Professional safecrackers use a stethoscope to find the correct combination by listening to the clicks of the lock. Researchers at the Ruhr-University Bochum have now demonstrated how to bypass the security mechanisms of a widely used contactless smartcard in a similar way. Employing so-called “Side-Channel Analysis” the researchers of the Chair for Embedded Security (Prof. Dr.-Ing. Christof Paar) can break the cryptography of millions of cards that are used all around the world.
Measuring the electro-magnetic field
RFID smartcards (Radio Frequency Identification) of the type DESFire MF3ICD40 are widely employed in payment and access control systems. The security of these cards is based on Triple-DES, a cipher that is unbreakable from a purely mathematic point of view. DESFire cards are for instance used by the public transport agencies in Melbourne, San Francisco and Prague. The DESFire MF3ICD40 is manufactured by NXP, the former semiconductor division of Philips Electronics.
Fluctuations of the magnetic field
A person is identified as a passenger, employee or customer when his RFID smartcard is placed in the proximity of a reader. To guarantee the necessary level of security, a secret key is stored on the integrated chip inside the card. But just like for the safe, the security mechanism produces the electronic equivalent of the clicks of a mechanic lock. “We measured the power consumption of the chip during the encryption and decryption with a small probe”, says David Oswald. The fluctuations of the electro-magnetic field allow the researchers to conclude to the full 112-bit secret key of the smartcard.
Low cost, big damage
Having extracted the keys, an attacker can create an unlimited number of undetectable clones of a given card. The required time and effort are quite low: “For our measurements, we needed a DESFire MF3ICD40 card, an RFID reader, the probe and an oscilloscope to measure the power consumption”, says Oswald. This equipment only costs a few thousand euros. Having obtained knowledge on the characteristic properties of the smartcard, the attack takes three to seven hours. The manufacturer NXP confirmed the security hole in the meanwhile and recommends his customers to upgrade to a newer version of the card.
Already back in 2008, researchers around Prof. Dr.-Ing. Christof Paar used Side-Channel Analysis to break supposedly secure systems. Three years ago, garage and car doors “mysteriously” opened for the researchers of the Chair for Embedded Security. The employed KeeLoq RFID system – which customers and manufacturers trusted blindly before – turned out to be highly susceptible to Side-Channel Analysis.
Prof. Dr.-Ing. Christof Paar, Chair for Embedded Security, Building ID 2/607, Tel. +49 234 32 22994, firstname.lastname@example.org
Dr. Josef König | idw
Fraunhofer FIT joins Facebook's Telecom Infra Project
25.10.2016 | Fraunhofer-Institut für Angewandte Informationstechnik FIT
Stanford researchers create new special-purpose computer that may someday save us billions
21.10.2016 | Stanford University
Physicists from the University of Würzburg have designed a light source that emits photon pairs. Two-photon sources are particularly well suited for tap-proof data encryption. The experiment's key ingredients: a semiconductor crystal and some sticky tape.
So-called monolayers are at the heart of the research activities. These "super materials" (as the prestigious science magazine "Nature" puts it) have been...
Ultrafast lasers have introduced new possibilities in engraving ultrafine structures, and scientists are now also investigating how to use them to etch microstructures into thin glass. There are possible applications in analytics (lab on a chip) and especially in electronics and the consumer sector, where great interest has been shown.
This new method was born of a surprising phenomenon: irradiating glass in a particular way with an ultrafast laser has the effect of making the glass up to a...
Terahertz excitation of selected crystal vibrations leads to an effective magnetic field that drives coherent spin motion
Controlling functional properties by light is one of the grand goals in modern condensed matter physics and materials science. A new study now demonstrates how...
Researchers from the Institute for Quantum Computing (IQC) at the University of Waterloo led the development of a new extensible wiring technique capable of controlling superconducting quantum bits, representing a significant step towards to the realization of a scalable quantum computer.
"The quantum socket is a wiring method that uses three-dimensional wires based on spring-loaded pins to address individual qubits," said Jeremy Béjanin, a PhD...
In a paper in Scientific Reports, a research team at Worcester Polytechnic Institute describes a novel light-activated phenomenon that could become the basis for applications as diverse as microscopic robotic grippers and more efficient solar cells.
A research team at Worcester Polytechnic Institute (WPI) has developed a revolutionary, light-activated semiconductor nanocomposite material that can be used...
14.10.2016 | Event News
14.10.2016 | Event News
12.10.2016 | Event News
28.10.2016 | Power and Electrical Engineering
28.10.2016 | Life Sciences
28.10.2016 | Life Sciences