SlideShare una empresa de Scribd logo

OpenCard hack (projekt chameleon)

Tech4 Helper
Tech4 Helper

By Timo Kasper, upload Tech4Helper

Empresariales
1 de 39
Descargar para leer sin conexión
Cloning Cryptographic RFID Cards for 25$ November 29-30, WISSec 2010 Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Department of Electrical Engineering and Information Technology Chair for Embedded Security
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Agenda  Motivation  RFID Basics Mifare Classic Mifare DESFire (EV1)  Real-World Attacks  Conclusion Timo Kasper, WISSec 2010 | November 29-30, 2010 2
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Contactless Smartcards  use RFID (Radio Frequency Identification) technology  ISO 14443 A/B very popular: sufficient computational power for cryptography  large scale applications: – Access control systems – Electronic passports – Payment systems – Public transport ticketing Timo Kasper, WISSec 2010 | November 29-30, 2010 3
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Why Emulate Contactless Smartcards ?  cards used or applications are often insecure (e.g. no crypto / based on ID number only)  penetration-testing of real-world systems  emulating cards promises high profits for fraudsters  estimate the real cost / risks  goals: – card content and behavior freely programmable (e.g. arbitrary ID instead of fixed ID) – assistance in analyzing unknown protocols – support the relevant cryptographic primitives Timo Kasper, WISSec 2010 | November 29-30, 2010 4
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Popular (ISO 14443) Contactless Smartcards  Mifare Classic – Crypto1 stream cipher – Very cheap, regarded completely broken  Mifare DESFire – DES and 3DES – More expensive, side-channel attacks possible  Mifare DESFire EV1 – AES-128 (and DES, 3DES) Timo Kasper, WISSec 2010 | November 29-30, 2010 5
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Agenda  Motivation  RFID Basics Mifare Classic Mifare DESFire (EV1)  Chameleon  Real-World Attacks  Conclusion Timo Kasper, WISSec 2010 | November 29-30, 2010 6
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar RFID Communication (ISO 14443) • reader generates field with 13.56 MHz carrier frequency • supplies tag with clock and energy via inductive coupling • reader transmits data by short pauses in the field (pulsed Miller code) • tag answers employing load modulation (Manchester code) • operating range: 8…15 cm, data rate 106…847 kBit/s 10
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Mifare Classic Timo Kasper, WISSec 2010 | November 29-30, 2010 11
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Mifare Classic (1K / 4K) • over 1 billion cards and 7 million readers sold • authentication / data encryption with CRYPTO1 stream cipher • each card contains a read-only Unique Identifier (UID) (4 byte) • each sector can be secured: two cryptographic keys A and B UID Key A, sector 0 Key B, sector 0 Key A, sector 15 Key B, sector 15 12
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Mifare Classic Authentication Protocol 1. 2. 3. 4. 1. Authentication request 3. Encrypted challenge (Reader → Card) || answer 2. Challenge (Card → Reader) 4. Encrypted answer Timo Kasper, WISSec 2010 | November 29-30, 2010 13
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Security of Mifare Classic  … by obscurity  cipher and PRNG reverse-engineered in 2007  many attack vectors (weak PRNG, mathematical weaknesses in LFSR, parity bit attack)  card-only attacks: reveal all secret keys and memory content in minutes  Considered completely broken Timo Kasper, WISSec 2010 | November 29-30, 2010 14
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Mifare DESFire / Mifare DESFire EV1 Timo Kasper, WISSec 2010 | November 29-30, 2010 15
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Mifare DESFire / Mifare DESFire EV1  7-byte read-only UID  communication can be secured by – appended message authentication code (MAC) – full data encryption  DES, 3DES and AES-128 (EV1) encryption ! Side-channel attacks ! Timo Kasper, WISSec 2010 | November 29-30, 2010 16
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Mifare DESFire Authentication Protocol  mutual authentication protocol, previously published  cards only perform (3)DES encryptions EncK(∙)  readers only perform (3)DES decryptions DecK(∙) Timo Kasper, WISSec 2010 | November 29-30, 2010 17
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Mifare DESFire Authentication Protocol 1. 1. Authentication request 2. 2. Encrypted nonce 3. Encrypted rotated 3. answer and nonce 4. 4. Verify answer 5. Encrypted rotated answer 5. 6. 6. Verify Answer Timo Kasper, WISSec 2010 | November 29-30, 2010 18
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Mifare DESFire EV1 Authentication Protocol  reverse-engineered from genuine communications  similar to DESFire  differences: – nonces are extended to 128 bit – AES en-/decryptions are used in common sense – CBC-mode chains all en-/decryptions even though they operate on different cryptograms – second rotation is in the opposite direction Timo Kasper, WISSec 2010 | November 29-30, 2010 19
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Mifare DESFire EV1 Authentication Protocol 1. 1. Extended nonces 2. En-/Decryption is used in 2. common sense / Chained CBC (nR XOR b0) 3. 3. Rotation is changed to the opposite direction Timo Kasper, WISSec 2010 | November 29-30, 2010 20
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Agenda  Motivation  RFID Basics Mifare Classic Mifare DESFire (EV1)  Real-World Attacks  Conclusion Timo Kasper, WISSec 2010 | November 29-30, 2010 21
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Introducing:  Emulate contactless smartcards (ISO 14443)  Freely programmable, low-cost (less than $25)  Small, operates autonomously without a PC  EEPROM  store bit streams for offline analysis Timo Kasper, WISSec 2010 | November 29-30, 2010 22
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar – Operating Principle 23
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar – Operating Principle 23
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar – the Reality… Analog Circuitry ATxmega (5€) ( approx. 5€ ) Antenna on PCB FTDI USB (4€) Timo Kasper, WISSec 2010 | November 29-30, 2010 24
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Hardware  off-the-shelf components  Atmel ATxmega192A3 8-Bit microcontroller – 192kB Flash, 16kB SRAM, 4kB EEPROM – Clocked at 27.12MHz (2 x 13.56 MHz) – DES and AES-128 hardware accelerators  FTDI FT245RL enables USB communication  powered via USB or battery  card-sized antenna (fits into slots of most readers) Timo Kasper, WISSec 2010 | November 29-30, 2010 25
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Software (so far…)  full emulation of Mifare Classic cards – UID can be freely chosen – memory content and keys can be set arbitrarily  authentication mechanisms of Mifare DESFire & EV1 – UID can be freely chosen – secret keys can be set arbitrarily Timo Kasper, WISSec 2010 | November 29-30, 2010 26
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Difficulties  strict timing requirements of ISO 14443: – bit grid depending on the last bit sent by reader – answer max. 4.8ms after request of the reader  Crypto1 is computationally intensive on µC: – using an open C-library for Crypto1 results in inefficient code for 8-bit microcontrollers Timo Kasper, WISSec 2010 | November 29-30, 2010 27
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Straightforward CRYPTO1 Implementation • platform: 8-Bit microcontroller, ATMega32 • clock frequency: 13.56 MHz • encrypting one block (18 bytes) takes > 11 ms  too slow 28
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Crypto1 Optimizations  crypto1 implementation from scratch in assembly  replace filter functions with look-up tables – size: 112 byte, negligible compared to 192kB Flash  random value for nC is generated before authentication – aR and aC can be precomputed – precomputing key stream bits not possible: sector key and reader nonce unknown a priori Timo Kasper, WISSec 2010 | November 29-30, 2010 29
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar DESFire / DESFire EV1 Implementations  Straightforward on ATxmega – 3DES in CBC mode – AES-128 in “chained” CBC mode  3DES: three times faster than original card – 219µs vs. 690µs for calculation of b3  AES-128: five times faster than original card – 438µs vs. 2.2ms for calculation of b3 Timo Kasper, WISSec 2010 | November 29-30, 2010 30
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Agenda  Motivation  RFID Basics Mifare Classic Mifare DESFire (EV1)  Real-World Attacks  Conclusion Timo Kasper, WISSec 2010 | November 29-30, 2010 31
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Case Study: ID Card Contactless Payment System • contactless employee ID card, more than 1 million users • payments (max. 150 €), access control, … • Mifare Classic 1K chip stores card number & credit amount • ID cards have identical secret keys. 32
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Attacking a Contactless Payment System  Step 1: read out s.o. else’s (or your own…) card  Step 2: emulates an exact clone including the UID → Fraud not detected  Credit gone? Step 3: Press state restoration button to restore the previous credit from EEPROM, goto Step 2  new operating mode: generate a random credit balance and new card number on each payment  cannot be blacklisted and blocked in the back-end Timo Kasper, WISSec 2010 | November 29-30, 2010 33
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Case Study 2: Widespread Access Control System  Mifare Classic 1K cards unlock doors and elevators  secret keys are default (0xA0A1A2A3A4A5)  penetration-test with – identification by UID and 1st block of 1st sector – access permissions checked in the back-end 1. read UID from authorized card 2. set this UID in  OPEN SESAME! Timo Kasper, WISSec 2010 | November 29-30, 2010 34
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Access Control System in Idle Mode Timo Kasper, WISSec 2010 | November 29-30, 2010 35
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Clone on a Blank Card Fails Timo Kasper, WISSec 2010 | November 29-30, 2010 36
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Succeeds Timo Kasper, WISSec 2010 | November 29-30, 2010 37
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Timo Kasper, WISSec 2010 | November 29-30, 2010 38
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Agenda  Motivation  RFID Basics Mifare Classic Mifare DESFire (EV1)  Real-World Attacks  Conclusion Timo Kasper, WISSec 2010 | November 29-30, 2010 39
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Conclusion cost-efficient ( < 25 $) freely programmable emulator for contactless smartcards  optimized Crypto1 implementation: Full Mifare Classic emulation successful in various real-world systems  (3)DES, AES support tested with emulation of Mifare DESFire (incl. EV1) authentication  valuable tool for penetration-testing of RFID systems  cost for attacks often overestimated Timo Kasper, WISSec 2010 | November 29-30, 2010 40
Thanks! Any questions? Chair for Embedded Security (EMSEC) Department of Electrical Engineering and Information Technology {timo.kasper, ingo.vonmaurich, david.oswald, christof.paar}@rub.de

