THE DARK SIDE OF SECURITY BY OBSCURITY - and Cloning MiFare Classic Rail and Building Passes, Anywhere, Anytime

Nicolas T. Courtois

2009

Abstract

MiFare Classic is the most popular contactless smart card with about 200 millions copies in circulation worldwide. At Esorics 2008 Dutch researchers showed that the underlying cipher Crypto-1 can be cracked in as little as 0.1 seconds if the attacker can access or eavesdrop the RF communications with the (genuine) reader. We discovered that a MiFare classic card can be cloned in a much more practical card-only scenario, where the attacker only needs to be in the proximity of the card for a number of minutes, therefore making usurpation of identity through pass cloning feasible at any moment and under any circumstances. For example, anybody sitting next to the victim on a train or on a plane is now be able to clone his/her pass. Other researchers have also (independently from us) discovered this vulnerability (Garcia et al., 2009) however our attack requires less queries to the card and does not require any precomputation. In addition, we discovered that certain versions or clones of MiFare Classic are even weaker, and can be cloned in 1 second. The main security vulnerability that we need to address with regard to MiFare Classic is not about cryptography, RFID protocols and software vulnerabilities. It is a systemic one: we need to understand how much our economy is vulnerable to sophisticated forms of electronic subversion where potentially one smart card developer can intentionally (or not), but quite easily in fact, compromise the security of governments, businesses and financial institutions worldwide.

References

  1. de Koning Gans, G., Hoepman, J.-H., and Garcia, F. D. (2008). A Practical Attack on the MIFARE Classic. In Procedings of the 8th Smart Card Research and Advanced Applications, CARDIS 2008, LNCS.
  2. Garcia, F. D., de Koning Gans, G., Muijrers, R., van Rossum, P., Verdult, R., and Wichers Schreur, R. (2008). Dismantling MIFARE Classic. In Procedings of the 13th European Symposium on Research in Computer Security, ESORICS 2008, LNCS.
  3. Garcia, F. D., van Rossum, P., Verdult, R., and Wichers Schreur, R. (2009). Wirelessly Pickpocketing a Mifare Classic Card. In Accepted at Oakland IEEE Symposium on Security and Privacy.
  4. Kerckhoffs, A. (1883). La cryptographie militaire, volume IX of Journal des sciences militaires.
  5. Nohl, K. (2008). Contains an open-source mifare classic implementation of mifare classic for ti trf7960 evm. personal web page, www.cs.virginia.edu/k˜n5f/.
  6. Nohl, K., Evans, D., Starbug, and Plotz, H. (2008). ReverseEngineering a Cryptographic RFID Tag. In 17th USENIX Security Symposium, pages 185-194, San Jose, CA, USA. USENIX.
  7. NXP-statement, P. (2008). On the court decision to allow the publication by radboud university nijmegen. www.mifare.net/news/statement on court deci sion.asp.
  8. Rankl, W. and Effing, W. (2003). Smart Card Handbook. Wiley.
  9. Rescorla, E. (2004). Is finding security holes a good idea? In WEIS 2004, 3rd Workshop on the Economics of Information Security.
  10. Roel (2009). Mifare classic clones. Web forum www.proxmark.org/forum/topic/169/mifareclassic-clones/.
  11. Schneier, B. (2008). The ethics of vulnerability research. A blog covering security and security technology, www.schneier.com/blog/archives/2008/05/ the ethics of v.html.
  12. Schneier, B. and Shostack, A. (1999). Breaking up is hard to do: modeling security threats for smart cards. In WOST'99: Proceedings of the USENIX Workshop on Smartcard Technology, pages 19-19, Berkeley, CA, USA. USENIX Association.
  13. Young, A. and Yung, M. (1996). The dark side of black box cryptography. In Advances in Cryptology - CRYPTO'96.
Download


Paper Citation


in Harvard Style

T. Courtois N. (2009). THE DARK SIDE OF SECURITY BY OBSCURITY - and Cloning MiFare Classic Rail and Building Passes, Anywhere, Anytime . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009) ISBN 978-989-674-005-4, pages 331-338. DOI: 10.5220/0002238003310338


in Bibtex Style

@conference{secrypt09,
author={Nicolas T. Courtois},
title={THE DARK SIDE OF SECURITY BY OBSCURITY - and Cloning MiFare Classic Rail and Building Passes, Anywhere, Anytime},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009)},
year={2009},
pages={331-338},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002238003310338},
isbn={978-989-674-005-4},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009)
TI - THE DARK SIDE OF SECURITY BY OBSCURITY - and Cloning MiFare Classic Rail and Building Passes, Anywhere, Anytime
SN - 978-989-674-005-4
AU - T. Courtois N.
PY - 2009
SP - 331
EP - 338
DO - 10.5220/0002238003310338