论文信息 - A Practical Experience with RFID Security

A Practical Experience with RFID Security

Radio-frequency identification (RFID) technologies allow remote identification as well as generic data access using radio waves. It is also commonly used in transportation and other payment systems, e.g., the MIFAREof NXP Semiconductors, one of the most widely deployed contactless smart card standards. Recently, the interest in using RFID for micro payment grows rapidly as users get used to the convenience brought by RFID,and corporations discover that RFID can significantly lower the cost of operation. However, there are security concerns, as many passive RFID technologies do not have adequate cryptographic protection. Furthermore, thecommunication can be eavesdropped by a third party, making RFID particularly vulnerable to all sorts of attacks.In this work, we examine the EasyCard of the Taipei Metro Rapid Transit (MRT) Corporation, a transportation ticketing system based on the MIFARE Classic technology. We capture and analyze the communication betweena legitimate reader and an EasyCard using GNURadio, an open-source software-defined radio running on PC. We will share our experiences with EasyCard security and hopefully provide some insights into RFID security inpractice.

[1] Willi Meier,et al. Fast Algebraic Attacks on Stream Ciphers with Linear Feedback , 2003, CRYPTO.

[2] Dong Chao,et al. Universal Software Radio Peripheral , 2010 .

[3] Flavio D. Garcia,et al. A Practical Attack on the MIFARE Classic , 2008, CARDIS.

[4] Ioannis G. Askoxylakis,et al. Overview of Security Threats for Smart Cards in the Public Transport Industry , 2008, 2008 IEEE International Conference on e-Business Engineering.

[5] Nicolas Courtois,et al. Algebraic Attacks on the Crypto-1 Stream Cipher in MiFare Classic and Oyster Cards , 2008, IACR Cryptol. ePrint Arch..

[6] Michael Hutter,et al. RFID and Its Vulnerability to Faults , 2008, CHES.

[7] Bart Jacobs,et al. Dismantling MIFARE Classic , 2008, ESORICS.

[8] David Evans,et al. Reverse-Engineering a Cryptographic RFID Tag , 2008, USENIX Security Symposium.

[9] Klaus Finkenzeller,et al. Book Reviews: RFID Handbook: Fundamentals and Applications in Contactless Smart Cards and Identification, 2nd ed. , 2004, ACM Queue.