GlobalPlatform Secure Channel Protocol - SCP02 and SCP03

GlobalPlatform

GlobalPlatform (GP) is a cross industrial consortium that issues specifications about smart cards.

GP Card Specification

A set of technical documentation relating to the deployment and management of multiple applications on smart card.

Secure Channel Protocol (SCP)

An SCP is used to protect bidirectional communication between Java Card and Host. It is used as Mutual authentication and provide cryptographic protection for card and host subsequent communication.

SCP provides the following three levels of  security:

  • Mutual authentication
  • Data Integrity
  • Confidentiality

Mutual authentication

Mutual authentication is achieved through the process of initiating a Secure Channel and provides assurance to both; card and host, that they are communicating with an authenticated entity. This process include the creation of new challenges and secure channel session keys. If any step in the mutual authentication process fails, the process shall be restarted, i.e. new challenges and Secure Channel Session keys shall be generated again.

Data Integrity

Data or message integrity is checked by comparing C-MAC received from off-card entity (Host) with the card internally generated C-MAC. Note that this comparison is done using same Secure Channel session key, generated in Mutual authentication step.

Data Confidentiality

The date received from host to card or card to host is not viewable by an unauthorized entity rather it is encrypted with Secure Channel session key generated during the mutual authentication process.


Secure Channel Protocol '02'


SCP02 uses Triple DES encryption algorithm in CBC mode with Initialization vector (IV) of binary zeros. As SCP02 uses 3DES in CBC mode with fixed IV of binary zeros therefore its encryption scheme is deterministic and not highly secure and thus vulnerable to a classical plaintext-recovery attacks.

SCP02 relies on the «Encrypt-and-MAC» method, which means that it compute the MAC on the plain-text, encrypt the plain-text, and then append the MAC at the end of the ciphertext as shown in below diagram:


Encrypt-and-MAC Method

Secure Channel Protocol '03'


SCP03 uses Advanced Encryption Standard (AES) encryption algorithm with randomly generated Initialization vector (IV) and Hence its encryption scheme is un-deterministic and highly secure.

SCP03 relies on the «Encrypt-then-MAC» method, which means that it Encrypt the plain-text, then compute the MAC on the ciphertext, and append the MAC to the ciphertext as shown in below diagram:


Encrypt-then-MAC Method


SCP03 provides strong security guarantees, resistance to replay, out of order delivery and algorithm substitution attacks.

SCP02 vs SCP03 Summary Table



Why we need SCP03?

As the latest Java Cards have support for RSA above 2048, AES-128, AES-192, AES-256 and Elliptic-curve cryptography (ECC) (f=256 and above), SCP02 cannot be used to encrypt above keys types and hence such keys cannot be loaded using SCP02 mechanism. As a result GlobalPlatform provided a mechanism in the form of SCP03 by which such keys can be loaded into the cards.



Note: You can read more about SCP02 in GlobalPlatform Card Specification Version 2.1.1 Appendix E, while regarding SCP03 you can refer to GlobalPlatform Card Specification Version 2.2

5 comments:

  1. Its the best explained topic on scp02 and scp03 so far... thanks

    ReplyDelete
  2. Which document explains generation of SCP03 session keys?

    ReplyDelete
  3. GlobalPlatform Card Technology Secure Channel Protocol '03' Card Specification v2.2

    ReplyDelete