mifare classic troubles

Mifare Classic Troubles

Peter van RossumDigital Security

Radboud University Nijmegen

Peter van Rossum, Digital Security, Radboud University Nijmegen, Mifare Classic Troubles, 2008/9.

Mifare Classic


RFID Technology

Reader to tag signal• Dropping field• Modified Miller Encoding

Tag to reader signal• Modulating field• Manchester Encoding


RFID ApplicationsIdentify friend or foe (1942)

Event ticketing

Car keys

Public transportticketing

Electronicpassport

Supply chainmanagement

RFID Powder Access control

Anti-theft


Mifare Classic

Many standards for RFID• ISO14443A: Mifare (NXP)

• ISO14443B: CryptoRF (Motorola/Atmel)

• ISO14443C: Felica (Sony)

• ISO14443D: (OTI)

• ISO14443E: (Cubic)

• ISO14443F: Legic (KABA)

• ISO15693: Tag-IT (Texas Instruments)

• Typically describe physical and data-link layers (not cryptographic features)


Mifare Classic

Many chips in the Mifare (ISO14443A) family• Mifare Ultralight

• Mifare Classic

• Mifare DESFire

• Mifare Plus

• Mifare EV1

• Mifare SMART MX

Most popular: Mifare Classic• over 1 billion sold

• over 200 million in use

• 80% of contactless smartcard market


Mifare Classic Applications

Public transport ticketing systems Access control Wireless payment systems


RFID Security

RFID = Radio Frequency Identification More properly authentication Contactless smartcards

• data storage, computational capabilities

• confidentiality

• integrity

Common RFID Attacks

1. Relay attack

2. Replay attack

3. Cryptanalytic attack

4. Side-channel attack

5. Tracing attack

…

Mifare Classic is vulnerable to all of these.


1. RFID – Relay Attack

?

?

!

!

Wireless communication No link between authenticating object (tag)

and service receiver (tag holder)

• Attacker A initiates service

• Attacker A relays queries to tag to attacker B

• Attacker B sends queries to victim’s tag

• Attacker B relays answers back to attacker A

• Attacker A answers queries

?

!


2. RFID – Replay Attack

Parking at Radboud University• Access control: wireless employee card• No authentication protocol at all

• Card sends uid; back-end checks authorization

Attack• Eavesdrop signal from car (card) to barrier• Replay signal to gain entry• (only works when original car has left; better to eavesdrop signal from a departing car)

Vulnerabilities• No clock

• Weak randomness

Attack

• Attacker intercepts communication tag - reader

• Attack replays later

Countermeasures (standard)

• Challenge-response authentication (needs clock, randomness, or other form of “freshness”)


3. RFID – Side-channel attacks

Attacker controls tag• Use side-channels (timing, power, …)• Recover secret information from tag


4. RFID – Crypto Attacks

Low energy Low computational capacity Cheap to manufacture Fast enough to operate

• Weak cryptography

• Attacker can break encryption scheme


5. RFID – Tracing Attack

Used for identification Anti-collision phase sends uid

• Attacker can recognize people based on the RFID tags they are carrying

• Attacker could trace RFID enabled packages


Common RFID Attacks - Summary

No clock, weak randomness• replay attacks

Low computational capacity• cryptanalytic attacks

Attacker controls tag• side-channel attacks

Wireless• relay attacks

Used for identification• tracing attacks

IEEE Security & Privacy 2009 Peter van Rossum, Radboud University Nijmegen, Wirelessly Pickpocketing a Mifare Classic Card

TimelineJun 06 RU Start of development of Ghost for ISO 14443-A (Mifare) emulation

Nov 07 RU Functional ISO14443-A (Mifare) emulation

Dec 07 CCC, VA Presentation: reverse engineered encryption of Mifare Classic: CRYPTO1

Feb 08 RU Media report: cloning Mifare Ultralight (single-use OV-chipkaart)

Feb 08 TNO Report on OV-chipkaart: fraud unlikely, advanced equipment needed, 2 year respite

Mar 08 RU Reverse engineered CRYPTO1 & authentication protocol

Mar 08 RU Key recovery using intercepted traffic or communication with reader

Apr 08 RHUL Report on OV-chipkaart: fraud likely, replace cards, design open&modular

