Scribd Logo
Importer

Bienvenue sur Scribd !

  • Algebraic Attacks 2008

    Transféré par

    Dicky__6161
    60 vues8 pages
    Algebraic Attacks on Mifare crypto-1, London Oyster card, Dutch OV-Chipcard. Mifare used in about 1 billion RFID chips worldwide. Ticketing (e.g. London's underground). Access to high-security buildings Etc. Our fastest attacks use algebraic equations + conversion + SAT solvers.

    Description originale:

    Titre original

    Algebraic attacks 2008

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formats disponibles

    PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    Algebraic Attacks on Mifare crypto-1, London Oyster card, Dutch OV-Chipcard. Mifare used in about 1 billion RFID chips worldwide. Ticketing (e.g. London's underground). Access to high-security buildings Etc. Our fastest attacks use algebraic equations + conversion + SAT solvers.

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    60 vues8 pages

    Algebraic Attacks 2008

    Transféré par

    Dicky__6161
    Algebraic Attacks on Mifare crypto-1, London Oyster card, Dutch OV-Chipcard. Mifare used in about 1 billion RFID chips worldwide. Ticketing (e.g. London's underground). Access to high-security buildings Etc. Our fastest attacks use algebraic equations + conversion + SAT solvers.

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 8

    Algebraic Attacks on MiFare Crypto-1,

    London Oyster Card, Dutch OV-Chipcard


    + Approx. 1 Billion other RFID Chips…


    Algebraic Attacks on Mifare, London Oyster Card, Etc.…

    MiFare Classic Crypto-1


    Stream cipher used in about 1 billion RFID chips
    worldwide.

    • Ticketing
    (e.g. London’s
    Underground).
    • Access to high-security
    buildings

    • Etc.

    2 Courtois, Nohl, O’Neil, April 2008


    Algebraic Attacks on Mifare, London Oyster Card, Etc.…

    Reverse-Engineering [cf. 24C3 Conf.]

    3 Courtois, Nohl, O’Neil, April 2008


    Algebraic Attacks on Mifare, London Oyster Card, Etc.…

    MiFare Crypto-1 Algorithm

    high algebraic
    immunity

    4 Courtois, Nohl, O’Neil, April 2008


    Algebraic Attacks on Mifare, London Oyster Card, Etc.…

    Algebraic Cryptanalysis [Shannon]


    Breaking a « good » cipher should require:

    “as much work as solving a system of


    simultaneous equations in a large number
    of unknowns of a complex type”

    [Shannon, 1949]

    5 Courtois, Nohl, O’Neil, April 2008


    Algebraic Attacks on Mifare, London Oyster Card, Etc.…

    Strong or Weak?
    High Algebraic Immunity.
    • Does NOT help.
    • Many “direct” algebraic attacks exist. We can
    break “any cipher”, if not too complex…

    Our fastest attacks use algebraic equations +


    conversion + SAT solvers
    • [cf. recent attacks on DES and KeeLoq
    by Courtois and Bard 2007-08]

    6 Courtois, Nohl, O’Neil, April 2008


    Algebraic Attacks on Mifare, London Oyster Card, Etc.…

    Exhaustive Search
    • Key = 48 bits.
    • Takes about 4 years
    on 1 CPU @ 1.66 GHz.

    Our Algebraic Attack


    • 12 seconds on the same CPU.
    • Shockingly fast given the fact that 1 Billion of these
    chips are in use.
    See eprint.iacr.org/2008/166/
    7 Courtois, Nohl, O’Neil, April 2008
    Algebraic Attacks on Mifare, London Oyster Card, Etc.…

    There is More
    What about cloning a card with:
    • Passive eavesdropping
    • One single transaction
    • Purely cryptographic attack:
    unlike in other works on MiFare,
    we do NOT use any protocol
    or RNG vulnerability.
    • Very fast, takes minutes

    Preliminary results: this works.


    To be published soon.
    8 Courtois, Nohl, O’Neil, April 2008

    Vous aimerez peut-être aussi