Abstract | ||
---|---|---|
The mifare Classic is a contactless smart card that is used extensively in access control for office buildings, payment systems for public transport, and other applications. We reverse engineered the se- curity mechanisms of this chip: the authentication protocol, the symmet- ric cipher, and the initialization mechanism. We describe several security vulnerabilities in these mechanisms and exploit these vulnerabilities with two attacks; both are capable of retrieving the secret key from a genuine reader. The most serious one recovers the secret key from just one or two authentication attempts with a genuine reader in less than a second on ordinary hardware and without any pre-computation. Using the same methods, an attacker can also eavesdrop the communication between a tag and a reader, and decrypt the whole trace, even if it involves multiple authentications. This enables an attacker to clone a card or to restore a real card to a previous state. |
Year | DOI | Venue |
---|---|---|
2008 | 10.1007/978-3-540-88313-5_7 | European Symposium on Research in Computer Security |
Keywords | Field | DocType |
authentication protocol,contactless smart card,access control,authentication attempt,dismantling mifare classic,security mechanism,secret key,real card,multiple authentication,genuine reader,security vulnerability,reverse engineering,public transport,smart card,chip | Symmetric-key algorithm,Contactless smart card,Authentication,Computer science,Computer security,Encryption,Exploit,Authentication protocol,Access control,Payment | Conference |
Volume | ISSN | Citations |
5283 | 0302-9743 | 58 |
PageRank | References | Authors |
3.94 | 4 | 7 |
Name | Order | Citations | PageRank |
---|---|---|---|
Flavio D. Garcia | 1 | 438 | 33.08 |
Gerhard De Koning Gans | 2 | 133 | 11.98 |
Ruben Muijrers | 3 | 58 | 3.94 |
Peter Van Rossum | 4 | 427 | 27.10 |
Roel Verdult | 5 | 230 | 16.90 |
Ronny Wichers Schreur | 6 | 144 | 12.34 |
Bart Jacobs | 7 | 66 | 5.22 |