Secure recharge of disposable RFID tickets
Size: px
Start display at page:

Download "Secure recharge of disposable RFID tickets"

Transcription

1 Secure recharge of disposable RFID tickets Riccardo Focardi Flaminia Luccio Università Ca Foscari, Venezia FAST September 2011, Leuven FAST 2011 ()Secure recharge of disposable RFID tickets September 2011, Leuven 1 / 17

2 Outline 1 Introduction RFID Tickets 2 Mifare Ultralight Security mechanisms 3 Attacks Cloning/restoring a card Lesson learned 4 A new API Type-based analysis 5 Conclusion and related work FAST 2011 ()Secure recharge of disposable RFID tickets September 2011, Leuven 2 / 17

3 RFID technology Introduction Radio Frequency IDentification (RFID) is more an more used 1 transportation and logistics 2 hospitals 3 inventory 4 passports 5 ski resorts 6 race timing 7 animal identification 8 human implant (!?) 9... FAST 2011 ()Secure recharge of disposable RFID tickets September 2011, Leuven 3 / 17

4 RFID technology Introduction Radio Frequency IDentification (RFID) is more an more used 1 transportation and logistics 2 hospitals 3 inventory 4 passports 5 ski resorts 6 race timing 7 animal identification 8 human implant (!?) 9... FAST 2011 ()Secure recharge of disposable RFID tickets September 2011, Leuven 3 / 17

5 Introduction RFID Tickets RFID tickets RFID cards for public transportation disposable cards 1 chip-on-paper, very cheap 2 one or more tickets of the same kind 3 non-rechargeable 4 minimal security mechanisms personal cards 1 plastic, credit-card like cards 2 tickets or different contracts on the same card 3 rechargeable 4 strong authentication mechanisms FAST 2011 ()Secure recharge of disposable RFID tickets September 2011, Leuven 4 / 17

6 Introduction RFID Tickets How do they work? ISO/IEC 14443: very popular HF (13.56 MHz) standard for proximity cards used for identification proximity cards and proximity coupling device, i.e., the reader initialization and anticollision: the reader talks with exactly one card if more are in the field card API: the card implements a set of functions that can be invoked by the reader secure module: the reader may have a Security Access Module (SAM) to perform cryptographic operations and authentication security mechanisms: are specific for a certain card (and its API) FAST 2011 ()Secure recharge of disposable RFID tickets September 2011, Leuven 5 / 17

7 Mifare Ultralight cards Mifare Ultralight (a) Memory organization Byte number Page ID ID0 ID1 ID2 Check1 0 ID ID3 ID4 ID5 ID6 1 Check/Lock Check2 Internal Lock0 Lock1 2 OTP OTP OTP OTP OTP 3 Data R/W R/W R/W R/W 4 Data R/W R/W R/W R/W 5 Data R/W R/W R/W R/W... Data R/W R/W R/W R/W 15 (b) Lock bytes Lock0 and Lock1 Lock0 L 7 L 6 L 5 L 4 L 3 BL 1 BL 2 BL OTP Lock1 L 15 L 14 L 13 L 12 L 11 L 10 L 9 L 8 FAST 2011 ()Secure recharge of disposable RFID tickets September 2011, Leuven 6 / 17

8 Mifare Ultralight Security mechanisms Security mechanisms very simple API: read/write of pages with some limitations: 1 unique ID: read-only, included in encryptions or MACs to avoid card cloning 2 OTP: One Time Programmable, monotone, prevents ticket reuse 3 lock bytes: for read-only time-based contracts, e.g. skipass 4 block locking bits: prevent locking of pages that need to be modified, e.g., the OTP no security API: security is built on top of the above mechanisms security flaws found in real application, e.g., the OV-chipkaart in Amsterdam and Rotterdam. FAST 2011 ()Secure recharge of disposable RFID tickets September 2011, Leuven 7 / 17

9 Attacks Cloning/restoring a card Example (Card cloning) Sample (flawed) code for consuming n tickets from a card read(4 : 7); if (MAC K (p 4, p 6 ) = p 7 ) then p 4 := p 4 n; p 5 := BUS ID(); p 6 := TIMESTAMP(); p 7 := MAC K (p 4, p 6 ); write(4 : 7); 0, 1 Id 2 Lock 3 Otp 4 R 5 D 1 6 D 2 7 MAC K (R, D 2 ) FAST 2011 ()Secure recharge of disposable RFID tickets September 2011, Leuven 8 / 17

10 Attacks Cloning/restoring a card Example (Card cloning) Sample (flawed) code for consuming n tickets from a card read(4 : 7); if (MAC K (p 4, p 6 ) = p 7 ) then p 4 := p 4 n; p 5 := BUS ID(); p 6 := TIMESTAMP(); p 7 := MAC K (p 4, p 6 ); write(4 : 7); 0, 1 Id 2 Lock 3 Otp 4 R 5 D 1 6 D 2 7 MAC K (R, D 2 ) 0, 1 Id FAST 2011 ()Secure recharge of disposable RFID tickets September 2011, Leuven 8 / 17

11 Attacks Cloning/restoring a card Example (Card cloning) Sample (flawed) code for consuming n tickets from a card read(4 : 7); if (MAC K (p 4, p 6 ) = p 7 ) then p 4 := p 4 n; p 5 := BUS ID(); p 6 := TIMESTAMP(); p 7 := MAC K (p 4, p 6 ); write(4 : 7); 0, 1 Id 2 Lock 3 Otp 4 R 5 D 1 6 D 2 7 MAC K (R, D 2 ) COPY = 0, 1 Id R 5 6 D 2 7 MAC K (R, D 2 ) FAST 2011 ()Secure recharge of disposable RFID tickets September 2011, Leuven 8 / 17

12 Attacks Cloning/restoring a card Example (double-use) Including the Id in the MAC prevents cloning 0, 1 Id 2 Lock 3 Otp 4 R 5 D 1 6 D 2 7 MAC K (Id, R, D 2 ) read(0 : 7); if (MAC K (p 0, p 1, p 4, p 6 ) = p 7 ) then p 4 := p 4 n; p 5 := BUS ID(); p 6 := TIMESTAMP(); p 7 := MAC K (p 0, p 1, p 4, p 6 ); write(4 : 7) FAST 2011 ()Secure recharge of disposable RFID tickets September 2011, Leuven 9 / 17

13 Attacks Cloning/restoring a card Example (double-use) Including the Id in the MAC prevents cloning 0, 1 Id 2 Lock 3 Otp 4 R 5 D 1 6 D 2 7 MAC K (Id, R, D 2 ) read(0 : 7); if (MAC K (p 0, p 1, p 4, p 6 ) = p 7 ) then p 4 := p 4 n; p 5 := BUS ID(); p 6 := TIMESTAMP(); p 7 := MAC K (p 0, p 1, p 4, p 6 ); write(4 : 7) COPY = R, D 2, MAC K (Id, R, D 2 ) FAST 2011 ()Secure recharge of disposable RFID tickets September 2011, Leuven 9 / 17

