A Practical Attack on Patched MIFARE Classic

Yi-Hao Chiu National Taiwan University, Taipei, Taiwan Wei-Chih Hong Academia Sinica, Taipei, Taiwan Li-Ping Chou Chinese Culture University, Taipei, Taiwan Jintai Ding University of Cincinnati, Cincinnati, USA; Chongqing University, Chongqing, China Bo-Yin Yang Academia Sinica, Taipei, Taiwan Chen-Mou Cheng National Taiwan University, Taipei, Taiwan

TBD mathscidoc:2207.43063

Inscrypt 2013, 150–164, 2013.11
MIFARE Classic is the world’s most widely deployed RFID (radio-frequency identification) technology. It was claimed to be cryptographically protected by the proprietary Crypto-1 stream cipher. However, it proved inadequate after weaknesses in the design and implementation of Crypto-1 and MIFARE Classic started surfacing since late 2007 [7, 8, 12–17]. Some operators of MIFARE Classic-based systems reacted by upgrading to more secure alternatives such as MIFARE DESFire. However, many (especially in Asia) opted to “patch” MIFARE Classic instead. Their risk analysis might have gone as follows: “The most serious threat comes from efficient card-only attacks, where the attacker only needs an off-the-shelf reader and a PC to tamper a target tag. All efficient card-only attacks depend on certain implementation flaws. Ergo, if we just fix these flaws, we can stop the most serious attacks without an expensive infrastructure upgrade.” One such prominent case is “EasyCard 2.0,” today accepted in Taiwan as a means of electronic payment not only in public transportation but also in convenient stores, drug stores, eateries, cafes, supermarkets, book stores, movie theaters, etc. Obviously, the whole “patching” approach is questionable because Crypto-1 is fundamentally a weak cipher. In support of the proposition, we present a new card-only attack based on state-of-the-art algebraic differential cryptanalytic techniques [1, 2]. Still using the same cheap reader as previous attacks, it takes 2–15 min of computation on a PC to recover a secret key of EasyCard 2.0 after 10–20 h of data collection. We hope the new attack makes our point sufficiently clear, and we urge that all MIFARE-Classic operators with important transactions such as electronic payment upgrade their systems to the more secure alternatives soon.
No keywords uploaded!
[ Download ] [ 2022-07-14 14:16:20 uploaded by dingjt ] [ 388 downloads ] [ 0 comments ]
@inproceedings{yi-hao2013a,
  title={A Practical Attack on Patched MIFARE Classic},
  author={Yi-Hao Chiu, Wei-Chih Hong, Li-Ping Chou, Jintai Ding, Bo-Yin Yang, and Chen-Mou Cheng},
  url={http://archive.ymsc.tsinghua.edu.cn/pacm_paperurl/20220714141620281041640},
  booktitle={Inscrypt 2013},
  pages={150–164},
  year={2013},
}
Yi-Hao Chiu, Wei-Chih Hong, Li-Ping Chou, Jintai Ding, Bo-Yin Yang, and Chen-Mou Cheng. A Practical Attack on Patched MIFARE Classic. 2013. In Inscrypt 2013. pp.150–164. http://archive.ymsc.tsinghua.edu.cn/pacm_paperurl/20220714141620281041640.
Please log in for comment!
 
 
Contact us: office-iccm@tsinghua.edu.cn | Copyright Reserved