SlideShare una empresa de Scribd logo

OpenCard hack (projekt chameleon)

Tech4 Helper
Tech4 Helper

By Timo Kasper, upload Tech4Helper

Empresariales
1 de 39
Descargar para leer sin conexión
Cloning Cryptographic RFID Cards for 25$ November 29-30, WISSec 2010 Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Department of Electrical Engineering and Information Technology Chair for Embedded Security
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Agenda  Motivation  RFID Basics Mifare Classic Mifare DESFire (EV1)  Real-World Attacks  Conclusion Timo Kasper, WISSec 2010 | November 29-30, 2010 2
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Contactless Smartcards  use RFID (Radio Frequency Identification) technology  ISO 14443 A/B very popular: sufficient computational power for cryptography  large scale applications: – Access control systems – Electronic passports – Payment systems – Public transport ticketing Timo Kasper, WISSec 2010 | November 29-30, 2010 3
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Why Emulate Contactless Smartcards ?  cards used or applications are often insecure (e.g. no crypto / based on ID number only)  penetration-testing of real-world systems  emulating cards promises high profits for fraudsters  estimate the real cost / risks  goals: – card content and behavior freely programmable (e.g. arbitrary ID instead of fixed ID) – assistance in analyzing unknown protocols – support the relevant cryptographic primitives Timo Kasper, WISSec 2010 | November 29-30, 2010 4
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Popular (ISO 14443) Contactless Smartcards  Mifare Classic – Crypto1 stream cipher – Very cheap, regarded completely broken  Mifare DESFire – DES and 3DES – More expensive, side-channel attacks possible  Mifare DESFire EV1 – AES-128 (and DES, 3DES) Timo Kasper, WISSec 2010 | November 29-30, 2010 5
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Agenda  Motivation  RFID Basics Mifare Classic Mifare DESFire (EV1)  Chameleon  Real-World Attacks  Conclusion Timo Kasper, WISSec 2010 | November 29-30, 2010 6
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar RFID Communication (ISO 14443) • reader generates field with 13.56 MHz carrier frequency • supplies tag with clock and energy via inductive coupling • reader transmits data by short pauses in the field (pulsed Miller code) • tag answers employing load modulation (Manchester code) • operating range: 8…15 cm, data rate 106…847 kBit/s 10
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Mifare Classic Timo Kasper, WISSec 2010 | November 29-30, 2010 11
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Mifare Classic (1K / 4K) • over 1 billion cards and 7 million readers sold • authentication / data encryption with CRYPTO1 stream cipher • each card contains a read-only Unique Identifier (UID) (4 byte) • each sector can be secured: two cryptographic keys A and B UID Key A, sector 0 Key B, sector 0 Key A, sector 15 Key B, sector 15 12
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Mifare Classic Authentication Protocol 1. 2. 3. 4. 1. Authentication request 3. Encrypted challenge (Reader → Card) || answer 2. Challenge (Card → Reader) 4. Encrypted answer Timo Kasper, WISSec 2010 | November 29-30, 2010 13
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Security of Mifare Classic  … by obscurity  cipher and PRNG reverse-engineered in 2007  many attack vectors (weak PRNG, mathematical weaknesses in LFSR, parity bit attack)  card-only attacks: reveal all secret keys and memory content in minutes  Considered completely broken Timo Kasper, WISSec 2010 | November 29-30, 2010 14
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Mifare DESFire / Mifare DESFire EV1 Timo Kasper, WISSec 2010 | November 29-30, 2010 15
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Mifare DESFire / Mifare DESFire EV1  7-byte read-only UID  communication can be secured by – appended message authentication code (MAC) – full data encryption  DES, 3DES and AES-128 (EV1) encryption ! Side-channel attacks ! Timo Kasper, WISSec 2010 | November 29-30, 2010 16
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Mifare DESFire Authentication Protocol  mutual authentication protocol, previously published  cards only perform (3)DES encryptions EncK(∙)  readers only perform (3)DES decryptions DecK(∙) Timo Kasper, WISSec 2010 | November 29-30, 2010 17
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Mifare DESFire Authentication Protocol 1. 1. Authentication request 2. 2. Encrypted nonce 3. Encrypted rotated 3. answer and nonce 4. 4. Verify answer 5. Encrypted rotated answer 5. 6. 6. Verify Answer Timo Kasper, WISSec 2010 | November 29-30, 2010 18
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Mifare DESFire EV1 Authentication Protocol  reverse-engineered from genuine communications  similar to DESFire  differences: – nonces are extended to 128 bit – AES en-/decryptions are used in common sense – CBC-mode chains all en-/decryptions even though they operate on different cryptograms – second rotation is in the opposite direction Timo Kasper, WISSec 2010 | November 29-30, 2010 19
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Mifare DESFire EV1 Authentication Protocol 1. 1. Extended nonces 2. En-/Decryption is used in 2. common sense / Chained CBC (nR XOR b0) 3. 3. Rotation is changed to the opposite direction Timo Kasper, WISSec 2010 | November 29-30, 2010 20
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Agenda  Motivation  RFID Basics Mifare Classic Mifare DESFire (EV1)  Real-World Attacks  Conclusion Timo Kasper, WISSec 2010 | November 29-30, 2010 21