Jun 08 NXP Lawsuit against RU to stop publication

Jul 08 Court Publication allowed: potential damage due to flaws in chip, not publication

Oct 08 RU Publication at ESORICS

Nov 08 RU Card-only key recovery of Mifare Classic

Dec 08 RU Attack possible using commercially available (cheap) NFC hardware


Timeline2004 Fudan Sale of fully functional Mifare Classic clones

2006 Angstrom (Rumour) Mifare Classic reverse engineered and CRYPTO1 broken

Jun 06 RU Start of development of Ghost for ISO 14443-A (Mifare) emulation

Nov 07 RU Functional ISO14443-A (Mifare) emulation

Dec 07 CCC, VA Presentation: reverse engineered encryption of Mifare Classic: CRYPTO1

Feb 08 RU Media report: cloning Mifare Ultralight (single-use OV-chipkaart)

Feb 08 TNO Report on OV-chipkaart: fraud unlikely, advanced equipment needed, 2 year respite

Mar 08 RU Reverse engineered CRYPTO1 & authentication protocol

Mar 08 RU Key recovery using intercepted traffic or communication with reader

Apr 08 RHUL Report on OV-chipkaart: fraud likely, replace cards, design open&modular

Jun 08 NXP Lawsuit against RU to stop publication

Jul 08 Court Publication allowed: potential damage due to flaws in chip, not publication

Oct 08 RU Publication at ESORICS

Nov 08 RU Card-only key recovery of Mifare Classic

Dec 08 RU Attack possible using commercially available (cheap) NFC hardware


Memory structure

uid, manufacturer datadatadata

key A, access conditions, key B

datadatadata

key A,access conditions, key B

datadatadata

key A, access conditions, key B

0 0123

4567

60616263

1

15

16 bytes

64 blocks 16 sectors

48 bits 48 bits


CRYPTO1

26c7 0dd3 0dd3 26c7 0dd3

4457c3b3

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47

Feedback:

L(x0,x1,…,x47) := x0+x5+x9+x10+x12+x14+x15+x17+x19+x24+x25+x27+x29+x35+x39+x41+x43

LFSR stream:

ai+48 := L(ai,ai+1,…,ai+47) i∀ ∈ℕ

Keystream:

bi := f(ai+9,ai+11,…,ai+47) i∀ ∈ℕ

(Actually a bit more complicated because of the initialization)


CRYPTO1: random number generator

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

• 32 bit nonces

• Linear feedback shift register

• 16 bit internal state

• Period 216 – 1 = 65535

Feedback:

L16(x0,x1,…,x15) := x0+x2+x3+x5

Successor:

suc(x0,x1,…,x31) := (x1,x2,…,x30,L16(x16,x17,…,x31))

Distance:

d((x0,x1,…,x31)(y0,y1,…,y31)) := min { n | suc∈ ℕ n(x0,x1,…,x31) = (y0,y1,…,y31) }


Authentication & initialization

Tag Reader

LFSR stream: Initial state of the LFSR is the key ai := ki i [0,47]∈

Shift nT + uid into the LFSR ai+48 := L(ai,…,ai+47) + nTi + uidi i [0,31]∈

Shift nR into the LFSR

ai+48 := L(ai,…,ai+47) + nRi-32 i [32,63]∈

After authentication, LFSR keeps shifting ai+48 := L(ai,…,ai+47) i [64, ∞) ∈

Keystream: bi := f(ai+9,ai+11,…,ai+47) i [32, ∈ ∞)

auth. ok auth. ok

uid

auth(block)

nT

{nR,aR}

{aT}

pick nT

check aR

aT:=suc96(nT)

check aT

pick nR

aR:=suc64(nT)


Mifare Classic: traceStep Sender Ciphertext Plaintext Meaning

01 R 26 request type A

02 T 04 00 answer request

03 R 93 20 select

04 T 2a 69 8d 43 8d uid

05 R 93 70 2a 69 8d 43 8d select(uid)

06 T 08 b6 dd Mifare Classic 1k

07 R 60 04 d1 3d auth(block 4)

08 T 3b ae 03 2d tag nonce (nT)

09 R c4 94 a1 d2 6e 96 86 42 bb 03 1f 2d 7f cf 34 c3 rdr nonce (nR) & resp (aR)

10 T 84 66 05 9e 86 9d bb d5 tag response (aT)

11 R 7d de a6 b3 30 04 cd d1 read(block 4)

12 T e7 ee e3 ab 0f 89 bb ed 44 b1 91 ce ef 8a 4d ce

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 cd ea

contents


Attacking CRYPTO1

1. Unshifting the LFSR• internal state at any time key

2. Inverting the filter function• keystream internal state

• computational complexity: approx. 226 operations (seconds)