14 Attacks Cloning/restoring a card Example (double-use) Including the Id in the MAC prevents cloning 0, 1 Id 2 Lock 3 Otp 4 R n 5 D 1 6 D 2 7 MAC K (Id, R n, D 2 ) read(0 : 7); if (MAC K (p 0, p 1, p 4, p 6 ) = p 7 ) then p 4 := p 4 n; p 5 := BUS ID(); p 6 := TIMESTAMP(); p 7 := MAC K (p 0, p 1, p 4, p 6 ); write(4 : 7) COPY = use tickets R, D 2, MAC K (Id, R, D 2 ) FAST 2011 ()Secure recharge of disposable RFID tickets September 2011, Leuven 9 / 17

15 Attacks Cloning/restoring a card Example (double-use) Including the Id in the MAC prevents cloning 0, 1 Id 2 Lock 3 Otp 4 R 5 D 1 6 D 2 7 MAC K (Id, R, D 2 ) read(0 : 7); if (MAC K (p 0, p 1, p 4, p 6 ) = p 7 ) then p 4 := p 4 n; p 5 := BUS ID(); p 6 := TIMESTAMP(); p 7 := MAC K (p 0, p 1, p 4, p 6 ); write(4 : 7) COPY = use tickets R, D 2, MAC K (Id, R, D 2 ) RESTORE = reuse the card arbitrarily FAST 2011 ()Secure recharge of disposable RFID tickets September 2011, Leuven 9 / 17

16 Attacks Cloning/restoring a card Example (the OTP) Use the OTP to count resources on the card (initialized as 32 R) 0, 1 Id 2 Lock 3 Otp 4 5 D 1 6 D 2 7 MAC K (Id, Otp, D 2 ) read(0 : 7); if (MAC K (p 0, p 1, p 3, p 6 ) = p 7 ) then p 3 := incotp n (p 3 ); p 5 := BUS ID(); p 6 := TIMESTAMP(); p 7 := MAC K (p 0, p 1, p 3, p 6 ); write(3 : 7) FAST 2011 ()Secure recharge of disposable RFID tickets September 2011, Leuven 10 / 17

17 Attacks Cloning/restoring a card Example (the OTP) Use the OTP to count resources on the card (initialized as 32 R) 0, 1 Id 2 Lock 3 Otp 4 5 D 1 6 D 2 7 MAC K (Id, Otp, D 2 ) read(0 : 7); if (MAC K (p 0, p 1, p 3, p 6 ) = p 7 ) then p 3 := incotp n (p 3 ); p 5 := BUS ID(); p 6 := TIMESTAMP(); p 7 := MAC K (p 0, p 1, p 3, p 6 ); write(3 : 7) COPY = Otp, D 2, MAC K (Id, Otp, D 2 ) FAST 2011 ()Secure recharge of disposable RFID tickets September 2011, Leuven 10 / 17

18 Attacks Cloning/restoring a card Example (the OTP) Use the OTP to count resources on the card (initialized as 32 R) read(0 : 7); if (MAC K (p 0, p 1, p 3, p 6 ) = p 7 ) then p 3 := incotp n (p 3 ); p 5 := BUS ID(); p 6 := TIMESTAMP(); p 7 := MAC K (p 0, p 1, p 3, p 6 ); write(3 : 7) 0, 1 Id 2 Lock 3 Otp + n 4 5 D 1 6 D 2 7 MAC K (Id, Otp + n, D 2 ) COPY = use Otp, D 2, MAC K (Id, Otp, D 2 ) FAST 2011 ()Secure recharge of disposable RFID tickets September 2011, Leuven 10 / 17

19 Attacks Cloning/restoring a card Example (the OTP) Use the OTP to count resources on the card (initialized as 32 R) 0, 1 Id 2 Lock 3 Otp + n 4 5 D 1 6 D 2 7 MAC K (Id, Otp, D 2 ) read(0 : 7); if (MAC K (p 0, p 1, p 3, p 6 ) = p 7 ) then p 3 := incotp n (p 3 ); p 5 := BUS ID(); p 6 := TIMESTAMP(); p 7 := MAC K (p 0, p 1, p 3, p 6 ); write(3 : 7) COPY = use Otp, D 2, MAC K (Id, Otp, D 2 ) RESTORE = FAIL! FAST 2011 ()Secure recharge of disposable RFID tickets September 2011, Leuven 10 / 17

20 Attacks Lesson learned Summary the unique ID, if in the MAC, prevents cloning the OTP can be used to store the number of tickets on the card monotonicity of OTP ensures that tickets cannot be reused NOTE 1 cards cannot be recharged (the OTP is irreversible) NOTE 2 cards cannot store different kind of tickets (one OTP) NOTE 3 code can become complex leading to security flaws motivated by the above issues 1 we propose a new way of using the OTP which admits recharges and different kind of tickets on the same card 2 we develop a typing-discipline to develop secure APIs on top of the insecure card APIs FAST 2011 ()Secure recharge of disposable RFID tickets September 2011, Leuven 11 / 17

21 A new API Our proposal explicit resource counters, as in the first examples OTP incremented by 1 when (even n) resources are consumed the OTP does not represent the number of resources 1 it is initialized as 0 2 it is incremented at any irreversible event FAST 2011 ()Secure recharge of disposable RFID tickets September 2011, Leuven 12 / 17

22 A new API Our proposal explicit resource counters, as in the first examples OTP incremented by 1 when (even n) resources are consumed the OTP does not represent the number of resources 1 it is initialized as 0 2 it is incremented at any irreversible event read(0 : 7); if (MAC K (p 0, p 1, p 3, p 4, p 6 ) = p 7 ) then p 3 := incotp(p 3 ); p 4 := p 4 n; p 5 := BUS ID(); p 6 := TIMESTAMP(); p 7 := MAC K (p 0, p 1, p 3, p 4, p 6 ); write(3 : 7) 0,1 Id 2 Lock 3 Otp 4 R 5 D 1 6 D 2 7 MAC K (Id, Otp, R, D 2 ) FAST 2011 ()Secure recharge of disposable RFID tickets September 2011, Leuven 12 / 17

23 A new API Our proposal explicit resource counters, as in the first examples OTP incremented by 1 when (even n) resources are consumed the OTP does not represent the number of resources 1 it is initialized as 0 2 it is incremented at any irreversible event read(0 : 7); if (MAC K (p 0, p 1, p 3, p 4, p 6 ) = p 7 ) then p 3 := incotp(p 3 ); p 4 := p 4 n; p 5 := BUS ID(); p 6 := TIMESTAMP(); p 7 := MAC K (p 0, p 1, p 3, p 4, p 6 ); write(3 : 7) 0,1 Id 2 Lock 3 Otp R n 5 D 1 6 D 2 7 MAC K (Id, Otp + 1, R n, D 2 ) FAST 2011 ()Secure recharge of disposable RFID tickets September 2011, Leuven 12 / 17

24 Type-based analysis A new API Type-based analysis A linear type-and-effect system with judgement Γ c Γ FAST 2011 ()Secure recharge of disposable RFID tickets September 2011, Leuven 13 / 17

25 A new API Type-based analysis Type-based analysis A linear type-and-effect system with judgement Γ c Γ 1 we model production and consumption of resources via special annotations produce(r), consume(r) FAST 2011 ()Secure recharge of disposable RFID tickets September 2011, Leuven 13 / 17

26 A new API Type-based analysis Type-based analysis A linear type-and-effect system with judgement Γ c Γ 1 we model production and consumption of resources via special annotations produce(r), consume(r) 2 critical operations always performed after the MAC check FAST 2011 ()Secure recharge of disposable RFID tickets September 2011, Leuven 13 / 17

