论文信息 - Reverse engineering the communications protocol of an RFID public transportation card

Reverse engineering the communications protocol of an RFID public transportation card

Radio Frequency Identification (RFID) security has not been properly handled in numerous applications, such as in public transportation systems. In this paper, a methodology to reverse engineer and detect security flaws is put into practice. Specifically, the communications protocol of an ISO/IEC 14443-B public transportation card used by hundreds of thousands of people in Spain was analyzed. By applying the methodology with a hardware tool (Proxmark 3), it was possible to access private information (e.g. trips performed, buses taken, fares applied…), to capture tag-reader communications, and even emulate both tags and readers.

Tiago M. Fernández-Caramés | Paula Fraga-Lamas | T. Fernández-Caramés | P. Fraga-Lamas

[1] Tiago M. Fernández-Caramés,et al. Smart Pipe System for a Shipyard 4.0 , 2016, Sensors.

[2] Luis Castedo,et al. A Methodology for Evaluating Security in Commercial RFID Systems , 2017 .

[3] Flavio D. Garcia. Proof of concept , cloning the OV-Chip card Public transport system in The Netherlands , 2008 .

[4] Tiago M. Fernández-Caramés,et al. Reverse Engineering and Security Evaluation of Commercial Tags for RFID-Based IoT Applications , 2016, Sensors.

[5] Christof Paar,et al. Chameleon: A Versatile Emulator for Contactless Smartcards , 2010, ICISC.

[6] Tiago M. Fernández-Caramés,et al. An Intelligent Power Outlet System for the Smart Home of the Internet of Things , 2015, Int. J. Distributed Sens. Networks.

[7] M. Gonzalez-Lopez,et al. Maritime Freight Container Management System Using RFID , 2010 .

[8] Christof Paar,et al. Breaking Mifare DESFire MF3ICD40: Power Analysis and Templates in the Real World , 2011, CHES.

[9] Tiago M. Fernández-Caramés,et al. Real-time personal protective equipment monitoring system , 2012, Comput. Commun..