Practical Attacks and Defenses of MIFARE Classic
Date Issued
2010
Date
2010
Author(s)
Chih, Ming-Yang
Abstract
MIFARE Classic is a proprietary contactless smart card technology widely used in public transportation ticketing systems of cities across the world. MIFARE Classic’s cryptographic protection to the stored data has been reverse-engineered and broken in a recent series of papers. In this thesis, we report our experiment experiences attacking a real MIFARE Classic system. Specifically, we implement a brute-force search using NVIDIA graphics cards to verify the claims in the literature. We also implement and improve more advanced attacks that take advantage of other design and implementation flaws of CRYPTO-1, MIFARE Classic’s proprietary cipher. These attacks disarm all cryptographic protection of MIFARE Classic and in effect render it a contactless memory card technology. Last but not least, we present our ideas how to defend against most attacks using practical mechanisms that do not require any hardware changes. Our proposed mechanisms can be easily implemented on a variety of MIFARE Classic readers on the market and only require commodity PCs be used in the backend system with intermittent network connectivity.
Subjects
MIFARE Classic
CRYPTO-1
cryptanalysis
GPU
RFID security
SDGs
File(s)![Thumbnail Image]()
Loading...
Name
ntu-99-R97921036-1.pdf
Size
23.32 KB
Format
Adobe PDF
Checksum
(MD5):44252c77e88e4830c5164727ef7bf0f7