Field
Embodiments of the present disclosure generally relate to a system, apparatus, and method for providing anti-replay protection of data stored in a non-volatile memory device.
Background
Conventional non-volatile memory (NVM), such as flash memory in a smartcard, is susceptible to replay attacks. In a replay attack, the attacker—often having the malicious intent to gain unauthorized access to data or services—makes a copy of the contents of a NVM at a certain point in time. Later, the attacker replays the copied contents to trick a device into accepting the copied contents as legitimate.
The following example illustrates a replay attack. Alice wishes to purchase a product or service from Bob using her smartcard. The NVM memory in Alice's smartcard contains encrypted data that indicates that the original value on Alice's smartcard is $100. The data was encrypted using one or more encryption keys that are agreed upon by Alice and Bob. The transaction, such as purchasing a product or service from Bob for $50, begins when Alice's smartcard transmits the encrypted data indicating the original value on her smartcard to Bob's smartcard reader. The encrypted data exchanged in this first transmission may be digitally signed by Alice. Bob's smartcard reader authenticates the transmission from Alice and decrypts the encrypted data indicating the original value on the smartcard ($100). Bob's smartcard reader then debits the purchase price ($50), generates and encrypts data indicating the updated value to be placed on Alice's smartcard ($50), and transmits the encrypted data indicating the updated value to Alice's smartcard. Again, this transmission may be digitally signed by Bob. Receiving the transmission, Alice's smartcard authenticates that the transmission came from Bob and stores the encrypted data indicating the updated value on Alice's smartcard in the NVM. After the transaction, the value remaining on the Alice's smartcard is $50.
Eavesdropping on the transaction between Alice and Bob, the attacker Mallory intercepts and copies the first transmission from Alice to Bob, which contained the digitally-signed (by Alice) and encrypted data indicating the original value of Alice's smartcard. Then, at a later time, Mallory replays the intercepted transmission to Bob's smartcard reader. Because Bob's smartcard reader is able to authenticate and decrypt the transmission, Bob's smartcard reader is tricked into believing that the transmission came from Alice's smartcard and that the value of her smartcard is still $100. Mallory can replay the intercepted transmission over and over, each time tricking Bob's smartcard reader into believing that the transmission came from Alice and that the value on her smartcard is $100. This example illustrates that an attacker in a replay attack may be able to easily subvert security measures—e.g., encryption and authentication—without breaking the encryption, stealing passwords, etc.