Paper Info
Title
Dismantling MIFARE Classic
Abstract
The mifare Classic is a contactless smart card that is used extensively in access control for office buildings, payment systems for public transport, and other applications. We reverse engineered the se- curity mechanisms of this chip: the authentication protocol, the symmet- ric cipher, and the initialization mechanism. We describe several security vulnerabilities in these mechanisms and exploit these vulnerabilities with two attacks; both are capable of retrieving the secret key from a genuine reader. The most serious one recovers the secret key from just one or two authentication attempts with a genuine reader in less than a second on ordinary hardware and without any pre-computation. Using the same methods, an attacker can also eavesdrop the communication between a tag and a reader, and decrypt the whole trace, even if it involves multiple authentications. This enables an attacker to clone a card or to restore a real card to a previous state.
Year
DOI
Venue
2008
10.1007/978-3-540-88313-5_7
European Symposium on Research in Computer Security
Keywords
Field
DocType
authentication protocol,contactless smart card,access control,authentication attempt,dismantling mifare classic,security mechanism,secret key,real card,multiple authentication,genuine reader,security vulnerability,reverse engineering,public transport,smart card,chip
Symmetric-key algorithm,Contactless smart card,Authentication,Computer science,Computer security,Encryption,Exploit,Authentication protocol,Access control,Payment
Conference
Volume
ISSN
Citations 
5283
0302-9743
58
PageRank 
References 
Authors
3.94
4
7
Name
Order
Citations
PageRank
Flavio D. Garcia143833.08
Gerhard De Koning Gans213311.98
Ruben Muijrers3583.94
Peter Van Rossum442727.10
Roel Verdult523016.90
Ronny Wichers Schreur614412.34
Bart Jacobs7665.22