Dissertation: security analysis of contactless payment cards

Posted on Thursday, February 27th, 2014 in reversed, RFID, security, wireless by the machinegeek

Here’s an interesting academic document we found related to hardware hacking. In this published doctoral dissertation, Timo Kasper from the Ruhr-University Bochum, Germany, presents in detail his efforts in analyzing the security of Mifare smart cards. “The tools are first employed for analyzing a contactless payment application, which is based on Mifare Classic technology, with more than one million issued cards. This thesis illustrates an implementation for extracting the cryptographic keys of the cards in seconds and then, how to (wirelessly) modify the content of any card in the system. An unskilled adversary can in consequence produce virtual currency on her card (or others’ cards), without paying real money, and carry out payments with a fraudulently increased credit balance. The main flaw in this system is a fatal lack of key derivation, i.e., the same secret keys are used for all cards in the system.”

The 381-page PDF can be downloaded from Ruhr-Universität Bochum. (Page 42 reminds us of our own university days…)

This entry was posted on Thursday, February 27th, 2014 at 5:04 pm and is filed under reversed, RFID, security, wireless. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

One Response to “Dissertation: security analysis of contactless payment cards”

  1. Tom P. says:

    No caffeine, no thesis.

Leave a Reply

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Recent Comments

  • Louis Beaudoin: This is great work guys! Placing an order for a sample pack and hope to use the service to make a custom cable soon.
  • Parkview: Another great idea! Be handy to be able to purchase the corresponding SMD and TH sockets as well.
  • Ryan White: Second that. I'd love the option to extend this already awesome tool to RF cables, hoping it's already in the works because I know the...
  • Tom Keddie: Hi Ian, Congrats on the launch. Suggest you name all the CHRO connectors you have as female. It's not done often but you can insert...
  • Craig Hollabaugh: Excellent post! Thanks