27 Type-based analysis A new API Type-based analysis A linear type-and-effect system with judgement Γ c Γ 1 we model production and consumption of resources via special annotations produce(r), consume(r) 2 critical operations always performed after the MAC check Γ(p i ) = Mac[i 0,..., i m ] Γ(p i0 ),..., Γ(p im ) = Γ{p i0 : Γ(i 0 ),..., p im : Γ(i m )} c 1 Γ Γ c 2 Γ Γ if MAC K (p i1,..., p im ) = p i then c 1 else c 2 Γ FAST 2011 ()Secure recharge of disposable RFID tickets September 2011, Leuven 13 / 17

28 Type-based analysis A new API Type-based analysis A linear type-and-effect system with judgement Γ c Γ 1 we model production and consumption of resources via special annotations produce(r), consume(r) 2 critical operations always performed after the MAC check Γ(p i ) = Mac[i 0,..., i m ] Γ(p i0 ),..., Γ(p im ) = Γ{p i0 : Γ(i 0 ),..., p im : Γ(i m )} c 1 Γ Γ c 2 Γ Γ if MAC K (p i1,..., p im ) = p i then c 1 else c 2 Γ 3 production and consumption controlled via linear effects; OTP incremented and written back to the card before consumption FAST 2011 ()Secure recharge of disposable RFID tickets September 2011, Leuven 13 / 17

29 Type-based analysis A new API Type-based analysis A linear type-and-effect system with judgement Γ c Γ 1 we model production and consumption of resources via special annotations produce(r), consume(r) 2 critical operations always performed after the MAC check Γ(p i ) = Mac[i 0,..., i m ] Γ(p i0 ),..., Γ(p im ) = Γ{p i0 : Γ(i 0 ),..., p im : Γ(i m )} c 1 Γ Γ c 2 Γ Γ if MAC K (p i1,..., p im ) = p i then c 1 else c 2 Γ 3 production and consumption controlled via linear effects; OTP incremented and written back to the card before consumption Γ(p i ) = R iotp Γ W 3 Γ Γ p i := p i n Γ, R n + W i Γ, R n consume(r) n Γ FAST 2011 ()Secure recharge of disposable RFID tickets September 2011, Leuven 13 / 17

30 Typing the example A new API Type-based analysis Γ read(0 : 7); Γ, Γ Γ, Γ if (MAC K (p 0, p 1, p 2, p 3, p 4, p 6) = p 7) Γ, Γ p 3 := incotp(p 3); Γ, Γ, iotp, W 3 Γ, Γ, iotp, W 3 write(3) Γ, Γ, iotp Γ, Γ, iotp p 4 := p 4 n; Γ, Γ, R n, W 4 Γ, Γ, R n, iotp, W 4 p 5 := BUS ID(); Γ, Γ, R n, iotp, W 4,5 Γ, Γ, R n, iotp, W 4,5 p 6 := TIMESTAMP(); Γ, Γ, R n, iotp, W 4,5,6 Γ, Γ, R n, iotp, W 4,5,6 p 7 := MAC K (p 0, p 1, p 2, p 3, p 4, p 6); Γ, Γ, R n, iotp, W 4,5,6,7 Γ, Γ, R n, iotp, W 4,5,6,7 write(4 : 7) Γ, Γ, R n, iotp Γ, Γ, R n, iotp consume(r) n ; Γ, Γ FAST 2011 ()Secure recharge of disposable RFID tickets September 2011, Leuven 14 / 17

31 Typing the example A new API Type-based analysis Γ read(0 : 7); Γ, Γ Γ, Γ if (MAC K (p 0, p 1, p 2, p 3, p 4, p 6) = p 7) Γ, Γ p 3 := incotp(p 3); Γ, Γ, iotp, W 3 Γ, Γ, iotp, W 3 write(3) Γ, Γ, iotp Γ, Γ, iotp p 4 := p 4 n; Γ, Γ, R n, W 4 Γ, Γ, R n, iotp, W 4 p 5 := BUS ID(); Γ, Γ, R n, iotp, W 4,5 Γ, Γ, R n, iotp, W 4,5 p 6 := TIMESTAMP(); Γ, Γ, R n, iotp, W 4,5,6 Γ, Γ, R n, iotp, W 4,5,6 p 7 := MAC K (p 0, p 1, p 2, p 3, p 4, p 6); Γ, Γ, R n, iotp, W 4,5,6,7 Γ, Γ, R n, iotp, W 4,5,6,7 write(4 : 7) Γ, Γ, R n, iotp Γ, Γ, R n, iotp consume(r) n ; Γ, Γ i Γ 0 Id 1 Id 2 Lock 3 Otp 4 R T 5 Data 6 Data 7 Mac[0, 1, 2, 3, 4, 6] Γ Γ p 0 Id p 1 Id p 2 Lock p 3 Otp p 4 R T p 5 Data Data p 6 Data p 7 Mac[0, 1, 2, 3, 4, 6] Mac[0, 1, 2, 3, 4, 6] FAST 2011 ()Secure recharge of disposable RFID tickets September 2011, Leuven 14 / 17

32 A new API Type-based analysis Results Attacker model any untrusted code not using K any well-typed program (API) possibly using K For well-typed programs we formally prove that 1 any time a resource is consumed the OTP on the card has been incremented 2 after an arbitrary number of well-typed programs and attacker runs the number of resources R on the card is less than or equal to the number of resources recharged and not yet consumed, i.e., #produce(r) #consume(r) 3 cards with no valid MACs can never originate a consume(r) FAST 2011 ()Secure recharge of disposable RFID tickets September 2011, Leuven 15 / 17

33 Conclusion and related work Conclusion Mifare Ultralight cards very cheap, implement minimal security mechanisms application-level security is completely up to the programmer a new way of using the OTP enabling the recharge of cards and different kinds of tickets on the same card a type-checkable simple language to develop security APIs applications can build on top of these type-checked APIs future work: we intend to implement a type-checker on real programming languages and test APIs on working applications (possible collaboration with public transport company in Venice) FAST 2011 ()Secure recharge of disposable RFID tickets September 2011, Leuven 16 / 17

34 References Conclusion and related work Mifare ultralight contactless single-ticket IC, Product data sheet. Rev December Available at M. Bugliesi, S. Calzavara, F. Eigner, and M. Maffei. Resource-aware Authorization Policies for Statically Typed Crypto Protocols. In Proceedings of IEEE CSF 11. M. Centenaro, R. Focardi, F. Luccio, and G. Steel. Type-based analysis of PIN processing APIs. In Proceedings of ESORICS 09. P. Siekerman and M. van der Schee. Security evaluation of the disposable ov-chipkaart v1.7, Research Project for a Master Thesis, University of Amsterdam. A. Tanenbaum. Dutch public transit card broken, Available at FAST 2011 ()Secure recharge of disposable RFID tickets September 2011, Leuven 17 / 17

Similar documents

Gemalto Mifare 1K Datasheet

Gemalto Mifare 1K Datasheet Gemalto Mifare 1K Datasheet Contents 1. Overview...3 1.1 User convenience and speed...3 1.2 Security...3 1.3 Anticollision...3 2. Gemalto Mifare Features...4 2.1 Compatibility with norms...4 2.2 Electrical...4

More information

NFCulT. An easy a nice tool that will make you have fun, or... make profit!

