Loading…

Wirelessly lockpicking a smart card reader

With more than 300 million cards sold, HID iClass is one of the most popular contactless smart cards on the market. It is widely used for access control, secure login and payment systems. The card uses 64-bit keys to provide authenticity and integrity. The cipher and key diversification algorithms u...

Full description

Saved in:

Bibliographic Details
Published in:	International journal of information security 2014-10, Vol.13 (5), p.403-420
Main Authors:	Garcia, Flavio D., de Koning Gans, Gerhard, Verdult, Roel
Format:	Article
Language:	English
Subjects:	Access control Access methods and protocols, osi model Algorithms Applied sciences Authentication Authentication protocols Cards Coding and Information Theory Communication Communications Engineering Complexity Computation Computer Communication Networks Computer information security Computer Science Cryptography Cryptology Data integrity Embedded systems Equipments and installations Exact sciences and technology Information, signal and communications theory Management of Computing and Information Systems Mobile radiocommunication systems Network security Networks Operating Systems Payment systems Proprietary Radio frequency identification Radiocommunications Readers Regular Contribution Reverse engineering Secret Security management Signal and communications theory Smart cards Studies Systems, networks and services of telecommunications Telecommunications Telecommunications and information theory Teleprocessing networks. Isdn
Citations:	Items that this one cites
Online Access:	Get full text
Tags:	Add Tag No Tags, Be the first to tag this record!

cited_by
cites	cdi_FETCH-LOGICAL-c401t-6bdacc3c3571737d15fecd5b3395a23b6cd3e537cefe2dd69c0fbf682469f4c33
container_end_page	420
container_issue	5
container_start_page	403
container_title	International journal of information security
container_volume	13
creator	Garcia, Flavio D. de Koning Gans, Gerhard Verdult, Roel
description	With more than 300 million cards sold, HID iClass is one of the most popular contactless smart cards on the market. It is widely used for access control, secure login and payment systems. The card uses 64-bit keys to provide authenticity and integrity. The cipher and key diversification algorithms used in iClass are proprietary, and little information about them is publicly available. In this paper, we have reverse engineered all security mechanisms in the card including cipher, authentication protocol and also key diversification algorithms, which we publish in full detail. Furthermore, we have found six critical weaknesses that we exploit in two attacks, one against iClass Standard and one against iClass Elite (a.k.a., iClass High Security). In order to recover a secret card key, the first attack requires one authentication attempt with a legitimate reader and 2 22 queries to a card. This attack has a computational complexity of 2 40 MAC computations. The whole attack can be executed within a day on ordinary hardware. Remarkably, the second attack which is against iClass Elite is significantly faster. It directly recovers the system-wide master key from only 15 authentication attempts with a legitimate reader. The computational complexity of this attack is lower than 2 25 MAC computations, which means that it can be fully executed within 5 seconds on an ordinary laptop.
doi_str_mv	10.1007/s10207-014-0234-0
format	article
fullrecord	<record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_1620095845</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>1620095845</sourcerecordid><originalsourceid>FETCH-LOGICAL-c401t-6bdacc3c3571737d15fecd5b3395a23b6cd3e537cefe2dd69c0fbf682469f4c33</originalsourceid><addsrcrecordid>eNp1kE9LAzEQxYMoWKsfwNuCCCKsziSbpHuU4j8oeFE8huxsUrbd7takPfTbm7JFRPAyMzC_ebx5jF0i3CGAvo8IHHQOWOTARSpHbIQKZS65huOfWfFTdhbjAoAjlDhit59NcK2Lsd1lbU_LdUPLpptnNosrGzYZ2VBnwdnahXN24m0b3cWhj9nH0-P79CWfvT2_Th9mORWAm1xVtSUSJKRGLXSN0juqZSVEKS0XlaJaOCk0Oe94XauSwFdeTXihSl-QEGN2M-iuQ_-1dXFjVk0k17a2c_02GlQcoJSTQib06g-66LehS-4MSgWFQCVUonCgKPQxBufNOjTpu51BMPv0zJCeSemZfXoG0s31QdlGsq0PtqMm_hzyidblpNCJ4wMX06qbu_DLwb_i3581fUw</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1560431636</pqid></control><display><type>article</type><title>Wirelessly lockpicking a smart card reader</title><source>Criminology Collection</source><source>Business Source Ultimate【Trial: -2024/12/31】【Remote access available】</source><source>ABI/INFORM Global (ProQuest)</source><source>Social