Recomendados

Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonBen Boyd
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghOWASP Delhi
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
SIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security ArsenalSIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security ArsenalManageEngine EventLog Analyzer
 
Hacking ATM machines for fun and profit!
Hacking ATM machines for fun and profit!Hacking ATM machines for fun and profit!
Hacking ATM machines for fun and profit!Zigoo0
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceAndreas Sfakianakis
 
Advanced Persistent Threat
Advanced Persistent ThreatAdvanced Persistent Threat
Advanced Persistent ThreatAmmar WK
 
Insight into SOAR
Insight into SOARInsight into SOAR
Insight into SOARDNIF
 

Recomendados

Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonBen Boyd
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghOWASP Delhi
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
SIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security ArsenalSIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security ArsenalManageEngine EventLog Analyzer
 
Hacking ATM machines for fun and profit!
Hacking ATM machines for fun and profit!Hacking ATM machines for fun and profit!
Hacking ATM machines for fun and profit!Zigoo0
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceAndreas Sfakianakis
 
Advanced Persistent Threat
Advanced Persistent ThreatAdvanced Persistent Threat
Advanced Persistent ThreatAmmar WK
 
Insight into SOAR
Insight into SOARInsight into SOAR
Insight into SOARDNIF
 
Threat hunting in cyber world
Threat hunting in cyber worldThreat hunting in cyber world
Threat hunting in cyber worldAkash Sarode
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle AttackDeepak Upadhyay
 
Case Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information SecurityCase Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information SecurityPECB
 
Nmap basics
Nmap basicsNmap basics
Nmap basicsitmind4u
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for BeginnersSKMohamedKasim
 
Ransomware and tips to prevent ransomware attacks
Ransomware and tips to prevent ransomware attacksRansomware and tips to prevent ransomware attacks
Ransomware and tips to prevent ransomware attacksdinCloud Inc.
 
