Dismantling iClass and iClass Elite

Part 7: Various Aspects of Computer SecurityInternational audienceDuring the development of a new access system based on modern RFID technologies it was found that companies producing access control systems for residential and office buildings still prefer the use of existing cheap solutions instead of incorporating new technologies. This is mainly due to the additional costs new systems require.The used legacy technologies are however prone to identity token cloning which allows easy access of unauthorized people to buildings. In previous paper, we have already briefly described a way how to detect cloned RFID tokens in 125 kHz RFID system.This paper lists the risks of the legacy access systems and offers ways how to detect a cloned 125 kHz tag, 13.56 MHz RFID MIFARE Classic card or Dallas Semiconductors iButton access token and how to pro-actively disable them

show abstract

“…In other tokens, like HID iClass similar flaws were found [5]. Insecure RFID technologies were also found in Hitag2 car keys [20].…”

Section: Introductionmentioning

confidence: 80%

“…Writing a new serial number is performed in a non-standard way. Each written bit is followed by 10 ms high state delay on the bus (5). The whole procedure is finished in about 680 ms.…”

Section: Contactless Rfid Tokens For Access Managementmentioning

confidence: 99%

Developing Countermeasures against Cloning of Identity Tokens in Legacy Systems

Moravec

Krumnikl

2017

Computer Information Systems and Industrial Management

View full text Add to dashboard Cite

show abstract

“…Based on the latest results [7], their secret keys can be extracted in six minutes. Further insecure products for access control include HID Global iClass [8] and Legic Prime cards, both based on highly ineffective cryptographic measures [9].…”

Section: Related Workmentioning

confidence: 99%

“…Additionally, each cell update incorporates an 8-bit chaining value z i , which is the result of the update of the preceding cell. The update equation for the successive state x i from x i is given as x i = y i + z i + x i mod 2 8 . There are basically three ways the chaining value is computed for any round r with 0 ≤ r ≤ 7:…”

Section: Fig 4 Structure Of the Obscurity Functionmentioning

confidence: 99%

Fuming Acid and Cryptanalysis: Handy Tools for Overcoming a Digital Locking and Access Control System

Strobel

Driessen

Kasper

et al. 2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We examine the widespread SimonsVoss digital locking system 3060 G2 that relies on an undisclosed, proprietary protocol to mutually authenticate transponders and locks. For assessing the security of the system, several tasks have to be performed: By decapsulating the used microcontrollers with acid and circumventing their read-out protection with UV-C light, the complete program code and data contained in door lock and transponder are extracted. As a second major step, the multi-pass challenge-response protocol and corresponding cryptographic primitives are recovered via low-level reverse-engineering. The primitives turn out to be based on DES in combination with a proprietary construction. Our analysis pinpoints various security vulnerabilities that enable practical key-recovery attacks. We present two different approaches for unauthorizedly gaining access to installations. Firstly, an attacker having physical access to a door lock can extract a master key, allowing to mimic transponders, in altogether 30 minutes. A second, purely logical attack exploits an implementation flaw in the protocol and works solely via the wireless interface. As the only prerequisite, a valid ID of a transponder needs to be known (or guessed). After executing a few (partial) protocol runs in the vicinity of a door lock, and some seconds of computation, an adversary obtains all of the transponder's access rights.

show abstract

“…Despite this, they already managed to find critical flaws in several widely deployed devices. For example, Texas Instruments' Digital Signature Transponder was successfully attacked in 2005 [2]; Mifare Classic was completely "dismantled" by several research teams [3]; critical flaws in the KeeLoq ignition car system were revealed [4] and later improved upon; serious weaknesses were found in iClass [5] and Hitag2 [6]; DES-Fire MF3ICD40 was shown to suffer from sidechannel attacks [7], etc. This enumeration is long and quite worrying.…”

Section: Introductionmentioning

confidence: 99%

Cryptanalysis of ubiquitous computing systems

Hernández-Castro

Avoine

2016

2016 18th Mediterranean Electrotechnical Conference (MELECON)

View full text Add to dashboard Cite

Recent technological advances in hardware and software have irrevocably affected the classical picture of computing systems. Today, these no longer consist only of servers, mainframes and workstations, but involve a wide range of pervasive and embedded devices, leading to the concept of ubiquitous computing systems. There is, however, an important gap in the adaptation of the existent cryptanalytic methodologies and tools to this relatively new ubiquitous computing framework. Efforts to correct this gap should target four main axes: the development of new cryptographic models, further cryptanalysis of the main building blocks, progress in hardware and software security engineering, and advances in the security assessment of realworld systems. Researchers have only recently started to devote their efforts to the study of the security of ubiquitous computing systems and the necessary lightweight cryptography. Despite the critical flaws found, the required highly-specialized skills and the isolation of the involved disciplines are a true barrier for advancing and identifying additional issues. It is therefore necessary to establish a network of researchers with complementary skills so that expertise in cryptography, information security, privacy, and embedded systems can be put to work together. The outcome of this networking efforts will directly help industry stakeholders and regulatory bodies to increase security and privacy in ubiquitous computing systems, in order to eventually make citizens better protected in their everyday life.

show abstract

Dismantling iClass and iClass Elite

Cited by 12 publications

References 18 publications

Developing Countermeasures against Cloning of Identity Tokens in Legacy Systems

Developing Countermeasures against Cloning of Identity Tokens in Legacy Systems

Fuming Acid and Cryptanalysis: Handy Tools for Overcoming a Digital Locking and Access Control System

Cryptanalysis of ubiquitous computing systems

Contact Info

Product

Resources

About