Group Demonstrates Security Hole in Oyster Card
10 March, 2008
Suddenly the door to RFIDs was thrown open, and those with expertise in the sophisticated security techniques used in modern personal computers could easily study the comparatively primitive encryption used by many low-cost RFIDs. (Higher-cost RFIDs, including other models from NXP Semiconductors, use very strong encryption, but their high cost limits their applications.)
"You can't consider the RFID world separate from the world of computers anymore, as manufacturers have in the past," said Nohl. "People have and will, as we have, taken security expertise from the world of computers and applied it to RFIDs, whose designers had been operating under the assumption that their world was apart from such scrutiny."
Once Nohl's team could read the raw information transmitted by the MiFare Classic, breaking its encryption involved surmounting several technical challenges.
Nohl and his colleagues "dissected" the MiFare chip to reveal each of the five layers of circuitry that make up the chip and produce the encryption. To do so, they looked at the chip under a conventional optical microscope, and used micro-polishing sandpaper to remove a few microns of material at a time to reveal each layer of circuitry, which then was digitally photographed.
Since their imaging equipment was so rudimentary, Nohl wrote custom optical recognition software that recognized and clarified the different elements that made up each circuit. The team then combined the clarified pictures from each of the chip's layers to produce a clear, three-dimensional picture of the entire circuitry, much like medical magnetic resonance imaging forms a 3-D image of a brain or knee by combining many slices of images.
"You can't consider the RFID world separate from the world of computers anymore, as manufacturers have in the past," said Nohl. "People have and will, as we have, taken security expertise from the world of computers and applied it to RFIDs, whose designers had been operating under the assumption that their world was apart from such scrutiny."
Once Nohl's team could read the raw information transmitted by the MiFare Classic, breaking its encryption involved surmounting several technical challenges.
Nohl and his colleagues "dissected" the MiFare chip to reveal each of the five layers of circuitry that make up the chip and produce the encryption. To do so, they looked at the chip under a conventional optical microscope, and used micro-polishing sandpaper to remove a few microns of material at a time to reveal each layer of circuitry, which then was digitally photographed.
Since their imaging equipment was so rudimentary, Nohl wrote custom optical recognition software that recognized and clarified the different elements that made up each circuit. The team then combined the clarified pictures from each of the chip's layers to produce a clear, three-dimensional picture of the entire circuitry, much like medical magnetic resonance imaging forms a 3-D image of a brain or knee by combining many slices of images.
Recommended Articles
blog comments powered by Disqus