NotPetya Presentation
NotPetya PresentationNotPetya Presentation
NotPetya PresentationKimme Buranasombati
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingDhruv Majumdar
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
SIEM (Security Information and Event Management)
SIEM (Security Information and Event Management)SIEM (Security Information and Event Management)
SIEM (Security Information and Event Management)Osama Ellahi
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chainAnkita Ganguly
 
Secure Your Encryption with HSM
Secure Your Encryption with HSMSecure Your Encryption with HSM
Secure Your Encryption with HSMNarudom Roongsiriwong, CISSP
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modellingn|u - The Open Security Community
 
Guest Lecture-Computer and Cyber Security.pptx
Guest Lecture-Computer and Cyber Security.pptxGuest Lecture-Computer and Cyber Security.pptx
Guest Lecture-Computer and Cyber Security.pptxGudipudiDayanandam
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyePrime Infoserv
 
Understanding Keylogger
Understanding KeyloggerUnderstanding Keylogger
Understanding KeyloggerPhannarith Ou, G-CISO
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacksRamiro Cid
 
Threat hunting foundations: People, process and technology.pptx
Threat hunting foundations: People, process and technology.pptxThreat hunting foundations: People, process and technology.pptx
Threat hunting foundations: People, process and technology.pptxInfosec
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing AttacksSysCloud
 
Mifare Desfire Technology
Mifare Desfire TechnologyMifare Desfire Technology
Mifare Desfire TechnologyZahiruddin Babar Malik
 
Mifare classic-slides
Mifare classic-slidesMifare classic-slides
Mifare classic-slidesOWASP (Open Web Application Security Project)
 

Más contenido relacionado

La actualidad más candente

Threat hunting in cyber world
Threat hunting in cyber worldThreat hunting in cyber world
Threat hunting in cyber worldAkash Sarode
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle AttackDeepak Upadhyay
 
Case Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information SecurityCase Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information SecurityPECB
 
Nmap basics
Nmap basicsNmap basics
Nmap basicsitmind4u
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for BeginnersSKMohamedKasim
 
Ransomware and tips to prevent ransomware attacks
Ransomware and tips to prevent ransomware attacksRansomware and tips to prevent ransomware attacks
Ransomware and tips to prevent ransomware attacksdinCloud Inc.
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingDhruv Majumdar
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
SIEM (Security Information and Event Management)
SIEM (Security Information and Event Management)SIEM (Security Information and Event Management)
SIEM (Security Information and Event Management)Osama Ellahi
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
Guest Lecture-Computer and Cyber Security.pptx
Guest Lecture-Computer and Cyber Security.pptxGuest Lecture-Computer and Cyber Security.pptx
Guest Lecture-Computer and Cyber Security.pptxGudipudiDayanandam
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyePrime Infoserv
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacksRamiro Cid
 
Threat hunting foundations: People, process and technology.pptx
Threat hunting foundations: People, process and technology.pptxThreat hunting foundations: People, process and technology.pptx
Threat hunting foundations: People, process and technology.pptxInfosec
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing AttacksSysCloud
 

La actualidad más candente (20)

Threat hunting in cyber world
Threat hunting in cyber worldThreat hunting in cyber world
Threat hunting in cyber world
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle Attack
 
Case Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information SecurityCase Study: The Role of Human Error in Information Security
Case Study: The Role of Human Error in Information Security
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for Beginners
 
Ransomware and tips to prevent ransomware attacks
Ransomware and tips to prevent ransomware attacksRansomware and tips to prevent ransomware attacks
Ransomware and tips to prevent ransomware attacks
 
NotPetya Presentation
NotPetya PresentationNotPetya Presentation
NotPetya Presentation
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
 
SIEM (Security Information and Event Management)
SIEM (Security Information and Event Management)SIEM (Security Information and Event Management)
SIEM (Security Information and Event Management)
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
 
Secure Your Encryption with HSM
Secure Your Encryption with HSMSecure Your Encryption with HSM
Secure Your Encryption with HSM
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modelling
 
Guest Lecture-Computer and Cyber Security.pptx
Guest Lecture-Computer and Cyber Security.pptxGuest Lecture-Computer and Cyber Security.pptx
Guest Lecture-Computer and Cyber Security.pptx
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEye
 
Understanding Keylogger
Understanding KeyloggerUnderstanding Keylogger
Understanding Keylogger
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacks
 
Threat hunting foundations: People, process and technology.pptx
Threat hunting foundations: People, process and technology.pptxThreat hunting foundations: People, process and technology.pptx
Threat hunting foundations: People, process and technology.pptx
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
 

Destacado

Hacking Smartcards & RFID
Hacking Smartcards & RFIDHacking Smartcards & RFID
Hacking Smartcards & RFIDDevnology
 
ACR128 product presentation by Advanced Card Systems Ltd.
ACR128 product presentation by Advanced Card Systems Ltd.ACR128 product presentation by Advanced Card Systems Ltd.
ACR128 product presentation by Advanced Card Systems Ltd.Advanced Card Systems Ltd.
 