NFCulT. An easy a nice tool that will make you have fun, or... make profit! NFCulT An easy a nice tool that will make you have fun, or... make profit Matteo Beccaro ( aka bughardy ) Student at Politecnico di Torino Computer Engineering Security Engineer and researcher at Secure

More information

Secure Automatic Ticketing System

Secure Automatic Ticketing System Secure Automatic Ticketing System MARIUS POPA, CRISTIAN TOMA Department of Computer Science in Economics Academy of Economic Studies Bucharest Romana Square, No. 6, Bucharest ROMANIA marius.popa@ase.ro

More information

Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, 2006. Developed by: Smart Card Alliance Identity Council

Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, 2006. Developed by: Smart Card Alliance Identity Council Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions July, 2006 Developed by: Smart Card Alliance Identity Council Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked

More information

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards January 2007 Developed by: Smart Card Alliance Identity Council RF-Enabled Applications and Technology:

More information

Security Evaluation of the disposable OV-chipkaart v1.6

Security Evaluation of the disposable OV-chipkaart v1.6 Security Evaluation of the disposable OV-chipkaart v1.6 Pieter Siekerman (pjsiekerman at os3.nl) Maurits van der Schee (mvdschee at os3.nl) System and Network Engineering University of Amsterdam July 26,

More information

50 ways to break RFID privacy

50 ways to break RFID privacy 50 ways to break RFID privacy Ton van Deursen 1 University of Luxembourg ton.vandeursen@uni.lu 1 Financial support received from the Fonds National de la Recherche (Luxembourg). RFID privacy 1 / 40 Outline

More information

MF1 IC S50. 1. General description. Functional specification. 1.1 Contactless Energy and Data Transfer. 1.2 Anticollision. Energy

MF1 IC S50. 1. General description. Functional specification. 1.1 Contactless Energy and Data Transfer. 1.2 Anticollision. Energy Rev. 5.2 15 January 2007 Product data sheet 001052 PUBLIC 1. General description NXP has developed the Mifare to be used in contactess smart cards according to ISO/IEC 14443A. The communication layer (

More information

Exercise 1: Set up the Environment

Exercise 1: Set up the Environment RFID Lab Gildas Avoine, 2014 Contact: gildas.avoine@irisa.fr Objective: Learn how much it is easy to read contactless tags, possibly simulate/clone. Requirement: Hardware: Reader SCL3711 or ACR122, Reader

More information

RFID Security: Threats, solutions and open challenges

RFID Security: Threats, solutions and open challenges RFID Security: Threats, solutions and open challenges Bruno Crispo Vrije Universiteit Amsterdam crispo@cs.vu.nl 1 Table of Content RFID technology and applications Security Issues Privacy Proposed (partial)

More information

Security & Chip Card ICs SLE 44R35S / Mifare

Security & Chip Card ICs SLE 44R35S / Mifare Security & Chip Card ICs SLE 44R35S / Mifare Intelligent 1 Kbyte EEPROM with Interface for Contactless Transmission, Security Logic and Anticollision according to the MIFARE -System Short Product Info

More information

AN 073120. mifare Ultralight Features and Hints. Document information. Multiple ticketing, secured data storage, implementation hints

AN 073120. mifare Ultralight Features and Hints. Document information. Multiple ticketing, secured data storage, implementation hints AN 073120 Rev. 2.0 18 December 2006 Application note Document information Info Keywords Abstract Content Multiple ticketing, secured data storage, implementation hints This document presents features and

More information

RFID Penetration Tests when the truth is stranger than fiction

RFID Penetration Tests when the truth is stranger than fiction RFID Penetration Tests when the truth is stranger than fiction Dr. Tomáš Rosa, tomas.rosa@rb.cz Raiffeisenbank, a.s. Agenda Technology overview Physical layer of LF and HF bands The Unique ID phenomenon

More information

Using RFID Techniques for a Universal Identification Device

Using RFID Techniques for a Universal Identification Device Using RFID Techniques for a Universal Identification Device Roman Zharinov, Ulia Trifonova, Alexey Gorin Saint-Petersburg State University of Aerospace Instrumentation Saint-Petersburg, Russia {roman,

More information

ABSTRACT List of tables List of figures List of abbreviations CHAPTER 1 INTRODUCTION 1.1 Background 1.2 Problem Statement 1.3 Objective 1.4 Scope 1.5 Thesis Organization Chapter 2 2.1 Automatic Identification

More information

Chip Card & Security ICs Mifare NRG SLE 66R35

Chip Card & Security ICs Mifare NRG SLE 66R35 Chip Card & Security ICs Mifare NRG Intelligent 1 Kbyte Memory Chip with Interface for Contactless Transmission according to the Mifare -System Short Product Information April 2007 Short Product Information

More information

MIFARE CONTACTLESS CARD TECHNOLOLGY AN HID WHITE PAPER

MIFARE CONTACTLESS CARD TECHNOLOLGY AN HID WHITE PAPER MIFARE CONTACTLESS CARD TECHNOLOLGY AN HID WHITE PAPER GENERAL The MIFARE contactless smart card and MIFARE card reader/writer were developed to handle payment transactions for public transportation systems.

More information

NACCU 2013. Migrating to Contactless: 2013 1

NACCU 2013. Migrating to Contactless: 2013 1 NACCU 2013 Migrating to Contactless: 2013 1 AGENDA The demise of cards has been predicted for many years. When will this really happen? This presentation by two card industry experts will cover the rise

More information

Strengthen RFID Tags Security Using New Data Structure

Strengthen RFID Tags Security Using New Data Structure International Journal of Control and Automation 51 Strengthen RFID Tags Security Using New Data Structure Yan Liang and Chunming Rong Department of Electrical Engineering and Computer Science, University

More information

Secure My-d TM and Mifare TM RFID reader system by using a security access module Erich Englbrecht (info@eonline.de) V0.1draft

Secure My-d TM and Mifare TM RFID reader system by using a security access module Erich Englbrecht (info@eonline.de) V0.1draft Application Report Secure My-d TM and Mifare TM RFID reader system by using a security access module Erich Englbrecht (info@eonline.de) V0.1draft Embedded RF ABSTRACT This application report describes

More information

Secure upgrade of hardware security modules in bank networks

Secure upgrade of hardware security modules in bank networks In proceedings of ARSPA-WITS. Springer LNCS. Secure upgrade of hardware security modules in bank networks Riccardo Focardi and Flaminia L. Luccio Università Ca Foscari Venezia, {focardi,luccio}@dsi.unive.it

More information

OBID RFID by FEIG ELECTRONIC. OBID classic / OBID classic-pro. RFID Reader Technology for Security Applications

OBID RFID by FEIG ELECTRONIC. OBID classic / OBID classic-pro. RFID Reader Technology for Security Applications OBID RFID by FEIG ELECTRONIC OBID classic / OBID classic-pro RFID Reader Technology for Security Applications OBID RFID Reader Technologies RFID Readers from the number 1 manufacturer FEIG ELECTRONIC specialized

More information

Electronic Access Control Security. Matteo Beccaro HackInTheBox Amsterdam, May 27 th, 2016

Electronic Access Control Security. Matteo Beccaro HackInTheBox Amsterdam, May 27 th, 2016 Electronic Access Control Security Matteo Beccaro HackInTheBox Amsterdam, May 27 th, 2016 Me Matteo Beccaro Founder & Chief Technology Officer at Opposing Force The first Italian company specialize in

More information

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public

More information

Mobile and Contactless Payment Security

Mobile and Contactless Payment Security Mobile and Contactless Payment Security v20111118 1/842 High Street East Kew 3102 Melbourne Australia Ph: +61 3 9846 2751 Fax: +61 3 9857 0350 Rambla de Catalunya 38, 8 planta 08007 Barcelona Spain Ph.