3. Acquiring keystream• observing authentication keystream

• communication complexity: 1 to 3 auth. sessions (micro seconds)


CRYPTO1: unshifting the LFSR

• Feedback:• L(x0,x1,…,x47) := x0+x5+x9+x10+x12+x14

• +x15+x17+x19+x24+x25+x27+x29+x35+x39

• +x41+x43

• LFSR stream:• Initial state of the LFSR is the key• ai := ki i [0,47]∈• Shift nT + uid into the LFSR• ai+48 := L(ai,…,ai+47) + nTi + uidi i [0,31]∈• Shift nR into the LFSR

• ai+48 := L(ai,…,ai+47) + nRi-32 i [32,63]∈• After authentication, LFSR keeps shifting • ai+48 := L(ai,…,ai+47) i [64, ∞) ∈

• Keystream:• bi := f(ai+9,ai+11,…,ai+47) i∈ℕ

Inverting feedback: R(x1,…,x47,x48) := x5+x9+x10+x12+x14

+x15+x17+x19+x24+x25+x27+x29+x35+x39

+x41+x43+x48

R(x1,…,x47,L(x0,x1,…,x47)) = x0

Inverting LFSR stream: Unshift LFSR until end of authentication ai = R(ai+1,…,ai+48) i [64, ∞)∈ Unshift nR from the LFSR

ai = R(ai+1,…,ai+48) + nRi-32 i [32,63]∈ = R(ai+1,…,ai+48) + {nR}i-32 + bi

= R(ai+1,…,ai+48) + {nR}i-32 + f(ai+9,…,ai+47) Unshift nT + uid from the LFSR ai = R(ai+1,…,ai+48) + nTi + uidi i [0,31]∈ Key is the initial state of the LFSR ki = ai i [0,47]∈


CRYPTO1: inverting the filter function

# # # # # # # # # # # # # # # # # # # #

keystream: 01100111100110110

• Filter function can be easily inverted because the input to the filter function f are only on odd places• Attack options:

• Compute ‘odd’ bits of LFSR using table and deduce ‘even’ bits (linear relation)• Compute ‘odd’ and ‘even’ bits of LFSR using tables separately and combine tables

####################

0000000000000000000000000000000000000001000000000000000000110000000000000000010000000000000000000110…produces ‘odd’ keystream 0

# ################### #

0 0000000000000000000 00 0000000000000000000 10 00000000000000000010 0000000000000000011 10 0000000000000000100 0…produces ‘odd’ keystream 01

## ################## #

00 000000000000000000 100 000000000000000001 100 000000000000000111 000 000000000000000111 100 000000000000001000…produces ‘odd’ keystream 010

219


CRYPTO1: acquiring keystream

Tag Reader

auth. ok auth. ok

uid

auth(block)

nT

{nR,aR}

{aT}

pick nT

check aR

aT:=suc96(nT)

check aT

pick nR

aR:=suc64(nT)

• Intercepted communication:

• nT, {aR}, {aT} visible to attacker

• {aR} + suc64(nT), {aT} + suc96(nT) 64 keystream bits

• invert f, roll back LFSR, recover key

• Access to genuine reader:

• nT under attacker control

• {aR} + suc64(nT) visible to attacker 32 keystream bits • invert f, 216 possible LFSRs• roll back LFSRs, 216 candidate keys (repeat and take intersection)


Weaknesses 48 bit internal state, stream cipher

• enables brute force attack weak 16-bit random number generator

• enables chosen plaintext attack & replay attack simple LFSR structure

• enables unshifting the internal state to recover key weak filter function

• enables inverting the one-way function function• 64 bits keystream unique key• 32 bits keystream 216 candidate keys

authentication protocol leaks keystream consequences (march 2008)

• intercepted communication can (quickly) be decrypted• key (of first sector read) can be recovered from just a reader• (access to just a tag not sufficient)