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Introducing:  Emulate contactless smartcards (ISO 14443)  Freely programmable, low-cost (less than $25)  Small, operates autonomously without a PC  EEPROM  store bit streams for offline analysis Timo Kasper, WISSec 2010 | November 29-30, 2010 22
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar – Operating Principle 23
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar – Operating Principle 23
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar – the Reality… Analog Circuitry ATxmega (5€) ( approx. 5€ ) Antenna on PCB FTDI USB (4€) Timo Kasper, WISSec 2010 | November 29-30, 2010 24
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Hardware  off-the-shelf components  Atmel ATxmega192A3 8-Bit microcontroller – 192kB Flash, 16kB SRAM, 4kB EEPROM – Clocked at 27.12MHz (2 x 13.56 MHz) – DES and AES-128 hardware accelerators  FTDI FT245RL enables USB communication  powered via USB or battery  card-sized antenna (fits into slots of most readers) Timo Kasper, WISSec 2010 | November 29-30, 2010 25
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Software (so far…)  full emulation of Mifare Classic cards – UID can be freely chosen – memory content and keys can be set arbitrarily  authentication mechanisms of Mifare DESFire & EV1 – UID can be freely chosen – secret keys can be set arbitrarily Timo Kasper, WISSec 2010 | November 29-30, 2010 26
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Difficulties  strict timing requirements of ISO 14443: – bit grid depending on the last bit sent by reader – answer max. 4.8ms after request of the reader  Crypto1 is computationally intensive on µC: – using an open C-library for Crypto1 results in inefficient code for 8-bit microcontrollers Timo Kasper, WISSec 2010 | November 29-30, 2010 27
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Straightforward CRYPTO1 Implementation • platform: 8-Bit microcontroller, ATMega32 • clock frequency: 13.56 MHz • encrypting one block (18 bytes) takes > 11 ms  too slow 28
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Crypto1 Optimizations  crypto1 implementation from scratch in assembly  replace filter functions with look-up tables – size: 112 byte, negligible compared to 192kB Flash  random value for nC is generated before authentication – aR and aC can be precomputed – precomputing key stream bits not possible: sector key and reader nonce unknown a priori Timo Kasper, WISSec 2010 | November 29-30, 2010 29
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar DESFire / DESFire EV1 Implementations  Straightforward on ATxmega – 3DES in CBC mode – AES-128 in “chained” CBC mode  3DES: three times faster than original card – 219µs vs. 690µs for calculation of b3  AES-128: five times faster than original card – 438µs vs. 2.2ms for calculation of b3 Timo Kasper, WISSec 2010 | November 29-30, 2010 30
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Agenda  Motivation  RFID Basics Mifare Classic Mifare DESFire (EV1)  Real-World Attacks  Conclusion Timo Kasper, WISSec 2010 | November 29-30, 2010 31
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Case Study: ID Card Contactless Payment System • contactless employee ID card, more than 1 million users • payments (max. 150 €), access control, … • Mifare Classic 1K chip stores card number & credit amount • ID cards have identical secret keys. 32
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Attacking a Contactless Payment System  Step 1: read out s.o. else’s (or your own…) card  Step 2: emulates an exact clone including the UID → Fraud not detected  Credit gone? Step 3: Press state restoration button to restore the previous credit from EEPROM, goto Step 2  new operating mode: generate a random credit balance and new card number on each payment  cannot be blacklisted and blocked in the back-end Timo Kasper, WISSec 2010 | November 29-30, 2010 33
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Case Study 2: Widespread Access Control System  Mifare Classic 1K cards unlock doors and elevators  secret keys are default (0xA0A1A2A3A4A5)  penetration-test with – identification by UID and 1st block of 1st sector – access permissions checked in the back-end 1. read UID from authorized card 2. set this UID in  OPEN SESAME! Timo Kasper, WISSec 2010 | November 29-30, 2010 34
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Access Control System in Idle Mode Timo Kasper, WISSec 2010 | November 29-30, 2010 35
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Clone on a Blank Card Fails Timo Kasper, WISSec 2010 | November 29-30, 2010 36
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Succeeds Timo Kasper, WISSec 2010 | November 29-30, 2010 37
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Timo Kasper, WISSec 2010 | November 29-30, 2010 38
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Agenda  Motivation  RFID Basics Mifare Classic Mifare DESFire (EV1)  Real-World Attacks  Conclusion Timo Kasper, WISSec 2010 | November 29-30, 2010 39
Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Conclusion cost-efficient ( < 25 $) freely programmable emulator for contactless smartcards  optimized Crypto1 implementation: Full Mifare Classic emulation successful in various real-world systems  (3)DES, AES support tested with emulation of Mifare DESFire (incl. EV1) authentication  valuable tool for penetration-testing of RFID systems  cost for attacks often overestimated Timo Kasper, WISSec 2010 | November 29-30, 2010 40
Thanks! Any questions? Chair for Embedded Security (EMSEC) Department of Electrical Engineering and Information Technology {timo.kasper, ingo.vonmaurich, david.oswald, christof.paar}@rub.de

