Skip to main content
SpringerLink
Log in

The Fall of a Tiny Star

  • Chapter
  • First Online:
The New Codebreakers

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9100))

  • 2595 Accesses

Abstract

This short paper gives a combined technical-historical account of the fate of the world’s most-used contactless smart card, the MIFARE Classic. The account concentrates on the years 2008 and 2009 when serious security flaws in the MIFARE Classic were unveiled. The story covers, besides the relevant technicalities, the risks of proprietary security mechanisms, the rights and morals wrt. publishing security vulnerabilities, and eventually the legal confrontation in court.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Including: Flavio Garcia, Jaap-Henk Hoepman, Bart Jacobs, Ravindra Kali, Vinesh Kali, Gerhard de Koning Gans, Ruben Muijrers, Peter van Rossum, Wouter Teepe, Roel Verdult.

  2. 2.

    The CCC is a large, influential association of computer enthusiasts, hackers and digital rights activists in Germany.

  3. 3.

    This was a premature statement, since only the throw-away version was broken at that time.

  4. 4.

    NLNCSA is an abbreviation of The Netherlands National Communications Security Agency, in Dutch also known as Nationaal Bureau Verbindingsbeveiliging (NBV); it is comparable to the British CESG, part of GCHQ.

References

  1. Undisclosed authors: Counter expertise review of the TNO security analysis of the Dutch OV-Chipkaart. Technical report, Royal Holloway, University of London (2008). http://tinyurl.com/5wnqvrk

  2. Undisclosed authors: Security analysis of the Dutch OV-Chipkaart. Technical report 34643, TNO (2008). http://www.translink.nl/media/bijlagen/nieuws/TNO_ICT_-_Security_Analysis_OV-Chipkaart_-_public_report.pdf

  3. Balasch, J., Gierlichs, B., Verdult, R., Batina, L., Verbauwhede, I.: Power analysis of atmel cryptomemory – recovering keys from secure EEPROMs. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 19–34. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  4. Blom, A., de Koning Gans, G., Poll, E., de Ruiter, J., Verdult, R.: Designed to fail: a USB-connected reader for online banking. In: Jøsang, A., Carlsson, B. (eds.) NordSec 2012. LNCS, vol. 7617, pp. 1–16. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  5. Cho, A.: University hackers test the right to expose security concerns. Science 332, 1322–1323 (2008)

    Article  Google Scholar 

  6. Courtois, N.: The dark side of security by obscurity - and cloning Mifare Classic rail and building passes, anywhere, anytime. In: Fernández-Medina, E., Malek, M., Hernando, J. (eds.) SECRYPT, pp. 331–338. INSTICC Press (2009)

    Google Scholar 

  7. de Koning Gans, G.: Analysis of the MIFARE Classic used in the OV-Chipkaart project. Master’s thesis, Radboud University Nijmegen (2008)

    Google Scholar 

  8. de Koning Gans, G., Hoepman, J.-H., Garcia, F.D.: A practical attack on the MIFARE Classic. In: Grimaud, G., Standaert, F.-X. (eds.) cardis 2008. LNCS, vol. 5189, pp. 267–282. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  9. Garcia, F.D., de Koning Gans, G., Muijrers, R., van Rossum, P., Verdult, R., Schreur, R.W., Jacobs, B.: Dismantling MIFARE Classic. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 97–114. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  10. Garcia, F.D., de Koning Gans, G., Verdult, R.: Exposing iClass key diversification. In: 5th USENIX Workshop on Offensive Technologies (WOOT ), pp. 128–136. USENIX Association, Berkeley (2011)

    Google Scholar 

  11. Garcia, F.D., de Koning Gans, G., Roel, V.: Tutorial: Proxmark, the swiss army knife for RFID security research. Technical report, Radboud University Nijmegen (2012)

    Google Scholar 

  12. Garcia, F.D., de Koning Gans, G., Verdult, R., Meriac, M.: Dismantling iClass and iClass Elite. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 697–715. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  13. Garcia, F.D., van Rossum, P., Verdult, ,R., Schreur, R.W.: Wirelessly pickpocketing a Mifare Classic card. In: IEEE Symposium on Security and Privacy (S&P ), pp. 3–15. IEEE (2009)