CRYPTO1: (in)security


Parity trouble

Plaintext

Keystream

Ciphertext

Weaknesses:• Parity computed over plaintext• Parity encrypted• Parity encrypted using same bit of keystream that encrypts next bit of plaintext• During authentication, parity is checked before authenticity

• No response when parity check fails; {NACK} when authenticity fails Note:• Not compliant with ISO14443-3 Type A• To emulate Mifare Classic with NFC chip, use raw Mifare mode and do parity yourself


Parity trouble

Tag Attacker

auth. failed

uid

auth(block)

nT

{nR,aR}

{NACK}

pick nT

check aR

pick {nR}

pick {aR}

(Encrypted) parity checked continuously• Parity wrong tag resets

Parity in {nR,aR} checked before aR• Parity correct and aR wrong 4 bit {NACK}• Error message is encrypted

Card-only Attack• Send 64 random bits for {nR,aR} (and random parity)• (½)8 = 1/256 probability of guessing parity correctly• Correct guess leaks 12 bits of information• Options:

• Brute force• Adaptive chosen ciphertext attack (vary {nR})• Chosen plaintext attack (vary nT)• [Courtois] Differential attack (vary {nR})

• Attacker only needs access to a card!

Note• Russian/Chinese Mifare clones

• do not check parity• always send {NACK}

• Classic compatibility mode of Mifare Plus• does not check parity• does not send {NACK}

(fixed after we notified NXP of these problems)


Chosen Plaintext Attack

Tag Attacker

auth. failed

uid

auth(block)

nT

{nR},{aR} = 0,0

{NACK}

pick nT

check aR

Precompute• T := { states a32 a33 … a79 | if reader sends {nR} = {aR} = 0 then corresponding 8 encrypted parity bits are 0 and 4 next keystream bits are 0}• |T| ≈ 248/212 = 236 (storage: 384 GB)

Attack• Search (online) for nT such that sending all 0’s for {nR}, {aR} and the parity bits results in {NACK} = NACK (i.e. 4 keystream bits 0).• Search (offline) in T:

• Compute candidate key using nT and uid• Check key (offline)

Improvements• More tables, one for each possibility of {NACK}.• Sort table(s) by correct parity and {NACK} when sending all 1’s for {nR}, {aR}


Online vs. offline order of magnitude

Offline

Online

bruteforce

adaptivechosen ciphertext

(vary {nR})

chosen plaintext(vary nT)

s

ms s

days

min

min h

• 1536 authentication attempts• 248 offline search space

• 2 or 3 authentications• 220 offline search space

• 4096 authentication attempts• 128 authentication attempts with fixed nT• 224 offline search space in one-time precomputed 384GB table

• 28500 authentication attempts with same nT• 232.8 offline search space

intercepted communication

differential attack[Courtois] (vary {nR})

• 150 authentication attempts with same nT• 220 offline search space

NXP/System Integrators: “lab-conditions required to fix nT”

NXP/System Integrators: “impossible to execute real-time”

NXP/System Integrators: “Difficult to execute in real-life”


Even faster? One key known already

Tag Reader




ai+48 := L(ai,…,ai+47) + nRi-32 i [32,63]∈


Keystream: bi := f(ai+9,ai+11,…,ai+47) i [32, ∈ ∞)

auth. ok auth. ok

uid

auth(block)

nT

{nR,aR}

{aT}

pick nT

check aR

aT:=suc96(nT)

check aT

pick nR

aR:=suc64(nT)


Reauthentication & initialization

Tag Reader




ai+48 := L(ai,…,ai+47) + nRi-32 i [32,63]∈


Keystream: bi := f(ai+9,ai+11,…,ai+47) i ∈ ℕ

auth. ok auth. ok

{auth(block)}old key

{nT}

{nR,aR}

{aT}

pick nT

check aR

aT:=suc96(nT)

check aT

pick nR

aR:=suc64(nT)


CRYPTO1: reauthentication & initialization

Tag Attacker

{auth(block)}old key

{nT}pick nT

Weaknesses• nT predictable based on

• only 216 possiblities• parity bits (reduces to 213 possibilities)• timing (reduces to 1 to 5 possibilities)

• weak cipher (as before)

Attack• authenticate for one sector using known key• try to reauthenticate for other sector• guess nonce and compute 32 keystream bits• use weaknesses in cipher to compute (1 to 5 times) approx. 216 candidate keys• repeat two or three times and take intersection