NXP MIFARE Webinar: Innovation Road Map: Present Improved- Future Inside
NXP MIFARE Webinar: Innovation Road Map: Present Improved- Future Inside NXP MIFARE Webinar: Innovation Road Map: Present Improved- Future Inside
NXP MIFARE Webinar: Innovation Road Map: Present Improved- Future Inside NXP MIFARE Team
 
NFC & RFID on Android
NFC & RFID on AndroidNFC & RFID on Android
NFC & RFID on Androidtodbotdotcom
 
NXP MIFARE Webinar: Added Value To Card Based Environments Through NFC And Cloud
NXP MIFARE Webinar: Added Value To Card Based Environments Through NFC And CloudNXP MIFARE Webinar: Added Value To Card Based Environments Through NFC And Cloud
NXP MIFARE Webinar: Added Value To Card Based Environments Through NFC And CloudNXP MIFARE Team
 
Near Field Communication on iPhone with iCarte
Near Field Communication on iPhone with iCarteNear Field Communication on iPhone with iCarte
Near Field Communication on iPhone with iCarteAndrew Roughan
 
ACR122L VisualVantage Serial NFC Reader with LCD
ACR122L VisualVantage Serial NFC Reader with LCDACR122L VisualVantage Serial NFC Reader with LCD
ACR122L VisualVantage Serial NFC Reader with LCDAdvanced Card Systems Ltd.
 
Beyond cards, phones and terminals: New payment form factors
Beyond cards, phones and terminals: New payment form factorsBeyond cards, phones and terminals: New payment form factors
Beyond cards, phones and terminals: New payment form factorsNXPSemiconductors
 
Contactless & NFC Ecosystem in Turkey & Yapi Kredi Products/Perspective
Contactless & NFC Ecosystem in Turkey & Yapi Kredi Products/PerspectiveContactless & NFC Ecosystem in Turkey & Yapi Kredi Products/Perspective
Contactless & NFC Ecosystem in Turkey & Yapi Kredi Products/PerspectiveBurak Ilgıcıoğlu
 
Mobile-based NFC fare collection
Mobile-based NFC fare collectionMobile-based NFC fare collection
Mobile-based NFC fare collectionnnaveiras
 
SmartWorld Portfolio
SmartWorld PortfolioSmartWorld Portfolio
SmartWorld PortfolioSmart World
 
DC4420 2014 - NFC - The Non-Radio Bits
DC4420 2014 - NFC - The Non-Radio BitsDC4420 2014 - NFC - The Non-Radio Bits
DC4420 2014 - NFC - The Non-Radio BitsTom Keetch
 
NXP MIFARE Webinar: Enhanced User Experience Through Active Application Manag...
NXP MIFARE Webinar: Enhanced User Experience Through Active Application Manag...NXP MIFARE Webinar: Enhanced User Experience Through Active Application Manag...
NXP MIFARE Webinar: Enhanced User Experience Through Active Application Manag...NXP MIFARE Team
 
Ask Contactless Terminals
Ask Contactless TerminalsAsk Contactless Terminals
Ask Contactless Terminalsclaren65
 

Destacado (20)

Mifare Desfire Technology
Mifare Desfire TechnologyMifare Desfire Technology
Mifare Desfire Technology
 
Mifare classic-slides
Mifare classic-slidesMifare classic-slides
Mifare classic-slides
 
Mifare cards
Mifare cardsMifare cards
Mifare cards
 
Hacking Smartcards & RFID
Hacking Smartcards & RFIDHacking Smartcards & RFID
Hacking Smartcards & RFID
 
ACR128 product presentation by Advanced Card Systems Ltd.
ACR128 product presentation by Advanced Card Systems Ltd.ACR128 product presentation by Advanced Card Systems Ltd.
ACR128 product presentation by Advanced Card Systems Ltd.
 
NXP MIFARE Webinar: Innovation Road Map: Present Improved- Future Inside
NXP MIFARE Webinar: Innovation Road Map: Present Improved- Future Inside NXP MIFARE Webinar: Innovation Road Map: Present Improved- Future Inside
NXP MIFARE Webinar: Innovation Road Map: Present Improved- Future Inside
 
NFC & RFID on Android
NFC & RFID on AndroidNFC & RFID on Android
NFC & RFID on Android
 
NXP MIFARE Webinar: Added Value To Card Based Environments Through NFC And Cloud
NXP MIFARE Webinar: Added Value To Card Based Environments Through NFC And CloudNXP MIFARE Webinar: Added Value To Card Based Environments Through NFC And Cloud
NXP MIFARE Webinar: Added Value To Card Based Environments Through NFC And Cloud
 
Near Field Communication on iPhone with iCarte
Near Field Communication on iPhone with iCarteNear Field Communication on iPhone with iCarte
Near Field Communication on iPhone with iCarte
 
Nfc developers nokia mit event 12 13 10
Nfc developers nokia mit event 12 13 10Nfc developers nokia mit event 12 13 10
Nfc developers nokia mit event 12 13 10
 
ACR122L VisualVantage Serial NFC Reader with LCD
ACR122L VisualVantage Serial NFC Reader with LCDACR122L VisualVantage Serial NFC Reader with LCD
ACR122L VisualVantage Serial NFC Reader with LCD
 
Beyond cards, phones and terminals: New payment form factors
Beyond cards, phones and terminals: New payment form factorsBeyond cards, phones and terminals: New payment form factors
Beyond cards, phones and terminals: New payment form factors
 
Contactless & NFC Ecosystem in Turkey & Yapi Kredi Products/Perspective
Contactless & NFC Ecosystem in Turkey & Yapi Kredi Products/PerspectiveContactless & NFC Ecosystem in Turkey & Yapi Kredi Products/Perspective
Contactless & NFC Ecosystem in Turkey & Yapi Kredi Products/Perspective
 
Mobile-based NFC fare collection
Mobile-based NFC fare collectionMobile-based NFC fare collection
Mobile-based NFC fare collection
 
SmartWorld Portfolio
SmartWorld PortfolioSmartWorld Portfolio
SmartWorld Portfolio
 
DC4420 2014 - NFC - The Non-Radio Bits
DC4420 2014 - NFC - The Non-Radio BitsDC4420 2014 - NFC - The Non-Radio Bits
DC4420 2014 - NFC - The Non-Radio Bits
 
ReiterNokia
ReiterNokiaReiterNokia
ReiterNokia
 
NXP MIFARE Webinar: Enhanced User Experience Through Active Application Manag...
NXP MIFARE Webinar: Enhanced User Experience Through Active Application Manag...NXP MIFARE Webinar: Enhanced User Experience Through Active Application Manag...
NXP MIFARE Webinar: Enhanced User Experience Through Active Application Manag...
 
