An Embedded System for Practical Security Analysis of Contactless Smartcards

ISO 14443 compliant smartcards are widely-used in privacy and security sensitive applications. Due to the contactless interface, they can be activated and read out from a distance. Thus, relay and other attacks are feasible, even without the owner noticing it. Tools being able to perform these attacks and carry out security analyses need to be developed. In this contribution, an implementation of a cost-effective, freely programmable ISO 14443 compliant multi function RFID reader and fake transponder is presented that can be employed for several promising purposes.

[1]  Gerhard P. Hancke,et al.  A Practical Relay Attack on ISO 14443 Proximity Cards , 2005 .

[2]  Christoph Ruland,et al.  Analysis of Power Constraints for Cryptographic Algorithms in Mid-Cost RFID Tags , 2006, CARDIS.

[3]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[4]  Markus G. Kuhn,et al.  An RFID Distance Bounding Protocol , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[5]  David A. Wagner,et al.  Security and Privacy Issues in E-passports , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[6]  Avishai Wool,et al.  How to Build a Low-Cost, Extended-Range RFID Skimmer , 2006, USENIX Security Symposium.

[7]  Andrew S. Tanenbaum,et al.  The evolution of RFID security , 2006, IEEE Pervasive Computing.

[8]  Avishai Wool,et al.  Picking Virtual Pockets using Relay Attacks on Contactless Smartcard , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[9]  Burton S. Kaliski Advances in Cryptology - CRYPTO '97 , 1997 .