Recomendados

The Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixThe Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixFrode Hommedal
 
The ATT&CK Latin American APT Playbook
The ATT&CK Latin American APT PlaybookThe ATT&CK Latin American APT Playbook
The ATT&CK Latin American APT PlaybookMITRE ATT&CK
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and CryptographyAdam Reagan
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes ObserveIT
 
Malware Static Analysis
Malware Static AnalysisMalware Static Analysis
Malware Static AnalysisHossein Yavari
 
WEP/WPA attacks
WEP/WPA attacksWEP/WPA attacks
WEP/WPA attacksHuda Seyam
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat IntelligenceDeepak Kumar (D3)
 
Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Network Intelligence India
 

Recomendados

The Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixThe Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixFrode Hommedal
 
The ATT&CK Latin American APT Playbook
The ATT&CK Latin American APT PlaybookThe ATT&CK Latin American APT Playbook
The ATT&CK Latin American APT PlaybookMITRE ATT&CK
 
Network Security and Cryptography
Network Security and CryptographyNetwork Security and Cryptography
Network Security and CryptographyAdam Reagan
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes ObserveIT
 
Malware Static Analysis
Malware Static AnalysisMalware Static Analysis
Malware Static AnalysisHossein Yavari
 
WEP/WPA attacks
WEP/WPA attacksWEP/WPA attacks
WEP/WPA attacksHuda Seyam
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat IntelligenceDeepak Kumar (D3)
 
Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Network Intelligence India
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle AttackDeepak Upadhyay
 
Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthCyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceAndreas Sfakianakis
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptxAmbuj Kumar
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensicsprimeteacher32
 
Cryptography
CryptographyCryptography
CryptographyAnandKaGe
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
Cryptography
CryptographyCryptography
CryptographyTushar Swami
 
Computer Security
Computer SecurityComputer Security
Computer SecurityCristian Mihai
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
FireEye Advanced Threat Protection - What You Need to Know
FireEye Advanced Threat Protection - What You Need to KnowFireEye Advanced Threat Protection - What You Need to Know
FireEye Advanced Threat Protection - What You Need to KnowFireEye, Inc.
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Frameworkn|u - The Open Security Community
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructurevimal kumar
 
Data Encryption Standard
Data Encryption StandardData Encryption Standard
Data Encryption StandardAdri Jovin
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Hardik Manocha
 
Endpoint Security Solutions
Endpoint Security SolutionsEndpoint Security Solutions
Endpoint Security SolutionsThe TNS Group
 
Side channel attacks
Side channel attacksSide channel attacks
Side channel attacksStefan Fodor
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wiresharkn|u - The Open Security Community
 
Mifare Desfire Technology
Mifare Desfire TechnologyMifare Desfire Technology
Mifare Desfire TechnologyZahiruddin Babar Malik
 
Mifare classic-slides
Mifare classic-slidesMifare classic-slides
Mifare classic-slidesOWASP (Open Web Application Security Project)
 

Más contenido relacionado

La actualidad más candente

Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle AttackDeepak Upadhyay
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceAndreas Sfakianakis
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptxAmbuj Kumar
 
Cryptography
CryptographyCryptography
CryptographyAnandKaGe
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
FireEye Advanced Threat Protection - What You Need to Know
FireEye Advanced Threat Protection - What You Need to KnowFireEye Advanced Threat Protection - What You Need to Know
FireEye Advanced Threat Protection - What You Need to KnowFireEye, Inc.
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructurevimal kumar
 
Data Encryption Standard
Data Encryption StandardData Encryption Standard
Data Encryption StandardAdri Jovin
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Hardik Manocha
 
Endpoint Security Solutions
Endpoint Security SolutionsEndpoint Security Solutions
Endpoint Security SolutionsThe TNS Group
 
Side channel attacks
Side channel attacksSide channel attacks
Side channel attacksStefan Fodor
 

La actualidad más candente (20)

Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle Attack
 
Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthCyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in Depth
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat Intelligence
 
mobile forensic.pptx
mobile forensic.pptxmobile forensic.pptx
mobile forensic.pptx
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensics
 
Cryptography
CryptographyCryptography
Cryptography
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
 
Cryptography
CryptographyCryptography
Cryptography
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
FireEye Advanced Threat Protection - What You Need to Know
FireEye Advanced Threat Protection - What You Need to KnowFireEye Advanced Threat Protection - What You Need to Know
FireEye Advanced Threat Protection - What You Need to Know
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructure
 
Data Encryption Standard
Data Encryption StandardData Encryption Standard
Data Encryption Standard
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES)
 
Endpoint Security Solutions
Endpoint Security SolutionsEndpoint Security Solutions
Endpoint Security Solutions
 
Side channel attacks
Side channel attacksSide channel attacks
Side channel attacks
 
Network Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using WiresharkNetwork Forensics: Packet Analysis Using Wireshark
Network Forensics: Packet Analysis Using Wireshark
 

Destacado

Hacking Smartcards & RFID
Hacking Smartcards & RFIDHacking Smartcards & RFID
Hacking Smartcards & RFIDDevnology
 
ACR128 product presentation by Advanced Card Systems Ltd.
ACR128 product presentation by Advanced Card Systems Ltd.ACR128 product presentation by Advanced Card Systems Ltd.
ACR128 product presentation by Advanced Card Systems Ltd.Advanced Card Systems Ltd.
 
