Wirelessly lockpicking a smart card reader

With more than 300 million cards sold, HID iClass is one of the most popular contactless smart cards on the market. It is widely used for access control, secure login and payment systems. The card uses 64-bit keys to provide authenticity and integrity. The cipher and key diversification algorithms u...

Full description

Saved in:
Bibliographic Details
Published in:International journal of information security 2014-10, Vol.13 (5), p.403-420
Main Authors: Garcia, Flavio D., de Koning Gans, Gerhard, Verdult, Roel
Format: Article
Language:English
Subjects:
Access control
Access methods and protocols, osi model
Algorithms
Applied sciences
Authentication
Authentication protocols
Cards
Coding and Information Theory
Communication
Communications Engineering
Complexity
Computation
Computer Communication Networks
Computer information security
Computer Science
Cryptography
Cryptology
Data integrity
Embedded systems
Equipments and installations
Exact sciences and technology
Information, signal and communications theory
Management of Computing and Information Systems
Mobile radiocommunication systems
Network security
Networks
Operating Systems
Payment systems
Proprietary
Radio frequency identification
Radiocommunications
Readers
Regular Contribution
Reverse engineering
Secret
Security management
Signal and communications theory
Smart cards
Studies
Systems, networks and services of telecommunications
Telecommunications
Telecommunications and information theory
Teleprocessing networks. Isdn
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:With more than 300 million cards sold, HID iClass is one of the most popular contactless smart cards on the market. It is widely used for access control, secure login and payment systems. The card uses 64-bit keys to provide authenticity and integrity. The cipher and key diversification algorithms used in iClass are proprietary, and little information about them is publicly available. In this paper, we have reverse engineered all security mechanisms in the card including cipher, authentication protocol and also key diversification algorithms, which we publish in full detail. Furthermore, we have found six critical weaknesses that we exploit in two attacks, one against iClass Standard and one against iClass Elite (a.k.a., iClass High Security). In order to recover a secret card key, the first attack requires one authentication attempt with a legitimate reader and 2 22 queries to a card. This attack has a computational complexity of 2 40 MAC  computations. The whole attack can be executed within a day on ordinary hardware. Remarkably, the second attack which is against iClass Elite is significantly faster. It directly recovers the system-wide master key from only 15 authentication attempts with a legitimate reader. The computational complexity of this attack is lower than 2 25 MAC computations, which means that it can be fully executed within 5 seconds on an ordinary laptop.
ISSN:1615-5262
1615-5270
DOI:10.1007/s10207-014-0234-0