Note• compatibility mode of Mifare Plus

• uses better (32-bit) random number gen (attack fails)

• some Mifare Classics are Mifare Smart MX emulating a Mifare Classic

• uses better (16-bit) random number gen (timing information not available)


Summary of further weaknesses

weak random number generator sync with time

• enables chosen plaintext attack reader nonces determine 32 bits of the internal state

• enables chosen ciphertext attack against card mixing of data link and encryption layers

• one-time pad used twice: information leakage encrypted error message sent when authentication fails

• 4-bit information leakage tag nonce sent encrypted when authenticating twice

• 32-bit information leakage (when one key already known) consequences (november 2008)

• keys can be recovered from just a card

• card can be wirelessly cloned directly


Online vs. offline order of magnitude

Offline

Online

bruteforce

adaptivechosen ciphertext

(vary {nR})

chosen plaintext(vary nT)

s

ms s

days

min

min h

• 1536 authentication attempts• 248 offline search space

• 2 to 5 authentication attempts• 220 offline search space

• 4096 authentication attempts• 128 authentication attempts with fixed nT• 224 offline search space in one-time precomputed 384GB table

• 28500 authentication attempts with fixed nT• 232.8 offline search space

intercepted communication/

known oldkey

differential attack[Courtois] (vary {nR})

• 150 authentication attempts with same nT• 220 offline search space


What to do? Strategy RU: responsible disclosure

• 02/08: Warning (to NXP, government): additional measures needed; minister of internal affairs made problems public Only claim what we can actually demonstrate

• 10/08: Publication after delay of 7 months; full details

• 10/08 – 03/09: Repeat for card-only attack Strategy NXP: damage control

• 03/08: Customer chooses cheapest chip

• 07/08: Publication irresponsible

• 10/08: Don’t use Classic for new applications

• 03/09: Lab conditions needed (for ‘immediate’ attack) Strategy system integrators (TLS, TFL, …): protect investment

• 03/08: Attack not feasible

• 07/08: Fraud detected in back-end; no fraud detected so far

• 10/08: No criminal business case


“No Criminal Business Case’’?

Attack scenarios• Loyalty scheme attack (bus)

• micro-waved OV-chipkaart

• OV-chipkaart with wrong keys

• Checking out (bus)• too soon

• too late

• State-modification attacks• Store/restore state (detected in back-end?)

• Increase balance (detected in back-end?)

• Add travel products (detected in back-end?)


“No Criminal Business Case’’?

Attack scenarios (more speculative)• Wirelessly clone cards

• Travel on someone else’s card (detected in back-end?)

• Generate new cards (and sell them)• On ‘white’ cards

• On ‘unactivated’ or empty cards

• Steal reader• Recover key diversification

• by side-channel analysis

• by brute force

• Easy wireless cloning of cards (detected in back-end?)

• Easy generation of new cards (detected in back-end?)


“No Criminal Business Case”?


“No Criminal Business Case?’’

Questions?


References De Koning Gans, Hoepman, Garcia. A Practical Attack on the Mifare Classic. CARDIS

2008. LNCS 5189. pp 267-282. Nohl, Evans, Starbug, Plotz. Reverse-Engineering a Cryptographic RFID Tag. USENIX

Security 2008. pp 185-193. Courtois, Nohl, O’Neil. Algebraic Attacks on the Crypto-1 Stream Cipher in Mifare

Classic and Oyster Cards. ePrint 2008/166. Garcia, De Koning Gans, Muijrers, Van Rossum, Verdult, Wichers Schreur, Jacobs.

Dismantling Mifare Classic. ESORICS 2008. LNCS 5283. pp 97-114. Teepe. Making the best of Mifare Classic. 2009. Garcia, Van Rossum, Verdult, Wichers Schreur. Wirelessly Pickpocketing a Mifare

Classic Card. IEEE S&P 2009. pp 3-15. Courtois. The Dark Side of Security by Obscurity and Cloning Mifare Rail and Building

Passes Anytime, Anywhere. SECCRYPT 2009.

mifare classic troubles

Documents

mifare classicpeter

mifare nxpiso14443b

mifare classicover

mifare classicmany chips

mifare classicmany standards

rfid securityrfid

rfid technologyreader

rfid replay attackparking