More information

Counter Expertise Review on the TNO Security Analysis of the Dutch OV-Chipkaart. OV-Chipkaart Security Issues Tutorial for Non-Expert Readers

Counter Expertise Review on the TNO Security Analysis of the Dutch OV-Chipkaart. OV-Chipkaart Security Issues Tutorial for Non-Expert Readers Counter Expertise Review on the TNO Security Analysis of the Dutch OV-Chipkaart OV-Chipkaart Security Issues Tutorial for Non-Expert Readers The current debate concerning the OV-Chipkaart security was

More information

MIFARE ISO/IEC 14443 PICC

MIFARE ISO/IEC 14443 PICC Rev. 3.0 26 June 2009 130830 Application note PUBLIC Document information Info Keywords Abstract Content Activate Card, MIFARE, Select Card This Application te shows the elementary communication for selecting

More information

Karsten Nohl University of Virginia. Henryk Plötz HU Berlin

Karsten Nohl University of Virginia. Henryk Plötz HU Berlin Karsten Nohl University of Virginia Henryk Plötz HU Berlin Radio Frequency IDentification Tiny computer chips Passively Powered Karsten Nohl, Henryk Plötz - RFID Security 2 Constant monitoring is already

More information

MF0ICU2. 1. General description. MIFARE Ultralight C. 1.1 Contactless energy and data transfer. 1.2 Anticollision. Rev. 3.2 19 May 2009 171432

MF0ICU2. 1. General description. MIFARE Ultralight C. 1.1 Contactless energy and data transfer. 1.2 Anticollision. Rev. 3.2 19 May 2009 171432 Rev. 3.2 19 May 2009 171432 1. General description NXP Semiconductors has developed MIFARE - - to be used with Proximity Coupling Devices (PCD) according to ISO/IEC 14443A (see Ref. 1 ISO/IEC ). The communication

More information

AN1305. MIFARE Classic as NFC Type MIFARE Classic Tag. Application note COMPANY PUBLIC. Rev. 1.3 2 October 2012 130513. Document information

AN1305. MIFARE Classic as NFC Type MIFARE Classic Tag. Application note COMPANY PUBLIC. Rev. 1.3 2 October 2012 130513. Document information MIFARE Classic as NFC Type MIFARE Classic Tag Document information Info Content Keywords NFC Forum, NFC data mapping, MIFARE Classic 1K/4K, MIFARE Classic 1K, MIFARE Classic 4K, MIFARE Plus X/S, NFC Type

More information

Guard All Security Symposium. Identity and Access Management

Guard All Security Symposium. Identity and Access Management Guard All Security Symposium Identity and Access Management The Complex Digital World Welcome to the Identiverse Segments / Brands Product Offerings Applications ID Management Solutions Governmental credentialing

More information

RFID Security. April 10, 2006. Martin Dam Pedersen Department of Mathematics and Computer Science University Of Southern Denmark

RFID Security. April 10, 2006. Martin Dam Pedersen Department of Mathematics and Computer Science University Of Southern Denmark April 10, 2006 Martin Dam Pedersen Department of Mathematics and Computer Science University Of Southern Denmark 1 Outline What is RFID RFID usage Security threats Threat examples Protection Schemes for

More information

Analysis of the MIFARE Classic used in the OV-Chipkaart project

Analysis of the MIFARE Classic used in the OV-Chipkaart project Analysis of the MIFARE Classic used in the OV-Chipkaart project Gerhard de Koning Gans Radboud University Nijmegen Supervisors Thesis 584 Jaap-Henk Hoepman Gerhard de Koning Gans Flavio D. Garcia Version

More information

How Does It Work? Internet of Things

How Does It Work? Internet of Things Intermec UAP-2100 What is RFID? 18-759: Wireless Networks Lecture 14: RFID Peter Steenkiste and Hedda R. Schmidtke Departments of Computer Science and Electrical and Computer Engineering Spring Semester

More information

mcard CPK Supported Solutions

mcard CPK Supported Solutions mcard CPK Supported Solutions Century Longmai White Paper All rights reserved Contents 1. MTOKEN CPK CARD INTRODUCTION... 2 PRODUCT INTRODUCTION... 2 Product appearance... 3 Hardware parameters... 4 2.

More information

RESEARCH SURVEY ON MIFARE WITH RFID TECHNOLOGY

RESEARCH SURVEY ON MIFARE WITH RFID TECHNOLOGY RESEARCH SURVEY ON MIFARE WITH RFID TECHNOLOGY S.SRINIVASAN Assistant Professor, School of Computing, SASTRA University, Kumbakonam-612001 Tamil Nadu, India ramuluvasan@rediffmail.com Dr. C. CHANDRASEKAR

More information

International Journal of Engineering Research & Management Technology

International Journal of Engineering Research & Management Technology International Journal of Engineering Research & Management Technology March- 2015 Volume 2, Issue-2 Radio Frequency Identification Security System Mr. Shailendra Kumar Assistant Professor Department of

More information

Microtronics technologies Mobile: 99707 90092

Microtronics technologies Mobile: 99707 90092 For more Project details visit: http://www.projectsof8051.com/rfid-based-attendance-management-system/ Code Project Title 1500 RFid Based Attendance System Synopsis for RFid Based Attendance System 1.

More information

SL2 ICS53/SL2 ICS54. 1. General description I CODE SLI-S/I CODE SLI-S HC. 1.1 Anticollision. 1.2 Contactless energy and data transfer

SL2 ICS53/SL2 ICS54. 1. General description I CODE SLI-S/I CODE SLI-S HC. 1.1 Anticollision. 1.2 Contactless energy and data transfer Rev. 3.0 14 March 2007 Product data sheet 113730 1. General description The IC is a dedicated chip for smart label applications with the need for a higher security level, larger memory and/or a product

More information

SALTO Systems I SALTO Carriers. innovation in ID technology. MIFARE DESFire

SALTO Systems I SALTO Carriers. innovation in ID technology. MIFARE DESFire MIFAR SALTO Systems I SALTO Carriers innov innovation in ID technology MIFARE DESFire SALTO Carriers SALTO offers wide range of carriers(fobs, bracalets, contact less bracelets, contacless fobs, contact

More information

How To Protect A Smart Card From Being Hacked

How To Protect A Smart Card From Being Hacked Chip Terms Explained A Guide to Smart Card Terminology Contents 1 AAC Application Authentication Cryptogram AID Application Identifier Applet ARQC Authorization Request Cryptogram ARPC Authorization Response

More information

ACR880 GPRS Portable Smart Card Terminal

ACR880 GPRS Portable Smart Card Terminal ACR880 GPRS Portable Smart Card Terminal Technical Specifications Subject to change without prior notice Table of Contents 1.0. Introduction... 3 2.0. Features... 4 3.0. Supported Card Types... 5 3.1.

