The April 2008 Communications of the ACM includes an article by Hal Berghel,
Faith-Based Security: A tongue-in-cheek look at serious security issues (requires ACM subscription, otherwise see [ungated version]). It includes the MIFARE cryptanalysis (along with Windows buffer overflow vulnerabilities, WEP’s RC4 implementation, Cisco’s LEAP) as an example of the failure of security through obscurity. Its worth reading the whole article, but here are a few excerpts:
IT security has received increased attention over the past few decades primarily, but not exclusively, due to the increased threat from viruses, worms, password crackers, Trojan horses, and a cornucopia of other types of malware and exploits. As a consequence of this increased attention, a variety of security models have been proposed. Security-in-depth (SID) is one such example. Winn Schwartau’s time-based security is another. In this column I offer another modest example extrapolated from popular culture: Faith-Based Security, aka “no network left behind.”
…
I admit that a prima facie case could be made for security-in-depth even in the naïve sense of “more-is-better.” When I propose adding a new vitamin to my diet, my internist tells me “at this point there is no physiological evidence that suggests that this substance is harmful to humans, so knock yourself out.” As with my vitamins, a random application of security applications and systems is unlikely to do any more harm than lure one into a false sense of security, and perhaps slow things down a bit. And like the vitamins, when carefully and judiciously applied and evaluated in a controlled experimental setting, even naive security-in-depth can be of some value.
Such is not the case with our third model: security-through-obscurity. No prima facie case may be made here.
…
My final example came to my attention within the past few weeks. MIFARE is an proprietary encryption technique for RFID (Radio Frequency Identification) developed by Philips and Siemens in the late 1990′s. MIFARE is an attempt to cryptographically secure the now-ubiquitous RFID space which relies on RF transmission for communication between transmitter and receiver.
Following the common theme, the security of the proprietary MIFARE system is predicated on the belief that no one will discover how it works. And, as one might predict, some MIFARE circuits were reverse-engineered down to the gate level. The result was the discovery that the random number generation that drove the encryption resulted from a 16-bit key linear feedback shift register based on a master key and a time signature. With RFID sniffing via an open PICC (proximity integrated contactless chip) card and a logic analyzer, it is possible to discern patterns in the challenge-response authentication procedure that can be used in a replay attack, and from there it is possible to recover the key from the value of the unique identifier and the observed behavior of the shift register in the authentication process. We’ll create STO category III for this MIFARE vulnerability: turning chip designers loose with CAD/CAM software without adequate education and training.