Security Analysis of Provisioning Protocol Used in On-board Credentials Platform

Goal

Security analysis of provisioning protocol used inside On-board Credentials (ObC) system by Nokia Research Center.

Introduction

ObC [1, 2] is an open platform for executing code, operating on secrets that must not leak to an attacker. One use case of the system is to let 3rd parties write credentials that operate inside the secure hardware of a legacy phone, including the secure provisioning of secrets related to the credential. The platform uses M-shield security architecture by Texas Instruments (hardware) and virtual machine (software). It is required to validate this platform from security point of view.

The requirement to validate the environment comes from two main sources:

1. Internal trust guarantees: separating credentials from company-internal, business-critical code that shares the environment;
2. External trust guarantees: if security-conscious third parties are to deploy credentials on the platform, they need a confirmation regarding the achievable level of security for this credentials.

Usually as platform which satisfy these requirements smart cards are used. They are often both in terms of hardware and software validated / certified to standards like EAL4+.

Such certification cannot be achieved in the short term for ObC, especially with respect to the hardware. However, for the security of the software environment, it should be built argumentation for both requirements 1. and 2. There are many validation aspects to consider, but in this proposal only provisioning protocol is considered. Provisioning protocol is the protocol which provides access to secured data for credentials.

Tasks which could be considered as future work are described in section 4.

Project Description

General info:
Duration: 4,5 months
Dates: 15 June 2009 – 31 October 2009
Deliverables: 3 technical reports, simulation code

The following subtasks could be formulated:

1. Studying details of ObC platform 
Dates: 15 June 2009 – 29 June 2009
Duration: 2 weeks.

2. Comparative analysis of cryptographic primitive used in ObC and alternative ones Dates: 1 July 2009 – 31 July 2009
Duration: 1 month.

Description:
The considered platform uses only one of cryptographic primitive AES-EAX. This primitive is actively used by provisioning protocol, i. e. during the protocol the same primitive is used several times for different purposes. It is used for encryption, decryption, hashing, authentication and key derivation.

For all mentioned uses comparative analysis of AES-EAX with some alternative primitives should be done for the following criteria:

• Efficiency
• Possible pitfalls
• Security
• Meeting implementation requirements (memory footprint, cycles)

Deliverables: technical report including comparative analysis.

3. Analytical cryptanalysis of provisioning protocol

Dates: 1 August 2009 – 31 August 2009
Duration: 1 month.

Description:
A discussion about possible attack vectors against the provisioning protocol and their data is needed. Additional goal could be studied – the efficiency of alternative solutions, e.g. possibility of public key cryptography usage (rather than symmetric key).

Deliverables: technical report including possible attacks and founded alternatives.

4. Automatic analysis of provisioning protocol using AVISPA tool
Dates: 1 September 2009 – 31 October 2009
Duration: 2 months.

Description:
AVISPA tool [4] is a technology for the analysis of large-scale Internet security-sensitive protocols and applications. In this task its applicability for analysis of provisioning protocol will be studied. However, validation object could be changed by mutual agreement during the project, e.g. the provisioning protocol could be replaced by subroutine invocation protocol.

Deliverables: technical report including simulation codes.

Long-term plan

There are several tasks [3], which could be considered after pilot project:

1. Cryptographic analysis of sealing protocol (E)
   - Efficiency analysis of sealing protocol
   - Cryptanalysis of sealing protocol
2. Cryptanalysis of key management schemes for these protocols
3. Side-channel attacks analysis (F)

Project members

Supervisor from Nokia: Jan-Erik Ekberg
Supervisor from SUAI: Sergey Bezzateev
PhD student: Alexandra Afanasieva

References

• Jan-Erik Ekberg, N. Asokan, Kari Kostiainen, Pasi Eronen, OnBoard Credentials Platform Design and Implementation, Technical report, NRC-TR-2008-001
• Jan-Erik Ekberg, N. Asokan, Kari Kostiainen, Aarne Rantala, On-board Credentials with Open Provisioning, Technical report, NRC-TR-2008-007
• Jan-Erik Ekberg, Validation of On-Board Credentials, 08/04/2009
• http://avispa-project.org/