1 / 42

Mifare Classic Troubles

Mifare Classic Troubles. Peter van Rossum Digital Security Radboud University Nijmegen. Mifare Classic. RFID Technology. Reader to tag signal Dropping field Modified Miller Encoding. Tag to reader signal Modulating field Manchester Encoding. RFID Applications.

ata
Download Presentation

Mifare Classic Troubles

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Mifare Classic Troubles Peter van Rossum Digital Security Radboud University Nijmegen

  2. Mifare Classic

  3. RFID Technology • Reader to tag signal • Dropping field • Modified Miller Encoding • Tag to reader signal • Modulating field • Manchester Encoding

  4. RFID Applications Identify friend or foe (1942) Car keys Electronic passport Public transport ticketing RFID Powder Access control Supply chain management Anti-theft Event ticketing

  5. Mifare Classic • Many standards for RFID • ISO14443A: Mifare (NXP) • ISO14443B: CryptoRF (Motorola/Atmel) • ISO14443C: Felica (Sony) • ISO14443D: (OTI) • ISO14443E: (Cubic) • ISO14443F: Legic (KABA) • ISO15693: Tag-IT (Texas Instruments) • Typically describe physical and data-link layers (not cryptographic features)

  6. Mifare Classic • Many chips in the Mifare (ISO14443A) family • Mifare Ultralight • Mifare Classic • Mifare DESFire • Mifare Plus • Mifare EV1 • Mifare SMART MX • Most popular: Mifare Classic • over 1 billion sold • over 200 million in use • 80% of contactless smartcard market

  7. Mifare Classic Applications • Public transport ticketing systems • Access control • Wireless payment systems

  8. RFID Security • RFID = Radio Frequency Identification • More properly authentication • Contactless smartcards • data storage, computational capabilities • confidentiality • integrity Common RFID Attacks • Relay attack • Replay attack • Cryptanalytic attack • Side-channel attack • Tracing attack … Mifare Classic is vulnerable to all of these.

  9. ? ? ! ! ? ! 1. RFID – Relay Attack • Wireless communication • No link between authenticating object (tag) and service receiver (tag holder)‏ • Attacker A initiates service • Attacker A relays queries to tag to attacker B • Attacker B sends queries to victim’s tag • Attacker B relays answers back to attacker A • Attacker A answers queries

  10. 2. RFID – Replay Attack Vulnerabilities • No clock • Weak randomness Attack • Attacker intercepts communication tag - reader • Attack replays later Countermeasures (standard) • Challenge-response authentication (needs clock, randomness, or other form of “freshness”)‏ • Parking at Radboud University • Access control: wireless employee card • No authentication protocol at all • Card sends uid; back-end checks • authorization • Attack • Eavesdrop signal from car (card) to barrier • Replay signal to gain entry • (only works when original car has left; better • to eavesdrop signal from a departing car)

  11. 3. RFID – Side-channel attacks • Attacker controls tag • Use side-channels (timing, power, …) • Recover secret information from tag

  12. 4. RFID – Crypto Attacks • Low energy • Low computational capacity • Cheap to manufacture • Fast enough to operate • Weak cryptography • Attacker can break encryption scheme

  13. 5. RFID – Tracing Attack • Used for identification • Anti-collision phase sends uid • Attacker can recognize people based on the RFID tags they are carrying • Attacker could trace RFID enabled packages

  14. Common RFID Attacks - Summary • No clock, weak randomness • replay attacks • Low computational capacity • cryptanalytic attacks • Attacker controls tag • side-channel attacks • Wireless • relay attacks • Used for identification • tracing attacks

  15. Timeline

  16. Timeline

  17. Memory structure uid, manufacturer data 0 0 1 data 2 data 3 key A, access conditions, key B 4 data 1 5 data 6 data 64 blocks 16 sectors 7 key A,access conditions, key B 15 60 data 61 data 62 data 63 key A, access conditions, key B 48 bits 48 bits 16 bytes

  18. CRYPTO1 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 26c7 0dd3 0dd3 26c7 0dd3 4457c3b3 • Feedback: • L(x0,x1,…,x47) := x0+x5+x9+x10+x12+x14+x15+x17+x19+x24+x25+x27+x29+x35+x39+x41+x43 • LFSR stream: • ai+48 := L(ai,ai+1,…,ai+47) ∀i∈ℕ • Keystream: • bi := f(ai+9,ai+11,…,ai+47) ∀i∈ℕ (Actually a bit more complicated because of the initialization)