NXP MIFARE Webinar: Innovation Road Map: Present Improved- Future Inside
NXP MIFARE Webinar: Innovation Road Map: Present Improved- Future Inside NXP MIFARE Webinar: Innovation Road Map: Present Improved- Future Inside
NXP MIFARE Webinar: Innovation Road Map: Present Improved- Future Inside NXP MIFARE Team
 
NFC & RFID on Android
NFC & RFID on AndroidNFC & RFID on Android
NFC & RFID on Androidtodbotdotcom
 
NXP MIFARE Webinar: Added Value To Card Based Environments Through NFC And Cloud
NXP MIFARE Webinar: Added Value To Card Based Environments Through NFC And CloudNXP MIFARE Webinar: Added Value To Card Based Environments Through NFC And Cloud
NXP MIFARE Webinar: Added Value To Card Based Environments Through NFC And CloudNXP MIFARE Team
 
Near Field Communication on iPhone with iCarte
Near Field Communication on iPhone with iCarteNear Field Communication on iPhone with iCarte
Near Field Communication on iPhone with iCarteAndrew Roughan
 
ACR122L VisualVantage Serial NFC Reader with LCD
ACR122L VisualVantage Serial NFC Reader with LCDACR122L VisualVantage Serial NFC Reader with LCD
ACR122L VisualVantage Serial NFC Reader with LCDAdvanced Card Systems Ltd.
 
Beyond cards, phones and terminals: New payment form factors
Beyond cards, phones and terminals: New payment form factorsBeyond cards, phones and terminals: New payment form factors
Beyond cards, phones and terminals: New payment form factorsNXPSemiconductors
 
Contactless & NFC Ecosystem in Turkey & Yapi Kredi Products/Perspective
Contactless & NFC Ecosystem in Turkey & Yapi Kredi Products/PerspectiveContactless & NFC Ecosystem in Turkey & Yapi Kredi Products/Perspective
Contactless & NFC Ecosystem in Turkey & Yapi Kredi Products/PerspectiveBurak Ilgıcıoğlu
 
Mobile-based NFC fare collection
Mobile-based NFC fare collectionMobile-based NFC fare collection
Mobile-based NFC fare collectionnnaveiras
 
SmartWorld Portfolio
SmartWorld PortfolioSmartWorld Portfolio
SmartWorld PortfolioSmart World
 
DC4420 2014 - NFC - The Non-Radio Bits
DC4420 2014 - NFC - The Non-Radio BitsDC4420 2014 - NFC - The Non-Radio Bits
DC4420 2014 - NFC - The Non-Radio BitsTom Keetch
 
NXP MIFARE Webinar: Enhanced User Experience Through Active Application Manag...
NXP MIFARE Webinar: Enhanced User Experience Through Active Application Manag...NXP MIFARE Webinar: Enhanced User Experience Through Active Application Manag...
NXP MIFARE Webinar: Enhanced User Experience Through Active Application Manag...NXP MIFARE Team
 
Ask Contactless Terminals
Ask Contactless TerminalsAsk Contactless Terminals
Ask Contactless Terminalsclaren65
 

Destacado (20)

Mifare Desfire Technology
Mifare Desfire TechnologyMifare Desfire Technology
Mifare Desfire Technology
 
Mifare classic-slides
Mifare classic-slidesMifare classic-slides
Mifare classic-slides
 
Mifare cards
Mifare cardsMifare cards
Mifare cards
 
Hacking Smartcards & RFID
Hacking Smartcards & RFIDHacking Smartcards & RFID
Hacking Smartcards & RFID
 
ACR128 product presentation by Advanced Card Systems Ltd.
ACR128 product presentation by Advanced Card Systems Ltd.ACR128 product presentation by Advanced Card Systems Ltd.
ACR128 product presentation by Advanced Card Systems Ltd.
 
NXP MIFARE Webinar: Innovation Road Map: Present Improved- Future Inside
NXP MIFARE Webinar: Innovation Road Map: Present Improved- Future Inside NXP MIFARE Webinar: Innovation Road Map: Present Improved- Future Inside
NXP MIFARE Webinar: Innovation Road Map: Present Improved- Future Inside
 
NFC & RFID on Android
NFC & RFID on AndroidNFC & RFID on Android
NFC & RFID on Android
 
NXP MIFARE Webinar: Added Value To Card Based Environments Through NFC And Cloud
NXP MIFARE Webinar: Added Value To Card Based Environments Through NFC And CloudNXP MIFARE Webinar: Added Value To Card Based Environments Through NFC And Cloud
NXP MIFARE Webinar: Added Value To Card Based Environments Through NFC And Cloud
 
Near Field Communication on iPhone with iCarte
Near Field Communication on iPhone with iCarteNear Field Communication on iPhone with iCarte
Near Field Communication on iPhone with iCarte
 
Nfc developers nokia mit event 12 13 10
Nfc developers nokia mit event 12 13 10Nfc developers nokia mit event 12 13 10
Nfc developers nokia mit event 12 13 10
 
ACR122L VisualVantage Serial NFC Reader with LCD
ACR122L VisualVantage Serial NFC Reader with LCDACR122L VisualVantage Serial NFC Reader with LCD
ACR122L VisualVantage Serial NFC Reader with LCD
 
Beyond cards, phones and terminals: New payment form factors
Beyond cards, phones and terminals: New payment form factorsBeyond cards, phones and terminals: New payment form factors
Beyond cards, phones and terminals: New payment form factors
 
Contactless & NFC Ecosystem in Turkey & Yapi Kredi Products/Perspective
Contactless & NFC Ecosystem in Turkey & Yapi Kredi Products/PerspectiveContactless & NFC Ecosystem in Turkey & Yapi Kredi Products/Perspective
Contactless & NFC Ecosystem in Turkey & Yapi Kredi Products/Perspective
 
Mobile-based NFC fare collection
Mobile-based NFC fare collectionMobile-based NFC fare collection
Mobile-based NFC fare collection
 
