Professional safecrackers use a stethoscope to find the correct combination by listening to the clicks of the lock. Researchers at the Ruhr-University Bochum have now demonstrated how to bypass the security mechanisms of a widely used contactless smartcard in a similar way. Employing so-called “Side-Channel Analysis” the researchers of the Chair for Embedded Security (Prof. Dr.-Ing. Christof Paar) can break the cryptography of millions of cards that are used all around the world.
Measuring the electro-magnetic field
RFID smartcards (Radio Frequency Identification) of the type DESFire MF3ICD40 are widely employed in payment and access control systems. The security of these cards is based on Triple-DES, a cipher that is unbreakable from a purely mathematic point of view. DESFire cards are for instance used by the public transport agencies in Melbourne, San Francisco and Prague. The DESFire MF3ICD40 is manufactured by NXP, the former semiconductor division of Philips Electronics.
Fluctuations of the magnetic field
A person is identified as a passenger, employee or customer when his RFID smartcard is placed in the proximity of a reader. To guarantee the necessary level of security, a secret key is stored on the integrated chip inside the card. But just like for the safe, the security mechanism produces the electronic equivalent of the clicks of a mechanic lock. “We measured the power consumption of the chip during the encryption and decryption with a small probe”, says David Oswald. The fluctuations of the electro-magnetic field allow the researchers to conclude to the full 112-bit secret key of the smartcard.
Low cost, big damage
Having extracted the keys, an attacker can create an unlimited number of undetectable clones of a given card. The required time and effort are quite low: “For our measurements, we needed a DESFire MF3ICD40 card, an RFID reader, the probe and an oscilloscope to measure the power consumption”, says Oswald. This equipment only costs a few thousand euros. Having obtained knowledge on the characteristic properties of the smartcard, the attack takes three to seven hours. The manufacturer NXP confirmed the security hole in the meanwhile and recommends his customers to upgrade to a newer version of the card.
Already back in 2008, researchers around Prof. Dr.-Ing. Christof Paar used Side-Channel Analysis to break supposedly secure systems. Three years ago, garage and car doors “mysteriously” opened for the researchers of the Chair for Embedded Security. The employed KeeLoq RFID system – which customers and manufacturers trusted blindly before – turned out to be highly susceptible to Side-Channel Analysis.
Prof. Dr.-Ing. Christof Paar, Chair for Embedded Security, Building ID 2/607, Tel. +49 234 32 22994, email@example.com
Dr. Josef König | idw
Fingerprints of quantum entanglement
16.02.2018 | University of Vienna
Simple in the Cloud: The digitalization of brownfield systems made easy
07.02.2018 | Deutsches Forschungszentrum für Künstliche Intelligenz GmbH, DFKI
Breakthrough provides a new concept of the design of molecular motors, sensors and electricity generators at nanoscale
Researchers from the Institute of Organic Chemistry and Biochemistry of the CAS (IOCB Prague), Institute of Physics of the CAS (IP CAS) and Palacký University...
For photographers and scientists, lenses are lifesavers. They reflect and refract light, making possible the imaging systems that drive discovery through the microscope and preserve history through cameras.
But today's glass-based lenses are bulky and resist miniaturization. Next-generation technologies, such as ultrathin cameras or tiny microscopes, require...
Scientists from the University of Zurich have succeeded for the first time in tracking individual stem cells and their neuronal progeny over months within the intact adult brain. This study sheds light on how new neurons are produced throughout life.
The generation of new nerve cells was once thought to taper off at the end of embryonic development. However, recent research has shown that the adult brain...
Theoretical physicists propose to use negative interference to control heat flow in quantum devices. Study published in Physical Review Letters
Quantum computer parts are sensitive and need to be cooled to very low temperatures. Their tiny size makes them particularly susceptible to a temperature...
Let’s say the armrest is broken in your vintage car. As things stand, you would need a lot of luck and persistence to find the right spare part. But in the world of Industrie 4.0 and production with batch sizes of one, you can simply scan the armrest and print it out. This is made possible by the first ever 3D scanner capable of working autonomously and in real time. The autonomous scanning system will be on display at the Hannover Messe Preview on February 6 and at the Hannover Messe proper from April 23 to 27, 2018 (Hall 6, Booth A30).
Part of the charm of vintage cars is that they stopped making them long ago, so it is special when you do see one out on the roads. If something breaks or...
15.02.2018 | Event News
13.02.2018 | Event News
12.02.2018 | Event News
16.02.2018 | Information Technology
16.02.2018 | Health and Medicine
16.02.2018 | Physics and Astronomy