Ask Contactless Terminals
Ask Contactless TerminalsAsk Contactless Terminals
Ask Contactless Terminals
 
Civintec introduction 2015
Civintec introduction 2015Civintec introduction 2015
Civintec introduction 2015
 

Similar a OpenCard hack (projekt chameleon)

18-steganography.ppt
18-steganography.ppt18-steganography.ppt
18-steganography.pptRakesh Kumar
 
Security Systems for Digital Data - Paper
Security Systems for Digital Data - PaperSecurity Systems for Digital Data - Paper
Security Systems for Digital Data - PaperBernhard Hofer
 
Security Systems for Digital Data
Security Systems for Digital DataSecurity Systems for Digital Data
Security Systems for Digital DataBernhard Hofer
 
Meetup -- RFID
Meetup -- RFIDMeetup -- RFID
Meetup -- RFIDKevin2600
 
CRYPTOLOGY AND INFORMATION SECURITY - PAST, PRESENT, AND FUTURE ROLE IN SOCIETY
CRYPTOLOGY AND INFORMATION SECURITY - PAST, PRESENT, AND FUTURE ROLE IN SOCIETYCRYPTOLOGY AND INFORMATION SECURITY - PAST, PRESENT, AND FUTURE ROLE IN SOCIETY
CRYPTOLOGY AND INFORMATION SECURITY - PAST, PRESENT, AND FUTURE ROLE IN SOCIETYijcisjournal
 
Advanced cryptography and implementation
Advanced cryptography and implementationAdvanced cryptography and implementation
Advanced cryptography and implementationAkash Jadhav
 
Rothke Info Security Canada 2007 Final
Rothke Info Security Canada 2007 FinalRothke Info Security Canada 2007 Final
Rothke Info Security Canada 2007 FinalBen Rothke
 
A 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFCA 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFCSecuRing
 
A 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFCA 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFCSlawomir Jasek
 
CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)
CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)
CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)PROIDEA
 
Steganography (Distributed computing)
Steganography (Distributed computing)Steganography (Distributed computing)
Steganography (Distributed computing)Sri Prasanna
 
A Brief History of Cryptographic Failures
A Brief History of Cryptographic FailuresA Brief History of Cryptographic Failures
A Brief History of Cryptographic FailuresNothing Nowhere
 
A Brief History of Cryptographic Failures - Mork
A Brief History of Cryptographic Failures - MorkA Brief History of Cryptographic Failures - Mork
A Brief History of Cryptographic Failures - MorkNothing Nowhere
 
RFID Privacy & Security Issues
RFID Privacy & Security IssuesRFID Privacy & Security Issues
RFID Privacy & Security IssuesBrent Muir
 
Advanced Encryption on the JVM v0.2.8
Advanced Encryption on the JVM v0.2.8Advanced Encryption on the JVM v0.2.8
Advanced Encryption on the JVM v0.2.8Matthew McCullough
 
5 Cryptography Part1
5 Cryptography Part15 Cryptography Part1
5 Cryptography Part1Alfred Ouyang
 
RFID Protocols and Privacy Models for RFID
RFID Protocols and Privacy Models for RFIDRFID Protocols and Privacy Models for RFID
RFID Protocols and Privacy Models for RFIDFaisal Razzak
 
This paper is included in the Proceedings of the 12th USENI.docx
This paper is included in the Proceedings of the 12th USENI.docxThis paper is included in the Proceedings of the 12th USENI.docx
This paper is included in the Proceedings of the 12th USENI.docxherthalearmont
 
SteganographySecond
SteganographySecondSteganographySecond
SteganographySecondKiakaha17
 

Similar a OpenCard hack (projekt chameleon) (20)

18-steganography.ppt
18-steganography.ppt18-steganography.ppt
18-steganography.ppt
 
Steganography
SteganographySteganography
Steganography
 
Security Systems for Digital Data - Paper
Security Systems for Digital Data - PaperSecurity Systems for Digital Data - Paper
Security Systems for Digital Data - Paper
 
Security Systems for Digital Data
Security Systems for Digital DataSecurity Systems for Digital Data
Security Systems for Digital Data
 
Meetup -- RFID
Meetup -- RFIDMeetup -- RFID
Meetup -- RFID
 
CRYPTOLOGY AND INFORMATION SECURITY - PAST, PRESENT, AND FUTURE ROLE IN SOCIETY
CRYPTOLOGY AND INFORMATION SECURITY - PAST, PRESENT, AND FUTURE ROLE IN SOCIETYCRYPTOLOGY AND INFORMATION SECURITY - PAST, PRESENT, AND FUTURE ROLE IN SOCIETY
CRYPTOLOGY AND INFORMATION SECURITY - PAST, PRESENT, AND FUTURE ROLE IN SOCIETY
 
Advanced cryptography and implementation
Advanced cryptography and implementationAdvanced cryptography and implementation
Advanced cryptography and implementation
 
Rothke Info Security Canada 2007 Final
Rothke Info Security Canada 2007 FinalRothke Info Security Canada 2007 Final
Rothke Info Security Canada 2007 Final
 