Science Premium Collection</source><source>Springer Nature</source><creator>Garcia, Flavio D. ; de Koning Gans, Gerhard ; Verdult, Roel</creator><creatorcontrib>Garcia, Flavio D. ; de Koning Gans, Gerhard ; Verdult, Roel</creatorcontrib><description>With more than 300 million cards sold, HID iClass is one of the most popular contactless smart cards on the market. It is widely used for access control, secure login and payment systems. The card uses 64-bit keys to provide authenticity and integrity. The cipher and key diversification algorithms used in iClass are proprietary, and little information about them is publicly available. In this paper, we have reverse engineered all security mechanisms in the card including cipher, authentication protocol and also key diversification algorithms, which we publish in full detail. Furthermore, we have found six critical weaknesses that we exploit in two attacks, one against iClass Standard and one against iClass Elite (a.k.a., iClass High Security). In order to recover a secret card key, the first attack requires one authentication attempt with a legitimate reader and 2 22 queries to a card. This attack has a computational complexity of 2 40 MAC computations. The whole attack can be executed within a day on ordinary hardware. Remarkably, the second attack which is against iClass Elite is significantly faster. It directly recovers the system-wide master key from only 15 authentication attempts with a legitimate reader. The computational complexity of this attack is lower than 2 25 MAC computations, which means that it can be fully executed within 5 seconds on an ordinary laptop.</description><identifier>ISSN: 1615-5262</identifier><identifier>EISSN: 1615-5270</identifier><identifier>DOI: 10.1007/s10207-014-0234-0</identifier><language>eng</language><publisher>Berlin/Heidelberg: Springer Berlin Heidelberg</publisher><subject>Access control ; Access methods and protocols, osi model ; Algorithms ; Applied sciences ; Authentication ; Authentication protocols ; Cards ; Coding and Information Theory ; Communication ; Communications Engineering ; Complexity ; Computation ; Computer Communication Networks ; Computer information security ; Computer Science ; Cryptography ; Cryptology ; Data integrity ; Embedded systems ; Equipments and installations ; Exact sciences and technology ; Information, signal and communications theory ; Management of Computing and Information Systems ; Mobile radiocommunication systems ; Network security ; Networks ; Operating Systems ; Payment systems ; Proprietary ; Radio frequency identification ; Radiocommunications ; Readers ; Regular Contribution ; Reverse engineering ; Secret ; Security management ; Signal and communications theory ; Smart cards ; Studies ; Systems, networks and services of telecommunications ; Telecommunications ; Telecommunications and information theory ; Teleprocessing networks. Isdn</subject><ispartof>International journal of information security, 2014-10, Vol.13 (5), p.403-420</ispartof><rights>Springer-Verlag Berlin Heidelberg 2014</rights><rights>2015 INIST-CNRS</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c401t-6bdacc3c3571737d15fecd5b3395a23b6cd3e537cefe2dd69c0fbf682469f4c33</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://www.proquest.com/docview/1560431636/fulltextPDF?pq-origsite=primo$$EPDF$$P50$$Gproquest$$H</linktopdf><linktohtml>$$Uhttps://www.proquest.com/docview/1560431636?pq-origsite=primo$$EHTML$$P50$$Gproquest$$H</linktohtml><link.rule.ids>314,780,784,11687,21375,21393,27923,27924,33610,33611,33768,33769,36059,36060,43732,43813,44362,74092,74181,74766</link.rule.ids><backlink>$$Uhttp://pascal-francis.inist.fr/vibad/index.php?action=getRecordDetail&idt=28779847$$DView record in Pascal Francis$$Hfree_for_read</backlink></links><search><creatorcontrib>Garcia, Flavio D.