- So your tube smartcard uses encryption?
How secure is the information and credit stored on your public transportation smartcard?
Karsten Nohl is trying to convince Dutch authorities (besides those in Boston and London) with his research that the proprietary algorithm used leaves much to be desired.
Do not trust your tube smartcard to be safe – it ain’t – just read on for the details.
We have addressed some of these encryption issues here
BitLocker, FileVault, dm-crypt, and TrueCrypt fail to protect your contents on RAM
It is not always safe as it seems and unless you take some precautions a hacker may find some interesting information regarding your crypto keys in your PCs RAM after you have left for the day.
But now we hear bad news about the Mifare Classic RFID tags, a contactless smartcard (or wireless smartcard as some people call it) made by Netherlands-based NXP Semiconductors and used by public transport authorities in London (UK), Boston and the Netherlands. Organizations can use it to restrict access to sensitive areas.
For a while (since last year’s Computer Chaos Conference in Berlin) Karsten Nohl has tried to explain why the Mifare Classic may not be as secure as most people believe. In January, he went ahead and published some of his very interesting findings.
2008-01-08 – Lost Mifare obscurity raises concerns over security of OV-Chipkaart (PDF).
Just about 2 months later, TNO – a government research institute in The Netherlands published its research report on this issue. It pretty much confirmed Karsten Nohl’s findings but it stated that it would take an attacker to use equipment just about worth 6000 Euro or more. As well several hours of hard work would be needed to break the code. You can read the TNO report here:
2008-02-29 – TNO. Security Analysis of the Dutch OV-Chipkaart – pdf file download
But it seemed as if the Dutch researchers were not getting Karsten Nohl’s message. So Karsten had to publish another short piece helping his colleagues to find their way. We have the link to the html document here for you:
Karsten Nohl (2008-03-10). Cryptanalysis of Crypto-1 – 3 pages on the web to read
| If this post was helpful to you, please consider stumbling it or Digg this EU-IST post from CyTRAP Labs. | |
| Also of interest from around the Web: | |
| e-banking security in Denmark – transaction authentication would be helpful | Why Benchmark |
| # 3 – Greek mobile phone scandal – opinion – eight deadly sins while living in a digital goldfish bowl | CyTRAP Labs disaster monitor – 25m child benefit records are lost – a case against large scale ID card systems |
Bottom LineYes, the manufacturer is correct in claiming that the research has broken one security layer only. Unfortunately, with electronic systems once the encryption is broken the other two layers, namely automatic fraud detection and law enforcement may be of little use because time is soooo short.As well, the Mifare Classic cards are not just used in the Dutch transit system to store fares for the train and buses but, as well, can be linked, on request, to a customer’s bank account. The Netherlands in in-midst of a system upgrade that is costing the country billions and uses card readers for the Mifare Classic cards. Hence, in about a year – see below – the govenrment may have to make another huge investment to upgrade the system. Unfortunately until then, users’ information is not really secure with these cards.
Check out Jefferson’s Wheel where Carsten Nohl posted another entry on this issueTIDBIT
2008-03-10 NXP Semiconductors announced that it would release a new version of the Mifare chip dubbed Mifare Plus for pilot testing during 4th Quarter 2008.
And while Mifare Plus will offer users better privacy and more security (it uses the AES algorithm), public transport operators still have to upgrade all readers and cards, though. That is an expensive option and we wonder how many will go ahead and do this when Mifare Plus is actually rolled out in the latter part of 2009. Until than, you are at risk if you use such a card with the Mifare RFID chip.
Have we learned our lesson yet?
This is yet another example of a corporation designing and implementing a proprietary encryption algorithm. Unfortunately, the protocol ends up being embarrassingly weak. I never understand why people do not choose open, published, trusted encryption algorithms and protocols. They are always better.