  19. CRYPTO1: random number generator 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 • 32 bit nonces • Linear feedback shift register • 16 bit internal state • Period 216 – 1 = 65535 • Feedback: • L16(x0,x1,…,x15) := x0+x2+x3+x5 • Successor: • suc(x0,x1,…,x31) := (x1,x2,…,x30,L16(x16,x17,…,x31)) • Distance: • d((x0,x1,…,x31)(y0,y1,…,y31)) := min { n ∈ ℕ | sucn(x0,x1,…,x31) = (y0,y1,…,y31) }

  20. Authentication & initialization Tag Reader uid auth(block) pick nT nT LFSR stream: Initial state of the LFSR is the key ai := ki i ∈ [0,47] Shift nT + uid into the LFSR ai+48 := L(ai,…,ai+47) + nTi + uidi i ∈ [0,31] Shift nR into the LFSR ai+48 := L(ai,…,ai+47) + nRi-32 i ∈ [32,63] After authentication, LFSR keeps shifting ai+48 := L(ai,…,ai+47) i ∈ [64, ∞) Keystream: bi := f(ai+9,ai+11,…,ai+47) i ∈ [32, ∞) pick nR aR:=suc64(nT) {nR,aR} check aR aT:=suc96(nT) {aT} check aT auth. ok auth. ok

  21. Mifare Classic: trace

  22. Attacking CRYPTO1 • Unshifting the LFSR • internal state at any time  key • Inverting the filter function • keystream  internal state • computational complexity: approx. 226 operations (seconds) • Acquiring keystream • observing authentication  keystream • communication complexity: 1 to 3 auth. sessions (micro seconds)

  23. CRYPTO1: unshifting the LFSR • Feedback: • L(x0,x1,…,x47) := x0+x5+x9+x10+x12+x14 • +x15+x17+x19+x24+x25+x27+x29+x35+x39 • +x41+x43 • LFSR stream: • Initial state of the LFSR is the key • ai := ki i ∈ [0,47] • Shift nT + uid into the LFSR • ai+48 := L(ai,…,ai+47) + nTi + uidi i ∈ [0,31] • Shift nR into the LFSR • ai+48 := L(ai,…,ai+47) + nRi-32 i ∈ [32,63] • After authentication, LFSR keeps shifting • ai+48 := L(ai,…,ai+47) i ∈ [64, ∞) • Keystream: • bi := f(ai+9,ai+11,…,ai+47) i∈ℕ Inverting feedback: R(x1,…,x47,x48) := x5+x9+x10+x12+x14 +x15+x17+x19+x24+x25+x27+x29+x35+x39 +x41+x43+x48 R(x1,…,x47,L(x0,x1,…,x47)) = x0 Inverting LFSR stream: Unshift LFSR until end of authentication ai = R(ai+1,…,ai+48) i ∈ [64, ∞) Unshift nR from the LFSR ai = R(ai+1,…,ai+48) + nRi-32 i ∈ [32,63] = R(ai+1,…,ai+48) + {nR}i-32 + bi = R(ai+1,…,ai+48) + {nR}i-32 + f(ai+9,…,ai+47) Unshift nT + uid from the LFSR ai = R(ai+1,…,ai+48) + nTi + uidi i ∈ [0,31] Key is the initial state of the LFSR ki = ai i ∈ [0,47]

  24. CRYPTO1: inverting the filter function # # # # # # # # # # # # # # # # # # # # keystream: 01100111100110110 ## ################## # 00 000000000000000000 1 00 000000000000000001 1 00 000000000000000111 0 00 000000000000000111 1 00 000000000000001000 … produces ‘odd’ keystream 010 # ################### # 0 0000000000000000000 0 0 0000000000000000000 1 0 0000000000000000001 0 0000000000000000011 1 0 0000000000000000100 0 … produces ‘odd’ keystream 01 #################### 00000000000000000000 00000000000000000001 00000000000000000011 00000000000000000100 00000000000000000110 … produces ‘odd’ keystream 0 219 • Filter function can be easily inverted because the input to the filter function f • are only on odd places • Attack options: • Compute ‘odd’ bits of LFSR using table and deduce ‘even’ bits (linear relation) • Compute ‘odd’ and ‘even’ bits of LFSR using tables separately and combine tables

  25. CRYPTO1: acquiring keystream • Intercepted communication: • nT, {aR}, {aT} visible to attacker • {aR} + suc64(nT), {aT} + suc96(nT) • 64 keystream bits • invert f, roll back LFSR, recover key • Access to genuine reader: • nT under attacker control • {aR} + suc64(nT) visible to attacker • 32 keystream bits • invert f, 216 possible LFSRs • roll back LFSRs, 216 candidate keys • (repeat and take intersection) Tag Reader uid auth(block) pick nT nT pick nR aR:=suc64(nT) {nR,aR} check aR aT:=suc96(nT) {aT} check aT auth. ok auth. ok

