NXP, which has been covered extensively in the past here on The Tech Herald, is once again in the news over a lawsuit is has filed surrounding the Mifare Classic. NXP has sued Radboud University in Nijmegen to stop the publication of a paper in October that would explain the details on how the researchers successfully cloned an Oyster card and used it. The Tech Herald spoke once again to Karsten Nohl, an expert on the security for NXP, to get his opinions. The trial is set for today.
“My opinion, [on the lawsuit, is that] NXP probably made the worst possible decision by suing academic researchers. Not only do they have no legal case whatsoever, because all the results were legally obtained through reverse engineering with no help from NXP. They also take away any trust that has existed between researchers and NXP before,” said Nohl.
The researchers turned over the presentation, which is due in October, on good faith, he further explained. They did so in order to allow NXP time to react, and to inform its customers. “…what [NXP did] instead is use that information against the researchers. So they cannot expect to get any pre-info from anybody again I would think,” he added.
I asked if he had seen the research NXP is suing over and, if so, what is it about the paper that is so shocking that it would lead to a lawsuit?
"Yeah, I’ve read a draft of the paper that [NXP] tries to keep secret within the research group," commented Nohl. "So already it has leaked to a couple of people including me. It isn’t very shocking. All it does is disclose the cipher that everybody knows can easily be found through our work."
When asked if NXP was making a big deal out of nothing, he explained that the issue is not the research itself, but rather that the research was about to become public domain -- something that Nohl knows about first hand. His research, covered extensively here on The Tech Herald, was never completely made public.
In December of 2007 at the CCC, when his research came to light, Nohl and his research partner told the CCC that full details would become available within a year; the same time that the researchers from Radboud University plan to release their information.
“NXP is making a big case out of them wanting to put [the research] in the public domain, write a research paper and let everybody who wants to look at it. Even if NXP can prevent [the research] from going public, which is very unlikely, somebody else will probably leak it.”
In fact, if you wanted this information, the same information that NXP is attempting to gag in the courts, you could have bought it years ago.
“There are several companies who sell this information on the open market. For example, Chipworks in Canada, they sell this information and a lot more for about $60,000.” All that NXP is doing, explained Nohl, is “keeping this information away from other researchers. Researchers that might very well find vulnerabilities as well as solutions, the criminal who gets the information for $60,000 is not interested in finding solutions to the problem. If anything NXP keeps it away from the only friends they have.”
What's interesting about the Dutch research, and what made it a semi-interesting news story, is that the Dutch researchers cloned the Oyster card, and used the cloned card for a few days. Proving that NXP’s security is indeed flawed, like the research Nohl performed, but they took it a step further and performed a physical example.
While hacking a bus ticket is a “fun hack” according to Nohl, no criminal would steal bus tickets. “If the public demonstration on the Oyster card convinces more people that this is not a good technology and that they should stop using it, then hacking it a very good thing…” ultimately making the system more secure by forcing NXP and their customers to act.
So, in the end, as I commented previously, the only reason the Dutch research caused the reaction that it did, is that NXP refuses to acknowledge that the original cryptology it was using was flawed to begin with.
“Exactly,” agreed Nohl. “NXP has had half a year now to inform about the lack of security in their product, but instead they have used the best part of that to dismiss our research, dismiss the Dutch group’s research, and to claim that everything is purely theoretical. So, if anything, NXP has invoked this type of public demonstration, since they have often claimed that ‘yes in theory it may be insecure but in practice it isn’t’. So had they not kept up the disinformation that [the Mifare could actually be secure] nobody would have paid attention to the Dutch group actually hacking the Oyster card.”
NXP’s lawsuit proves that Mifare is insecure. The research team from Radboud University gave a practical example of the security flaws and, because they planned to release the information, NXP moved to sue them in an attempt to stop it.
“[NXP] has pretty much created a need for additional proof of insecurity by denying the insecurity. They should blame themselves for that public demonstration and all the additional bad press they have gotten,” Nohl explained.
So where does that leave Karsten Nohl, and what are the plans for the CCC? Will this lawsuit stop them from talking, if they talk at all?
Evidentally not. “So far we’ve released those parts of our results that we feel are needed to understand the insecurity. We have done so in a theoretical way. The Dutch have done so in a more practical way, by showing things can be cloned, but nobody has yet given out an attack tool. In fact, there are very few pieces of information missing; nothing that couldn’t easily be found. But still missing from the public domain is what would be needed to create attack tools. We have some, the Dutch have some, and maybe a few other groups that don’t publicly speak have some. Once everything is released in October, everybody can build attack tools. But then again, October, that’s ten month's after we have informed [NXP] that this is insecure. That’s ten months for anybody to implement additional counter measures, or for those systems that are really high-security, to adapt new technology. Ten month’s should definitely be enough for that.”
What about NXP’s Mifare Plus? The new NXP offering is boasting 128-bit encryption over the original 48-bit, available for pilots in Q4 of 2008.
“Mifare Plus is a really good card, with the option of emulating the bad old card,” commented Nohl. “If it’s used properly that is, emulate the old card for just a couple weeks, and then as soon as you upgraded the entire infrastructure, switch over to the strong encryption then this card would be very secure. The problem with the Mifare Plus is that there is no Mifare Plus that you can buy today.”
Trials for Mifare Plus were due in October. Like others, Karsten Nohl thinks the lawsuit is a stalling tactic that will slow the information until they can move the new Mifare chip closer to market. “NXP is not that naive to think they can contain this information, even if they do win their lawsuit.”
Nohl also told me that, after the trial today, we can expect a ruling in a week. He is currently traveling across Europe and, based on the phone conversation I had with him, is extremely busy lately.
Radboud University Nijmegen researchers are not backing down. They say they plan to publish the information anyway because, “it is our duty to publish scientific research that could lead to better security technology.”
NXP calls the publication of the research irresponsible, and would not comment when asked. Tech Herald e-mails seeking a response from NXP were also ignored.
Information, as well as a video from the Radboud University researchers, can be obtained by clicking HERE.
The trial starts today. This story will be updated as and when relevant information pops up.