Sciweavers

SP
2009
IEEE

Wirelessly Pickpocketing a Mifare Classic Card

14 years 5 months ago
Wirelessly Pickpocketing a Mifare Classic Card
The Mifare Classic is the most widely used contactless smartcard on the market. The stream cipher CRYPTO1 used by the Classic has recently been reverse engineered and serious attacks have been proposed. The most serious of them retrieves a secret key in under a second. In order to clone a card, previously proposed attacks require that the adversary either has access to an eavesdropped communication session or executes a message-by-message man-in-the-middle attack between the victim and a legitimate reader. Although this is already disastrous from a cryptographic point of view, system integrators maintain that these attacks cannot be performed undetected. This paper proposes four attacks that can be executed by an adversary having only wireless access to just a card (and not to a legitimate reader). The most serious of them recovers a secret key in less than a second on ordinary hardware. Besides the cryptographic weaknesses, we exploit other weaknesses in the protocol stack. A vulnera...
Flavio D. Garcia, Peter van Rossum, Roel Verdult,
Added 21 May 2010
Updated 21 May 2010
Type Conference
Year 2009
Where SP
Authors Flavio D. Garcia, Peter van Rossum, Roel Verdult, Ronny Wichers Schreur
Comments (0)