Decrypting Without Keys: The Case of the GlobalPlatform SCP02 Protocol

Decrypting Without Keys: The Case of the GlobalPlatform SCP02 Protocol

연구 분야: Cryptography

학회: Journal of Cryptology

We describe in this paper how to perform a padding oracle attack against the GlobalPlatform SCP02 protocol. SCP02 is implemented in smart cards and used by transport companies, in the banking world and by mobile network operators (UICC/SIM cards). The attack allows an attacker to efficiently retrieve plaintext bytes from an encrypted data field. We provide results of our experiments done with 16 smart cards from 7 different card manufacturers, on different devices (laptops, smartphones). We show that, in our experimental setting, the attack is fully practical in most cases, with a high success rate, and an almost optimal complexity. To the best of our knowledge, this is the first successful attack against SCP02. The protocol was deprecated in 2018, after preliminary results were communicated to GlobalPlatform by the authors. This paper is an augmented version of a previous conference paper by the authors. Compared to the latter, the main addition is to show with practical experiments that a real-world attack scenario targeting a SIM card plugged into a smartphone is indeed achievable. Given that billion SIM cards are produced every year and owing to the their long lifespan, the number of affected items, although difficult to estimate, is potentially high.