Gerhard de Koning Gans
Promotor: prof.dr. B.P.F. Jacobs (RU)
Copromotor: dr. F.D. Garcia (RU)
Radboud Universiteit Nijmegen
Date: 11 April, 2013, 15:30
The focus of this thesis is on the security and privacy of contact-based and contactless smart cards. Assessing the security of deployed smart card systems is a complex task. Security aspects can be viewed at different levels of abstraction. These levels range from a very high abstract level of protocol analysis, e.g., by using mathematical models, to a very technical and detailed inspection of hardware implementations. This thesis focuses on the latter method and starts with a description of two hardware tools that allow full control at the lowest communication levels of smart card protocols. This is useful for direct inspection of deployed implementations of smart card protocols. Using these tools, the security of the Mifare Classic and iClass cards is examined. The system design of both the Mifare Classic and the iClass card turns out to be a concrete example of bad security practice in widely used systems.
The Mifare Classic was first sold in 1994 and is being sold to date. It was only in 2008 that the card appeared to have serious security problems. The weaknesses that were found back then are described in detail in this thesis. It is possible to break the security of Mifare Classic cards within seconds or minutes, depending on the system configuration. It is alarming to see how many system integrators blindly put their trust in this product, purely based on the claim of the manufacturer that it is ‘field-proven technology’. Unfortunately, the vulnerabilities of the Mifare Classic are not an isolated example.
Also the iClass card, with more than 300 million cards sold, is a very popular contactless smart card on the market. It is widely used for access control, secure login and payment systems. The cipher and key diversification algorithms are proprietary and little information about them was publicly available until recently. This thesis reviews the key diversification mechanism, which handles the derivation of card specific keys from one master key.
Apart from the key derivation also the cryptographic system and its implementation contain multiple vulnerabilities. Some of these vulnerabilities are the consequence of an attempt to fix the algorithm. It demonstrates that instead of fixing a broken algorithm, it is better to start over again and design a completely new algorithm. Several attacks on the iClass system are described in this thesis where the attack times range from seconds to a couple of hours.
Further topics that will be addressed in this thesis are the use of smart cards in banking applications, the problem of key diversification for smart cards and the privacy problem in RFID. In short, all topics are related to smart card security and privacy.