Dissertation: security analysis of contactless payment cards

Posted on Thursday, February 27th, 2014 in reversed, RFID, security, wireless by the machinegeek

Here’s an interesting academic document we found related to hardware hacking. In this published doctoral dissertation, Timo Kasper from the Ruhr-University Bochum, Germany, presents in detail his efforts in analyzing the security of Mifare smart cards. “The tools are first employed for analyzing a contactless payment application, which is based on Mifare Classic technology, with more than one million issued cards. This thesis illustrates an implementation for extracting the cryptographic keys of the cards in seconds and then, how to (wirelessly) modify the content of any card in the system. An unskilled adversary can in consequence produce virtual currency on her card (or others’ cards), without paying real money, and carry out payments with a fraudulently increased credit balance. The main flaw in this system is a fatal lack of key derivation, i.e., the same secret keys are used for all cards in the system.”

The 381-page PDF can be downloaded from Ruhr-Universität Bochum. (Page 42 reminds us of our own university days…)

This entry was posted on Thursday, February 27th, 2014 at 5:04 pm and is filed under reversed, RFID, security, wireless. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

One Response to “Dissertation: security analysis of contactless payment cards”

  1. Tom P. says:

    No caffeine, no thesis.

Leave a Reply

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Recent Comments

  • Drone: The LM7171 used in this very simple design can be simulated in LTspice with reasonable results at 10MHz using the non-encrypted PSPICE model from TI...
  • Jon Jackson: I would be interested in 1 or 2 of your circuit boards. Jon
  • Max: An actual Saturday "detector" built with the same hardware would use the precisely timed slightly varying length of the day (and some built-in astronomy data)...
  • KH: In the old days, these things remained on paper forever as whimsical scrawls. Today, they are brandished about on blogs for the entire world to...
  • KH: So he doesn't really know what he's doing. Yawn. It's sensor-controlled. It's not an oscillator. A leaf covers the window, you're toast. TLV3702? Overkill. The...