  26. Weaknesses • 48 bit internal state, stream cipher • enables brute force attack • weak 16-bit random number generator • enables chosen plaintext attack & replay attack • simple LFSR structure • enables unshifting the internal state to recover key • weak filter function • enables inverting the one-way function function • 64 bits keystream  unique key • 32 bits keystream  216 candidate keys • authentication protocol leaks keystream • consequences (march 2008) • intercepted communication can (quickly) be decrypted • key (of first sector read) can be recovered from just a reader • (access to just a tag not sufficient)

  27. CRYPTO1: (in)security

  28. Parity trouble Plaintext Keystream Ciphertext • Weaknesses: • Parity computed over plaintext • Parityencrypted • Parity encrypted using same bit of keystream that encrypts next bit of plaintext • During authentication, parity is checked before authenticity • No response when parity check fails; {NACK} when authenticity fails • Note: • Not compliant with ISO14443-3 Type A • To emulate Mifare Classic with NFC chip, use raw Mifare mode and do parity yourself

  29. Parity trouble • (Encrypted) parity checked continuously • Parity wrong  tag resets • Parity in {nR,aR} checked before aR • Parity correct and aR wrong  4 bit {NACK} • Error message is encrypted • Card-only Attack • Send 64 random bits for {nR,aR} (and random parity) • (½)8 = 1/256 probability of guessing parity correctly • Correct guess leaks 12 bits of information • Options: • Brute force • Adaptive chosen ciphertext attack (vary {nR}) • Chosen plaintext attack (vary nT) • [Courtois] Differential attack (vary {nR}) • Attacker only needs access to a card! • Note • Russian/Chinese Mifare clones • do not check parity • always send {NACK} • Classic compatibility mode of Mifare Plus • does not check parity • does not send {NACK} • (fixed after we notified NXP of these problems) Tag Attacker uid auth(block) pick nT nT pick {nR} pick {aR} {nR,aR} check aR {NACK} auth. failed

  30. Chosen Plaintext Attack • Precompute • T := { states a32 a33 … a79| if reader sends • {nR} = {aR} = 0 then corresponding 8 encrypted • parity bits are 0 and 4 next keystream bits are 0} • |T| ≈ 248/212 = 236 (storage: 384 GB) • Attack • Search (online) for nT such that sending all 0’s • for {nR}, {aR} and the parity bits results in • {NACK} = NACK (i.e. 4 keystream bits 0). • Search (offline) in T: • Compute candidate key using nT and uid • Check key (offline) • Improvements • More tables, one for each possibility of {NACK}. • Sort table(s) by correct parity and {NACK} • when sending all 1’s for {nR},{aR} Tag Attacker uid auth(block) pick nT nT {nR},{aR} = 0,0 check aR {NACK} auth. failed

  31. Online vs. offline order of magnitude NXP/System Integrators: “impossible to execute real-time” Offline brute force • 1536 authentication attempts • 248 offline search space days NXP/System Integrators: “lab-conditions required to fix nT” adaptive chosen ciphertext (vary {nR}) • 150 authentication • attempts with same nT • 220 offline search space chosen plaintext (vary nT) • 28500 authentication attempts • with same nT • 232.8 offline search space min differential attack [Courtois] (vary {nR}) • 4096 authentication attempts • 128 authentication attempts • with fixed nT • 224 offline search space in • one-time precomputed 384GB table intercepted communication s • 2 or 3 authentications • 220 offline search space NXP/System Integrators: “Difficult to execute in real-life” ms s min h Online

  32. Even faster? One key known already Tag Reader uid auth(block) pick nT nT LFSR stream: Initial state of the LFSR is the key ai := ki i ∈ [0,47] Shift nT + uid into the LFSR ai+48 := L(ai,…,ai+47) + nTi + uidi i ∈ [0,31] Shift nR into the LFSR ai+48 := L(ai,…,ai+47) + nRi-32 i ∈ [32,63] After authentication, LFSR keeps shifting ai+48 := L(ai,…,ai+47) i ∈ [64, ∞) Keystream: bi := f(ai+9,ai+11,…,ai+47) i ∈ [32, ∞) pick nR aR:=suc64(nT) {nR,aR} check aR aT:=suc96(nT) {aT} check aT auth. ok auth. ok

  33. Reauthentication & initialization Tag Reader {auth(block)}old key pick nT {nT} LFSR stream: Initial state of the LFSR is the key ai := ki i ∈ [0,47] Shift nT + uid into the LFSR ai+48 := L(ai,…,ai+47) + nTi + uidi i ∈ [0,31] Shift nR into the LFSR ai+48 := L(ai,…,ai+47) + nRi-32 i ∈ [32,63] After authentication, LFSR keeps shifting ai+48 := L(ai,…,ai+47) i ∈ [64, ∞) Keystream: bi := f(ai+9,ai+11,…,ai+47) i ∈ ℕ pick nR aR:=suc64(nT) {nR,aR} check aR aT:=suc96(nT) {aT} check aT auth. ok auth. ok

