|
Jefferson's WheelSecurity Research at the University of Virginia |
The Tech Herald has posted an interview with Karsten Nohl: Interview: Karsten Nohl – Mifare Classic researcher speaks up, by Steve Ragan, 14 March 2008.
This follows three earlier articles:
Bruce Schneier’s blog has another post about the Mifare cryptanalysis: London Tube Smartcard Cracked, Schneier on Security, 14 March 2008.
Some other blogs have picked up on this, and there are some comments.
This article in ComputerWorld has an excellent account of the Mifare cryptanalysis and its implications: RFID hack could crack open 2 billion smart cards: Analyst: One European government sent armed guards to protect facilities using the card by Sharon Gaudin, Computer World, 14 March 2008.
A student at the University of Virginia has discovered a way to break through the encryption code of RFID chips used in up to 2 billion smart cards used to open doors and board public transportation systems.
Karsten Nohl, a graduate student working with two researchers based in Germany, said the problem lies in what he calls weak encryption in the MiFare Classic, an RFID chip manufactured by NXP Semiconductors. Now that he’s broken the encryption, Nohl said he would only need a laptop, a scanner and a few minutes to get the cryptographic key to an RFID door lock and create a duplicate card to open it at will.
And that, according to Ken van Wyk, principal consultant at KRvW Associates, is a big security problem for users of the technology.
“It turns out it’s a pretty huge deal,” said van Wyk. “There are a lot of these things floating around out there. Using it for building locks is the biggy, especially when it’s used in sensitive government facilities — and I know for a fact it’s being used in sensitive government facilities.”
…
The article also includes some interesting comments from a spokesman for NXP Semiconductors.
NXP, the manufacturer of the smart cards we analyzed recently, announced an improved card that could help with the migration to higher security levels. The Tech Herald has more on this.
The Mifare Plus cards implement secure 128-bit AES as well as the proprietary Crypto-1 cipher (that we have shown to be weak), but allow for the latter to be switched off once all cards have been migrated. Since all readers and cards still have to be replaced, the new cards are not necessarily a better choice than alternative cards. And while the Plus card won’t be seen in the market for another year, other cards with strong cryptography such as DESfire are readily available.
One feature of the Plus card that might be worth the wait is its improved privacy protection. Protecting individuals from being tracked has long been a research interest of ours and we are curious to see how industry solved this challenging problem.
This article in The Register describes Karsten Nohl’s work on the Mifare cryptanalysis:
Microscope-wielding boffins crack Tube smartcard: The keys to London Underground, and plenty more. (12 March 2008)
For non-British readers, here’s how Wikipedia defines a “boffin”:
In the slang of the United Kingdom, Australia, New Zealand and South Africa, boffins are scientists, engineers, and other people who are stereotypically seen as engaged in technical or scientific research. The word conjures up an image of men in thick spectacles and white lab coats, obsessively working with complicated apparatus. Portrayals of boffins emphasize both their eccentric genius and their naive ineptitude in social interaction. They are, in that respect, closer to the “absent-minded professor” stereotype than to the classic mad scientist.
(For the record, Karsten doesn’t usually wear white coats.)
It’s nice to see our research being cited in so many places. Most of the news coverage is accurate and resonates our call for better security through open designs.
We would still like to clarify a few facts and address some points of critique: The focus of our research was on Mifare Classic RFID tags. While these are by far the most popular contactless smart cards, there are plenty of others that may or may not be secure. Using a proprietary cipher is usually evidence of bad design and only cards with standard ciphers such as 3-DES, AES, and ECC should be considered for security applications.
Our results do not apply to contactless credit cards since these do not encrypt data.
The manufacturer of the Mifare cards has repeatedly claimed that we have only broken one layer of security, which is true when looking at systems as a whole. Cryptography can only ever provide one layer of protection, two of the others being automated fraud detection and law enforcement. Computerized systems tend to rely on the cryptography, however, and are much more vulnerable to attacks once this layer of security is lost.
