bachelor

Recommendations

Info

6 On Rejsekortet 1.2.3 Mifare Mifare is a family of ticketing systems made by NXP Semiconductors. The system implemented by Rejsekortet is called Mifare Classic, and it is widely used worldwide for physical access control and ticketing systems, e.g. the Oyster card in the English subway and the student card at the IT University of Copenhagen for door access. With over one billion smart cards sold Mifare is the most widely deployed physical access control system worldwide 6 . It is used not only for trains, metros and buses, but also for door and port access. 1.2.3.1 The hardware Mifare hardware exists in many flavours, such as wrist bands, number signs for the backs of race runners, wrist watches, cellphones, and of course cards. Some of this hardware support the Mifare Classic protocol, but for this project we are only concerned with the subset of Mifare products that is the Mifare Classic cards. 1.2.3.2 Sectors and blocks Mifare Classic cards come in two variants, 1K and 4K, having an EEPROM memory of 1024 bytes or 4096 bytes, respectively. The memory is laid out as seen on Figure 1.1. • 1K and 4K cards have the same first 1024 bytes: 16 sectors, each consisting of 4 blocks. One block can hold 16 bytes. • 4K cards have 12 additional larger sectors, each consisting of 16 blocks. The blocks are of the same size, so these larger sectors can carry 16 · 16 = 256 bytes. The last block in a sector always holds key and access control information used by the authentication procedure to determine exactly how data can be read or modified. The data structure holds: • Key A: 6 bytes. The primary key for the sector. This key can never be read out from hardware, but grants complete access to the sector if a user has it. 6 http://www.mifare.net/, see “The success of MIFARE”
1.2 Technology and card layout 7 Figure 1.1: The Mifare memory layout. Figure by de Koning Gans et. al, used with permission. • Access control: 3 bytes. These bits define the access conditions for the sector. See 1.2.3.3 for a list of functions these bytes govern access to. • An unused byte. • Key B: 6 bytes. This is the secondary key. It can have access control separate to key A, The first block of the first sector of every Mifare card is a little special; it is burned into the card and cannot be changed, ever. It contains the manufacturer data of the card, including the cards unique ID. For this reason sector 0 only has only two writable blocks instead of three, see Figure 1.1. 1.2.3.3 Challenge/response Mifare implements a challenge/response protocol that must be satisfied before a terminal can log in to a card. The protocol is described in [3], and can be described in plain text as seen in Figure 1.2. After authenticating to the sector, the card provides the following actions, for some given block in the sector:
Page 1 and 2: Cryptanalysis of Rejsekortet Jens C
Page 3: 3 Abstract. This bachelor thesis an
Page 7: Resumé Denne bachelorafhandling er
Page 10 and 11: vi Glossary Rejsekort(et) Danish fo
Page 12 and 13: viii
Page 14 and 15: x CONTENTS 4.3 Other improvements .
Page 16 and 17: 2 On Rejsekortet Disclaimer: This r
Page 18 and 19: 4 On Rejsekortet are even capable o
Page 22 and 23: 8 On Rejsekortet 1. Reader sends a
Page 24 and 25: 10 On Rejsekortet Time of transacti
Page 26 and 27: 12 On Rejsekortet Figure 1.3: The C
Page 28 and 29: 14 On Rejsekortet 1.3.2.1 CBC-MAC C
Page 30 and 31: 16 On Rejsekortet
Page 32 and 33: 18 Security analysis and threat mod
Page 38 and 39: 24 Attacks on Rejsekortet 3.1 Rollb
Page 40 and 41: 26 Attacks on Rejsekortet 3.2 Attac
Page 42 and 43: 28 Attacks on Rejsekortet and cumbe
Page 44 and 45: 30 Attacks on Rejsekortet hash valu
Page 46 and 47: 32 Attacks on Rejsekortet 3.2.4 Int
Page 48 and 49: 34 Attacks on Rejsekortet 3.2.5 App
Page 50 and 51: 36 Attacks on Rejsekortet 3.2.6.2 T
Page 52 and 53: 38 Attacks on Rejsekortet Language
Page 54 and 55: 40 Attacks on Rejsekortet It is not
Page 56 and 57: 42 Attacks on Rejsekortet specifica
Page 58 and 59: 44 Attacks on Rejsekortet might pro
Page 60 and 61: 46 Attacks on Rejsekortet that the
Page 62 and 63: 48 Attacks on Rejsekortet
Page 64 and 65: 50 Improvements 4.1.1 New MAC algor
Page 66 and 67: 52 Improvements functions tend to b
Page 68 and 69: 54 Improvements
Page 70 and 71:
56 Conclusion of the pre-computatio
Page 72 and 73:
58 Related research Sector 04 - UNK
Page 74 and 75:
60 Mail correspondence enquire abou
Page 76 and 77:
62 Mail correspondence * Kodningspr
Page 78 and 79:
64 Mail correspondence Som ingeniø
Page 80:
66 BIBLIOGRAPHY [9] Philippe Oechsl
show all

bachelor

Create successful ePaper yourself

Delete template?

Save as template?