MIFARE.net - Security of MIFARE Classic

Security of MIFARE Classic

Introduction

NXP Semiconductors is aware of the fact that several research groups have retrieved the algorithm and developed attacks to break keys of MIFARE Classic-enabled cards. Amongst others there are the group around Karsten Nohl and Henryk Ploetz, who initially presented the reverse engineering of MIFARE Classic chips in December 2007 at the 24th Chaos Computer Congress in Berlin, the IT security specialists from the Radboud University of Nijmegen as well as Nicolas T. Courtois from the University College London.

The Radboud University Nijmegen has presented a publication during a conference on October 6th, with information on how the protocol and algorithm were reverse engineered and the description of some practical attacks which can be carried out with limited means. Henryk Ploetz and others have also posted documents on the internet containing detailed information which significantly facilitate attacks on cards and infrastructures using MIFARE Classic.
NXP is trying to prevent these publications but due to the nature of internet it is to be expected that such an effort does not meet much success.

System integrators therefore have to reconsider whether they have implemented appropriate security measures for the use of the MIFARE Classic card for applications that need security. In any scheme, it is the overall end-to-end system security that should be taken into account. The security of a system must not be restricted to the individual components. It is also essential to ensure that the individual components are used in the right way to prevent some attacks on the system.

For every application the actual security requirements need to be specified, along with the needed security level for those targets. When the security requirements for the system are known, the actual threats and required countermeasures can be determined.

MIFARE Classic vulnerabilities

One of the protection elements of the MIFARE Classic card has been the confidentiality of its cryptographic algorithm.

If the algorithm were to be known, it can be exploited in an attack with the respective expertise. Researchers of the Radboud University have used knowledge of the algorithm to develop attacks to retrieve the keys and the data that is stored on the MIFARE Classic card. As attack software is now publicly accessible on the internet, we expect that attack equipment will become available soon in order to facilitate a variety of attacks on MIFARE Classic infrastructures.

These attacks would allow that:

Through overhearing successful communications between the reader of an existing infrastructure and a valid card, the data and/or the keys involved in that transaction could be read
While overhearing failed communications between the reader of an existing infrastructure and any card, the key used by the reader during that transaction could be retrieved
These attacks could be carried out in minutes or less and with means involving a laptop and equipment which can be built with limited material cost (100 Euros)
Card only attacks are possible in lab environments and at considerable precalculation time. This is expected to further evolve into an attack that does not need lab conditions and may require less precalculation time.*
One particular card only attack can, with a certain prerequisite on knowledge about the card, retrieve all keys and data from the card in about a second per key using a laptop and limited value equipment. Interaction with the card can be limited to two times less than a second: first to get material for key recovery and then once the keys are retrieved an interaction to retrieve the data.*

Although a residual risk remains, there are techniques and countermeasures to detect cards and data which have been tampered with, some of which are described in the confidential application notes published by NXP. We are happy to provide such application notes to the interested parties (such as system integrators and service operators) under a Non-Disclosure Agreement.

* (The recent vulnerabilities are courtesy to Radboud University Nijmegen, who have given early warning to NXP in order to allow timely communication such that system integrators can take measures).

NXP actions and other main events - a brief summary

December 2007 December 2007

	December 27th
	The first publication of the attacks on the MIFARE Classic card was presented on Dec 27, 2007 at the 24th Chaos Communication Congress in Berlin, Germany.

	December 31st
	First assessment of the claims on the vulnerabilities in MIFARE Classic.

January 2008 January 2008

	January 3rd
	End-customers are informed about the attack.

	January 8th
	First contact with the CCC research group. NXP issues an official statement informing its partners and customers about what happened and NXP’s position. The statement is distributed to system integrators and end customers on request.

	January 10th
	NXP Press release on the security of MIFARE chips in the Netherlands.

	January 11th
	NXP issues a dedicated Q+A document for system integrators. Major transport operators and service providers are approached proactively.

	January 25th
	NXP publishes a positioning paper asking researchers to contact them before making all results known to the public.

	January 25th
	Meeting with CCC research group – establishment of an open dialogue with the researchers, further evaluation of their findings.

	January 28th
	First meeting with Prof. Bart Jacobs of Radboud University in Nijmegen.

February 2008 February 2008

	February 2nd
	NXP updates system integrators and end-customers in a letter about the latest developments.

Throughout February

Extensive technical interaction with large system integrators and service operators around the globe, sharing detailed technical information on countermeasures, through face-to-face visits as well as teleconferences.

NXP provided extensive and transparent information to TNO, Translink and the Dutch authorities for their review of the chip and the end-to-end security system of the Dutch OV-chipcard.

