Jul 13, 2011

Digipass Nano

I recently had an opportunity (thanks SURFnet, and VASCO) to have some hands-on experience with a novel class of authentication tokens. In a project for SURFnet my colleague Maarten Wegdam and myself looked at so-called SIM augmented authentication tokens, and the VASCO Digipass Nano in particular. The results of our analysis, in the form of a more detailed report, is available from the SURFnet website.

About the technology: A SIM augmented solution sits between the SIM and the handset (the ME) and consists of a very thin chip (see the image) in a sticker. It basically relays all traffic, consisting of so-called ISO7816-4 APDUs, from ME to SIM and back, while intercepting certain APDUs and injecting certain other APDUs. The user can interact with this benign man-in-the-middle through the SIM application toolkit (GSM 11.14, see also my earlier post on Mobile PKI), which is implemented in any GSM handset. VASCO's Digipass Nano uses this trick to implement an event based One Time Password token that is accessed by navigating the SIM menu in the handset, yet is fully secure (if GSM 11.14 is implemented securely) from snooping malware.

The man-in-the-middle characterization of SIM augmented solutions sounds scary, if you think about it, especially with respect to the trust that the ME (through GSM 11.14) puts in the SIM. On the other hand:
  • The (security, usability, and business model) advantages of secure storage of credentials may outweigh the (security, usability, and business model) disadvantages of asking the user to place a hardware device between SIM and ME. (I.e., the security should not be analyzed in isolation, and there are both security advantages and disadvantages.)
  • An attack which asks the user to place a (not-to-be-trusted) SIM augmented solution in their handset doesn't scale (and there is so much more low-hanging fruit for attackers, which scales much better). For a full threat analysis, see the report.
  • The average user isn't too concerned about what the SIM augmented solution can do. We did a small-scale user test as part of our research.
  • SIM augmentation based on GSM 11.14 allows, in principle, multiple secure elements (or secure cores, in Du Castel speak) within a single handset. Multiple secure elements, representing multiple stake holders, breaks the Mobile Network Operator dominated model for (very secure) credential storage. We also did a brief business model analysis as part of the report.
Whether we will see SIM augmented solutions in the short term remains to be seen. But it's certainly interesting technology to analyze.

JMRTD for Android

JMRTD, the Java library that I (together with others) maintain to access and interpret ePassport content, has been ported to Android by Max G√ľnther. To demonstrate this, Max has developed an app (see the screenshot) for Nexus S (and other NFC Android handsets). We're not the first ePassport project on Android or NFC, but we try to be the most usable one!

The contactless technology in ePassports, ISO-14443, is fully compatible with NFC. Essentially this means that an NFC device in reader mode will be able to read ePassports. That is, of course, if the device has sufficient access privileges (i.e. Basic Access Control BAC, and Extended Access Control EAC). Max's app demonstrates how the essential passport holder details (aka datagroup 1) and the passport holder's facial image (aka datagroup 2) can be displayed.

The latter is actually non-trivial since that image is encoded in JPEG 2000 by some issuing countries, a format that is not supported in Android by default (thankfully there's jj2000). Another challenge that we encountered is the presence of a crippled version of Bouncy Castle in Android 2.3 which prevents inclusion of the full version (thankfully there's Spongy Castle). In general we've made many changes to JMRTD and SCUBA to make these libraries easier to port to other platforms.

We're working hard on making the app more robust and usable. Max and Claude Heyman are currently the main developers looking at Android NFC. We're trying to get MRZ OCR scanning to work (perhaps based on the Java OCR project). In its current form the app is not doing document validation or access to EAC protected data, but JMRTD allows this, in principle. We hope to publish the proof-of-concept app via the Android market soon. If you own a Nexus S (and an ePassport) we're definitely interested in your feedback.

Update: Max published the app on the market.