|
Jefferson's WheelSecurity Research at the University of Virginia |
The Tech Herald has posted an interview with Karsten Nohl: Interview: Karsten Nohl – Mifare Classic researcher speaks up, by Steve Ragan, 14 March 2008.
This follows three earlier articles:
Bruce Schneier’s blog has another post about the Mifare cryptanalysis: London Tube Smartcard Cracked, Schneier on Security, 14 March 2008.
Some other blogs have picked up on this, and there are some comments.
This article in ComputerWorld has an excellent account of the Mifare cryptanalysis and its implications: RFID hack could crack open 2 billion smart cards: Analyst: One European government sent armed guards to protect facilities using the card by Sharon Gaudin, Computer World, 14 March 2008.
A student at the University of Virginia has discovered a way to break through the encryption code of RFID chips used in up to 2 billion smart cards used to open doors and board public transportation systems.
Karsten Nohl, a graduate student working with two researchers based in Germany, said the problem lies in what he calls weak encryption in the MiFare Classic, an RFID chip manufactured by NXP Semiconductors. Now that he’s broken the encryption, Nohl said he would only need a laptop, a scanner and a few minutes to get the cryptographic key to an RFID door lock and create a duplicate card to open it at will.
And that, according to Ken van Wyk, principal consultant at KRvW Associates, is a big security problem for users of the technology.
“It turns out it’s a pretty huge deal,” said van Wyk. “There are a lot of these things floating around out there. Using it for building locks is the biggy, especially when it’s used in sensitive government facilities — and I know for a fact it’s being used in sensitive government facilities.”
…
The article also includes some interesting comments from a spokesman for NXP Semiconductors.
NXP, the manufacturer of the smart cards we analyzed recently, announced an improved card that could help with the migration to higher security levels. The Tech Herald has more on this.
The Mifare Plus cards implement secure 128-bit AES as well as the proprietary Crypto-1 cipher (that we have shown to be weak), but allow for the latter to be switched off once all cards have been migrated. Since all readers and cards still have to be replaced, the new cards are not necessarily a better choice than alternative cards. And while the Plus card won’t be seen in the market for another year, other cards with strong cryptography such as DESfire are readily available.
One feature of the Plus card that might be worth the wait is its improved privacy protection. Protecting individuals from being tracked has long been a research interest of ours and we are curious to see how industry solved this challenging problem.
In light of our recent results showing the security vulnerabilities in the Mifare Classic chip used in the London Transport Oyster card (and many other systems), this article about how the police use data collected from Oyster card users raises some interesting evidence and privacy concerns:
Police make 3,000 requests for data from Oyster cards, The Evening Standard, 21 February 2008.
Information obtained today by consumer magazine Which? shows that Transport for London received more than 3,100 requests from the police for passenger journey data between January and October last year.
Oyster cards were introduced five years ago and account for millions of journeys each day.
Which? today raised concerns about the apparent failure of Transport for London to make clear to passengers that their travel data will be stored for eight weeks at a time. It claims this is in breach of the Data Protection Act.
TfL says the information is required if journeys have to be refunded.
According to Which?, passengers signing up for an Oyster card are told their personal information is used for “the purposes of administration, customerservices and research”. However-there is no explanation that their bus, Tube and train journeys will be logged for up to two months.
Which? editor Neil Fowler said: “Which? is concerned that some private companies aren’t complying with the Data Protection Act and we urge them to tighten up their processes, so that consumers can be reassured that their data is in safe hands.”
Liberal Democrat mayoral candidate Brian Paddick said: “Companies increasingly have access to more and more of people’s personal details – and the public expect that data to be protected. It’s extremely worrying that every journey you make using Oystercard is recorded on TfL’s computer.
PC World has an article about Karsten Nohl’s RFID cryptanalysis work: Hackers Find a Way to Crack Popular Smartcard in Minutes: Security on RFID-enabled smartcards is easily broken by young hackers. March 7, 2008.
The team used an inexpensive RFID reader to collect encrypted data, and then reverse-engineered the chip to figure out the encryption key to decipher that data. They examined the chip under an optical microscope and used micro-polishing sandpaper to remove a few microns of the surface at time, photographing each of the five layers of circuitry. Nohl wrote his own optical recognition software to refine and clarify the images, and then patiently worked through the arrangement of the logic gates to deduce the encryption algorithm, a task made possible by the fact that the Mifare Classic relies on a secret key of no more than 48 bits.
“Regardless of the cryptographic strength of the cipher, the small key space therefore permits counterfeiting of any card that is read wirelessly,” the team wrote in a follow-up statement issued on Jan. 8. “Knowing the details of the cipher would permit anyone to try all possible keys in a matter of days,” the researchers noted. “Given basic knowledge of cryptographic trade-offs and sufficient storage, the secret keys of cards can be found in a matter of minutes.”