  34. CRYPTO1: reauthentication & initialization Tag Attacker • Weaknesses • nT predictable based on • only 216 possiblities • parity bits (reduces to 213 possibilities) • timing (reduces to 1 to 5 possibilities) • weak cipher (as before) • Attack • authenticate for one sector using known key • try to reauthenticate for other sector • guess nonce and compute 32 keystream bits • use weaknesses in cipher to compute • (1 to 5 times) approx. 216 candidate keys • repeat two or three times and take intersection • Note • compatibility mode of Mifare Plus • uses better (32-bit) random number gen • (attack fails) • some Mifare Classics are Mifare Smart MX • emulating a Mifare Classic • uses better (16-bit) random number gen • (timing information not available) {auth(block)}old key pick nT {nT}

  35. Summary of further weaknesses • weak random number generator sync with time • enables chosen plaintext attack • reader nonces determine 32 bits of the internal state • enables chosen ciphertext attack against card • mixing of data link and encryption layers • one-time pad used twice: information leakage • encrypted error message sent when authentication fails • 4-bit information leakage • tag nonce sent encrypted when authenticating twice • 32-bit information leakage (when one key already known) • consequences (november 2008) • keys can be recovered from just a card • card can be wirelessly cloned directly

  36. Online vs. offline order of magnitude Offline brute force • 1536 authentication attempts • 248 offline search space days adaptive chosen ciphertext (vary {nR}) • 150 authentication • attempts with same nT • 220 offline search space chosen plaintext (vary nT) • 28500 authentication attempts • with fixed nT • 232.8 offline search space min differential attack [Courtois] (vary {nR}) • 4096 authentication attempts • 128 authentication attempts • with fixed nT • 224 offline search space in • one-time precomputed 384GB table intercepted communication/ known old key s • 2 to 5 authentication attempts • 220 offline search space ms s min h Online

  37. What to do? • Strategy RU: responsible disclosure • 02/08: Warning (to NXP, government): additional measures needed; minister of internal affairs made problems public Only claim what we can actually demonstrate • 10/08: Publication after delay of 7 months; full details • 10/08 – 03/09: Repeat for card-only attack • Strategy NXP: damage control • 03/08: Customer chooses cheapest chip • 07/08: Publication irresponsible • 10/08: Don’t use Classic for new applications • 03/09: Lab conditions needed (for ‘immediate’ attack) • Strategy system integrators (TLS, TFL, …): protect investment • 03/08: Attack not feasible • 07/08: Fraud detected in back-end; no fraud detected so far • 10/08: No criminal business case

  38. “No Criminal Business Case’’? • Attack scenarios • Loyalty scheme attack (bus) • micro-waved OV-chipkaart • OV-chipkaart with wrong keys • Checking out (bus) • too soon • too late • State-modification attacks • Store/restore state (detected in back-end?) • Increase balance (detected in back-end?) • Add travel products (detected in back-end?)

  39. “No Criminal Business Case’’? • Attack scenarios (more speculative) • Wirelessly clone cards • Travel on someone else’s card (detected in back-end?) • Generate new cards (and sell them) • On ‘white’ cards • On ‘unactivated’ or empty cards • Steal reader • Recover key diversification • by side-channel analysis • by brute force • Easy wireless cloning of cards (detected in back-end?) • Easy generation of new cards (detected in back-end?)

  40. “No Criminal Business Case”?

  41. “No Criminal Business Case?’’ Questions?

  42. References • De Koning Gans, Hoepman, Garcia. A Practical Attack on the Mifare Classic. CARDIS 2008. LNCS 5189. pp 267-282. • Nohl, Evans, Starbug, Plotz. Reverse-Engineering a Cryptographic RFID Tag. USENIX Security 2008. pp 185-193. • Courtois, Nohl, O’Neil. Algebraic Attacks on the Crypto-1 Stream Cipher in Mifare Classic and Oyster Cards. ePrint 2008/166. • Garcia, De Koning Gans, Muijrers, Van Rossum, Verdult, Wichers Schreur, Jacobs. Dismantling Mifare Classic. ESORICS 2008. LNCS 5283. pp 97-114. • Teepe. Making the best of Mifare Classic. 2009. • Garcia, Van Rossum, Verdult, Wichers Schreur. Wirelessly Pickpocketing a Mifare Classic Card. IEEE S&P 2009. pp 3-15. • Courtois. The Dark Side of Security by Obscurity and Cloning Mifare Rail and Building Passes Anytime, Anywhere. SECCRYPT 2009.

More Related