We believe in the potential of RFIDs to improve security in many domains. The current discussion will hopefully provide guidance in building more open, more secure systems.
The Boston Herald also has a story: Research: CharlieCard is far from hack-proof, March 6, 2008.
The Boston Globe has a story about Karsten Nohl’s work on cryptanalyzing the Mifare Classic: T card has security flaw, says researcher: Cracked code could lead to counterfeits, study team warns.
A computer science student at the University of Virginia asserts that he has found a security flaw in the technology behind the Massachusetts Bay Transportation Authority’s CharlieCard system.
German-born graduate student Karsten Nohl specializes in computer security. Nohl and two fellow security researchers in Germany say they’ve cracked the encryption scheme that protects the data on the card. The team warns that their breakthrough could be used to make counterfeit copies of the cards, which are used by commuters to pay for MBTA bus and subway rides.
… Nohl said that his team needed only about $1,000 worth of equipment to dismantle the chip and crack the code.
Nohl said that the RFID chip they compromised, the MiFare Classic by NXP Semiconductors of the Netherlands, is the one used in London’s subway system and in the MBTA CharlieCard. But MBTA spokesman Joe Pesaturo refused to confirm or deny this. “It’s MBTA policy not to discuss security measures around its smart card technology,” he said.
A 2004 policy analysis of the CharlieCard system produced by the Massachusetts Institute of Technology said that it would be based on MiFare technology.
NXP Semiconductors issued a statement saying that Nohl’s team breached only one of several security features built into the MiFare Classic chip. “This does not breach the security of the overall system,” the company said. “Even if one layer were to be compromised, other layers will stop the misuse.”
Evans said it might be hard to solve the issue. “There are chips that have a much higher security level available,” he said. “They cost more and it is not a trivial matter to upgrade the system.”
Ari Juels, chief scientist and director of computer security company RSA Laboratories in Bedford, said that Nohl’s research illustrates that there are serious security flaws in many smartcard applications. “The vulnerability is most certainly for real,” Juels said.
I’d be very curious to hear about those mysterious “other layers” the NXP spokesperson is talking about. Perhaps they are using the same amazing “extensive security mechanisms operating behind the scenes” that Facebook’s chief privacy officer was talking about here.
The Daily Press (Hampton Roads, Virginia) has a story about Karsten Nohl’s cryptanalysis work: U.Va. student, hackers crack credit card security code, March 1, 2008. It is currently #7 on their list of most popular stories (but I doubt it will overtake this story: Here’s a guy who takes his beer seriously).
[Added 2 March] Also reported by WTOP (Washington DC), Examiner.com (Norfolk, Virginia), Richmond Times-Dispatch, WVEC-TV (ABC in Norfolk), The Washington Times, WAVY-TV, WSLS (Roanoke), Culpeper Star Exponent, and WVIR NBC-29 (Charlottesville).
The Daily Progress has an article about Karsten Nohl’s work on analyzing RFID tag security: Security code easy hacking for UVa student, 28 February 2008.
… Projects such as hacking the security code of a RFID chip is the “evil twin” of Nohl’s regular research, he said, which focuses on the development of cryptographic algorithms for computer security.
…
Nohl said that a more secure option for RFID security codes would be to rely on publicly known and time-tested security algorithms. NXP’s secret code, he said, is an example of “security by obscurity,” or the practice of keeping the code private and hoping hackers do not figure it out. Private algorithms, Nohl said, are more likely to have flaws and vulnerabilities.“We found significant vulnerabilities in their algorithm,” he said. “By keeping it secret, they hurt themselves in the end.”
[Added 1 March] The story also appears in The Danville Register (Hackers claim they broke key security code). Blog reports include PogoWasRight and LiquidMatrix Security Digest.
[Added 2 March]: More reports: Xenophilia, WAVY-TV.