More information

3M Cogent, Inc. White Paper. Beyond. Wiegand: Access Control. in the 21st Century. a 3M Company

3M Cogent, Inc. White Paper. Beyond. Wiegand: Access Control. in the 21st Century. a 3M Company 3M Cogent, Inc. White Paper Beyond Wiegand: Access Control in the 21st Century a 3M Company Unprecedented security features & capabilities Why Wiegand? The Problem with Wiegand In 1970, John Wiegand invented

More information

Overview of Contactless Payment Cards. Peter Fillmore. July 20, 2015

Overview of Contactless Payment Cards. Peter Fillmore. July 20, 2015 Overview of Contactless Payment Cards Peter Fillmore July 20, 2015 Blackhat USA 2015 Introduction Contactless payments have exploded in popularity over the last 10 years with various schemes being popular

More information

Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars

Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars Aurélien Francillon, Boris Danev, Srdjan Čapkun 1 Modern Cars Evolution Increasing amount of electronics in cars For convenience

More information

Privacy and Security in library RFID Issues, Practices and Architecture

Privacy and Security in library RFID Issues, Practices and Architecture Privacy and Security in library RFID Issues, Practices and Architecture David Molnar and David Wagner University of California, Berkeley CCS '04 October 2004 Overview Motivation RFID Background Library

More information

Contactless Technology for Secure Physical Access: Technology and Standards Choices

Contactless Technology for Secure Physical Access: Technology and Standards Choices Contactless Technology for Secure Physical Access: Technology and Standards Choices A Smart Card Alliance Report Publication Date: October 2002 Publication Number: ID-02002 Smart Card Alliance 191 Clarksville

More information

Technical Article. NFiC: a new, economical way to make a device NFC-compliant. Prashant Dekate

Technical Article. NFiC: a new, economical way to make a device NFC-compliant. Prashant Dekate Technical NFiC: a new, economical way to make a device NFC-compliant Prashant Dekate NFiC: a new, economical way to make a device NFC-compliant Prashant Dekate The installed base of devices with Near Field

More information

PUF Physical Unclonable Functions

PUF Physical Unclonable Functions Physical Unclonable Functions Protecting next-generation Smart Card ICs with SRAM-based s The use of Smart Card ICs has become more widespread, having expanded from historical banking and telecommunication

More information

Getting to know your card: Reverse-Engineering the Smart-Card Application Protocol Data Unit for PKCS#11 Functions

Getting to know your card: Reverse-Engineering the Smart-Card Application Protocol Data Unit for PKCS#11 Functions : Reverse-Engineering the Smart-Card Application Protocol Data Unit for PKCS#11 Functions 1, Fiona McNeill 2, Alan Bundy 1, Graham Steel 3 Riccardo Focardi 4, Claudio Bozzato 4 1 University of Edinburgh

More information

NTAG213/215/216. The mechanical and electrical specifications of NTAG21x are tailored to meet the requirements of inlay and tag manufacturers.

NTAG213/215/216. The mechanical and electrical specifications of NTAG21x are tailored to meet the requirements of inlay and tag manufacturers. NFC Forum Type 2 Tag compliant IC with 144/504/888 bytes user memory 265332 1. General description NTAG213, NTAG215 and NTAG216 have been developed by NXP Semiconductors as standard NFC tag ICs to be used

More information

1. Product Overview 2. Product Features 3. Comparison Chart 4. Product Applications 5. Order Information 6. Q & A

1. Product Overview 2. Product Features 3. Comparison Chart 4. Product Applications 5. Order Information 6. Q & A www.acs.com.hk 1. Product Overview 2. Product Features 3. Comparison Chart 4. Product Applications 5. Order Information 6. Q & A 2 3 ACOS5 Series (32KB EEPROM) Cryptographic Smart Card and Token Module

More information

Training MIFARE SDK. Public. MobileKnowledge June 2015

Training MIFARE SDK. Public. MobileKnowledge June 2015 MIFARE SDK Public MobileKnowledge June 2015 Agenda Overview of MIFARE SDK related technologies NFC Technology (Read/Write mode) MIFARE, NTAG and ICODE products NFC in Android MIFARE SDK Introduction to

More information

Radio Frequency Identification (RFID)

Radio Frequency Identification (RFID) Radio Frequency Identification (RFID) Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse574-06/

More information

RFID Security and Privacy: A Research Survey. Vincent Naessens Studiedag Rabbit project

RFID Security and Privacy: A Research Survey. Vincent Naessens Studiedag Rabbit project RFID Security and Privacy: A Research Survey Vincent Naessens Studiedag Rabbit project RFID Security and Privacy: A Research Survey 1. Introduction 2. Security and privacy problems 3. Basic RFID tags 4.

More information

OTP circumventing in MIFARE ULTRALIGHT: Who says free rides?

OTP circumventing in MIFARE ULTRALIGHT: Who says free rides? OTP circumventing in MIFARE ULTRALIGHT: Who says free rides? bughardy bughardy@cryptolab.net Eagle1753 eagle1753@onenetbeyond.org Introduction RFID technologies are becoming more and more prevalent in

More information

Time & Access System An RFID based technology

Time & Access System An RFID based technology Time & Access System An RFID based technology OpenWorks TIME Technical Specification V1.0.2 M. I. Suhile Ahamed KCP Technologies Limited 2, Dr. P. V. Cherian Crescent, Egmore, Chennai - 600 008, INDIA.

More information

INTEGRATED CIRCUITS I CODE SLI. Smart Label IC SL2 ICS20. Functional Specification. Product Specification Revision 3.1 Public. Philips Semiconductors

INTEGRATED CIRCUITS I CODE SLI. Smart Label IC SL2 ICS20. Functional Specification. Product Specification Revision 3.1 Public. Philips Semiconductors INTEGRATED CIRCUITS I CODE SLI Smart Label IC SL2 ICS20 Product Specification Revision 3.1 February July 2005 2001 Public Philips Semiconductors CONTENTS 1 FEATURES...4 1.1 I CODE SLI RF Interface (ISO/IEC

More information

Ex15x //DATASHEET. Xs4 Mini. Cutting-edge design + Amazing technology:

Ex15x //DATASHEET. Xs4 Mini. Cutting-edge design + Amazing technology: //DATASHEET XS4 Mini Cutting-edge design + Amazing technology: Stylish design is a SALTO trademark and with the XS4 Mini, we raise the bar on this already high standard thanks to the XS4 Mini s small,

More information

Introducing etoken. What is etoken?

