Global Platform Java Card Secure Channel Example - javacard

I'm struggling for a long time. I need to create secure channel from Desktop App to JavaCard. I found GlobalPlatform http://www.win.tue.nl/pinpasjc/docs/apis/gp22/ but I can't get it working. I know how to react when I have a secure channel ( use it ) but strugling to create it. I know I should create Key on my desktop app then somehow send InitUpdate APDU, then create ExtAuth APDU and then it should work? I know I'm lost so if anybody have some example or something I'll be so glad!

(Assuming you want to implement the client-side of the communication)
The SCP protocols used to establish secure channel are precisely defined in GlobalPlatform Card Specifications,
available here, specifically:
SCP01 / SCP02 / SCP10 in GlobalPlatform Card Specification v2.3 (appendices D,E,F)
SCP03 in Card Technology Secure Channel Protocol '03' Card Specification v2.2 – Amendment D V1.1.1
You can have a look at GlobalPlatformPro (java) or GPShell (C) for some source code.
Good luck!
PS: The org.globalplatform API you mention in your post is used inside the card and allows javacard applets to use keys stored in the SD for secure communication/authentication.

Related

HM-10 BLE Module - connect to other Devices

first of all: What i am trying to do is only for private interest.
I'd like to connect a AT-09/HM-10 BLE-Module with Firmware 6.01 to another device which provides also a BLE Module, which it is not based on the CC254X-Chip,
I am able to communicate with this Device using my Laptop with integrated Bluetooth, Linux and the bluepy-helper. I am also able to make a connection using the HM10 through a USB-RS232-Module and "Hterm", but after that quite Stuck in my progress.
By "reverse-engineering" the Android-Application for controlling this particular device i found a set of Commands, stored as Strings in Hex-Format. The Java-Application itself sends out the particular Command combined with a CRC16-Modbus-Value in addition with a Request (whatever it is), to a particular Service and Characteristic UUID.
I also have a Wireshark-Protocol pulled from my Android-Phone while the application was connected to the particular device, but i am unable to find the commands extracted from the .apk in this protocol.
This is where i get stuck. After making a connection and sending out the Command+CRC16-Value i get no response at all, so i am thinking that my intentions are wrong. I am also not quite sure how the HM-10-Firmware handles / maps the Service and Char-UUIDs from the destination device.
Are there probably any special AT-Commands which would fit my need?
I am absolutely not into the technical depths of Bluetooth and its communication layer at all. The only thing i know is that the HM-10 connects to a selected BLE-Device and after that it provides a Serial I/O and data flows between the endpoints.
I have no clue how and if it can handle Data flow to certain Service/Char UUIDs from the destination endpoint, althrough it seems to have built-in the GATT , l2cap-Services and so on. Surely it handles all the neccessary communication by itself, but i don´t know where i get access to the "front-end" at all.
Best regards !

Signal voice/video encryption scheme

I am trying to figure out how Signal messenger audio/video encryption works.
I have read the blog post
https://signal.org/blog/signal-video-calls-beta/
and the RFC for DTLS-SRTP
https://tools.ietf.org/html/rfc5764
what I don't understand is how the DTLS handshake is actually made.
My first question is where does it feed the initial certificates does it uses the identity keys for both parties to negotiate the TLS session ?
It uses webrtc for android, with eliptic curves, and looking into the source code I can see it uses, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA or if compiled with boringssl TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256. So any ideea how is compiled ? The sources for webrtc, where it works with the encryption algorithms are in
https://chromium.googlesource.com/external/webrtc/+/5647a2cf3db888195c928a1259d98f72f6ecbc15/webrtc/base/opensslstreamadapter.cc.
Thank you.

How to send APDU's via SMS to a java card applet?

I want to perform RMI , to an applet via SMS. My applet will process an APDU sent via the SMS and it will call a method depending on the APDU. I cannot find a method to achieve this.As per my reserch this depends on the card manufacturer and is not supported by all OS's. Is there any framework or technique which can help us to achieve the required result ?
#Abhirup Ghosh: This is possible, search for NowSMS and Open Kannel.
Using these tools and GSM Modem, i have created utility that sends SMS to JAVACARD applet which processes the sms and gets the APDU in it.
You have to change your SMS Class and TYPE so that the OS of card treat it as envelope and pass it to the JAVACARD application.
You can also refer this paper:
http://www.ijsrp.org/research-paper-0415/ijsrp-p4024.pdf

Securing bluetooth LE connection

Currently we are setting up a Bluetooth LE device specification and we are running against the following:
The client doesn't want to pair the device via the settings menu. There is a mobile app which should connect to the peripheral.
Now the following, this is the problem:
When connecting, how do we secure our characteristics? We were thinking about prefixing a write request, but what about read requests?
We don't want everybody to see the not so sensitive data. Since it's not sensitive we don't need high security but we still need to secure it some way just in case.
Does anybody know how to do this? How to secure a characteristic?
Thanks in advance,
You could implement a challenge-response system on connection - when you connect to the peripheral you read a value from a characteristic which is randomised by the peripheral. This value has to be hashed in some way using a shared-secret and then written back to the characteristic. The peripheral then verifies the hashed value. If it matches then it populates the other characteristics and accepts write requests.
Once the central disconnects from the peripheral it ignores write requests and zeros its read characteristics until the next connection/hash handshake.
You must add Security Mode 1 Level 3 to your Services. Then, all the Service's characteristics will be protected.

USSD secure or not?

I have a question about USSD and security in this channel.
As you know today mobile banking and many payments using USSD, I want to know is USSD safe?
If USSD transactions using a5/1 for encryption,its totally broke few years a go and now can be captured by usrp (or HackRF board) and decoded by rainbow tables created for a5/1.
I think this transactions is not really safe,but I want to know more about this protocol and encryption using at this transactions. I dont know USSD codes encoded with a5/1 or GSM-7... so my question is:
What is encryption using for USSD transactions? Is the USSD using
GSM voice encryption ( a5/1) or using GSM-7 or other?
How we can make USSD secure? is possible to add additional
encryption to transactions or what you think about securing USSD
codes and transactions.
Thanks all.
In general there are two level of security in Mobile networks (in this case GSM)
AirInterface Security
Core Network Security
For the AirInterface (Radio Interface between MS and BTS) it can be encrypted or unencrypted (depend on network setting)
https://en.wikipedia.org/wiki/A5/1
https://en.wikipedia.org/wiki/A5/2
As you can see both current encryption methods are so weak specially for financial transaction (compare to acceptable encryption methods for online banking).
The real problem for USSD messages are their MAP/SS7(Sigtran) related message in the core network.
Unfortunately all USSD messages in GSM network transfer as a plain text (as a part of MAP message) and all E1 links are easily monitor-able.
Using USSD as a transmission layer (in the lack of Data connection(GPRS-3G-LTE)on network) is possible but an encryption layer is require ( and it can be implemented on Android or IOS App)

Resources