Categories

Dissertation: security analysis of contactless payment cards

Posted on Thursday, February 27th, 2014 in reversed, RFID, security, wireless by the machinegeek


Here’s an interesting academic document we found related to hardware hacking. In this published doctoral dissertation, Timo Kasper from the Ruhr-University Bochum, Germany, presents in detail his efforts in analyzing the security of Mifare smart cards. “The tools are first employed for analyzing a contactless payment application, which is based on Mifare Classic technology, with more than one million issued cards. This thesis illustrates an implementation for extracting the cryptographic keys of the cards in seconds and then, how to (wirelessly) modify the content of any card in the system. An unskilled adversary can in consequence produce virtual currency on her card (or others’ cards), without paying real money, and carry out payments with a fraudulently increased credit balance. The main flaw in this system is a fatal lack of key derivation, i.e., the same secret keys are used for all cards in the system.”

The 381-page PDF can be downloaded from Ruhr-Universität Bochum. (Page 42 reminds us of our own university days…)

This entry was posted on Thursday, February 27th, 2014 at 5:04 pm and is filed under reversed, RFID, security, wireless. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

One Response to “Dissertation: security analysis of contactless payment cards”

  1. Tom P. says:

    No caffeine, no thesis.

Leave a Reply

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Recent Comments