[Added 12 March] PCWorld has a second article on this: RFID-Hack Hits 1 Billion Digital Access Cards Worldwide: A warning is issued that some security access cards that use RFID technology are vulenarble to hack attacks, 12 March, 2008.
The Boston Globe has a story about Karsten Nohl’s work on cryptanalyzing the Mifare Classic: T card has security flaw, says researcher: Cracked code could lead to counterfeits, study team warns.
A computer science student at the University of Virginia asserts that he has found a security flaw in the technology behind the Massachusetts Bay Transportation Authority’s CharlieCard system.
German-born graduate student Karsten Nohl specializes in computer security. Nohl and two fellow security researchers in Germany say they’ve cracked the encryption scheme that protects the data on the card. The team warns that their breakthrough could be used to make counterfeit copies of the cards, which are used by commuters to pay for MBTA bus and subway rides.
… Nohl said that his team needed only about $1,000 worth of equipment to dismantle the chip and crack the code.
Nohl said that the RFID chip they compromised, the MiFare Classic by NXP Semiconductors of the Netherlands, is the one used in London’s subway system and in the MBTA CharlieCard. But MBTA spokesman Joe Pesaturo refused to confirm or deny this. “It’s MBTA policy not to discuss security measures around its smart card technology,” he said.
A 2004 policy analysis of the CharlieCard system produced by the Massachusetts Institute of Technology said that it would be based on MiFare technology.
NXP Semiconductors issued a statement saying that Nohl’s team breached only one of several security features built into the MiFare Classic chip. “This does not breach the security of the overall system,” the company said. “Even if one layer were to be compromised, other layers will stop the misuse.”
Evans said it might be hard to solve the issue. “There are chips that have a much higher security level available,” he said. “They cost more and it is not a trivial matter to upgrade the system.”
Ari Juels, chief scientist and director of computer security company RSA Laboratories in Bedford, said that Nohl’s research illustrates that there are serious security flaws in many smartcard applications. “The vulnerability is most certainly for real,” Juels said.
I’d be very curious to hear about those mysterious “other layers” the NXP spokesperson is talking about. Perhaps they are using the same amazing “extensive security mechanisms operating behind the scenes” that Facebook’s chief privacy officer was talking about here.
The Daily Press (Hampton Roads, Virginia) has a story about Karsten Nohl’s cryptanalysis work: U.Va. student, hackers crack credit card security code, March 1, 2008. It is currently #7 on their list of most popular stories (but I doubt it will overtake this story: Here’s a guy who takes his beer seriously).
[Added 2 March] Also reported by WTOP (Washington DC), Examiner.com (Norfolk, Virginia), Richmond Times-Dispatch, WVEC-TV (ABC in Norfolk), The Washington Times, WAVY-TV, WSLS (Roanoke), Culpeper Star Exponent, and WVIR NBC-29 (Charlottesville).
Dr. Dobb’s has an article on Adrienne Felt’s work: Privacy, Security, and Social Networking APIs
Do social networking users need to worry about privacy and security? You bet, says CS student.
Facebook, the social networking platform that has redefined communications, has millions of users. And according to University of Virginia computer science major Adrienne Felt, all of these users should be concerned about security.
… Felt’s goal is to make users more aware of how their private information is being used — and to close this privacy loophole.
She has developed a privacy-by-proxy system — a way for Facebook to hide the user’s private information, while still maintaining the applications’ functionalities. Under Felt’s system, at the point at which the Facebook server is communicating with the application developer’s server, the Facebook server would provide the outside server with a random sequence of letters instead of the user’s name (and other personal information).
UVaToday has an article about Karsten Nohl’s work on reverse engineering the cryptographic algorithms on the Mifare Classic RFID tag:
… The idea of keeping secret the design of a security system is known in the trade as “security by obscurity.” It almost never works; the secret invariably leaks out and then the security is gone, Evans and Nohl said.
As a result, most security professionals espouse Kerckhoffs Principle — first published by the Dutch cryptographer Auguste Kerckhoffs in 1883 — the idea that the design of all security systems should be fully public, with the security dependent only on a secret key. Public review of security designs also tends to catch flaws during the design process, rather than after the flaws are inherent in expensive systems, such as in the Netherlands transit system, noted Nohl and Evans.
… If more consumers understand the fundamental flaw of “proprietary security algorithms” and other marketing-speak that touts what amounts to security by obscurity, then manufacturers may start opening up more of their security designs to the light of public scrutiny, which will ultimately result in better security in our digital age.
Full article: Group Demonstrates Security Hole in World’s Most Popular Smartcard, UVaToday, February 26, 2008.