Introducing etoken. What is etoken? Introducing etoken Nirit Bear September 2002 What is etoken? Small & portable reader-less Smartcard Standard USB connectivity Logical and physical protection Tamper evident (vs. tamper proof) Water resistant

More information

VASCO Data Security International, Inc. DIGIPASS GO-7. FIPS 140-2 Non-Proprietary Cryptographic Module Security Policy

VASCO Data Security International, Inc. DIGIPASS GO-7. FIPS 140-2 Non-Proprietary Cryptographic Module Security Policy VASCO Data Security International, Inc. DIGIPASS GO-7 FIPS 140-2 Non-Proprietary Cryptographic Module Security Policy Security Level: 2 Version: 1.7 Date: August 12, 2015 Copyright VASCO Data Security

More information

THE APPEAL FOR CONTACTLESS PAYMENT 3 AVAILABLE CONTACTLESS TECHNOLOGIES 3 USING ISO 14443 BASED TECHNOLOGY FOR PAYMENT 4

THE APPEAL FOR CONTACTLESS PAYMENT 3 AVAILABLE CONTACTLESS TECHNOLOGIES 3 USING ISO 14443 BASED TECHNOLOGY FOR PAYMENT 4 CONTACTLESS THE APPEAL FOR CONTACTLESS 3 AVAILABLE CONTACTLESS TECHNOLOGIES 3 USING ISO 14443 BASED TECHNOLOGY FOR 4 DESIGNING AN EMV LIKE CONTACTLESS SYSTEM 5 INGENICO, LEADER IN CONTACTLESS TECHNOLOGY

More information

USING MIFARE CLASSIC TAGS VERSION 100212

USING MIFARE CLASSIC TAGS VERSION 100212 USING MIFARE CLASSIC TAGS VERSION 100212 U s i n g M I F A R E C l a s s i c T a g s P a g e 2 TABLE OF CONTENTS 1 Overview... 4 1.1 Required Reading... 4 1.2 Document Scope... 4 1.3 MIFARE Features...

More information

Security by Politics - Why it will never work. Lukas Grunwald DN-Systems GmbH Germany DefCon 15 Las Vegas USA

Security by Politics - Why it will never work. Lukas Grunwald DN-Systems GmbH Germany DefCon 15 Las Vegas USA Security by Politics - Why it will never work Lukas Grunwald DN-Systems GmbH Germany DefCon 15 Las Vegas USA Agenda Motivation Some basics Brief overview epassport (MRTD) Why cloning? How to attack the

More information

All You Can Eat. Breaking a Real-World Contactless Payment System

All You Can Eat. Breaking a Real-World Contactless Payment System All You Can Eat or Breaking a Real-World Contactless Payment System Timo Kasper, Michael Silbermann, and Christof Paar Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany {Timo.Kasper,

More information

To effectively manage and control a factory, we need information. How do we collect it?

To effectively manage and control a factory, we need information. How do we collect it? Auto-ID 321 Auto-ID Data-collection needs: What is our WIP? What is productivity or assignment of employees? What is utilization of machines? What is progress of orders? What is our inventory? What must

More information

Attacking and Fixing PKCS#11 Security Tokens

Attacking and Fixing PKCS#11 Security Tokens Attacking and Fixing PKCS#11 Security Tokens Matteo Bortolozzo, Matteo Centenaro Riccardo Focardi and Graham Steel Università Ca Foscari, Venezia and LSV, INRIA & CNRS & ENS-Cachan RSA PKCS#11 Describes

More information

AN1304. NFC Type MIFARE Classic Tag Operation. Application note PUBLIC. Rev. 1.3 2 October 2012 130413. Document information

AN1304. NFC Type MIFARE Classic Tag Operation. Application note PUBLIC. Rev. 1.3 2 October 2012 130413. Document information NFC Type MIFARE Classic Tag Operation Document information Info Content Keywords NDEF, NDEF data mapping, NDEF Data Exchange Format MIFARE Classic 1K, MIFARE Classic 4K, MIFARE Classic 1K/4K, MIFARE Plus

More information

Hacking Mifare Classic Cards. Márcio Almeida (marcioalma@gmail.com)

Hacking Mifare Classic Cards. Márcio Almeida (marcioalma@gmail.com) Hacking Mifare Classic Cards Márcio Almeida (marcioalma@gmail.com) !! DISCLAIMERS!! Disclaimer 1: The content of this presentation results from independent research conducted by me on my own time and of

More information

RFID READER 13.56MHz Reader / Writer SL500 User Manual Version 2.6 Nov 2011 StrongLink

RFID READER 13.56MHz Reader / Writer SL500 User Manual Version 2.6 Nov 2011 StrongLink RFID READER 13.56MHz Reader / Writer User Manual Version 2.6 Nov 2011 StrongLink CONTENT 1. GENERAL INFORMATION... 5 2. TYPES AND EXPLANATION... 6 3. CONNECTING TO PC... 6 3.1 -RS232... 6 3.2 -USB... 7

More information

Keep Out of My Passport: Access Control Mechanisms in E-passports

Keep Out of My Passport: Access Control Mechanisms in E-passports Keep Out of My Passport: Access Control Mechanisms in E-passports Ivo Pooters June 15, 2008 Abstract Nowadays, over 40 different countries issue biometric passports to increase security on there borders.

More information

Beveiliging van de OV-Chipkaart

Beveiliging van de OV-Chipkaart Beveiliging van de OV-Chipkaart Antenna RFID Chip Mifare Ultralight (throw away card) Mifare Clasic (subscription card) RFID Technology Reader Modified Miller Encoding Machester Encoding Tag RFID Applications

More information

How To Secure A Paypass Card From Being Hacked By A Hacker

How To Secure A Paypass Card From Being Hacked By A Hacker PayPass Vulnerabilities Balázs Bucsay http://rycon.hu - earthquake_at_rycon_dot_hu PR-Audit Kft. http://www.praudit.hu/ PayPass PayPass lets you make everyday purchases without having to swipe the magnetic

More information

Secure Remote Photo Identification With ID card

Secure Remote Photo Identification With ID card Secure Remote Photo Identification With ID card Keith Jentoft 888-456-0425 kjentoft@audiosmartcard.com www.ncryptone.com 1 AudioSmartCard, group Basic concept: Remote Photo Authentication Cardholder s

More information

Mobile data carrier TW-L86-54-C-B128

Mobile data carrier TW-L86-54-C-B128 EEPROM, memory 128 byte Functional principle The HF read/write heads operating at a frequency of 13.56 MHz, form a transmission zone the size of which (0 500 mm) varies, depending on the combination of

More information

Smartcards and RFID. IPA Security Course Lejla Batina & Erik Poll. Digital Security University of Nijmegen

Smartcards and RFID. IPA Security Course Lejla Batina & Erik Poll. Digital Security University of Nijmegen Smartcards and RFID IPA Security Course Lejla Batina & Erik Poll Digital Security University of Nijmegen 1 Overview example uses (security) functionality smartcard technicalities RFID technicalities attacks

More information

Computer Architecture

Computer Architecture Computer Architecture Random Access Memory Technologies 2015. április 2. Budapest Gábor Horváth associate professor BUTE Dept. Of Networked Systems and Services ghorvath@hit.bme.hu 2 Storing data Possible

More information

Security Issues in RFID systems. By Nikhil Nemade Krishna C Konda

Security Issues in RFID systems. By Nikhil Nemade Krishna C Konda Security Issues in RFID systems By Nikhil Nemade Krishna C Konda Agenda Introduction to an RFID System Possible Application Areas Need for Security Vulnerabilities of an RFID system Security Measures currently

More information

Enhancing the Contactless Cards UAT. Enabling faster and efficient transactions.

