Cryptography Reference
In-Depth Information
computationally powerful enough to perform encryptions with state-of-the-art
ciphers in the time window given by the relevant protocols. An embedded system
for analyzing the security of contactless smartcards was introduced in [14]. The
attack hardware consists of a so-called Fake Tag and an RFID reader and can
be used for, e.g., practical relay attacks. The device is based on a Atmel AT-
Mega32 [1] processor with a constrained performance and is designed such that
all important functionality is provided by the RFID reader. Hence, in addition
to the lack of computational power, the Fake Tag cannot operate independently
from the reader, which can be a major drawback for practical attacks. The au-
thors also implemented an emulation of Mifare Classic, but similar to the HF
Demo tag, the encryption runs too slow so that timing constraints of the proto-
col cannot be met. We used this work as a starting point for the development of
our new stand-alone RFID emulator.
1.2 Contribution of This Paper
We built a freely programmable low-cost device that is capable of emulating
various types of contactless smartcards, including those employing secure cryp-
tography. The device operates autonomously without the need of a PC, can be
powered from a battery, and possesses an Electronically Erasable Programmable
Read-only Memory (EEPROM) for storing received bitstreams or other non-
volatile information. An attacker using the presented hardware, which can be
built for less than $25, is in full control over all data stored on the emulated
card, including its UID and the secret keys.
In order to demonstrate the capabilities of our emulator in the context of
real-world attacks, we implemented optimized versions of the Crypto1 stream
cipher, the Data Encryption Standard (DES), Triple-DES (3DES) and the Ad-
vanced Encryption Standard (AES), as required for emulating the widespread
Mifare Classic, Mifare DESFire and Mifare DESFire EV1 cards. With the devel-
oped software, it is possible to simulate the presence of one of these cards with an
arbitrarily chosen content and identifier, and hence spoof real-world systems in
various manners. For example, the emulator can behave as a card that automat-
ically restores its credit value after a payment, or that possesses a new UID and
card number on each payment, which impedes the detection of fraud. Besides the
simulation of cards, our hardware allows for sning, e.g., reverse-engineering of
protocols, relay attacks, and testing the vulnerability of RFID readers towards
a behavior of the card that does not conform to the specifications, for instance,
with respect to timing, intentionally wrong calculation of parity bits, or buffer
overflows.
The remainder of this paper is structured as follows: in Sect. 2, we present our
custom RFID hardware that serves as a basis for card emulations and attacks.
After giving a brief summary of the relevant characteristics andprotocolsofMi-
fare Classic, Mifare DESFire and Mifare DESFire EV1 cards in Sect. 3, we detail
on our implementations of the respective emulations in Sect. 4. Finally, practical
real-world analyses performed with our hardware are described in Sect. 5.
 
Search WWH ::




Custom Search