Dismantling MIFARE Classic

Garcia, Flavio D.; Gans, Gerhard Koning; Muijrers, Ruben; Rossum, Peter van; Verdult, Roel; Schreur, Ronny Wichers; Jacobs, Bart

doi:10.1007/978-3-540-88313-5_7

Cited by 141 publications

(82 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The designers created their own cryptographic approach and encryption algorithms. Security researchers used a number of techniques to break the obscurity, decode the algorithm, find flaws in it and create a hack that allowed free transport in London as well as breaking the security on a number of military installations and nuclear power plants (Garcia et al, 2008). Similarly, relying on the security of a device to protect a key that is used across many devices is a significant error.…”

Section: A1: Device Confidentialitymentioning

confidence: 99%

A survey of secure middleware for the Internet of Things

Fremantle

Scott

2017

PeerJ Computer Science

View full text Add to dashboard Cite

The rapid growth of small Internet connected devices, known as the Internet of Things (IoT), is creating a new set of challenges to create secure, private infrastructures. This paper reviews the current literature on the challenges and approaches to security and privacy in the Internet of Things, with a strong focus on how these aspects are handled in IoT middleware. We focus on IoT middleware because many systems are built from existing middleware and these inherit the underlying security properties of the middleware framework. The paper is composed of three main sections. Firstly, we propose a matrix of security and privacy threats for IoT. This matrix is used as the basis of a widespread literature review aimed at identifying requirements on IoT platforms and middleware. Secondly, we present a structured literature review of the available middleware and how security is handled in these middleware approaches. We utilise the requirements from the first phase to evaluate. Finally, we draw a set of conclusions and identify further work in this area.

show abstract

Section: A1: Device Confidentialitymentioning

confidence: 99%

A survey of secure middleware for the Internet of Things

Fremantle

Scott

2017

PeerJ Computer Science

View full text Add to dashboard Cite

show abstract

“…Its security depends on a proprietary authentication protocol and stream cipher using keys of only 48 bits long. In the beginning of 2008 it became clear that the card was broken [10,9,6,3,4] and that its content (esp. its balance) can be accessed and changed within a matter of seconds.…”

Section: What Went Wrong: Smart Cards In Public Transportmentioning

confidence: 99%

“…The Digital Security Group of the Radboud University Nijmegen had to deal with this question because of its research into Mifare Classic chipcards [6,3,4]. It has decided to speak openly about the security vulnerabilities, which in the end involved standing up to legal intimidation and defending its right to publish freely in court, see [2] for a brief account.…”

Section: What Went Wrong: Smart Cards In Public Transportmentioning

confidence: 99%

Architecture Is Politics: Security and Privacy Issues in Transport and Beyond

Jacobs

2010

Data Protection in a Profiled World

Self Cite

View full text Add to dashboard Cite

Abstract. This paper discusses the political relevance of ICT-architecture through a review of recent developments in the Netherlands, involving the bumpy introduction of a national smart card for public transport and the plans for electronic traffic pricing based on actual road usage of individual cars. One of the underlying themes is the centralised or decentralised storage of privacy-sensitive data, where centralised informational control supports centralised societal control.

show abstract

“…For the transportation authority a further advantage of electronic payments is that they enable the collection of meaningful data about customer behavior which helps to maintain and improve the system. However, currently employed electronic public transportation payment systems have suffered security attacks [20,3], and they do not incorporate means to protect the user's (locational) privacy. For example it is reported that "in the period from August 2004 to March 2006 alone, the Oyster system was queried 409 times" [31], which shows that location data about customers is collected and stored and later used by other agencies.…”

Section: Introductionmentioning

confidence: 99%

Efficient E-Cash in Practice: NFC-Based Payments for Public Transportation Systems

Hinterwälder

Zenger

Baldimtsi

et al. 2013

Privacy Enhancing Technologies

View full text Add to dashboard Cite

Abstract. Near field communication (NFC) is a recent popular technology that will facilitate many aspects of payments with mobile tokens. In the domain of public transportation payment systems electronic payments have many benefits, including improved throughput, new capabilities (congestion-based pricing etc.) and user convenience. A common concern when using electronic payments is that a user's privacy is sacrificed. However, cryptographic e-cash schemes provide provable guarantees for both security and user privacy. Even though e-cash protocols have been proposed three decades ago, there are relatively few actual implementations, since their computation complexity makes an execution on lightweight devices rather difficult. This paper presents an efficient implementation of Brands [11] and ACL [4] e-cash schemes on an NFC smartphone: the BlackBerry Bold 9900. Due to their efficiency during the spending phase, when compared to other schemes, and the fact that payments can be verified offline, these schemes are especially suited for, but not limited to, use in public transport. Additionally, the encoding of validated attributes (e.g. a user's age range, zip code etc.) is possible in the coins being withdrawn, which allows for additional features such as variable pricing (e.g. reduced fare for senior customers) and privacy-preserving data collection. We present a subtle technique to make use of the ECDHKeyAgreement class that is available in the BlackBerry API (and in the API of other systems) and show how the schemes can be implemented efficiently to satisfy the tight timing imposed by the transportation setting.

show abstract

Dismantling MIFARE Classic

Cited by 141 publications

References 3 publications

A survey of secure middleware for the Internet of Things

A survey of secure middleware for the Internet of Things

Architecture Is Politics: Security and Privacy Issues in Transport and Beyond

Efficient E-Cash in Practice: NFC-Based Payments for Public Transportation Systems

Contact Info

Product

Resources

About