A 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFCA 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFC
 
A 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFCA 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFC
 
CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)
CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)
CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)
 
Steganography (Distributed computing)
Steganography (Distributed computing)Steganography (Distributed computing)
Steganography (Distributed computing)
 
A Brief History of Cryptographic Failures
A Brief History of Cryptographic FailuresA Brief History of Cryptographic Failures
A Brief History of Cryptographic Failures
 
A Brief History of Cryptographic Failures - Mork
A Brief History of Cryptographic Failures - MorkA Brief History of Cryptographic Failures - Mork
A Brief History of Cryptographic Failures - Mork
 
RFID Privacy & Security Issues
RFID Privacy & Security IssuesRFID Privacy & Security Issues
RFID Privacy & Security Issues
 
Advanced Encryption on the JVM v0.2.8
Advanced Encryption on the JVM v0.2.8Advanced Encryption on the JVM v0.2.8
Advanced Encryption on the JVM v0.2.8
 
5 Cryptography Part1
5 Cryptography Part15 Cryptography Part1
5 Cryptography Part1
 
RFID Protocols and Privacy Models for RFID
RFID Protocols and Privacy Models for RFIDRFID Protocols and Privacy Models for RFID
RFID Protocols and Privacy Models for RFID
 
This paper is included in the Proceedings of the 12th USENI.docx
This paper is included in the Proceedings of the 12th USENI.docxThis paper is included in the Proceedings of the 12th USENI.docx
This paper is included in the Proceedings of the 12th USENI.docx
 
SteganographySecond
SteganographySecondSteganographySecond
SteganographySecond
 

Último

GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdfGUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdfDanny Diep To
 
Planetary and Vedic Yagyas Bring Positive Impacts in Life
Planetary and Vedic Yagyas Bring Positive Impacts in LifePlanetary and Vedic Yagyas Bring Positive Impacts in Life
Planetary and Vedic Yagyas Bring Positive Impacts in LifeBhavana Pujan Kendra
 
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdftrending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdfMintel Group
 
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...ssuserf63bd7
 
Cyber Security Training in Office Environment
Cyber Security Training in Office EnvironmentCyber Security Training in Office Environment
Cyber Security Training in Office Environmentelijahj01012
 
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxGo for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxRakhi Bazaar
 
Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Peter Ward
 
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...SOFTTECHHUB
 
Unveiling the Soundscape Music for Psychedelic Experiences
Unveiling the Soundscape Music for Psychedelic ExperiencesUnveiling the Soundscape Music for Psychedelic Experiences
Unveiling the Soundscape Music for Psychedelic ExperiencesDoe Paoro
 
Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...
Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...
Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...Aggregage
 
Welding Electrode Making Machine By Deccan Dynamics
Welding Electrode Making Machine By Deccan DynamicsWelding Electrode Making Machine By Deccan Dynamics
Welding Electrode Making Machine By Deccan DynamicsIndiaMART InterMESH Limited
 
Technical Leaders - Working with the Management Team
Technical Leaders - Working with the Management TeamTechnical Leaders - Working with the Management Team
Technical Leaders - Working with the Management TeamArik Fletcher
 
Excvation Safety for safety officers reference
Excvation Safety for safety officers referenceExcvation Safety for safety officers reference
Excvation Safety for safety officers referencessuser2c065e
 
Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Americas Got Grants
 
Pitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deckPitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deckHajeJanKamps
 
EUDR Info Meeting Ethiopian coffee exporters
EUDR Info Meeting Ethiopian coffee exportersEUDR Info Meeting Ethiopian coffee exporters
EUDR Info Meeting Ethiopian coffee exportersPeter Horsten
 
Healthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterHealthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterJamesConcepcion7
 
NAB Show Exhibitor List 2024 - Exhibitors Data
NAB Show Exhibitor List 2024 - Exhibitors DataNAB Show Exhibitor List 2024 - Exhibitors Data
NAB Show Exhibitor List 2024 - Exhibitors DataExhibitors Data
 
Psychic Reading | Spiritual Guidance – Astro Ganesh Ji
Psychic Reading | Spiritual Guidance – Astro Ganesh JiPsychic Reading | Spiritual Guidance – Astro Ganesh Ji
Psychic Reading | Spiritual Guidance – Astro Ganesh Jiastral oracle
 

Último (20)

GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdfGUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
 
Planetary and Vedic Yagyas Bring Positive Impacts in Life
Planetary and Vedic Yagyas Bring Positive Impacts in LifePlanetary and Vedic Yagyas Bring Positive Impacts in Life
Planetary and Vedic Yagyas Bring Positive Impacts in Life
 
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdftrending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
 
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
 
Cyber Security Training in Office Environment
Cyber Security Training in Office EnvironmentCyber Security Training in Office Environment
Cyber Security Training in Office Environment
 
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxGo for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
 
Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...
 
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
 
Unveiling the Soundscape Music for Psychedelic Experiences
Unveiling the Soundscape Music for Psychedelic ExperiencesUnveiling the Soundscape Music for Psychedelic Experiences
Unveiling the Soundscape Music for Psychedelic Experiences
 
Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...
Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...
Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...
 
Welding Electrode Making Machine By Deccan Dynamics
Welding Electrode Making Machine By Deccan DynamicsWelding Electrode Making Machine By Deccan Dynamics
Welding Electrode Making Machine By Deccan Dynamics
 
Technical Leaders - Working with the Management Team
Technical Leaders - Working with the Management TeamTechnical Leaders - Working with the Management Team
Technical Leaders - Working with the Management Team
 
Excvation Safety for safety officers reference
Excvation Safety for safety officers referenceExcvation Safety for safety officers reference
Excvation Safety for safety officers reference
 
Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...
 
Pitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deckPitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deck
 
EUDR Info Meeting Ethiopian coffee exporters
EUDR Info Meeting Ethiopian coffee exportersEUDR Info Meeting Ethiopian coffee exporters
EUDR Info Meeting Ethiopian coffee exporters
 
Healthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterHealthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare Newsletter
 
WAM Corporate Presentation April 12 2024.pdf
WAM Corporate Presentation April 12 2024.pdfWAM Corporate Presentation April 12 2024.pdf
WAM Corporate Presentation April 12 2024.pdf
 
NAB Show Exhibitor List 2024 - Exhibitors Data
NAB Show Exhibitor List 2024 - Exhibitors DataNAB Show Exhibitor List 2024 - Exhibitors Data
NAB Show Exhibitor List 2024 - Exhibitors Data
 
Psychic Reading | Spiritual Guidance – Astro Ganesh Ji
Psychic Reading | Spiritual Guidance – Astro Ganesh JiPsychic Reading | Spiritual Guidance – Astro Ganesh Ji
Psychic Reading | Spiritual Guidance – Astro Ganesh Ji
 

OpenCard hack (projekt chameleon)

  • 1. Cloning Cryptographic RFID Cards for 25$ November 29-30, WISSec 2010 Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Department of Electrical Engineering and Information Technology Chair for Embedded Security
  • 2. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Agenda  Motivation  RFID Basics Mifare Classic Mifare DESFire (EV1)  Real-World Attacks  Conclusion Timo Kasper, WISSec 2010 | November 29-30, 2010 2
  • 3. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Contactless Smartcards  use RFID (Radio Frequency Identification) technology  ISO 14443 A/B very popular: sufficient computational power for cryptography  large scale applications: – Access control systems – Electronic passports – Payment systems – Public transport ticketing Timo Kasper, WISSec 2010 | November 29-30, 2010 3
  • 4. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Why Emulate Contactless Smartcards ?  cards used or applications are often insecure (e.g. no crypto / based on ID number only)  penetration-testing of real-world systems  emulating cards promises high profits for fraudsters  estimate the real cost / risks  goals: – card content and behavior freely programmable (e.g. arbitrary ID instead of fixed ID) – assistance in analyzing unknown protocols – support the relevant cryptographic primitives Timo Kasper, WISSec 2010 | November 29-30, 2010 4
  • 5. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Popular (ISO 14443) Contactless Smartcards  Mifare Classic – Crypto1 stream cipher – Very cheap, regarded completely broken  Mifare DESFire – DES and 3DES – More expensive, side-channel attacks possible  Mifare DESFire EV1 – AES-128 (and DES, 3DES) Timo Kasper, WISSec 2010 | November 29-30, 2010 5
  • 6. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Agenda  Motivation  RFID Basics Mifare Classic Mifare DESFire (EV1)  Chameleon  Real-World Attacks  Conclusion Timo Kasper, WISSec 2010 | November 29-30, 2010 6
  • 7. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar RFID Communication (ISO 14443) • reader generates field with 13.56 MHz carrier frequency • supplies tag with clock and energy via inductive coupling • reader transmits data by short pauses in the field (pulsed Miller code) • tag answers employing load modulation (Manchester code) • operating range: 8…15 cm, data rate 106…847 kBit/s 10
  • 8. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Mifare Classic Timo Kasper, WISSec 2010 | November 29-30, 2010 11
  • 9. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Mifare Classic (1K / 4K) • over 1 billion cards and 7 million readers sold • authentication / data encryption with CRYPTO1 stream cipher • each card contains a read-only Unique Identifier (UID) (4 byte) • each sector can be secured: two cryptographic keys A and B UID Key A, sector 0 Key B, sector 0 Key A, sector 15 Key B, sector 15 12
  • 10. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Mifare Classic Authentication Protocol 1. 2. 3. 4. 1. Authentication request 3. Encrypted challenge (Reader → Card) || answer 2. Challenge (Card → Reader) 4. Encrypted answer Timo Kasper, WISSec 2010 | November 29-30, 2010 13
  • 11. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Security of Mifare Classic  … by obscurity  cipher and PRNG reverse-engineered in 2007  many attack vectors (weak PRNG, mathematical weaknesses in LFSR, parity bit attack)  card-only attacks: reveal all secret keys and memory content in minutes  Considered completely broken Timo Kasper, WISSec 2010 | November 29-30, 2010 14
  • 12. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Mifare DESFire / Mifare DESFire EV1 Timo Kasper, WISSec 2010 | November 29-30, 2010 15
  • 13. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Mifare DESFire / Mifare DESFire EV1  7-byte read-only UID  communication can be secured by – appended message authentication code (MAC) – full data encryption  DES, 3DES and AES-128 (EV1) encryption ! Side-channel attacks ! Timo Kasper, WISSec 2010 | November 29-30, 2010 16
  • 14. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Mifare DESFire Authentication Protocol  mutual authentication protocol, previously published  cards only perform (3)DES encryptions EncK(∙)  readers only perform (3)DES decryptions DecK(∙) Timo Kasper, WISSec 2010 | November 29-30, 2010 17
  • 15. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Mifare DESFire Authentication Protocol 1. 1. Authentication request 2. 2. Encrypted nonce 3. Encrypted rotated 3. answer and nonce 4. 4. Verify answer 5. Encrypted rotated answer 5. 6. 6. Verify Answer Timo Kasper, WISSec 2010 | November 29-30, 2010 18
  • 16. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Mifare DESFire EV1 Authentication Protocol  reverse-engineered from genuine communications  similar to DESFire  differences: – nonces are extended to 128 bit – AES en-/decryptions are used in common sense – CBC-mode chains all en-/decryptions even though they operate on different cryptograms – second rotation is in the opposite direction Timo Kasper, WISSec 2010 | November 29-30, 2010 19
