Security of Metro Subway Smartcard and farecards

Similar documents
Using RFID Techniques for a Universal Identification Device

Gemalto Mifare 1K Datasheet

Hacking Mifare Classic Cards. Márcio Almeida

AN1305. MIFARE Classic as NFC Type MIFARE Classic Tag. Application note COMPANY PUBLIC. Rev October Document information

MIFARE ISO/IEC PICC

AN1304. NFC Type MIFARE Classic Tag Operation. Application note PUBLIC. Rev October Document information

Best Practices for the Use of RF-Enabled Technology in Identity Management. January Developed by: Smart Card Alliance Identity Council

Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, Developed by: Smart Card Alliance Identity Council

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

Karsten Nohl University of Virginia. Henryk Plötz HU Berlin

Business Case for the New Electronic Payments Program

NACCU Migrating to Contactless:

Secure My-d TM and Mifare TM RFID reader system by using a security access module Erich Englbrecht (info@eonline.de) V0.1draft

Exercise 1: Set up the Environment

MIFARE CONTACTLESS CARD TECHNOLOLGY AN HID WHITE PAPER

RFID Penetration Tests when the truth is stranger than fiction

AN mifare Ultralight Features and Hints. Document information. Multiple ticketing, secured data storage, implementation hints

MF1 IC S General description. Functional specification. 1.1 Contactless Energy and Data Transfer. 1.2 Anticollision. Energy

Privacy and Security in library RFID Issues, Practices and Architecture

advant advanced contactless smart card system

Secure recharge of disposable RFID tickets

RESEARCH SURVEY ON MIFARE WITH RFID TECHNOLOGY

Simple Smart Card Applications for Paratransit Systems

Open Payment System Request for Proposals

Counter Expertise Review on the TNO Security Analysis of the Dutch OV-Chipkaart. OV-Chipkaart Security Issues Tutorial for Non-Expert Readers

MF3ICD81, MF3ICD41, MF3ICD21

PUF Physical Unclonable Functions

Risks of Offline Verify PIN on Contactless Cards

USING MIFARE CLASSIC TAGS VERSION

Microsoft Identity Lifecycle Manager & Gemalto.NET Solutions. Jan 23 rd, 2007

Strengthen RFID Tags Security Using New Data Structure

Training. MIFARE4Mobile. Public. MobileKnowledge April 2015

Keep Out of My Passport: Access Control Mechanisms in E-passports

Loyalty Systems over Near Field Communication (NFC)

AN MIFARE DESFire as Type 4 Tag. Rev May Application note COMPANY PUBLIC. Document information.

MF3ICDx21_41_ General description. MIFARE DESFire EV1 contactless multi-application IC. Product short data sheet COMPANY PUBLIC

Implementation of biometrics, issues to be solved

THE APPEAL FOR CONTACTLESS PAYMENT 3 AVAILABLE CONTACTLESS TECHNOLOGIES 3 USING ISO BASED TECHNOLOGY FOR PAYMENT 4

How To Secure A Paypass Card From Being Hacked By A Hacker

Reviving smart card analysis

Secure Automatic Ticketing System

Guide to Data Field Encryption

A Secure and Open Solution for Seamless Transit Systems

Security & Chip Card ICs SLE 44R35S / Mifare

MF0ICU2. 1. General description. MIFARE Ultralight C. 1.1 Contactless energy and data transfer. 1.2 Anticollision. Rev May

Secure Sockets Layer

An Effective Approach to Open Payment Systems

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security

A common weakness in RSA signatures: extracting public keys from communications and embedded devices

Securing Host Operations with a Dedicated Cryptographic IC - CryptoCompanion

mcard CPK Supported Solutions

Security in Near Field Communication (NFC)

a leap ahead in analog

All You Can Eat. Breaking a Real-World Contactless Payment System

More effective protection for your access control system with end-to-end security

Mobile and Contactless Payment Security

Information Security Group (ISG) Core Research Areas. The ISG Smart Card Centre. From Smart Cards to NFC Smart Phone Security

5. FARE RATES AND COLLECTION METHODS

What is a Smart Card?

A Note on the Relay Attacks on e-passports

RFID Security: Threats, solutions and open challenges

Self-Check-In Hotels Using RFID. Technology

NFC Test Challenges for Mobile Device Developers Presented by: Miguel Angel Guijarro

Smart Card Application Standard Draft

RAIN RFID and the Internet of Things: Industry Snapshot and Security Needs. Matt Robshaw and Tyler Williamson Impinj Seattle, USA

Chip Card & Security ICs Mifare NRG SLE 66R35

Preventing fraud in epassports and eids

NXP Secure Smart Card Controllers P5CD016V1D / P5CD021V1D / P5CD041V1D / P5Cx081V1D with DESFire EV1

How To Understand The Power Of An Freddi Tag (Rfid) System

Entrust Smartcard & USB Authentication

Verfahren zur Absicherung von Apps. Dr. Ullrich Martini IHK,

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

1. Product Overview 2. Product Features 3. Comparison Chart 4. Product Applications 5. Order Information 6. Q & A

Jolly Encoder Configuration Guide

Side Channel Analysis and Embedded Systems Impact and Countermeasures

Introducing MIFARE DESFire EV2

RFID Security and Privacy: A Research Survey. Vincent Naessens Studiedag Rabbit project

NFC Hacking: The Easy Way

Keeping SCADA Networks Open and Secure DNP3 Security

Thanks, But No Thanks

RFID Security. April 10, Martin Dam Pedersen Department of Mathematics and Computer Science University Of Southern Denmark

Hacking the NFC credit cards for fun and debit ;) Renaud Lifchitz BT Hackito Ergo Sum 2012 April 12,13,14 Paris, France

THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP

NFC Hacking: The Easy Way

Credit Card Fraud The Contactless Generation Kristin Paget

RFID Based Real Time Password Authentication System for ATM

Training MIFARE SDK. Public. MobileKnowledge June 2015

Advanced Authentication

MovieLabs Specification for Enhanced Content Protection Version 1.0

Mifare DESFire Specification

Functional Specification Document

Warsaw City Card. Warsaw,

Aperio Online System Description

UMTS security. Helsinki University of Technology S Security of Communication Protocols

Training Webcast on Contactless Cards for Access Control. January 21, 2004

PayPass - M/Chip Requirements. 5 December 2011

Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi

Cryptographic and Security Testing Laboratory. Deputy Laboratory Director, CST Laboratory Manager

NFCulT. An easy a nice tool that will make you have fun, or... make profit!