SmartWorld Portfolio
SmartWorld PortfolioSmartWorld Portfolio
SmartWorld Portfolio
 
DC4420 2014 - NFC - The Non-Radio Bits
DC4420 2014 - NFC - The Non-Radio BitsDC4420 2014 - NFC - The Non-Radio Bits
DC4420 2014 - NFC - The Non-Radio Bits
 
ReiterNokia
ReiterNokiaReiterNokia
ReiterNokia
 
NXP MIFARE Webinar: Enhanced User Experience Through Active Application Manag...
NXP MIFARE Webinar: Enhanced User Experience Through Active Application Manag...NXP MIFARE Webinar: Enhanced User Experience Through Active Application Manag...
NXP MIFARE Webinar: Enhanced User Experience Through Active Application Manag...
 
Ask Contactless Terminals
Ask Contactless TerminalsAsk Contactless Terminals
Ask Contactless Terminals
 
Civintec introduction 2015
Civintec introduction 2015Civintec introduction 2015
Civintec introduction 2015
 

Similar a OpenCard hack (projekt chameleon)

18-steganography.ppt
18-steganography.ppt18-steganography.ppt
18-steganography.pptRakesh Kumar
 
Security Systems for Digital Data - Paper
Security Systems for Digital Data - PaperSecurity Systems for Digital Data - Paper
Security Systems for Digital Data - PaperBernhard Hofer
 
Security Systems for Digital Data
Security Systems for Digital DataSecurity Systems for Digital Data
Security Systems for Digital DataBernhard Hofer
 
Meetup -- RFID
Meetup -- RFIDMeetup -- RFID
Meetup -- RFIDKevin2600
 
CRYPTOLOGY AND INFORMATION SECURITY - PAST, PRESENT, AND FUTURE ROLE IN SOCIETY
CRYPTOLOGY AND INFORMATION SECURITY - PAST, PRESENT, AND FUTURE ROLE IN SOCIETYCRYPTOLOGY AND INFORMATION SECURITY - PAST, PRESENT, AND FUTURE ROLE IN SOCIETY
CRYPTOLOGY AND INFORMATION SECURITY - PAST, PRESENT, AND FUTURE ROLE IN SOCIETYijcisjournal
 
Advanced cryptography and implementation
Advanced cryptography and implementationAdvanced cryptography and implementation
Advanced cryptography and implementationAkash Jadhav
 
Rothke Info Security Canada 2007 Final
Rothke Info Security Canada 2007 FinalRothke Info Security Canada 2007 Final
Rothke Info Security Canada 2007 FinalBen Rothke
 
A 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFCA 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFCSlawomir Jasek
 
CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)
CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)
CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)PROIDEA
 
A 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFCA 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFCSecuRing
 
Steganography (Distributed computing)
Steganography (Distributed computing)Steganography (Distributed computing)
Steganography (Distributed computing)Sri Prasanna
 
A Brief History of Cryptographic Failures - Mork
A Brief History of Cryptographic Failures - MorkA Brief History of Cryptographic Failures - Mork
A Brief History of Cryptographic Failures - MorkNothing Nowhere
 
A Brief History of Cryptographic Failures
A Brief History of Cryptographic FailuresA Brief History of Cryptographic Failures
A Brief History of Cryptographic FailuresNothing Nowhere
 
RFID Privacy & Security Issues
RFID Privacy & Security IssuesRFID Privacy & Security Issues
RFID Privacy & Security IssuesBrent Muir
 
Advanced Encryption on the JVM v0.2.8
Advanced Encryption on the JVM v0.2.8Advanced Encryption on the JVM v0.2.8
Advanced Encryption on the JVM v0.2.8Matthew McCullough
 
5 Cryptography Part1
5 Cryptography Part15 Cryptography Part1
5 Cryptography Part1Alfred Ouyang
 
RFID Protocols and Privacy Models for RFID
RFID Protocols and Privacy Models for RFIDRFID Protocols and Privacy Models for RFID
RFID Protocols and Privacy Models for RFIDFaisal Razzak
 
This paper is included in the Proceedings of the 12th USENI.docx
This paper is included in the Proceedings of the 12th USENI.docxThis paper is included in the Proceedings of the 12th USENI.docx
This paper is included in the Proceedings of the 12th USENI.docxherthalearmont
 
SteganographySecond
SteganographySecondSteganographySecond
SteganographySecondKiakaha17
 

Similar a OpenCard hack (projekt chameleon) (20)

18-steganography.ppt
18-steganography.ppt18-steganography.ppt
18-steganography.ppt
 
Steganography
SteganographySteganography
Steganography
 
Security Systems for Digital Data - Paper
Security Systems for Digital Data - PaperSecurity Systems for Digital Data - Paper
Security Systems for Digital Data - Paper
 
Security Systems for Digital Data
Security Systems for Digital DataSecurity Systems for Digital Data
Security Systems for Digital Data
 
Meetup -- RFID
Meetup -- RFIDMeetup -- RFID
Meetup -- RFID
 
CRYPTOLOGY AND INFORMATION SECURITY - PAST, PRESENT, AND FUTURE ROLE IN SOCIETY
CRYPTOLOGY AND INFORMATION SECURITY - PAST, PRESENT, AND FUTURE ROLE IN SOCIETYCRYPTOLOGY AND INFORMATION SECURITY - PAST, PRESENT, AND FUTURE ROLE IN SOCIETY
CRYPTOLOGY AND INFORMATION SECURITY - PAST, PRESENT, AND FUTURE ROLE IN SOCIETY
 
