Replacement suggested for NXP chips used in OV-Chipkaart

The cards that use the MiFare Classic are a common sight in the U.S., subway passes, door badges, and car keypads all use the RFID technology that was cracked. (IMG:J.Anderson)

A panel of experts from the Information Security Group (ISG) at Royal Holloway, University of London, led by the ISG Smart Card Center (SCC), recently reviewed the findings of the TNO, which reported on the security of the MiFare Classic chip used in the OV-Chipkaart. The panel ultimately suggests that the Dutch Government replace the cards because of severe failings with security.

The panel officially titled Counter Expertise Bureau (CEB), was formed at the request of the Dutch Ministry of Transport, Public Works, and Water Management. The object of the CBE was to review the findings of the TNO and to address a number of questions the government had with the initial findings, questions such as how adequate was the methodology used in the investigation by the TNO, was the TNO report complete, and ultimately were the findings complete, correct, and well-founded.  

The CEB concluded in their report that the methodology used by the TNO was professional and appropriate, noting that the TNO was correct in addressing the security risks from a complete system prospective. The panel also agreed that the TNO report, being based on publicly available information, was good for what little it had to work with.

In February, the CCC released research that documented the security failures of the Crypto1 algorithm used by Netherlands based NXP Semiconductors. The Crypto1 was one of the security features included by NXP on the MiFare Classic RFID chip used in various locations across the globe.

The cards that use the MiFare Classic are a common sight in the U.S., subway passes, door badges, and car keypads all use the RFID technology that was cracked. The results of the code being decrypted means attackers can clone them, and use the cloned cards for nefarious means.

Based on the research by the CCC, The Organization for Applied Scientific Research (known as TNO) reported that there was a security risk, but the cost of pulling it off would be too high for most people, as it would require advanced technology and computing power. In Addition, the TNO said that most common criminals would not have the intelligence to accomplish such an attack.

There was a lot of talk about the TNO report, and a series of discussions led to the TNO admitting that the price point and intelligence factor were mitigated by the researchers findings. It was in fact cheap, and with the right tools, easy to pull off a successful attack on the NXP chips.

“The MiFare stream cipher is simple and its key is short. This alone should tell anybody that secret keys [could] be found cheaply. To finally end the discussion about how cheaply exactly, we made public a new attack on the cipher [that] exploits its weak structure. Bottom-line: The computer you are reading this e-mail on can find secret keys in at most an hour. In the latest response to this information, TNO acknowledges that our estimates are in fact correct and that systems should migrate to more secure cards as soon as possible,” researcher Karsten Nohl told Tech Herald back in March.

Both the TNO and now the CEB share the opinion that the reliance of secrecy, the base foundation to the NXP chips, falls in complete contrast to the recommended “best practices” for cryptographic security systems.

As such, “The CEB concurs with the TNO that the MiFare Classic 4k used in the OV-Chipkaart will need to be replaced.” They add to that suggesting that any proposed replacement should be based on an algorithm that has been rigorously tested by cryptographic experts and should not rely on security by obscurity

“The CEB is convinced that the [Crypto1 algorithm] has been reversed engineered to such and extent that it can no longer be regarded as secret. For some time, there have been reports of unlicensed MiFare products in the market that use the Crypto1 algorithm. Therefore, with high probability the algorithm was revered engineered before the CCC presentation.”

The summation by the CEB shows that the key-cracking equipment needed is cheap, and that there are other methods to offer faster, and better means of attack. Once the keys are exposed, an attacker can modify the card or clone it. They disagree with the TNO that the cloned cards would look different, stating that after viewing example artwork, it would be easy to reproduce.

The report is published and should be made available online soon. The panel included steps for migration, and agreed with the migration findings laid out originally by the TNO.

Like this article? Please share on Facebook and give The Tech Herald a Like too!

From our Other Sites

Man Makes Tiny Edible Pancakes with Tiny Kitchen Tools (Video)

This Japanese guy cooks up some pancakes…nothing special there right? Well he uses tiny implements to do it and makes perfect little pancakes. Kinda cool and they look tasty!

What Color is this Dress?

White and Gold or Blue and Black?
Well this one has been trending all over the web, just what color is this dress? It all started in Scotland when the mother of a bride-to-be sent a picture to her daughter asking what she thought of the dress. The bride and groom each saw the image differently, this then got posted online and picked up by some viral sites. The lighting in photo is probably  causing different people to see it as either white and gold or blue and black. Prof Stephen Westland, chair of color science and technology at a University in the UK told the BBC that it was impossible to see what other people see but that it was most […]

McLaren 675LT Pictures

Some great shots of the forthcoming McLaren 675LT. This coupe will get you to 60mph in less than 2.9 second and go all the way to 205mph.

McLaren 675LT Details

McLaren’s 675LT will debut at this year’s Geneva show and promises some eye-popping performance. The coupe only 675LT has a 3.8 liter V8 that will get you from 0-60mph in less than 2.9 seconds and to 124mph in less than 7.9 secondsMore than a third of the parts have been changed compared with its stable mate […]

McLaren 675LT Wallpaper

Some cool McLaren 675LT Wallpaper. The McLaren 675LT is the latest coupe to come from the supercar maker and has a top speed of 205mph.Click on an image to open a page with multiple sizes that you can download to use as wallpaper for your mobile or desktop.More McLaren Wallpaper.

Octopus hunts on land, grabs crab (Video)

This crab is minding its own business searching the rock pools for food when suddenly an octopus leaps out of the water and grabs it. The amazing thing is that the octopus does not just jump on the crab it actually pulls it all the way back to the rock pool it came from. If you check the second video you will see it is not unknown for octopus to come out of the water and the one in the second video has a crab with it, though is not hunting one! Octopus Walks on Land at Fitzgerald Marine Reserve The video was taken by Porsche Indrisie in Yallingup, Western […]

Stunning Mars Rover Selfie

This image by the Curiosity Mars rover is not exactly your typical selfie. It is made up of a bunch of images taken by the rover during January 2015 by the Mars Hand Lens Imager. This (MAHLI) camera is at the end of the robot’s arm. For a sense of scale the rover’s wheels are about 20 inches diameter and 16 inches wide. Check the annotated image below for more information on the surroundings. Also if you really want to see some detail click this very large image, 36mb, at NASA.  

How the Sahara Helps Feed the Amazon (Video)

Sahara to Amazon
This cool video from NASA shows how dust is transferred across the Atlantic to the Amazon rainforest and helps nourish the plants growing there. For the first time scientists have measured the amount of dust and the amount of phosphorus in the dust. The later acts like a fertiliser and helps replenish the phosphorus the rainforest loses each year, around 22,000 tons. Amazing how something we perceive as being desolate like a desert actually has an important role in sustaining somewhere we see as teeming with life. Image and video from NASA’s Goddard Space Flight Center.

Bouncing Laser Guided Bomb (Video)

This amazing video shows a laser guided bomb bouncing back up after hitting its target. We actually think this is a non-explosive bomb designed to test guidance systems but it is still pretty remarkable and somewhat scary.

South Koreans Swallowed by Sinkhole (Video)

Thankfully the couple survived their adventure.
This amazing footage taken from the CCTV on a passing bus shows the moment two pedestrians in South Korea fall down a sinkhole in the street! Rescue workers managed to save the pair, who were treated in a nearby hospital for minor injuries. According to reports the city authorities and the Korean Geotechnical Society are looking into the cause.