</creatorcontrib><creatorcontrib>de Koning Gans, Gerhard</creatorcontrib><creatorcontrib>Verdult, Roel</creatorcontrib><title>Wirelessly lockpicking a smart card reader</title><title>International journal of information security</title><addtitle>Int. J. Inf. Secur</addtitle><description>With more than 300 million cards sold, HID iClass is one of the most popular contactless smart cards on the market. It is widely used for access control, secure login and payment systems. The card uses 64-bit keys to provide authenticity and integrity. The cipher and key diversification algorithms used in iClass are proprietary, and little information about them is publicly available. In this paper, we have reverse engineered all security mechanisms in the card including cipher, authentication protocol and also key diversification algorithms, which we publish in full detail. Furthermore, we have found six critical weaknesses that we exploit in two attacks, one against iClass Standard and one against iClass Elite (a.k.a., iClass High Security). In order to recover a secret card key, the first attack requires one authentication attempt with a legitimate reader and 2 22 queries to a card. This attack has a computational complexity of 2 40 MAC computations. The whole attack can be executed within a day on ordinary hardware. Remarkably, the second attack which is against iClass Elite is significantly faster. It directly recovers the system-wide master key from only 15 authentication attempts with a legitimate reader. The computational complexity of this attack is lower than 2 25 MAC computations, which means that it can be fully executed within 5 seconds on an ordinary laptop.</description><subject>Access control</subject><subject>Access methods and protocols, osi model</subject><subject>Algorithms</subject><subject>Applied sciences</subject><subject>Authentication</subject><subject>Authentication protocols</subject><subject>Cards</subject><subject>Coding and Information Theory</subject><subject>Communication</subject><subject>Communications Engineering</subject><subject>Complexity</subject><subject>Computation</subject><subject>Computer Communication Networks</subject><subject>Computer information security</subject><subject>Computer Science</subject><subject>Cryptography</subject><subject>Cryptology</subject><subject>Data integrity</subject><subject>Embedded systems</subject><subject>Equipments and installations</subject><subject>Exact sciences and technology</subject><subject>Information, signal and communications theory</subject><subject>Management of Computing and Information Systems</subject><subject>Mobile radiocommunication systems</subject><subject>Network security</subject><subject>Networks</subject><subject>Operating Systems</subject><subject>Payment systems</subject><subject>Proprietary</subject><subject>Radio frequency identification</subject><subject>Radiocommunications</subject><subject>Readers</subject><subject>Regular Contribution</subject><subject>Reverse engineering</subject><subject>Secret</subject><subject>Security management</subject><subject>Signal and communications theory</subject><subject>Smart cards</subject><subject>Studies</subject><subject>Systems, networks and services of telecommunications</subject><subject>Telecommunications</subject><subject>Telecommunications and information theory</subject><subject>Teleprocessing networks. Isdn</subject><issn>1615-5262</issn><issn>1615-5270</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2014</creationdate><recordtype>article</recordtype><sourceid>ALSLI</sourceid><sourceid>BGRYB</sourceid><sourceid>M0C</sourceid><sourceid>M0O</sourceid><recordid>eNp1kE9LAzEQxYMoWKsfwNuCCCKsziSbpHuU4j8oeFE8huxsUrbd7takPfTbm7JFRPAyMzC_ebx5jF0i3CGAvo8IHHQOWOTARSpHbIQKZS65huOfWfFTdhbjAoAjlDhit59NcK2Lsd1lbU_LdUPLpptnNosrGzYZ2VBnwdnahXN24m0b3cWhj9nH0-P79CWfvT2_Th9mORWAm1xVtSUSJKRGLXSN0juqZSVEKS0XlaJaOCk0Oe94XauSwFdeTXihSl-QEGN2M-iuQ_-1dXFjVk0k17a2c_02GlQcoJSTQib06g-66LehS-4MSgWFQCVUonCgKPQxBufNOjTpu51BMPv0zJCeSemZfXoG0s31QdlGsq0PtqMm_hzyidblpNCJ4wMX06qbu_DLwb_i3581fUw</recordid><startdate>20141001</startdate><enddate>20141001</enddate><creator>Garcia, Flavio D.</creator><creator>de Koning Gans, Gerhard</creator><creator>Verdult, Roel</creator><general>Springer Berlin Heidelberg</general><general>Springer</general><general>Springer Nature B.V</general><scope>IQODW</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>0-V</scope><scope>0U~</scope><scope>1-H</scope><scope>3V.</scope><scope>7SC</scope><scope>7WY</scope><scope>7WZ</scope><scope>7XB</scope><scope>87Z</scope><scope>88F</scope><scope>8AL</scope><scope>8AM</scope><scope>8AO</scope><scope>8FD</scope><scope>8FE</scope><scope>8FG</scope><scope>8FK</scope><scope>8FL</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ALSLI</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BEZIV</scope><scope>BGLVJ</scope><scope>BGRYB</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>FRNLG</scope><scope>F~G</scope><scope>GNUQQ</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K60</scope><scope>K6~</scope><scope>K7-</scope><scope>K7.</scope><scope>L.