Advanced cryptography and implementation
Advanced cryptography and implementationAdvanced cryptography and implementation
Advanced cryptography and implementation
 
Rothke Info Security Canada 2007 Final
Rothke Info Security Canada 2007 FinalRothke Info Security Canada 2007 Final
Rothke Info Security Canada 2007 Final
 
A 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFCA 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFC
 
CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)
CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)
CONFidence 2018: A 2018 practical guide to hacking RFID/NFC (Sławomir Jasek)
 
A 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFCA 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFC
 
Steganography (Distributed computing)
Steganography (Distributed computing)Steganography (Distributed computing)
Steganography (Distributed computing)
 
A Brief History of Cryptographic Failures - Mork
A Brief History of Cryptographic Failures - MorkA Brief History of Cryptographic Failures - Mork
A Brief History of Cryptographic Failures - Mork
 
A Brief History of Cryptographic Failures
A Brief History of Cryptographic FailuresA Brief History of Cryptographic Failures
A Brief History of Cryptographic Failures
 
RFID Privacy & Security Issues
RFID Privacy & Security IssuesRFID Privacy & Security Issues
RFID Privacy & Security Issues
 
Advanced Encryption on the JVM v0.2.8
Advanced Encryption on the JVM v0.2.8Advanced Encryption on the JVM v0.2.8
Advanced Encryption on the JVM v0.2.8
 
5 Cryptography Part1
5 Cryptography Part15 Cryptography Part1
5 Cryptography Part1
 
RFID Protocols and Privacy Models for RFID
RFID Protocols and Privacy Models for RFIDRFID Protocols and Privacy Models for RFID
RFID Protocols and Privacy Models for RFID
 
This paper is included in the Proceedings of the 12th USENI.docx
This paper is included in the Proceedings of the 12th USENI.docxThis paper is included in the Proceedings of the 12th USENI.docx
This paper is included in the Proceedings of the 12th USENI.docx
 
SteganographySecond
SteganographySecondSteganographySecond
SteganographySecond
 

Último

Mckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for ViewingMckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for ViewingNauman Safdar
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...daisycvs
 
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All TimeCall 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Timegargpaaro
 
Power point presentation on enterprise performance management
Power point presentation on enterprise performance managementPower point presentation on enterprise performance management
Power point presentation on enterprise performance managementVaishnaviGunji
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with CultureSeta Wicaksana
 
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...ssuserf63bd7
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwaitdaisycvs
 
Falcon Invoice Discounting: Aviate Your Cash Flow Challenges
Falcon Invoice Discounting: Aviate Your Cash Flow ChallengesFalcon Invoice Discounting: Aviate Your Cash Flow Challenges
Falcon Invoice Discounting: Aviate Your Cash Flow Challengeshemanthkumar470700
 
Buy Verified TransferWise Accounts From Seosmmearth
Buy Verified TransferWise Accounts From SeosmmearthBuy Verified TransferWise Accounts From Seosmmearth
Buy Verified TransferWise Accounts From SeosmmearthBuy Verified Binance Account
 
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in OmanMifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Omaninstagramfab782445
 
PHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPanhandleOilandGas
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxCynthia Clay
 
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGpr788182
 
TVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdf
TVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdfTVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdf
TVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdfbelieveminhh
 
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...NadhimTaha
 
Rice Manufacturers in India | Shree Krishna Exports
Rice Manufacturers in India | Shree Krishna ExportsRice Manufacturers in India | Shree Krishna Exports
Rice Manufacturers in India | Shree Krishna ExportsShree Krishna Exports
 
Falcon Invoice Discounting: Tailored Financial Wings
Falcon Invoice Discounting: Tailored Financial WingsFalcon Invoice Discounting: Tailored Financial Wings
Falcon Invoice Discounting: Tailored Financial WingsFalcon Invoice Discounting
 
Falcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon investment
 

Último (20)

Mckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for ViewingMckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for Viewing
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All TimeCall 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
 
Power point presentation on enterprise performance management
Power point presentation on enterprise performance managementPower point presentation on enterprise performance management
Power point presentation on enterprise performance management
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
 
Falcon Invoice Discounting: Aviate Your Cash Flow Challenges
Falcon Invoice Discounting: Aviate Your Cash Flow ChallengesFalcon Invoice Discounting: Aviate Your Cash Flow Challenges
Falcon Invoice Discounting: Aviate Your Cash Flow Challenges
 
Buy Verified TransferWise Accounts From Seosmmearth
Buy Verified TransferWise Accounts From SeosmmearthBuy Verified TransferWise Accounts From Seosmmearth
Buy Verified TransferWise Accounts From Seosmmearth
 
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in OmanMifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
PHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation Final
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
 
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
TVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdf
TVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdfTVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdf
TVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdf
 
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
 
!~+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUD...
!~+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUD...!~+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUD...
!~+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUD...
 
