The MiFare Classic chip has been proven easy to compromise, and because of the published research, NXP, makers of the MiFare chip, released a stronger encrypted chip called MiFare Plus. Now, according to some exchanged emails and research notes, the MiFare Plus might be facing similar issues because Crypto-1 is still vulnerable. Even after the flaws such as weak random number generator are fixed.
The MiFare Chips, created by NXP, are in the limelight again. There is now an easier way to break the Crypto-1 cipher. This includes the MiFare Plus chip. (IMG: J.Anderson)
The Tech Herald has been following the science and research involved with the RFID technology in the MiFare RFID chips used by NXP. According to Karsten Nohl, one of the researchers involved with the research surrounding the MiFare Classic, details of a new attack aimed at the MiFare Crypto-1 will be announced at EuroCrypt on Tuesday.
“MiFare Crypto 1 is a lightweight stream cipher used in London's Oyster card, Netherlands’ OV-Chipcard, US Boston's CharlieCard, and in numerous wireless access control and ticketing systems worldwide,” the research notes report.
Adding that, “…researchers have been able to recover this algorithm by reverse engineering. We have examined MiFare from the point of view of the so called “algebraic attacks.” We can recover the full 48-bit key of MiFare algorithm in 200 seconds on a PC, given one known IV (from one single encryption). The security of this cipher is therefore close to zero. This is particularly shocking, given the fact that according to the Dutch press, 1 billion of MiFare Classic chips are used worldwide, including in many governmental security systems.”
Karsten said in an email to the Herald that some of the highlights of the announcement will include key recovery in twelve seconds, the ability for passive eavesdropping from several meters away is now a reality, and that the new attack works for any random number generator, which would include the Crypto-1 used in the MiFare Plus.
“It uses an "improved" version of the proprietary Crypto-1 cipher as well as 128bit AES to enable a [smooth] transition between the two. We only broke the former. We can't break the AES part. These chips have either Crypto-1 or AES activated (the idea being that you can introduce them into a Crypto-1 system and once everybody has upgraded to AES flip the switch).” Karsten said when asked to explain how the attack would affect the MiFare Plus. "It's the most efficient attack and the first one that is totally passive--anybody in "hearing" range of a reader terminal gets enough information about cards to clone them."
The research is fairly recent, "The work was just done over the last few weeks in response to the ongoing discussion over the cards' security. They are not secure and our new attack demonstrates this fact impressively," Karsten says.
While the Plus version of the MiFare chip offers better security, the usage of Crypto-1 could still pose significant risk. In fact, a recent report from the Royal Holloway, University of London says that Crypto-1 has been reversed engineered to such an extent that it can no longer be regarded as secret. Adding another expert opinion that security through obscurity is a failed method.
See the other articles for more details.(1) http://www.thetechherald.com/article.php/200810/297(2) http://www.thetechherald.com/article.php/200811/392(3) http://www.thetechherald.com/article.php/200811/394
There are currently no comments for this article. Be the first to comment!
Advertising
There are currently no comments for this article. Be the first to comment!