Cryptography Reference
In-Depth Information
high-volume applications, card manufacturers are tempted to use outdated but
“cheap” cryptographic components, e.g., in Mifare Classic products.
Since the reverse-engineering of the Crypto1 cipher used in Mifare Classic
cards and the subsequently published attacks (cf. Sect. 3.1), the cards have to
be regarded as insecure, as the secret keys can be extracted in seconds by means
of card-only attacks. Once all keys of the card are known to an attacker, cards
can be modified or duplicated. As many systems in the real world still rely on
these weak cards, severe security threats may arise.
Accordingly, recently installed contactless systems, especially those with high
security demands, are based on the DESFire variant of the Mifare family, and
system integrators upgrade the old Mifare Classic technology to these newer
cards wherever possible. While the 3DES cipher employed in these cards is se-
cure from the mathematical point of view, the implementation on the card is
vulnerable to side-channel analysis, so that it is again possible to extract the
secret keys of a card
1
, as detailed in Sect. 3.2. Hence, emulating these mod-
ern cards is also practical and renders various attacks in real-world scenarios
possible.
The resulting security weaknesses can become very costly - one example is a
widespread contactless payment system based on Mifare Classic cards as ana-
lyzed in [16], where the credit value on the cards can be modified by an adversary
with minimal efforts. For many of these systems, the read-only Unique Identifier
(UID) of each card constitutes the only means to detect fraud in the backend,
as there are no cards available on the market where the UID can be altered.
In this paper, we exhibit the possibility of emulating and cloning RFID-enabled
smartcards compliant to ISO 14443, including their UID.
1.1 Background and Related Work
Several research groups have proposed custom devices to emulate and counter-
feit RFID devices. However, virtually all emulators presented so far suffer from
certain drawbacks, e.g., insucient computational resources, high cost, or im-
practical dimensions, limiting the threat they pose in the context of attacking
real-world systems.
A custom RFID emulation hardware called Ghost is presented in [24]. The
Ghost is able to emulate Mifare Ultralight cards which do not use any encryp-
tion. Emulating contactless cards employing secure cryptography seems to be
impossible using this device due to computational limitations. The OpenPICC
project [20] is mainly an RFID sning device. There was an approach to offer
support for ISO 14443A, but the project seems to be discontinued. The Prox-
mark III [21] enables sning, reading and cloning of RFID tags. Since the device
is based on a Field Programmable Gate Array (FPGA), it is also capable of em-
ulating Mifare Classic cards, but at a comparably high cost of $399. The “HF
Demo tag” [12] is based on an Atmel ATMega128 microcontroller which is not
1
Note that the effort for extracting secret keys from Mifare DESfire cards by means
of side-channel analysis is much higher compared to the Mifare Classic attacks.
Search WWH ::
Custom Search