Rice Manufacturers in India | Shree Krishna Exports
Rice Manufacturers in India | Shree Krishna ExportsRice Manufacturers in India | Shree Krishna Exports
Rice Manufacturers in India | Shree Krishna Exports
 
Falcon Invoice Discounting: Tailored Financial Wings
Falcon Invoice Discounting: Tailored Financial WingsFalcon Invoice Discounting: Tailored Financial Wings
Falcon Invoice Discounting: Tailored Financial Wings
 
Falcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business Potential
 

OpenCard hack (projekt chameleon)

  • 1. Cloning Cryptographic RFID Cards for 25$ November 29-30, WISSec 2010 Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Department of Electrical Engineering and Information Technology Chair for Embedded Security
  • 2. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Agenda  Motivation  RFID Basics Mifare Classic Mifare DESFire (EV1)  Real-World Attacks  Conclusion Timo Kasper, WISSec 2010 | November 29-30, 2010 2
  • 3. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Contactless Smartcards  use RFID (Radio Frequency Identification) technology  ISO 14443 A/B very popular: sufficient computational power for cryptography  large scale applications: – Access control systems – Electronic passports – Payment systems – Public transport ticketing Timo Kasper, WISSec 2010 | November 29-30, 2010 3
  • 4. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Why Emulate Contactless Smartcards ?  cards used or applications are often insecure (e.g. no crypto / based on ID number only)  penetration-testing of real-world systems  emulating cards promises high profits for fraudsters  estimate the real cost / risks  goals: – card content and behavior freely programmable (e.g. arbitrary ID instead of fixed ID) – assistance in analyzing unknown protocols – support the relevant cryptographic primitives Timo Kasper, WISSec 2010 | November 29-30, 2010 4
  • 5. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Popular (ISO 14443) Contactless Smartcards  Mifare Classic – Crypto1 stream cipher – Very cheap, regarded completely broken  Mifare DESFire – DES and 3DES – More expensive, side-channel attacks possible  Mifare DESFire EV1 – AES-128 (and DES, 3DES) Timo Kasper, WISSec 2010 | November 29-30, 2010 5
  • 6. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Agenda  Motivation  RFID Basics Mifare Classic Mifare DESFire (EV1)  Chameleon  Real-World Attacks  Conclusion Timo Kasper, WISSec 2010 | November 29-30, 2010 6
  • 7. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar RFID Communication (ISO 14443) • reader generates field with 13.56 MHz carrier frequency • supplies tag with clock and energy via inductive coupling • reader transmits data by short pauses in the field (pulsed Miller code) • tag answers employing load modulation (Manchester code) • operating range: 8…15 cm, data rate 106…847 kBit/s 10
  • 8. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Mifare Classic Timo Kasper, WISSec 2010 | November 29-30, 2010 11
  • 9. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Mifare Classic (1K / 4K) • over 1 billion cards and 7 million readers sold • authentication / data encryption with CRYPTO1 stream cipher • each card contains a read-only Unique Identifier (UID) (4 byte) • each sector can be secured: two cryptographic keys A and B UID Key A, sector 0 Key B, sector 0 Key A, sector 15 Key B, sector 15 12
  • 10. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Mifare Classic Authentication Protocol 1. 2. 3. 4. 1. Authentication request 3. Encrypted challenge (Reader → Card) || answer 2. Challenge (Card → Reader) 4. Encrypted answer Timo Kasper, WISSec 2010 | November 29-30, 2010 13
  • 11. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Security of Mifare Classic  … by obscurity  cipher and PRNG reverse-engineered in 2007  many attack vectors (weak PRNG, mathematical weaknesses in LFSR, parity bit attack)  card-only attacks: reveal all secret keys and memory content in minutes  Considered completely broken Timo Kasper, WISSec 2010 | November 29-30, 2010 14
  • 12. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Mifare DESFire / Mifare DESFire EV1 Timo Kasper, WISSec 2010 | November 29-30, 2010 15
  • 13. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Mifare DESFire / Mifare DESFire EV1  7-byte read-only UID  communication can be secured by – appended message authentication code (MAC) – full data encryption  DES, 3DES and AES-128 (EV1) encryption ! Side-channel attacks ! Timo Kasper, WISSec 2010 | November 29-30, 2010 16
  • 14. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Mifare DESFire Authentication Protocol  mutual authentication protocol, previously published  cards only perform (3)DES encryptions EncK(∙)  readers only perform (3)DES decryptions DecK(∙) Timo Kasper, WISSec 2010 | November 29-30, 2010 17
  • 15. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Mifare DESFire Authentication Protocol 1. 1. Authentication request 2. 2. Encrypted nonce 3. Encrypted rotated 3. answer and nonce 4. 4. Verify answer 5. Encrypted rotated answer 5. 6. 6. Verify Answer Timo Kasper, WISSec 2010 | November 29-30, 2010 18
  • 16. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Mifare DESFire EV1 Authentication Protocol  reverse-engineered from genuine communications  similar to DESFire  differences: – nonces are extended to 128 bit – AES en-/decryptions are used in common sense – CBC-mode chains all en-/decryptions even though they operate on different cryptograms – second rotation is in the opposite direction Timo Kasper, WISSec 2010 | November 29-30, 2010 19
  • 17. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Mifare DESFire EV1 Authentication Protocol 1. 1. Extended nonces 2. En-/Decryption is used in 2. common sense / Chained CBC (nR XOR b0) 3. 3. Rotation is changed to the opposite direction Timo Kasper, WISSec 2010 | November 29-30, 2010 20