March 2008 March 2008

March 10th

Announcement of the new smart card IC MIFARE Plus offering easy upgrades from MIFARE Classic. MIFARE Plus will be available in samples by the end of 2008.

NXP meeting with Prof Bart Jacobs of University Nijmegen and his team to learn about the attacks that they found.

	March 12th
	Press conference by University Nijmegen demonstrating an attack.

	March 13th
	NXP updates system integrators and end-customers in a letter about the latest developments.

	March 14th
	NXP releases a positioning statement related to the use of MIFARE Classic in access management applications.

April 2008 April 2008

	April 24th
	NXP counters claims that MIFARE Plus is also hacked.

May 2008 May 2008

	May 5th
	NXP updates system integrators and end-customers in a letter about the latest developments.

June 2008 June 2008

	Throughout June
	Distribution of two application notes covering end-to-end system security risk considerations for implementing contactless cards to hundreds of technical specialists from interested parties worldwide. One is for contactless cards in general, while the other is specific for the use of MIFARE Classic.

	June 10th
	NXP issues a detailed FAQ for MIFARE Classic users.

June 18th

NXP is informed by the University Nijmegen that it will send in its article on 7 July (to be published in a conference bundle early October). The article includes sensitive information related to attacks on MIFARE Classic infrastructures. The publication from the Radboud University of Nijmegen would reduce the barrier to carry-out actual attacks. NXP tries to convince the University to be responsible and delay publication, but in vain.

July 2008 July 2008

First half July

NXP is seeking injunction at the court in Arnhem in order to postpone publication of the article of the University Nijmegen, as in spite of our efforts the University would not remove the elements from which illegal activities are facilitated, NXP had no other choice but to seek an injunction by the court in order to defend the interests of NXP customers and allow them reasonable time for appropriate system security upgrades. It must be noted that NXP did not claim a total injunction on entire publication, but is only seeking a postponement of the publication to allow a reasonable timeframe for system integrators and service operators to take the necessary precautions.

	July 11th
	NXP updates system integrators and end-customers in a letter about the latest developments.

	July 18th
	NXP statement on the court decision to allow the publication by Radboud University Nijmegen.

	July 29th
	NXP updates system integrators and end-customers in a letter about the latest developments.

August 2008 August 2008

	Throughout August
	NXP and Radboud University Nijmegen exchange information on and discuss countermeasures against various attacks.

September 2008 September 2008

	September 19th
	NXP updates application notes with attacks and countermeasures

October 2008 October 2008

	October 6th
	Radboud University Nijmegen publishes details of protocol and algorithm of MIFARE Classic as well as some practical attacks on MIFARE Classic infrastructures to a broad public at the European Symposium on Research in Computer Security (ESORICS) in Malaga/Spain. Henryk Ploetz, Chaos Computer Club Berlin, posts on the internet a document containing detailed information on attacks.

	Throughout October
	Subsequently additional attack code has been revealed to the public anonymously on various websites. NXP is trying to prevent these publications but due to the nature of internet it is to be expected that such an effort does not meet much success.

November 2008 November 2008

	November 10th
	NXP updates system integrators and end-customers in a letter about the latest developments.

December 2008 December 2008

	December 5th
	NXP updates application notes with attacks and countermeasures.

	2010-01-26
	NXP MIFARE Plus Scores High in Independent Security Reviews

	2009-11-17
	NXP Plus CPU Chip Helps DAS Fulfill the Upgrading of Its All Access Management Product Lines

	2009-11-16
	NXP Plus CPU Chip Powers Zhoushan Tourist Card

more...

	Nanjing moves to MIFARE DES...
	The citizens of Nanjing, China are no strangers to contactless smart cards: they have been using them since 2001.

	City fans support NFC
	For football fans, the start of a new season brings new hope, new expectations and new anticipation.

	ISIC card brings more benef...
	Students in St Petersburg, Russia, can now use their International Student Identity Card (ISIC) on the city's public transport network.

	The final whistle
	The final whistle of the 2006 FIFA World Cup™ has been blown and Italy went home as champions. With millions of fans descending on Germany to sample the unique atmosphere, the tournament was a huge success.

	Olympics spur China’s RFID ...
	As host nation for the 2008 Olympic Games, China is busy modernizing many of its infrastructure systems. As part of these developments, Beijing saw the full commercial roll-out of RFID ticketing for its transport network.

more...

	A.S.S.I. Srl
Country: (Italy)

	CartechHK Co.,Ltd
Country: (China)

	Tefect Industry Co.,Limited
Country: (China)

	ELID SDN BHD
Country: (Malaysia)

	AST International Ltd.
Country: (China)

	Now 926 partners in database