International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Attacking GlobalPlatform SCP02-compliant Smart Cards Using a Padding Oracle Attack

Authors:
Gildas Avoine , Univ Rennes, INSA Rennes, CNRS, IRISA; Institut Universitaire de France
Loïc Ferreira , Orange Labs, Applied Cryptography Group, Caen, France; Univ Rennes, INSA Rennes, CNRS, IRISA, France
Download:
DOI: 10.13154/tches.v2018.i2.149-170
URL: https://tches.iacr.org/index.php/TCHES/article/view/878
Search ePrint
Search Google
Abstract: We describe in this paper how to perform a padding oracle attack against the GlobalPlatform SCP02 protocol. SCP02 is implemented in smart cards and used by transport companies, in the banking world and by mobile network operators (UICC/SIM cards). The attack allows an adversary to efficiently retrieve plaintext bytes from an encrypted data field. We provide results of our experiments done with 10 smart cards from six different card manufacturers, and show that, in our experimental setting, the attack is fully practical. Given that billions SIM cards are produced every year, the number of affected cards, although difficult to estimate, is potentially high. To the best of our knowledge, this is the first successful attack against SCP02.
Video from TCHES 2018
BibTeX
@article{tches-2018-28966,
  title={Attacking GlobalPlatform SCP02-compliant Smart Cards Using a Padding Oracle Attack},
  journal={Transactions on Cryptographic Hardware and Embedded Systems},
  publisher={Ruhr-Universität Bochum},
  volume={2018, Issue 2},
  pages={149-170},
  url={https://tches.iacr.org/index.php/TCHES/article/view/878},
  doi={10.13154/tches.v2018.i2.149-170},
  author={Gildas Avoine and Loïc Ferreira},
  year=2018
}