NXP RFID Cracked

kamlapati sends us to EETimes for news that the Chaos Computer Club in Germany and researchers from the University of Virginia have cracked the encryption scheme used in a common RFID chip, NXP's Mifare Classic. According to the article the device is used in many contactless smartcard applications including fare collection, loyalty cards, and access control cards. NXP downplays the significance of the hack, saying that that model of RFID card uses old technology and they do a much better job these days.

Re:Security implications?

[maxume]

Umm, he posted anonymously. Hence no karma. Not even the religious kind.

Re:Security implications?

[Antique+Geekmeister]

As I understand the technology, building a reader with massively longer range is not a simple task. You start running into signal-noise ratios, and signals from multiple local devices, pretty quickly. There have been public demonstrations of RFID technologies that can detect multiple RFID tags inside a single crate successfully, but that doesn't mean they can be detected reliably from the next room.

It seems to me that the big deal is that, once read or once the algorithms are decoded, they can be easily programmed into another tag. This problem has already been well demonstrated with the tags on US passports. With the tags popular for some kinds of public transit systems, they're begging to be forged.

They broke Philips/NXP CRYPTO1

[bigberk]

To clarify a few things. First of all this has been known for a few months. The earliest mention I saw was December 29, 2007: MiFare's CRYPTO1 algorithm mostly reverse-engineered. More information, including a slide show, is presented in this January 1, 2008 post: Mifare crypto1 RFID completely broken

Quick background: NXP (Philips) creates a line of smart cards called "Mifare" based on proprietary protocols, including the CRYPTO1 cipher (undocumented, proprietary). There are a lot of Mifare cards deployed, and there is a huge element of security through obscurity especially if you rely on proprietary protocols, such as CRYPTO1 algorithm.

This research, as linked above (and posted in this slashdot article... old news) shows that CRYPTO1 stream cipher is horribly broken, based on a terribly insufficient random number generator. Besides busting this example of security through obscurity, the target technology is actually deployed in a very wide range of uses. Meaning, this attack has many real world consequences.

Deep doodoo

[labnet]

I've seen a lot of very uninformed comments on 'high gain antennas'
MiFare is a 13.56MHz system (ISM band), that uses H-Field coupling (ie near field magnetic coupling) in a loose transformer coupled arrangement.
The near field attenuates at 1/r^3, and as a rough guide you can read this type of tag to about 1.5 x loop diameter.

At 13.56Mhz, you can only make the antenna so large before the inductance of the antenna makes it impossible to resonate.
We in fact have a complex stub tuned antenna of about 1m diam, and that was difficult.

Another problem, is you have to start pumping out so much power, it becomes extremely difficult to see modulation on the carrier above the TX noise.

Now that said, it sounds like NXP (who have one of the worst web sites on the net), are in deep doodoo.
The reason is that MIFARE has huge rollouts in transportation systems, especially in asia, and these cards contain real monetary value.
System integrators, are now going to have to put extra work into either live back to central database checking (which will be hard on mobile platforms like busses), or upgrade systems to the triple des encrypted (and more expensive) cards.