RFID Skimming and Cloning Attacks on Presto Cards

These days RFID chips are being implemented in everything within our daily lives whether it be in items which we buy in store, our cell phones, credit cards and transit cards and everything else in between. With this widespread implementation comes another avenue for hackers to potentially gain access in to our lives. This paper explores RFID skimming and cloning attacks related to the Presto transit card. We take a look at the RFID chip implemented within the presto card and the potential for a malicious user to skim data from this card using an RFID reader. We also look at the potential of said attacker to be able to clone our Presto card if they did obtain information from our card. Finally we propose a couple of solutions to the findings of these security vulnerabilities including the use of a PKI system with the Presto cards. KeywordsRFID, skimming, cloning, Presto

[1]  Hartmut Pohl,et al.  RFID security , 2004, Inf. Secur. Tech. Rep..

[2]  Mikhail Nesterenko,et al.  RFID security without extensive cryptography , 2005, SASN '05.

[3]  Bart Jacobs,et al.  Dismantling MIFARE Classic , 2008, ESORICS.

[4]  Victor R. Prybutok,et al.  Consumer Acceptance of RFID Technology: An Exploratory Study , 2008, IEEE Transactions on Engineering Management.

[5]  Andrew S. Tanenbaum,et al.  The evolution of RFID security , 2006, IEEE Pervasive Computing.

[6]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[7]  Kwangjo Kim,et al.  Open issues in RFID security , 2009, 2009 International Conference for Internet Technology and Secured Transactions, (ICITST).

[8]  Christof Paar,et al.  All You Can Eat or Breaking a Real-World Contactless Payment System (Short Paper) , 2010 .