-</scope><scope>L.0</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>M0C</scope><scope>M0N</scope><scope>M0O</scope><scope>M1Q</scope><scope>P5Z</scope><scope>P62</scope><scope>PQBIZ</scope><scope>PQBZA</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>Q9U</scope></search><sort><creationdate>20141001</creationdate><title>Wirelessly lockpicking a smart card reader</title><author>Garcia, Flavio D. ; de Koning Gans, Gerhard ; Verdult, Roel</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c401t-6bdacc3c3571737d15fecd5b3395a23b6cd3e537cefe2dd69c0fbf682469f4c33</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2014</creationdate><topic>Access control</topic><topic>Access methods and protocols, osi model</topic><topic>Algorithms</topic><topic>Applied sciences</topic><topic>Authentication</topic><topic>Authentication protocols</topic><topic>Cards</topic><topic>Coding and Information Theory</topic><topic>Communication</topic><topic>Communications Engineering</topic><topic>Complexity</topic><topic>Computation</topic><topic>Computer Communication Networks</topic><topic>Computer information security</topic><topic>Computer Science</topic><topic>Cryptography</topic><topic>Cryptology</topic><topic>Data integrity</topic><topic>Embedded systems</topic><topic>Equipments and installations</topic><topic>Exact sciences and technology</topic><topic>Information, signal and communications theory</topic><topic>Management of Computing and Information Systems</topic><topic>Mobile radiocommunication systems</topic><topic>Network security</topic><topic>Networks</topic><topic>Operating Systems</topic><topic>Payment systems</topic><topic>Proprietary</topic><topic>Radio frequency identification</topic><topic>Radiocommunications</topic><topic>Readers</topic><topic>Regular Contribution</topic><topic>Reverse engineering</topic><topic>Secret</topic><topic>Security management</topic><topic>Signal and communications theory</topic><topic>Smart cards</topic><topic>Studies</topic><topic>Systems, networks and services of telecommunications</topic><topic>Telecommunications</topic><topic>Telecommunications and information theory</topic><topic>Teleprocessing networks. Isdn</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Garcia, Flavio D.</creatorcontrib><creatorcontrib>de Koning Gans, Gerhard</creatorcontrib><creatorcontrib>Verdult, Roel</creatorcontrib><collection>Pascal-Francis</collection><collection>CrossRef</collection><collection>ProQuest Social Sciences Premium Collection【Remote access available】</collection><collection>Global News & ABI/Inform Professional</collection><collection>Trade PRO</collection><collection>ProQuest Central (Corporate)</collection><collection>Computer and Information Systems Abstracts</collection><collection>ABI/INFORM Collection</collection><collection>ABI/INFORM Global (PDF only)</collection><collection>ProQuest Central (purchase pre-March 2016)</collection><collection>ABI/INFORM Collection</collection><collection>Military Database (Alumni Edition)</collection><collection>Computing Database (Alumni Edition)</collection><collection>Criminal Justice Database (Alumni Edition)</collection><collection>ProQuest Pharma Collection</collection><collection>Technology Research Database</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni) (purchase pre-March 2016)</collection><collection>ABI/INFORM Collection (Alumni Edition)</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central</collection><collection>Social Science Premium Collection</collection><collection>Advanced Technologies & Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Business Premium Collection</collection><collection>Technology Collection</collection><collection>Criminology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central</collection><collection>Business Premium Collection (Alumni)</collection><collection>ABI/INFORM Global (Corporate)</collection><collection>ProQuest Central Student</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Business Collection (Alumni Edition)</collection><collection>ProQuest Business Collection</collection><collection>Computer Science Database</collection><collection>ProQuest Criminal Justice (Alumni)</collection><collection>ABI/INFORM Professional Advanced</collection><collection>ABI/INFORM Professional Standard</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>ABI/INFORM Global (ProQuest)</collection><collection>Computing Database</collection><collection>Criminal Justice Database</collection><collection>Military Database</collection><collection>Advanced Technologies & Aerospace Database</collection><collection>ProQuest Advanced Technologies & Aerospace Collection</collection><collection>One Business (ProQuest)</collection><collection>ProQuest One Business (Alumni)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central Basic</collection><jtitle>International journal of information security</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Garcia, Flavio D.