Name
Abstract | ||
|---|---|---|
iClass is one of the most widely used contactless smartcards on the market. It is used extensively in access control and payment systems all over the world. This paper studies the built-in key diversification algorithm of iClass. We reverse engineered this key diversification algorithm by inspecting the update card key messages sent by an iClass reader to the card. This algorithm uses a combination of single DES and a proprietary key fortification function called 'hash0'. We show that the function hash0 is not one-way nor collision resistant. Moreover, we give the inverse function hash0-1 that outputs a modest amount (on average 4) of candidate pre-images. Finally, we show that recovering an iClass master key is not harder than a chosen plaintext attack on single DES. Considering that there is only one master key in all iClass readers, this enables an attacker to clone cards and gain access to potentially any system using iClass. |
Year | Venue | Keywords |
|---|---|---|
2011 | WOOT | built-in key diversification algorithm,update card key message,key diversification algorithm,proprietary key fortification function,function hash0,exposing iclass,single des,iclass reader,master key,inverse function,iclass master key |
Field | DocType | Citations |
Master key,Chosen-plaintext attack,Computer security,Reverse engineering,Smart card,Diversification (marketing strategy),Access control,Engineering,Payment | Conference | 6 |
PageRank | References | Authors |
0.51 | 9 | 3 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Flavio D. Garcia | 1 | 438 | 33.08 |
| Gerhard De Koning Gans | 2 | 133 | 11.98 |
| Roel Verdult | 3 | 230 | 16.90 |