  • 18. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Agenda  Motivation  RFID Basics Mifare Classic Mifare DESFire (EV1)  Real-World Attacks  Conclusion Timo Kasper, WISSec 2010 | November 29-30, 2010 21
  • 19. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Introducing:  Emulate contactless smartcards (ISO 14443)  Freely programmable, low-cost (less than $25)  Small, operates autonomously without a PC  EEPROM  store bit streams for offline analysis Timo Kasper, WISSec 2010 | November 29-30, 2010 22
  • 20. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar – Operating Principle 23
  • 21. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar – Operating Principle 23
  • 22. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar – the Reality… Analog Circuitry ATxmega (5€) ( approx. 5€ ) Antenna on PCB FTDI USB (4€) Timo Kasper, WISSec 2010 | November 29-30, 2010 24
  • 23. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Hardware  off-the-shelf components  Atmel ATxmega192A3 8-Bit microcontroller – 192kB Flash, 16kB SRAM, 4kB EEPROM – Clocked at 27.12MHz (2 x 13.56 MHz) – DES and AES-128 hardware accelerators  FTDI FT245RL enables USB communication  powered via USB or battery  card-sized antenna (fits into slots of most readers) Timo Kasper, WISSec 2010 | November 29-30, 2010 25
  • 24. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Software (so far…)  full emulation of Mifare Classic cards – UID can be freely chosen – memory content and keys can be set arbitrarily  authentication mechanisms of Mifare DESFire & EV1 – UID can be freely chosen – secret keys can be set arbitrarily Timo Kasper, WISSec 2010 | November 29-30, 2010 26
  • 25. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Difficulties  strict timing requirements of ISO 14443: – bit grid depending on the last bit sent by reader – answer max. 4.8ms after request of the reader  Crypto1 is computationally intensive on µC: – using an open C-library for Crypto1 results in inefficient code for 8-bit microcontrollers Timo Kasper, WISSec 2010 | November 29-30, 2010 27
  • 26. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Straightforward CRYPTO1 Implementation • platform: 8-Bit microcontroller, ATMega32 • clock frequency: 13.56 MHz • encrypting one block (18 bytes) takes > 11 ms  too slow 28
  • 27. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Crypto1 Optimizations  crypto1 implementation from scratch in assembly  replace filter functions with look-up tables – size: 112 byte, negligible compared to 192kB Flash  random value for nC is generated before authentication – aR and aC can be precomputed – precomputing key stream bits not possible: sector key and reader nonce unknown a priori Timo Kasper, WISSec 2010 | November 29-30, 2010 29
  • 28. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar DESFire / DESFire EV1 Implementations  Straightforward on ATxmega – 3DES in CBC mode – AES-128 in “chained” CBC mode  3DES: three times faster than original card – 219µs vs. 690µs for calculation of b3  AES-128: five times faster than original card – 438µs vs. 2.2ms for calculation of b3 Timo Kasper, WISSec 2010 | November 29-30, 2010 30
  • 29. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Agenda  Motivation  RFID Basics Mifare Classic Mifare DESFire (EV1)  Real-World Attacks  Conclusion Timo Kasper, WISSec 2010 | November 29-30, 2010 31
  • 30. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Case Study: ID Card Contactless Payment System • contactless employee ID card, more than 1 million users • payments (max. 150 €), access control, … • Mifare Classic 1K chip stores card number & credit amount • ID cards have identical secret keys. 32
  • 31. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Attacking a Contactless Payment System  Step 1: read out s.o. else’s (or your own…) card  Step 2: emulates an exact clone including the UID → Fraud not detected  Credit gone? Step 3: Press state restoration button to restore the previous credit from EEPROM, goto Step 2  new operating mode: generate a random credit balance and new card number on each payment  cannot be blacklisted and blocked in the back-end Timo Kasper, WISSec 2010 | November 29-30, 2010 33
  • 32. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Case Study 2: Widespread Access Control System  Mifare Classic 1K cards unlock doors and elevators  secret keys are default (0xA0A1A2A3A4A5)  penetration-test with – identification by UID and 1st block of 1st sector – access permissions checked in the back-end 1. read UID from authorized card 2. set this UID in  OPEN SESAME! Timo Kasper, WISSec 2010 | November 29-30, 2010 34
  • 33. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Access Control System in Idle Mode Timo Kasper, WISSec 2010 | November 29-30, 2010 35
  • 34. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Clone on a Blank Card Fails Timo Kasper, WISSec 2010 | November 29-30, 2010 36
  • 35. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Succeeds Timo Kasper, WISSec 2010 | November 29-30, 2010 37
  • 36. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Timo Kasper, WISSec 2010 | November 29-30, 2010 38
  • 37. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Agenda  Motivation  RFID Basics Mifare Classic Mifare DESFire (EV1)  Real-World Attacks  Conclusion Timo Kasper, WISSec 2010 | November 29-30, 2010 39
  • 38. Cloning Cryptographic RFID Cards for 25$ Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar Conclusion cost-efficient ( < 25 $) freely programmable emulator for contactless smartcards  optimized Crypto1 implementation: Full Mifare Classic emulation successful in various real-world systems  (3)DES, AES support tested with emulation of Mifare DESFire (incl. EV1) authentication  valuable tool for penetration-testing of RFID systems  cost for attacks often overestimated Timo Kasper, WISSec 2010 | November 29-30, 2010 40
  • 39. Thanks! Any questions? Chair for Embedded Security (EMSEC) Department of Electrical Engineering and Information Technology {timo.kasper, ingo.vonmaurich, david.oswald, christof.paar}@rub.de