  • 17. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Mifare DESFire EV1 Authentication Protocol 1. 1. Extended nonces 2. En-/Decryption is used in 2. common sense / Chained CBC (nR XOR b0) 3. 3. Rotation is changed to the opposite direction Timo Kasper, WISSec 2010 | November 29-30, 2010 20
  • 18. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Agenda  Motivation  RFID Basics Mifare Classic Mifare DESFire (EV1)  Real-World Attacks  Conclusion Timo Kasper, WISSec 2010 | November 29-30, 2010 21
  • 19. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Introducing:  Emulate contactless smartcards (ISO 14443)  Freely programmable, low-cost (less than $25)  Small, operates autonomously without a PC  EEPROM  store bit streams for offline analysis Timo Kasper, WISSec 2010 | November 29-30, 2010 22
  • 20. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar – Operating Principle 23
  • 21. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar – Operating Principle 23
  • 22. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar – the Reality… Analog Circuitry ATxmega (5€) ( approx. 5€ ) Antenna on PCB FTDI USB (4€) Timo Kasper, WISSec 2010 | November 29-30, 2010 24
  • 23. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Hardware  off-the-shelf components  Atmel ATxmega192A3 8-Bit microcontroller – 192kB Flash, 16kB SRAM, 4kB EEPROM – Clocked at 27.12MHz (2 x 13.56 MHz) – DES and AES-128 hardware accelerators  FTDI FT245RL enables USB communication  powered via USB or battery  card-sized antenna (fits into slots of most readers) Timo Kasper, WISSec 2010 | November 29-30, 2010 25
  • 24. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Software (so far…)  full emulation of Mifare Classic cards – UID can be freely chosen – memory content and keys can be set arbitrarily  authentication mechanisms of Mifare DESFire & EV1 – UID can be freely chosen – secret keys can be set arbitrarily Timo Kasper, WISSec 2010 | November 29-30, 2010 26
  • 25. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Difficulties  strict timing requirements of ISO 14443: – bit grid depending on the last bit sent by reader – answer max. 4.8ms after request of the reader  Crypto1 is computationally intensive on µC: – using an open C-library for Crypto1 results in inefficient code for 8-bit microcontrollers Timo Kasper, WISSec 2010 | November 29-30, 2010 27
  • 26. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Straightforward CRYPTO1 Implementation • platform: 8-Bit microcontroller, ATMega32 • clock frequency: 13.56 MHz • encrypting one block (18 bytes) takes > 11 ms  too slow 28
  • 27. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Crypto1 Optimizations  crypto1 implementation from scratch in assembly  replace filter functions with look-up tables – size: 112 byte, negligible compared to 192kB Flash  random value for nC is generated before authentication – aR and aC can be precomputed – precomputing key stream bits not possible: sector key and reader nonce unknown a priori Timo Kasper, WISSec 2010 | November 29-30, 2010 29
  • 28. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar DESFire / DESFire EV1 Implementations  Straightforward on ATxmega – 3DES in CBC mode – AES-128 in “chained” CBC mode  3DES: three times faster than original card – 219µs vs. 690µs for calculation of b3  AES-128: five times faster than original card – 438µs vs. 2.2ms for calculation of b3 Timo Kasper, WISSec 2010 | November 29-30, 2010 30
  • 29. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Agenda  Motivation  RFID Basics Mifare Classic Mifare DESFire (EV1)  Real-World Attacks  Conclusion Timo Kasper, WISSec 2010 | November 29-30, 2010 31
  • 30. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Case Study: ID Card Contactless Payment System • contactless employee ID card, more than 1 million users • payments (max. 150 €), access control, … • Mifare Classic 1K chip stores card number & credit amount • ID cards have identical secret keys. 32
  • 31. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Attacking a Contactless Payment System  Step 1: read out s.o. else’s (or your own…) card  Step 2: emulates an exact clone including the UID → Fraud not detected  Credit gone? Step 3: Press state restoration button to restore the previous credit from EEPROM, goto Step 2  new operating mode: generate a random credit balance and new card number on each payment  cannot be blacklisted and blocked in the back-end Timo Kasper, WISSec 2010 | November 29-30, 2010 33
  • 32. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Case Study 2: Widespread Access Control System  Mifare Classic 1K cards unlock doors and elevators  secret keys are default (0xA0A1A2A3A4A5)  penetration-test with – identification by UID and 1st block of 1st sector – access permissions checked in the back-end 1. read UID from authorized card 2. set this UID in  OPEN SESAME! Timo Kasper, WISSec 2010 | November 29-30, 2010 34
  • 33. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Access Control System in Idle Mode Timo Kasper, WISSec 2010 | November 29-30, 2010 35
  • 34. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Clone on a Blank Card Fails Timo Kasper, WISSec 2010 | November 29-30, 2010 36
  • 35. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Succeeds Timo Kasper, WISSec 2010 | November 29-30, 2010 37
  • 36. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Timo Kasper, WISSec 2010 | November 29-30, 2010 38
  • 37. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Agenda  Motivation  RFID Basics Mifare Classic Mifare DESFire (EV1)  Real-World Attacks  Conclusion Timo Kasper, WISSec 2010 | November 29-30, 2010 39
  • 38. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Conclusion cost-efficient ( < 25 $) freely programmable emulator for contactless smartcards  optimized Crypto1 implementation: Full Mifare Classic emulation successful in various real-world systems  (3)DES, AES support tested with emulation of Mifare DESFire (incl. EV1) authentication  valuable tool for penetration-testing of RFID systems  cost for attacks often overestimated Timo Kasper, WISSec 2010 | November 29-30, 2010 40
  • 39. Thanks! Any questions? Chair for Embedded Security (EMSEC) Department of Electrical Engineering and Information Technology {timo.kasper, ingo.vonmaurich, david.oswald, christof.paar}@rub.de