Enhancing the Contactless Cards UAT. Enabling faster and efficient transactions. sqs.com Case Study - Banking & Financial Services Enhancing the Contactless UAT. Enabling faster and efficient transactions. A leading European Bank established successfully across various Credit/Debit

More information

LibRFID: Automation Software for Library Management System Using RFID Technology

LibRFID: Automation Software for Library Management System Using RFID Technology LibRFID: Automation Software for Library Management System Using RFID Technology Amar Michael Sequeira 1 Lecturer, Department of Computer Science, Bhandarkars Arts and Science College, Kundapura, Udupi,

More information

E-Blocks Easy RFID Bundle

E-Blocks Easy RFID Bundle Page 1 Cover Page Page 2 Flowcode Installing Flowcode Instruction for installing Flowcode can be found inside the installation booklet located inside the Flowcode DVD case. Before starting with the course

More information

Complete Technology and RFID

Complete Technology and RFID UGM 2007 Complete Technology and RFID Overview Operating Principles Inductive Coupling Microwave Coupling Coupling to Circuit Simmulation Summary T. Wittig 1 twi, apr / v2.0 / 12. Jun 2007 Overview Radio

More information

Ensto Chago Master EVM300 and EVM500 Operational description

Ensto Chago Master EVM300 and EVM500 Operational description Pages: 1 (8) Ensto Chago Master EVM300 and EVM500 Operational Pages: 2 (8) Contents 1 What is Ensto EVM... 3 2 EVM versions... 3 2.1 EVM300... 4 2.2 EVM500... 5 3 Technical information... 7 Pages: 3 (8)

More information

For Auto Locksmit Association only!!! Key Programmer User s Manual

For Auto Locksmit Association only!!! Key Programmer User s Manual For Auto Locksmit Association only!!! Key Programmer User s Manual BMW CAS1 CAS3 (E60-E64, E65, E7x, E82, E83, E88, E9x,) Key Programmer Version: BMWProg - OBD - v 10.6 - works with ISTA-47 latest 2012

More information

ACR120 Technical Specifications version 2.9 November 2005

ACR120 Technical Specifications version 2.9 November 2005 Version 2.9 11-2005, Email: info@acs.com.hk Website: www.acs.com.hk ACR120 Contactless Reader/Writer 1.0 Introduction The ACR120 is a compact and cost-effective contactless reader and writer. It is developed

More information

On the Security of RFID

On the Security of RFID On the Security of RFID Hung-Min Sun Information Security Lab. Department of Computer Science National Tsing Hua University slide 1 What is RFID? Radio-Frequency Identification Tag Reference http://glossary.ippaper.com

More information

Internet Banking Two-Factor Authentication using Smartphones

Internet Banking Two-Factor Authentication using Smartphones Internet Banking Two-Factor Authentication using Smartphones Costin Andrei SOARE IT&C Security Master Department of Economic Informatics and Cybernetics Bucharest University of Economic Studies, Romania

More information

Security in Near Field Communication (NFC)

Security in Near Field Communication (NFC) Security in Near Field Communication (NFC) Strengths and Weaknesses Ernst Haselsteiner and Klemens Breitfuß Philips Semiconductors Mikronweg 1, 8101 Gratkorn, Austria ernst.haselsteiner@philips.com klemens.breitfuss@philips.com

More information

How To Hack An Rdi Credit Card

How To Hack An Rdi Credit Card RFID Payment Card Vulnerabilities Technical Report Thomas S. Heydt-Benjamin 1, Daniel V. Bailey 2, Kevin Fu 1, Ari Juels 2, and Tom O'Hare 3 Abstract 1: University of Massachusetts at Amherst {tshb, kevinfu}@cs.umass.edu

More information

Smart Card Application Standard Draft

Smart Card Application Standard Draft Smart Card Application Standard Draft Contents 1 SCOPE... 6 1.1 DEFINITIONS / DOCUMENT CONVENTIONS... 6 2 KEY DATA ELEMENTS AND CONCEPTS... 7 2.1 STATIC CARD INFORMATION... 7 2.1.1 Card ID (CdID)... 7

More information

NFC Test Challenges for Mobile Device Developers Presented by: Miguel Angel Guijarro miguel-angel_guijarro@agilent.com

NFC Test Challenges for Mobile Device Developers Presented by: Miguel Angel Guijarro miguel-angel_guijarro@agilent.com NFC Test Challenges for Mobile Device Developers Presented by: Miguel Angel Guijarro miguel-angel_guijarro@agilent.com 1 Outlook About NFC Developing a NFC Device Test Challenges Test Solutions Q&A 2 What

More information

Training. MIFARE4Mobile. Public. MobileKnowledge April 2015

Training. MIFARE4Mobile. Public. MobileKnowledge April 2015 MIFARE4Mobile Public MobileKnowledge April 2015 Agenda Why MIFARE4Mobile? MIFARE in Mobile related technologies MIFARE technology NFC technology MIFARE4Mobile technology High level system architecture

More information

RFID Hacking. Live Free or RFID Hard. 01 Aug 2013 Black Hat USA 2013 Las Vegas, NV. Presented by: Francis Brown Bishop Fox www.bishopfox.

RFID Hacking. Live Free or RFID Hard. 01 Aug 2013 Black Hat USA 2013 Las Vegas, NV. Presented by: Francis Brown Bishop Fox www.bishopfox. RFID Hacking Live Free or RFID Hard 01 Aug 2013 Black Hat USA 2013 Las Vegas, NV Presented by: Francis Brown Bishop Fox www.bishopfox.com Agenda Quick Overview RFID badge basics Hacking Tools Primary existing

More information

Using Contactless Smart Cards for Secure Applications

Using Contactless Smart Cards for Secure Applications Using Contactless Smart Cards for Secure Applications Classification: Public (Info Level 1) Document No.: LA-11-005d-en Edition: 2010 www.legic.com LEGIC Identsystems Ltd Binzackerstrasse 41, CH-8620 Wetzikon,

More information

NEAR FIELD COMMUNICATION

NEAR FIELD COMMUNICATION 64 CHAPTER 4 NEAR FIELD COMMUNICATION 4.1. Introduction Near Field Communication (NFC) is a short-range wireless connectivity technology that enables exchange of data between devices and tags over a distance

More information

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER with Convenience and Personal Privacy version 0.2 Aug.18, 2007 WHITE PAPER CONTENT Introduction... 3 Identity verification and multi-factor authentication..... 4 Market adoption... 4 Making biometrics

More information

Bypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken

Bypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken Bypassing Local Windows Authentication to Defeat Full Disk Encryption Ian Haken Who Am I? Currently a security researcher at Synopsys, working on application security tools and Coverity s static analysis

More information

AN11269. Software Design Guide for POS Development Kit OM5597/RD2663. Rev. 1.0 5 August 2014 242510. Application note COMPANY PUBLIC

AN11269. Software Design Guide for POS Development Kit OM5597/RD2663. Rev. 1.0 5 August 2014 242510. Application note COMPANY PUBLIC Software Design Guide for POS Development Kit OM5597/RD2663 Document information Info Content Keywords RC663, TDA8026, LPC1768, Point of Sale Development Kit design, POS, guide, firmware documentation,

More information

Business through Mobile Phone initiated Near Field Communication

Business through Mobile Phone initiated Near Field Communication Business through Mobile Phone initiated Near Field Communication Josef Noll 1, Juan Carlos Lopez Calvet, Telenor R&D,, N-1331 Fornebu josef@unik.no, juan.calvet@telenor.com 1 from 1.6.2005 Prof. stip.

More information
2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback | Do Not Sell My Personal Information