Replacement suggested for NXP chips used in OV-Chipkaartby Steve Ragan - Apr 15 2008, 18:15
The cards that use the MiFare Classic are a common sight in the U.S., subway passes, door badges, and car keypads all use the RFID technology that was cracked. (IMG:J.Anderson)
A panel of experts from the Information Security Group (ISG) at Royal Holloway, University of London, led by the ISG Smart Card Center (SCC), recently reviewed the findings of the TNO, which reported on the security of the MiFare Classic chip used in the OV-Chipkaart. The panel ultimately suggests that the Dutch Government replace the cards because of severe failings with security.
The panel officially titled Counter Expertise Bureau (CEB), was formed at the request of the Dutch Ministry of Transport, Public Works, and Water Management. The object of the CBE was to review the findings of the TNO and to address a number of questions the government had with the initial findings, questions such as how adequate was the methodology used in the investigation by the TNO, was the TNO report complete, and ultimately were the findings complete, correct, and well-founded.
The CEB concluded in their report that the methodology used by the TNO was professional and appropriate, noting that the TNO was correct in addressing the security risks from a complete system prospective. The panel also agreed that the TNO report, being based on publicly available information, was good for what little it had to work with.
In February, the CCC released research that documented the security failures of the Crypto1 algorithm used by Netherlands based NXP Semiconductors. The Crypto1 was one of the security features included by NXP on the MiFare Classic RFID chip used in various locations across the globe.
The cards that use the MiFare Classic are a common sight in the U.S., subway passes, door badges, and car keypads all use the RFID technology that was cracked. The results of the code being decrypted means attackers can clone them, and use the cloned cards for nefarious means.
Based on the research by the CCC, The Organization for Applied Scientific Research (known as TNO) reported that there was a security risk, but the cost of pulling it off would be too high for most people, as it would require advanced technology and computing power. In Addition, the TNO said that most common criminals would not have the intelligence to accomplish such an attack.
There was a lot of talk about the TNO report, and a series of discussions led to the TNO admitting that the price point and intelligence factor were mitigated by the researchers findings. It was in fact cheap, and with the right tools, easy to pull off a successful attack on the NXP chips.
“The MiFare stream cipher is simple and its key is short. This alone should tell anybody that secret keys [could] be found cheaply. To finally end the discussion about how cheaply exactly, we made public a new attack on the cipher [that] exploits its weak structure. Bottom-line: The computer you are reading this e-mail on can find secret keys in at most an hour. In the latest response to this information, TNO acknowledges that our estimates are in fact correct and that systems should migrate to more secure cards as soon as possible,” researcher Karsten Nohl told Tech Herald back in March.
Both the TNO and now the CEB share the opinion that the reliance of secrecy, the base foundation to the NXP chips, falls in complete contrast to the recommended “best practices” for cryptographic security systems.
As such, “The CEB concurs with the TNO that the MiFare Classic 4k used in the OV-Chipkaart will need to be replaced.” They add to that suggesting that any proposed replacement should be based on an algorithm that has been rigorously tested by cryptographic experts and should not rely on security by obscurity
“The CEB is convinced that the [Crypto1 algorithm] has been reversed engineered to such and extent that it can no longer be regarded as secret. For some time, there have been reports of unlicensed MiFare products in the market that use the Crypto1 algorithm. Therefore, with high probability the algorithm was revered engineered before the CCC presentation.”
The summation by the CEB shows that the key-cracking equipment needed is cheap, and that there are other methods to offer faster, and better means of attack. Once the keys are exposed, an attacker can modify the card or clone it. They disagree with the TNO that the cloned cards would look different, stating that after viewing example artwork, it would be easy to reproduce.
The report is published and should be made available online soon. The panel included steps for migration, and agreed with the migration findings laid out originally by the TNO.