</au><au>de Koning Gans, Gerhard</au><au>Verdult, Roel</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Wirelessly lockpicking a smart card reader</atitle><jtitle>International journal of information security</jtitle><stitle>Int. J. Inf. Secur</stitle><date>2014-10-01</date><risdate>2014</risdate><volume>13</volume><issue>5</issue><spage>403</spage><epage>420</epage><pages>403-420</pages><issn>1615-5262</issn><eissn>1615-5270</eissn><abstract>With more than 300 million cards sold, HID iClass is one of the most popular contactless smart cards on the market. It is widely used for access control, secure login and payment systems. The card uses 64-bit keys to provide authenticity and integrity. The cipher and key diversification algorithms used in iClass are proprietary, and little information about them is publicly available. In this paper, we have reverse engineered all security mechanisms in the card including cipher, authentication protocol and also key diversification algorithms, which we publish in full detail. Furthermore, we have found six critical weaknesses that we exploit in two attacks, one against iClass Standard and one against iClass Elite (a.k.a., iClass High Security). In order to recover a secret card key, the first attack requires one authentication attempt with a legitimate reader and 2 22 queries to a card. This attack has a computational complexity of 2 40 MAC computations. The whole attack can be executed within a day on ordinary hardware. Remarkably, the second attack which is against iClass Elite is significantly faster. It directly recovers the system-wide master key from only 15 authentication attempts with a legitimate reader. The computational complexity of this attack is lower than 2 25 MAC computations, which means that it can be fully executed within 5 seconds on an ordinary laptop.</abstract><cop>Berlin/Heidelberg</cop><pub>Springer Berlin Heidelberg</pub><doi>10.1007/s10207-014-0234-0</doi><tpages>18</tpages></addata></record>
fulltext	fulltext
identifier	ISSN: 1615-5262
ispartof	International journal of information security, 2014-10, Vol.13 (5), p.403-420
issn	1615-5262 1615-5270
language	eng
recordid	cdi_proquest_miscellaneous_1620095845
source	Criminology Collection; Business Source Ultimate【Trial: -2024/12/31】【Remote access available】; ABI/INFORM Global (ProQuest); Social Science Premium Collection; Springer Nature
subjects	Access control Access methods and protocols, osi model Algorithms Applied sciences Authentication Authentication protocols Cards Coding and Information Theory Communication Communications Engineering Complexity Computation Computer Communication Networks Computer information security Computer Science Cryptography Cryptology Data integrity Embedded systems Equipments and installations Exact sciences and technology Information, signal and communications theory Management of Computing and Information Systems Mobile radiocommunication systems Network security Networks Operating Systems Payment systems Proprietary Radio frequency identification Radiocommunications Readers Regular Contribution Reverse engineering Secret Security management Signal and communications theory Smart cards Studies Systems, networks and services of telecommunications Telecommunications Telecommunications and information theory Teleprocessing networks. Isdn
title	Wirelessly lockpicking a smart card reader
url	http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-08T13%3A14%3A21IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Wirelessly%20lockpicking%20a%20smart%20card%20reader&rft.jtitle=International%20journal%20of%20information%20security&rft.au=Garcia,%20Flavio%20D.&rft.date=2014-10-01&rft.volume=13&rft.issue=5&rft.spage=403&rft.epage=420&rft.pages=403-420&rft.issn=1615-5262&rft.eissn=1615-5270&rft_id=info:doi/10.1007/s10207-014-0234-0&rft_dat=%3Cproquest_cross%3E1620095845%3C/proquest_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c401t-6bdacc3c3571737d15fecd5b3395a23b6cd3e537cefe2dd69c0fbf682469f4c33%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=1560431636&rft_id=info:pmid/&rfr_iscdi=true