Near Field Communication in Cell Phones

Transcription:

Security of Metro Subway Smartcard and farecards ECE646: Cryptography and Computer Network Security Hunter, Corzo

Introduction Nearly all metro systems around the world use some kind of smartcard for fare collection. Smartcards have security features over RFID tokens and paper farecards.

Metro (WMATA) Operation Metrorail fares SmarTrip or paper farecard Metrobus SmartTrip or cash Parking SmartTrip or cash

DC Metro System Minimum balance to enter is $1.20. You can leave the Metro with negative balance. Maximum load is $300. Card cost is $5.00 (real cost is $3.40) and minimum balance one can buy is $5.00. If a person is more than 4 hours in the system, the rider must talk to a manager when exiting.

Magnetic Stripe Cards Paper farecards Can hold up to $45.00 Not likely to be secure Being phased out for cost and fraud reasons Doesn't appear to be encrypted Cloning attack seems possible due to lack of hardware protection

Anatomy of a Magcard Attack Need magnetic card reader / writer. Read raw data from card. Data can be copy to another card using writer(cloning).

Possible Forging Read mag card before taking a ride. Read mag card after taking a ride. Notices changes in the data and correlate. Iterate and figure out which bytes stores the value. Reverse engineer. Modify the value at will. FREE RIDES

Contactless Smartcards ISO 14443 is the standard for contactless Near Field Communication Chip is powered by radio waves emanated from card reader. Generally credit card sized. ISO/IEC 14443 uses following terms for components: PCD: proximity coupling device (the card reader) PICC: proximity integrated circuit card

Smartcards Features Available crypto systems in hardware. Authentication. MIFARE is a trademark of NXP Semiconductors. MIFARE is a technology that has been selected for most contact-less smartcard projects worldwide.

Smartcard Attacks Cloning/modification attacks. Replay attacks. Skimming attacks. Eavesdropping. Relay attacks.

Current SmarTrip Known as GOCard type and currently in circulation. ISO 14443 Type B Also used by Chicago Transport Authority. WMATA is introducing MIFARE plus cards into the system. Both card types use ISO-14443 communication protocol.

GOCard vs Plus GOCard MIFARE Plus Protocol ISO 14443 type B ISO 14443 Crypto 3DES 128-bit AES Memory 2KB 2KB or 4KB Op. Frequency 13.5 MHz 13.5 MHz Chip Manufacturer Fujitsu MB89R118 NXP

MIFARE Plus and Smartrip Based on smartrip use and operation, WMATA must store at least value, last time scanned, last station code, and maybe other nondisclosed information. All the keys in all the cards are different and derived using key diversification.

MIFARE Attacks MIFARE classic was partially reverse engineered by Karsten Nohl in 2008. Later on, the dutch research group cloned MIFARE classic card and discovered other vector attacks. MIFARE classic proprietary CRYPTO-1 was broken. The best attack was able to clone card in 10 seconds without the need of a valid card reader. Companies are implementing more cryptographic algorithm standards rather than proprietary algorithms.

Security Levels MIFARE Plus cards support one pre-personalization and 3 security levels. Cards operate in one security level at any given time and can only be switched to a higher level. Security Level 0 : MIFARE Plus cards are pre-personalized with configuration keys, level switching keys, MIFARE Classic CRYPTO1 and AES keys for the memory. Security Level 1: In this level the cards are 100% functionally backwards compatible with MIFARE Classic 1K and MIFARE Classic 4K cards. Cards work seamlessly in existing MIFARE Classic infrastructure. Security Level 2: Mandatory AES authentication. MIFARE Classic CRYPTO1 for data Security Level 3: Mandatory AES for authentication, communication confidentiality and integrity. Optional proximity detection (MIFARE Plus X only).

Security Levels

Key Diversification On the case of the Smartrip, diversification is done based on the Electronic Chip I.D. It uses AES-128 encryption scheme.

SmarTrip implemented with MIFARE

MIFARE Plus Security MIFARE Plus supports a key diversification scheme to prevent that different cards use the same keys. This ensures that even if one card gets compromised, the rest of the system remains secure. The protection of data sessions uses session keys, which are generated from two random values negotiated between card and reader during authentication.

Recommendations Enable proximity check which is offered by the MIFARE Plus X architecture to impede relay attacks. Update mechanism for master keys. Implement anti cloning mechanism. Phase out paper farecards.

THANK YOU

CMAC Generation WMATA requires that the smartrip cards must support key diversification. MIFARE Plus X supports this and does this through using CMAC for sub-key generation.

MIFARE Plus X Operation The UID is programmed into a locked NV-memory by the manufacturer. The PCD typically polls for PICCs in the field. This is done with the REQA. When a PICC is within the operating range of the PCD and receives the REQA, any MIFARE PICC returns the ATQA.

MIFARE Plus X Operation Anti-collision loop and UID.

Security Level Comparison

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information