		manufacturer specific.  Applications use prefix-match
+%	\item application specific directory can be entered by SELECT on
+%		the AID
+%\end{itemize}
+%\end{frame}
+
+%\begin{frame}{USIM Application Dedicated File (ADF.USIM)}
+%\begin{figure}[h]
+%	\centering
+%	\includegraphics[width=110mm]{usim-dir-structure.png}
+%\end{figure}
+%\end{frame}
+
+
+%\subsection{From SIM to UICC and USIM}
+
+%\begin{frame}{Evolution of the SIM}
+%\begin{itemize}
+%	\item Classic GSM SIM cards
+%	\begin{itemize}
+%		\item initial GSM / ETSI TS 11.11 for classic GSM SIM, based on ISO 7816-2/3/4
+%		\item small changes for GPRS support by introducing a few new optional files
+%		\item Class byte 0xA0 used in GSM SIM
+%	\end{itemize}
+%	\item USIM cards
+%	\begin{itemize}
+%		\item Completely new approach based on ETSI UICC spec, multi-application capable
+%		\item Selection of ADF.USIM by AID
+%		\item Many new files
+%		\item backwards compatibility achieved by placing DF.GSM
+%			in MF and linking (think of symlink/hardlink) of
+%			relevant files
+%		\item Authentication for GSM and UMTS can be completely
+%			different (algorithm, secret key used, ...)
+%	\end{itemize}
+%	\item Additional application profiles exist for GSM-R, TETRA and
+%		other ETSI related communications systems.
+%\end{itemize}
+%\end{frame}
+
+%\begin{frame}{Evolution of Specifications}
+%\begin{itemize}
+%	\item Classic SIM: ETSI TS 11.11 / 3GPP TS 51.011
+%	\item UICC Card: 3GPP TS 31.101, 31.900, ETSI TS 102 221, 102 222
+%	\item USIM application: 3GPP TS 31.102
+%	\item ISIM application for IMS (VoIP for LTE): 3GPP TS 31.103
+%\end{itemize}
+%\end{frame}
+
+%\begin{frame}{ISIM Application Dedicated File (ADF.ISIM)}
+%\begin{figure}[h]
+%	\centering
+%	\includegraphics[width=110mm]{isim-dir-struct.png}
+%\end{figure}
+%\end{frame}
+
+\subsection{SIM Application Toolkit (SAT)}
+
+\begin{frame}{SIM Application Toolkit (SAT)}
+\begin{itemize}
+	\item Ability for card to run applications that have UI on the phone
+	\begin{itemize}
+		\item Display menu items on-screen
+		\item Get user input from keypad/touch-screen
+	\end{itemize}
+	\item Original Version Described in TS 11.14 and 11.11
+\end{itemize}
+\end{frame}
+
+\begin{frame}{SAT -- Proactive SIM}
+The {\em Proactive SIM} features
+\begin{itemize}
+	\item Sending a short message
+	\item Setting up a voice call
+	\item Playback of a tone in earpiece
+	\item Providing location information from ME to SIM
+	\item Have ME execute timers on behalf of SIM
+	\item Sending DTMF to network
+	\item Running an AT command received from SIM, sending result back to SIM
+	\item Ask ME to launch browser to SIM-provided URL
+\end{itemize}
+\end{frame}
+
+\begin{frame}{SAT -- Call and SMS Control}
+\begin{itemize}
+	\item ME passes MO call setup attempts to SIM for approval
+	\item SIM can then
+	\begin{itemize}
+		\item approve or decline the MO call
+		\item modify the call details such as phone number
+		\item replace the call with USSD message
+	\end{itemize}
+	\item ME passes USSD requests similar to Call Control
+	\item Similar mechanism exists for all MO SMS
+\end{itemize}
+\end{frame}
+
+\begin{frame}{SAT -- Provide local information}
+The SIM can inquire the ME about
+\begin{itemize}
+	\item MCC / MNC / LAC / Cell ID
+	\item IMEI of ME
+	\item Network Measurement Results
+	\item BCCH channel list
+	\item Date, Time, Timezone
+	\item ME language setting
+	\item Timing Advance
+\end{itemize}
+\end{frame}
+
+\begin{frame}{SAT -- Event download}
+The SIM is notified by ME about certain events such as
+\begin{itemize}
+	\item Call Connected / Disconnected
+	\item Location Status (Location Area change)
+	\item User activity (keyboard input)
+	\item Idle screen available
+	\item Browser termination
+\end{itemize}
+\end{frame}
+
+\begin{frame}{SAT - Data download}
+\begin{itemize}
+	\item Enables Operator to exchange arbitrary data with the SIM
+	\item Could be RFM (Remote File Management)
+	\begin{itemize}
+		\item Read or modify phone book entries
+		\item Even change the IMSI of the SIM (!)
