Analysis of the MIFARE Classic used in the OV-Chipkaart project

The mifare Classic is the most widely used contactless smart card in the market. Its design and implementation details are kept secret by its manufacturer. We investigate the mifare Classic because this card should become the new ticket, called the OV-Chipkaart, in the Dutch public transport system. This thesis studies the architecture of the card and the communication protocol between card and reader. At the start of this research, there was no information available on the mifare Classic protocol nor the implementation of the OV-Chipkaart. To perform this research we used the Proxmark, a device that allows us to eavesdrop on the communication between the reader and the card. Our contributions are as follows. First, an ISO14443-A firmware implementation for the Proxmark that enables eavesdropping on the mifare Classic, among other card types. Secondly, we present an overview of the commands and responses of the protocol. Furthermore, we develop a method to read data from the mifare Classic card without knowledge of the secret key. Due to a weakness in the pseudo-random generator, we are able to recover the keystream generated by the CRYPTO1 stream cipher. We exploit the malleability of the stream cipher to read all memory blocks of the first sector of the card. Moreover, we are able to read any sector of the memory of the card, provided that we know one memory block within this sector. Finally, and perhaps more damaging, the same holds for modifying memory blocks.

[1]  Flavio D. Garcia,et al.  A Practical Attack on the MIFARE Classic , 2008, CARDIS.

[2]  Andrey Bogdanov Cryptanalysis of the KeeLoq block cipher , 2007, IACR Cryptol. ePrint Arch..

[3]  Bart Jacobs,et al.  Dismantling MIFARE Classic , 2008, ESORICS.

[4]  Kai Rannenberg,et al.  Advances in Information and Computer Security, First International Workshop on Security, IWSEC 2006, Kyoto, Japan, October 23-24, 2006, Proceedings , 2006, IWSEC.

[5]  Markus G. Kuhn,et al.  An RFID Distance Bounding Protocol , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[6]  Bart Jacobs,et al.  Crossing Borders: Security and Privacy Issues of the European e-Passport , 2006, IWSEC.

[7]  Flavio D. Garcia Proof of concept , cloning the OV-Chip card Public transport system in The Netherlands , 2008 .

[8]  David Evans,et al.  Quantifying Information Leakage in Tree-Based Hash Protocols (Short Paper) , 2006, ICICS.

[9]  Bruce Schneier,et al.  Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security. A Report by an Ad Hoc Group of Cryptographers and Computer Scientists , 1996 .

[10]  Henning Richter,et al.  Fingerprinting Passports , 2008 .

[11]  Nicolas Courtois,et al.  Algebraic Attacks on the Crypto-1 Stream Cipher in MiFare Classic and Oyster Cards , 2008, IACR Cryptol. ePrint Arch..

[12]  Jean-Jacques Quisquater,et al.  ePassport: Securing International Contacts with Contactless Chips , 2008, Financial Cryptography.

[13]  Gerhard P. Hancke,et al.  A Practical Relay Attack on ISO 14443 Proximity Cards , 2005 .

[14]  David Evans,et al.  Reverse-Engineering a Cryptographic RFID Tag , 2008, USENIX Security Symposium.