Professional safecrackers use a stethoscope to find the correct combination by listening to the clicks of the lock. Researchers at the Ruhr-University Bochum have now demonstrated how to bypass the security mechanisms of a widely used contactless smartcard in a similar way. Employing so-called “Side-Channel Analysis” the researchers of the Chair for Embedded Security (Prof. Dr.-Ing. Christof Paar) can break the cryptography of millions of cards that are used all around the world.
Measuring the electro-magnetic field
RFID smartcards (Radio Frequency Identification) of the type DESFire MF3ICD40 are widely employed in payment and access control systems. The security of these cards is based on Triple-DES, a cipher that is unbreakable from a purely mathematic point of view. DESFire cards are for instance used by the public transport agencies in Melbourne, San Francisco and Prague. The DESFire MF3ICD40 is manufactured by NXP, the former semiconductor division of Philips Electronics.
Fluctuations of the magnetic field
A person is identified as a passenger, employee or customer when his RFID smartcard is placed in the proximity of a reader. To guarantee the necessary level of security, a secret key is stored on the integrated chip inside the card. But just like for the safe, the security mechanism produces the electronic equivalent of the clicks of a mechanic lock. “We measured the power consumption of the chip during the encryption and decryption with a small probe”, says David Oswald. The fluctuations of the electro-magnetic field allow the researchers to conclude to the full 112-bit secret key of the smartcard.
Low cost, big damage
Having extracted the keys, an attacker can create an unlimited number of undetectable clones of a given card. The required time and effort are quite low: “For our measurements, we needed a DESFire MF3ICD40 card, an RFID reader, the probe and an oscilloscope to measure the power consumption”, says Oswald. This equipment only costs a few thousand euros. Having obtained knowledge on the characteristic properties of the smartcard, the attack takes three to seven hours. The manufacturer NXP confirmed the security hole in the meanwhile and recommends his customers to upgrade to a newer version of the card.
Already back in 2008, researchers around Prof. Dr.-Ing. Christof Paar used Side-Channel Analysis to break supposedly secure systems. Three years ago, garage and car doors “mysteriously” opened for the researchers of the Chair for Embedded Security. The employed KeeLoq RFID system – which customers and manufacturers trusted blindly before – turned out to be highly susceptible to Side-Channel Analysis.
Prof. Dr.-Ing. Christof Paar, Chair for Embedded Security, Building ID 2/607, Tel. +49 234 32 22994, email@example.com
Dr. Josef König | idw
UT professor develops algorithm to improve online mapping of disaster areas
29.11.2016 | University of Tennessee at Knoxville
New standard helps optical trackers follow moving objects precisely
23.11.2016 | National Institute of Standards and Technology (NIST)
A multi-institutional research collaboration has created a novel approach for fabricating three-dimensional micro-optics through the shape-defined formation of porous silicon (PSi), with broad impacts in integrated optoelectronics, imaging, and photovoltaics.
Working with colleagues at Stanford and The Dow Chemical Company, researchers at the University of Illinois at Urbana-Champaign fabricated 3-D birefringent...
In experiments with magnetic atoms conducted at extremely low temperatures, scientists have demonstrated a unique phase of matter: The atoms form a new type of quantum liquid or quantum droplet state. These so called quantum droplets may preserve their form in absence of external confinement because of quantum effects. The joint team of experimental physicists from Innsbruck and theoretical physicists from Hannover report on their findings in the journal Physical Review X.
“Our Quantum droplets are in the gas phase but they still drop like a rock,” explains experimental physicist Francesca Ferlaino when talking about the...
The Max Planck Institute for Physics (MPP) is opening up a new research field. A workshop from November 21 - 22, 2016 will mark the start of activities for an innovative axion experiment. Axions are still only purely hypothetical particles. Their detection could solve two fundamental problems in particle physics: What dark matter consists of and why it has not yet been possible to directly observe a CP violation for the strong interaction.
The “MADMAX” project is the MPP’s commitment to axion research. Axions are so far only a theoretical prediction and are difficult to detect: on the one hand,...
Broadband rotational spectroscopy unravels structural reshaping of isolated molecules in the gas phase to accommodate water
In two recent publications in the Journal of Chemical Physics and in the Journal of Physical Chemistry Letters, researchers around Melanie Schnell from the Max...
The efficiency of power electronic systems is not solely dependent on electrical efficiency but also on weight, for example, in mobile systems. When the weight of relevant components and devices in airplanes, for instance, is reduced, fuel savings can be achieved and correspondingly greenhouse gas emissions decreased. New materials and components based on gallium nitride (GaN) can help to reduce weight and increase the efficiency. With these new materials, power electronic switches can be operated at higher switching frequency, resulting in higher power density and lower material costs.
Researchers at the Fraunhofer Institute for Solar Energy Systems ISE together with partners have investigated how these materials can be used to make power...
16.11.2016 | Event News
01.11.2016 | Event News
14.10.2016 | Event News
02.12.2016 | Medical Engineering
02.12.2016 | Agricultural and Forestry Science
02.12.2016 | Physics and Astronomy