On March 7, 2008, research by the Digital Security group has revealed a security vulnerability in Mifare Classic RFID chips, the most commonly used type of RFID chip worldwide, that affects many applications using Mifare Classic.
We have demonstrated that the proprietary CRYPTO1 encryption algorithm used on these cards allows the (48 bit) cryptographic keys to be relatively easily retrieved. Especially for RFID applications where the same common shared key is used on all RFID cards and card readers, which may be the case for instance in access control to buildings, this constitutes a serious risk.
[...]
The research was presented at the Esorics 2008 conference. The manufacturer of the Mifare Classic, NXP, has tried to obtain a court injunction against publication. But the judge ruled against NXP on July 18, see the university press release (English and Dutch) and the court ruling (in Dutch only).
Results
NEW The main paper is the ESORICS paper, which describes the cryptographic weaknesses of CRYPTO1, and the process of reverse engineering CRYPTO1 and its initialisation.NEW The manuscript "Making the Best of Mifare Classic" contains countermeasures which can help to prevent state restoration attacks and to detect attempted cloning of cards.
NEW The paper "In sneltreinvaart je privacy kwijt" (in Dutch) gives an analysis of the privacy protection that the current Dutch OV-chipkaart offers. This will appear in Privacy & Informatie.
The CARDIS paper contains earlier results on the Mifare Classic, in particular the first practical attack, which exploits the malleability of the stream cipher, and the reverse engineered command set of the Mifare Classic.
The Master's thesis of Gerhard de Koning Gans is the work on which the CARDIS paper is based. Moreover, the process of programming the Proxmark3 is described in this thesis.
The Master's thesis of Roel Verdult describes a cloning attack on the Mifare Ultralight, which is the little sister of the Mifare Classic, and which has no encryption on board. Moreover, it describes the Ghost emulator device, which has been essential in the process of reverse eningeering CRYPTO1.
The report "Proof of concept, cloning the OV-Chip card" describes the practical execution of a cloning attack of the Mifare Ultralight in a non-technical manner.
Two German researchers, Karsten Nohl and Henryk Plötz have also been reverse engineering the CRYPTO1 algorithm. Their presentation at CCC is available online and contributed to our understanding of CRYPTO1.
No comments:
Post a Comment