Cryptography Reference
In-Depth Information
random reader nonce
n
R
that only becomes known during the authentication
process is an input to the cipher.
4.2 Mifare DESFire (EV1) Emulator
Similarly to the Mifare Classic implementation, we additionally implemented
the authentication protocols of both Mifare DESFire and Mifare DESFire EV1,
as given in Sect. 3.2. For encryption, Mifare DESFire cards use DES/3DES in
CBC mode, whereas Mifare DESFire EV1 cards can use either DES/3DES or
AES-128 in CBC-mode.
4.3 Practical Results
Before carrying out security analyses in the real-world, we thoroughly tested our
emulators in our laboratory. The reliability and accurate timing behaviour of
our emulator was successfully verified with different RFID readers, including an
ACG passport reader and a Touchatag [23] reader. Further tests with real-world
systems are described in Sect.5.
Mifare Classic.
With the optimized implementation of Crypto1 detailed in
Sect. 4.1, we successfully emulated Mifare Classic 1K cards with varying content.
Table 1 summarizes the execution times for the relevant operations which are now
all well within the limits specified in ISO 14443. All features, e.g., authentication,
encrypted read and write of blocks, or specifying an arbitrary UID, are fully
functional with the used readers.
Table 1.
Execution times of crucial Crypto1 functions
Command
Execution time
Explanation
setup_crypto1()
98
µ
s
Initializes the cipher
auth_crypto1()
542
µ
s
Keystream for the authentication
crypto1_1()
8.3
µ
s
Generates 1 bit of keystream
crypto1_8()
49
µ
s
Generates 8 bits of keystream
crypto1_32()
186
µ
s
Generates 32 bits of keystream
Mifare DESFire (EV1)
Likewise, we tested our DESFire (EV1) emulations
from Sect. 4.2. Table 2 shows the execution times for the needed cryptographic
functions using the hardware accelerators of the ATxmega. Note that the first
call to an en-/decryption function involves some overhead for the initial setup.
After that, subsequent blocks can be processed faster. For reference, we included
the runtime both for a single block and for ten data blocks in Table 2.
According to [4], an original Mifare DESFire card answers 690
µ
s (9356 clock
cycles at 13.56 MHz) after
b
1
,
b
2
was received when Protocol 2 is executed. During
this time, two 3DES encryptions are performed (one encryption of two blocks
Search WWH ::
Custom Search