+	\end{itemize}
+	\item In case of Java Card, can be download of card applets
+	\begin{itemize}
+		\item Applets are stored permanently on SIM
+		\item Can later use SAT procedures to interact with ME
+		\item TS 03.19 specifies Java API to access SAT from Java RE
+	\end{itemize}
+\end{itemize}
+\end{frame}
+
+\begin{frame}{SAT - Data download}
+SAT Data Download can happen via
+\begin{itemize}
+	\item via SMS or Cell Broadcast
+	\begin{itemize}
+		\item Uses TS 03.40 TP-PID {\em SIM DATA Download}
+		\item ME forwards such SMS to the SIM in {\tt ENVELOPE} APDU
+		\item Response from SIM is sent back as MO-SMS or DELIVERY REPORT
+	\end{itemize}
+	\item via BIP (Bearer Independent Protocol)
+	\begin{itemize}
+		\item Dedicated CSD call between network and SIM
+		\item GPRS session between network and SIM
+	\end{itemize}
+\end{itemize}
+\end{frame}
+
+\begin{frame}{SAT - Data download}{Data download security}
+\begin{itemize}
+	\item GSM TS 03.48 specifies secure messaging for data download
+	\item Includes replay protection
+	\item Supports DES and 3DES
+	\item SMS chaining for long commands / large data
+\end{itemize}
+\end{frame}
+
+\subsection{SIM threat model}
+\begin{frame}{SIM card abuse by hostile operator}
+\begin{itemize}
+	\item Even if the phone might be considered trusted, the SIM card is owned and controlled by the operator
+	\item Using SAT features, the operator can control many aspects of the phone
+	\item Examples
+	\begin{itemize}
+		\item Remotely reading address book / stored SMS
+		\item Monitor user behavior (browser termination, idle screen, ...)
+		\item Ask phone to establish packet data session
+	\end{itemize}
+\end{itemize}
+\end{frame}
+
+\begin{frame}{SIM card re-programming by attacker}
+\begin{itemize}
+	\item If the SIM is not properly secured (auth + encryption keys, ...) a third party attacker can send SAT envelope SMS to the card and install resident Java applets
+	\item The attacker can then
+	\begin{itemize}
+		\item Obtain detailed location information and send it via SMS
+		\item Intercept/log outgoing calls
+		\item Sending copies of incoming + outgoing SMS elsewhere
+	\end{itemize}
+	\item Even using SIM card channel to exploit baseband stack is feasible
+\end{itemize}
+\end{frame}
+
+\begin{frame}{SIM card proxy / MITM by attacker}
+As soon as an attacker has temporary physical access to a phone, he can
+\begin{itemize}
+	\item Insert a proxy-SIM between real SIM and phone
+	\item Do everything a Java applet could do, but even with a securely configured SIM as he does not modify the existing SIM
+	\item Sniff current Kc and send it out e.g. via SMS or even UDP/TCP packets over GPRS
+	\item ... by only using standard interfaces that are common among all phones (as opposed to baseband software hacking which is very model-specific)
+\end{itemize}
+Most users would never notice this as they rarely check their SIM slot
+\end{frame}
+
+%%%%%%
+\subsection{SIM attacks countermeasures}
+
+\begin{frame}{Defending against SIM based attacks}
+\begin{itemize}
+	\item SIM cards are Operator issued, Ki is on the SIM
+	\begin{itemize}
+		\item SIM card can thus not be replaced, but original SIM must be used
+	\end{itemize}
+	\item Configure telephone to not store contacts or SMS on SIM
+	\item Communication between SIM and ME is not encrypted/authenticated
+	\item Solution: Proxy SIM between SIM and ME to break STK / OTA
+	\begin{itemize}
+		\item Filter all STK/OTA/Proactive commands like ENVELOPE
+		\item Indicate lack of STK support to ME (EF.Phase)
+	\end{itemize}
+\end{itemize}
+\end{frame}
+
+\begin{frame}{Proxy SIM with firewall}
+\begin{itemize}
+	\item There are no known commercial products that implement STK/OTA filtering
+	\item But there are a number of shim SIM cards that are plugged between SIM and SIM slot
+	\item Most of them are used for SIM unlocking modern phones
+	\item Some vendors produce freely (re)programmable proxy SIMs:
+\end{itemize}
+\begin{figure}[h]
+\subfigure{\includegraphics[width=40mm]{bladox-turbosim.jpg}}
+\subfigure{\includegraphics[width=25mm]{rebelsim2.jpg}}
+	   \caption{Bladox TurboSIM (AVR) and RebelSIM II (8051)}
+	   %\caption{Bladox Turbo SIM (AVR)}}
+\end{figure}
+\end{frame}