Peeling Away Layers of an RFID Security System

Plötz, Henryk; Nohl, Karsten

doi:10.1007/978-3-642-27576-0_17

Cited by 6 publications

(6 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…While NXP (Mifare Classic) and Legic (Prime) have improved the security of their new products after a public analysis of their products [8,9], we could not find much information about SimonsVoss, one of the leading companies for for electronic locking systems in Europe. Their products include electronic locks, the corresponding access tokens, as well as equipment that is used to run and integrate the system into the existing infrastructure of a company.…”

Section: Introductionmentioning

confidence: 85%

See 1 more Smart Citation

Security analysis of a widely deployed locking system

Weiner

Massar

Tews

et al. 2013

Proceedings of the 2013 ACM SIGSAC Conference on Computer &Amp; Communications Security - CCS '13

View full text Add to dashboard Cite

Electronic locking systems are rather new products in the physical access control market. In contrast to mechanical locking systems, they provide several convenient features such as more flexible access rights management, the possibility to revoke physical keys and the claim that electronic keys cannot be cloned as easily as their mechanical counterparts. While for some electronic locks, mechanical flaws have been found [1], only a few publications analyzed the cryptographic security of electronic locking systems [2,3]. In this paper, we analyzed the electronic security of an electronic locking system which is still widely deployed in the field.We reverse-engineered the radio protocol and cryptographic primitives used in the system. While we consider the system concepts to be well-designed, we discovered some implementation flaws that allow the extraction of a systemwide master secret with a brute force attack or by performing a Differential Power Analysis attack [4] to any electronic key. In addition, we discovered a weakness in the Random Number Generator that allows opening a door without breaking cryptography under certain circumstances. We suggest administrative and technical countermeasures against all proposed attacks.Finally, we give an examination of electronic lock security standards and recommend changes to one widely used standard that can help to improve the security of newly developed products.

show abstract

Section: Introductionmentioning

confidence: 85%

“…This violates Kerckhoff's principle [7] and makes it difficult for third parties to independently evaluate the security of electronic locking systems. In the past, several widely deployed electronic security systems with a lack of public documentation were found out to be vulnerable against mathematical or side-channel attacks [2,8,9].…”

Section: Introductionmentioning

confidence: 99%

Security analysis of a widely deployed locking system

Weiner

Massar

Tews

et al. 2013

Proceedings of the 2013 ACM SIGSAC Conference on Computer &Amp; Communications Security - CCS '13

View full text Add to dashboard Cite

show abstract

“…Over the last few years, much attention has been paid to the (in)security of the cryptographic mechanisms used in contactless smart cards [GdKGM + 08], [GvRVWS10], [PN12], [VGB12]. Experience has shown that the secrecy of proprietary ciphers does not contribute to their cryptographic strength.…”

Section: Research Context and Related Workmentioning

confidence: 99%

Wirelessly lockpicking a smart card reader

Garcia

Gans

Verdult

2014

Int. J. Inf. Secur.

View full text Add to dashboard Cite

With more than 300 million cards sold, HID iClass is one of the most popular contactless smart cards on the market. It is widely used for access control, secure login and payment systems. The card uses 64-bit keys to provide authenticity and integrity. The cipher and key diversification algorithms used in iClass are proprietary and little information about them is publicly available. In this paper we have reverse engineered all security mechanisms in the card including cipher, authentication protocol and also key diversification algorithms, which we publish in full detail. Furthermore, we have found six critical weaknesses that we exploit in two attacks, one against iClass Standard and one against iClass Elite (a.k.a., iClass High Security). In order to recover a secret card key, the first attack requires one authentication attempt with a legitimate reader and 2 22 queries to a card. This attack has a computational complexity of 2 40 MAC computations. The whole attack can be executed within a day on ordinary hardware. Remarkably, the second attack which is against iClass Elite is significantly faster. It directly recovers the system wide master key from only 15 authentication attempts with a legitimate reader. The computational complexity of this attack is lower than 2 25 MAC computations, which means that it can be fully executed within 5 seconds on an ordinary laptop.

show abstract

“…Over the last few years, much attention has been paid to the (in)security of the cryptographic mechanisms used in contactless smart cards [8], [13], [17], [22]. Experience has shown that the secrecy of proprietary ciphers does not contribute to its cryptographic strength.…”

Section: Introductionmentioning

confidence: 99%