Ciphertext-only Cryptanalysis on Hardened Mifare Classic Cards

@article{Meijer2015CiphertextonlyCO,
  title={Ciphertext-only Cryptanalysis on Hardened Mifare Classic Cards},
  author={Carlo Meijer and Roel Verdult},
  journal={Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security},
  year={2015}
}
  • Carlo Meijer, Roel Verdult
  • Published 12 October 2015
  • Computer Science, Mathematics
  • Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security
Despite a series of attacks, MIFARE Classic is still the world's most widely deployed contactless smartcard on the market. The Classic uses a proprietary stream cipher CRYPTO1 to provide confidentiality and mutual authentication between card and reader. However, once the cipher was reverse engineered, many serious vulnerabilities surfaced. A number of passive and active attacks were proposed that exploit these vulnerabilities. The most severe key recovery attacks only require wireless… 

Figures and Tables from this paper

Brute Force Cryptanalysis of MIFARE Classic Cards on GPU

  • C. Tezcan
  • Computer Science, Mathematics
    ICISSP
  • 2017
TLDR
Although this attack is not applicable to hardened MIFARE Classic cards, a similar attack using the short key length and the leaked parity bits can be performed when a single key is known, possibly using the default keys for unused sectors.

Introduction to Cryptanalysis : Attacking Stream Ciphers

TLDR
This paper tries to put forward the most commonly used cryptanalytic techniques by using only simplistic and comprehensible examples and defines the meaning of cryptographic strength and shows how to identify weaknesses in a cryptosystem.

Where's Crypto?: Automated Identification and Classification of Proprietary Cryptographic Primitives in Binary Code

TLDR
This paper presents a novel approach to automate the identification and classification of (proprietary) cryptographic primitives within binary code, based on Data Flow Graph (DFG) isomorphism, and provides a free and open-source implementation of this approach in the form of a plug-in for the popular IDA disassembler.

A Security Analysis of the WPA-TKIP and TLS Security Protocols

TLDR
This dissertation analyzes the security of popular network protocols and finds that commodity devices allow us to violate several assumptions made by the Wi-Fi, and proposes a technique to decrypt arbitrary packets sent towards a client.

GPU accelerated 3DES encryption

TLDR
This work proposes an optimized bit‐level parallelization of 3DES for GPU accelerated encryption to allow processing high volumes of data and provides performance results on various GPU models and makes the implementation publicly available for reproducibility and further comparisons.

Cyber-physical security for IoT networks: a comprehensive review on traditional, blockchain and artificial intelligence based key-security

TLDR
A comprehensive quality study for researchers on authentication and session keys, integrating IoT with blockchain and AI-based authentication in cybersecurity, and traditional key security mechanisms are delivered.

Security of EV-Charging Protocols

TLDR
An overview of the main roles and protocols in use in the Netherlands describes a clear attacker model and security requirements, and shows that in light of this many of the protocols have security issues, and provides suggestions on how to address these issues.

References

SHOWING 1-10 OF 55 REFERENCES

A Practical Attack on Patched MIFARE Classic

TLDR
A new card-only attack based on state-of-the-art algebraic differential cryptanalytic techniques is presented, supporting the proposition that if the authors just fix these flaws, they can stop the most serious attacks without an expensive infrastructure upgrade.

Wirelessly Pickpocketing a Mifare Classic Card

TLDR
Four attacks that can be executed by an adversary having only wireless access to just a card (and not to a legitimate reader) are proposed and the most serious of them recovers a secret key in less than a second on ordinary hardware.

The Dark Side of Security by Obscurity - and Cloning MiFare Classic Rail and Building Passes, Anywhere, Anytime

TLDR
It is discovered that a MiFare classic card can be cloned in a much more practical card-only scenario, where the attacker only needs to be in the proximity of the card for a number of minutes, therefore making usurpation of identity through pass cloning feasible at any moment and under any circumstances.

Dismantling MIFARE Classic

TLDR
This work reverse engineered the security mechanisms of the mifare Classic chip: the authentication protocol, the symmetric cipher, and the initialization mechanism and describes several security vulnerabilities in these mechanisms, which enable an attacker to clone a card or to restore a real card to a previous state.

A Practical Attack on the MIFARE Classic

TLDR
Due to a weakness in the pseudo-random generator, it is able to recover the keystream generated by the CRYPTO1 stream cipher and exploit the malleability of the stream cipher to read all memory blocks of the first sector of the card.

Fast Algebraic Attacks on Stream Ciphers with Linear Feedback

TLDR
This paper shows how to substantially lower the degree of these equations by multiplying them by well-chosen multivariate polynomials, and is able to break Toyocrypt in 249 CPU clocks, with only 20 Kbytes of keystream, the fastest attack proposed so far.

Cryptanalysis of Block Ciphers with Overdefined Systems of Equations

TLDR
A new criterion for design of S-boxes in block ciphers should not be describable by a system of polynomial equations that is too small or too overdefined, and this is suggested for both Serpent and Rijndael.

Gone in 360 Seconds: Hijacking with Hitag2

TLDR
Several weaknesses in the design of the cipher are revealed and three practical attacks that recover the secret key using only wireless communication are presented, which allow an adversary to bypass the cryptographic authentication, leaving only the mechanical key as safeguard.

Algebraic Attacks on Stream Ciphers with Linear Feedback

TLDR
This paper shows how to substantially lower the degree of these equations by multiplying them by well-chosen multivariate polynomials, and is able to break Toyocrypt in 2 CPU clocks, with only 20 Kbytes of keystream, the fastest attack proposed so far.

Cryptanalysis of Alleged A5 Stream Cipher

TLDR
A time-memory trade-off attack based on the birthday paradox which yields the unknown internal state at a known time for a known keystream sequence is pointed out, and a so-called internal state reversion attack is proposed and analyzed by the theory of critical and subcritical branching processes.
...