The Dutch smartcard transit system is overseen by Trans Link Systems, a joint venture created for this purpose in 2002. “Given basic knowledge of cryptographic trade-offs and sufficient storage, the secret keys of cards can be found in a matter of minutes.” “Knowing the details of the cipher would permit anyone to try all possible keys in a matter of days,” the researchers noted. “Regardless of the cryptographic strength of the cipher, the small key space therefore permits counterfeiting of any card that is read wirelessly,” the team wrote in a follow-up statement issued on Jan.
Mifare cracker software#
Nohl wrote his own optical recognition software to refine and clarify the images, and then patiently worked through the arrangement of the logic gates to deduce the encryption algorithm, a task made possible by the fact that the Mifare Classic relies on a secret key of no more than 48 bits. They examined the chip under an optical microscope, used micro-polishing sandpaper to remove a few microns of the surface at a time, photographing each of the five layers of circuitry. The team used an inexpensive RFID reader to collect encrypted data, and then reverse-engineered the chip to figure out the encryption key to decipher that data. Nohl has not yet responded to several questions sent via e-mail. The other two are Henryk Plotz and “Starbug.” At the Chaos conference, Nohl and Plotz gave some details of an apparently practical, effective way to break the Mifare encryption key, confirming what many cryptographers had suspected. One of the researchers is Karsten Nohl, a graduate student in the University of Virginia’s Computer Science Department, in Charlottesville. In a March 6 statement, NXP says it “has established an open dialogue with the researchers and is evaluating possible attacks and countermeasures that could be taken in an overall systems to prevent those.”
Interest in the study has been spreading steadily from the arcane world of security hackers. The newest attack was discussed but not (as previously reported) fully demonstrated at the 24th Congress of the Chaos Computer Club in Berlin last December. The card uses a proprietary encryption scheme, known as the Crypto1 algorithm, to scramble the data exchanged between the card and the card reader, and to securely authenticate the card and reader to each other. The decryption breach triggered a firestorm of controversy in The Netherlands. That MiFare Classic card is the basis of such new systems as the Dutch OV-Chipkaart, being rolled out in The Netherlands as part of a multibillion-dollar nationwide transportation ticketing system, and the so-called CharlieCard, used in the Boston, Mass., subway system. But according to NXP and the research group’s assessment, banking transactions and data are unaffected. The earlier version also said a user’s bank data is exposed in this decryption. The earlier version of this story said that the card can be used in debit/credit transactions with the user’s bank account. But that will take about six months, the study estimates, and concludes that there are no immediate risks to the Dutch system or its users, and that additional, existing security mechanisms may offer adequate protection. A recently de-classified study, by a nonprofit Dutch research group, of the claims by the decryption researchers concluded that it is likely they will succeed in recovering the entire encryption algorithm, and eventually build a key cracker.
0 kommentar(er)
