Cryptography Reference
In-Depth Information
Table 2.
Execution times of 3DES and AES-128 en-/decryption functions
Command
Block count
Execution time
TripleDES_CBC_Enc()
1 block
14.1
µ
s
TripleDES_CBC_Enc()
10 blocks
85.1
µ
s
AES128_CBC_Enc()
1 block
35.9
µ
s
AES128_CBC_Enc()
10 blocks
270.2
µ
s
AES128_CBC_Dec()
1 block
58.4
µ
s
AES128_CBC_Dec()
10 blocks
304.9
µ
s
and one encryption of a single block). Our implementation performs about three
times faster than a genuine card, with 219
µ
s (5932 clock cycles at 27.12 MHz)
to produce a valid answer
b
3
after
b
1
,
b
2
was received.
A genuine DESFire EV1 card replies with
b
3
approx. 2.2 ms after having
received
b
1
,
b
2
. In contrast, our implementation only consumes about 438
µ
sand
is thus faster by a factor of five. As we are able to en-/decrypt faster than
both DESFire cards, encrypting or MACing data which is the most critical
part for Mifare Classic does not pose a problem in the context of emulating
DESFire (EV1) cards. For both Mifare DESFire and Mifare DESFire EV1, our
implementation performed successfully with the readers in our laboratory. As
with the emulation of Mifare Classic cards, we are able to equip our emulator
with a UID that is free of choice.
We conclude that the ATxmega microcontroller on our current hardware revi-
sion is powerful enough to handle the amount of computation that is needed for
the emulation of the simple Mifare Classic cards and also for more sophisticated
contactless smartcards using 3DES or AES.
5 Real-World Attacks
We successfully employed the Chameleon to bypass the security mechanisms of
several real-world systems, for example, we utilized the Mifare Classic emulation
to fake a card that is accepted by a widespread payment system. In the following,
we summarize the characteristics of this system and then detail on the attacks
carried out with our hardware.
5.1 A Vulnerable Contactless Payment System
For the identification of a customer of the payment system analyzed in [16], in
addition to the UID each card contains a card number chosen by the system inte-
grator. The credit balance is stored in plain in a value block on the card, without
any extra security measures. The credit can be increased by means of cash or a
credit card at charging terminals, while the cash registers are equipped with RFID
readers to decrease the credit according to the balance due. The contactless cards
furthermore allow to open doors and grant access to restricted areas.
Search WWH ::
Custom Search