    Google Scholar 

  14. Garcia, F.D., van Rossum, P., Verdult, R., Schreur, R.W.: Dismantling SecureMemory, CryptoMemory and CryptoRF. In: 17th ACM Conference on Computer and Communications Security (CCS), pp. 250–259. ACM (2010)

    Google Scholar 

  15. Hoepman, J.-H., Hubbers, E., Jacobs, B., Oostdijk, M., Schreur, R.W.: Crossing borders: security and privacy issues of the european e-passport. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S. (eds.) IWSEC 2006. LNCS, vol. 4266, pp. 152–167. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  16. Kasper, T., Silbermann, M., Paar, C.: All you can eat or breaking a real-world contactless payment system. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 343–350. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  17. Mayes, K.E., Cid, C.: The Mifare Classic story. Inf. Secur. Tech. Rep. 15(1), 8–12 (2010)

    Article  Google Scholar 

  18. Nohl, K., Evans, D., Starbug, S., Plötz, H.: Reverse-engineering a cryptographic RFID tag. In: USENIX Security 2008, pp. 185–193 (2008)

    Google Scholar 

  19. Nohl, K., Plötz, H.: Mifare, little security despite obscurity. Presentation at Chaos Computer Congress (2007)

    Google Scholar 

  20. Tan, W.H.: Practical attacks on the Mifare Classic. Master’s thesis, Imperial College London (2009)

    Google Scholar 

  21. van Deursen, T., Mauw, S., Radomirović, S.: mCarve: Carving attributed dump sets. In: Proceedings of 20th USENIX Security Symposium, pp. 107–121. USENIX Association, August 2011

    Google Scholar 

  22. Verdult, R.: Proof of concept, cloning the OV-chip card. Technical report, Radboud University Nijmegen (2008)

    Google Scholar 

  23. Verdult, R.: Security analysis of RFID tags. Master’s thesis, Radboud University Nijmegen (2008)

    Google Scholar 

  24. Verdult, R., de Koning Gans, G., Garcia, F.D.: A toolbox for RFID protocol analysis. In: 4th International EURASIP Workshop on RFID Technology (EURASIP RFID ). IEEE Computer Society (2012)

    Google Scholar 

  25. Verdult, R., Garcia, F.D., Balasch, J.: Gone in 360 seconds: Hijacking with Hitag2. In: 21st USENIX Security Symposium (USENIX Security 2012). USENIX Association (2012)

    Google Scholar 

  26. Verdult, R., Kooman, F.: Practical attacks on NFC enabled cell phones. In: 3rd International Workshop on Near Field Communication (NFC), pp. 77–82. IEEE (2011)

    Google Scholar 

  27. Schreur, R.W., van Rossum, P., Garcia, F.D., Teepe, W., Hoepman, J.-H., Jacobs, B., de Koning Gans, G., Verdult, R., Muijrers, R., Kali, R., Kali, V.: Security flaw in MIFARE Classic. Press release, Digital Security group, Radboud University Nijmegen, The Netherlands, March 2008

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science, University of Birmingham, Birmingham, UK

    Flavio D. Garcia

  2. Institute for Computing and Information Sciences, Digital Security Group, Radboud University Nijmegen, P.O. Box 9010, 6500 GL, Nijmegen, The Netherlands

    Bart Jacobs

Authors
  1. Flavio D. Garcia
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bart Jacobs
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Flavio D. Garcia .

Editor information

Editors and Affiliations

  1. Université du Luxembourg , Luxembourg, Luxembourg

    Peter Y. A. Ryan

  2. Ecole normale supérieure , Paris, France

    David Naccache

  3. Université Catholique de Louvain , Louvain-la-Neuve, Belgium

    Jean-Jacques Quisquater

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Garcia, F.D., Jacobs, B. (2016). The Fall of a Tiny Star. In: Ryan, P., Naccache, D., Quisquater, JJ. (eds) The New Codebreakers. Lecture Notes in Computer Science(), vol 9100. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-49301-4_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-49301-4_5

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-49300-7

  • Online ISBN: 978-3-662-49301-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation