In this thesis we describe how we broke the secure communication channel between the Italian Electronic Identity Card (Carta d'identità elettronica, or CIE) and the CIE Middleware (the software used to communicate with it). Analyzing the CIE Middleware software, we found issues with the key management and integrity checks on a public key used to establish the secure communication channel. These issues lead to a vulnerability that compromises the security of the channel, allowing an attacker to perform a man-in-the-middle attack (MITM) on it, enabling them to intercept and modify all data transmitted over the supposedly secure channel. The vulnerability discussed in this thesis, including a possible fix, has been responsibly disclosed to the CIE Middleware developers.
Breaking and Fixing the CIE Secure Communication Channel
JOVON, SIMONE
2023/2024
Abstract
In this thesis we describe how we broke the secure communication channel between the Italian Electronic Identity Card (Carta d'identità elettronica, or CIE) and the CIE Middleware (the software used to communicate with it). Analyzing the CIE Middleware software, we found issues with the key management and integrity checks on a public key used to establish the secure communication channel. These issues lead to a vulnerability that compromises the security of the channel, allowing an attacker to perform a man-in-the-middle attack (MITM) on it, enabling them to intercept and modify all data transmitted over the supposedly secure channel. The vulnerability discussed in this thesis, including a possible fix, has been responsibly disclosed to the CIE Middleware developers.| File | Dimensione | Formato | |
|---|---|---|---|
|
main.pdf
accesso aperto
Dimensione
2.8 MB
Formato
Adobe PDF
|
2.8 MB | Adobe PDF | Visualizza/Apri |
I documenti in UNITESI sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/20.500.14247/24857