Cryptography Reference
In-Depth Information
the service and comparing the content of the card between the payments, we
found the block in which the amount of remaining credit was stored, again
without any encryption. We hence programmed our card emulator to simulate
the original card such that the credit appears to be lowered on each payment.
However, the previous state of the card, i.e., charged to a high credit value, can
again be restored by pressing a button on our hardware. As a consequence, we
gain an unlimited amount of copies with our hardware.
Since cards of other customers can be read out from a distance
2
, the Chameleon
can also be used to clone their cards in a real-world scenario. Reading out the rele-
vant sectors takes less than 100 ms. Several cards of other customers can be stored
in the Chameleon and hence payments can be carried out with cloned cards that
already exist in the payment system. Note that the original card of the customer
remains unmodified and thus still contains the original credit value. Accordingly,
a financial damage will only occur for the payment institution, while the customer
is not affected. Altogether, taking the above illustrated devastating attacks and
its low cost into account, the Chameleon can clearly be profitable for a criminal.
6Conluon
We present a microcontroller-based, freely programmable emulator for ISO 14443
compliant RFIDs that allows to simulate various contactless smartcards at a very
low cost. The device works autonomously, operated from a battery, and its card-
sized antenna fits into slots of most readers for contactless smartcards. Due to its
small dimensions, the emulator can be used covertly, e.g., hidden in the purse,
and is well-suited for real-world attacks. Our hardware can be connected to a PC
by means of a USB interface and the non-volatile memory of the microcontroller
allows amongst others to monitor the communication with an RFID reader and
store the acquired data in order to reverse-engineer unknown protocols.
We exposed the protocol of Mifare DESFire EV1 cards, implemented the
(3)DES and AES block ciphers as required, and present the first successful emu-
lation of Mifare DESFire and DESFire EV1 cards in the literature. The current
software further includes the emulation of Mifare Classic cards, based on a highly
optimized variant of the Crypto1 stream cipher. The firmware of our device is not
limited to Mifare cards but can be adapted to support other contactless smart-
cards and their respective protocols, e.g., the electronic passport and cards from
other manufacturers.
We tested the emulations with different RFID readers and show that our
implementations of the ciphers and protocols meet the timing requirements of
all protocols and that the performance in most cases is even faster than that of
original cards. In all our tests, the emulator could not be distinguished from a
genuine card. The device proved to be a valuable tool for the security analysis of
contactless technology and can be used to practically identify security weaknesses
of real-world RFID systems.
2
Modified RFID readers allow for reading distances up to 30 cm.
Search WWH ::
Custom Search