bachelor

Recommendations

Info

10 On Rejsekortet Time of transaction breakdown Writing of data Writing of TCAS1 Writing of TCAS2 No breakdown Consequences The transaction is not completed. Next transaction will use TCAS1. The transaction not completed. By the start of the next transaction TCAS1 will be inconsistent, i.e. TCAS2 is used. The transaction is completed. By the start of the next transaction TCAS2 will be inconsistent, i.e. TCAS1 is used. The transaction is completed. Next transaction will use TCAS1, which is identical to TCAS2. One application type, however, does not have redundancy. This type is only used by the “customer profile” field, which in turn is only alterable in the topup-terminals. These terminals require the user to put the card into a slot which drastically reduces the risk of transmission errors, which might be the reason for saving the redundancy space for something else. 1.2.3.5 Transaction numbers RKF-0022 also talks about various kinds of transaction IDs. Some are internal to the system, some are internal to the card. All in all there are four different kinds of transaction numbers, stored in different areas of the card (parts quoted from RKF-0022): • Card transaction number: Identifies complete transactions. The transaction number is local to each travel card. • Device transaction number: Identifies transactions completed by a front system. The transaction number is local to each front system device. • Purse transaction number: Identifies purse transactions. The transaction number is local to each purse object (which can be assumed to be one per card.) • Ticket/contract transaction number: Identifies ticket/contract transactions. The transaction number is local to each travel card ticket and
1.3 Grades of security 11 contract object, respectively (which can also be assumed to be one per card.) These values are probably available to the back-office system. known that the card transaction number is, see page 52 in [6]. At least it is 1.3 Grades of security One argument used in the defense of Rejsekortet has been that it implements several layers of security, and that if one of the layers are broken the other ones will act redundantly. The layers implemented are the Mifare proprietary crypto, DES-MAC checksums for the important blocks on the card, and finally a nightly inspection of the database to determine if users have tried to fool the system in some way. 1.3.1 Mifare / Crypto-1 Mifare implements a proprietary cryptosystem, Crypto-1, to protect the contents of the card. The cipher has been proved to be rather weak, and recent attacks allow an adversary to decrypt and dump the contents of the card in minutes, see 1.3.1.1. Crypto-1 is a stream cipher with a key size of 48 bits, but further description is not in the scope of this thesis. A more detailed description of the cryptosystem can be found in [2]. 1.3.1.1 Mifare insecurities Because of the market penetration of Mifare it is a very attractive target for cryptographic attacks. Mifare implements a proprietary cryptosystem called Crypto-1, which has been proven insufficient by some recent scientific papers. The most serious attack is presented by Garcia et. al. in a paper called “Wirelessly Pickpocketing a Mifare Classic Card”[3]. The attack is called the Nested Authentication attack, and allows an adversary to recover encryption keys for any sector given the key for just one. This enables an attacker to quickly recover all keys for a card, given just one. In short, the attack works by being able to
Page 1 and 2: Cryptanalysis of Rejsekortet Jens C
Page 3: 3 Abstract. This bachelor thesis an
Page 7: Resumé Denne bachelorafhandling er
Page 10 and 11: vi Glossary Rejsekort(et) Danish fo
Page 12 and 13: viii
Page 14 and 15: x CONTENTS 4.3 Other improvements .
Page 16 and 17: 2 On Rejsekortet Disclaimer: This r
Page 18 and 19: 4 On Rejsekortet are even capable o
Page 20 and 21: 6 On Rejsekortet 1.2.3 Mifare Mifar
Page 22 and 23: 8 On Rejsekortet 1. Reader sends a
Page 26 and 27: 12 On Rejsekortet Figure 1.3: The C
Page 28 and 29: 14 On Rejsekortet 1.3.2.1 CBC-MAC C
Page 30 and 31: 16 On Rejsekortet
Page 32 and 33: 18 Security analysis and threat mod
Page 38 and 39: 24 Attacks on Rejsekortet 3.1 Rollb
Page 40 and 41: 26 Attacks on Rejsekortet 3.2 Attac
Page 42 and 43: 28 Attacks on Rejsekortet and cumbe
Page 44 and 45: 30 Attacks on Rejsekortet hash valu
Page 46 and 47: 32 Attacks on Rejsekortet 3.2.4 Int
Page 48 and 49: 34 Attacks on Rejsekortet 3.2.5 App
Page 50 and 51: 36 Attacks on Rejsekortet 3.2.6.2 T
Page 52 and 53: 38 Attacks on Rejsekortet Language
Page 54 and 55: 40 Attacks on Rejsekortet It is not
Page 56 and 57: 42 Attacks on Rejsekortet specifica
Page 58 and 59: 44 Attacks on Rejsekortet might pro
Page 60 and 61: 46 Attacks on Rejsekortet that the
Page 62 and 63: 48 Attacks on Rejsekortet
Page 64 and 65: 50 Improvements 4.1.1 New MAC algor
Page 66 and 67: 52 Improvements functions tend to b
Page 68 and 69: 54 Improvements
Page 70 and 71: 56 Conclusion of the pre-computatio
Page 72 and 73: 58 Related research Sector 04 - UNK
Page 74 and 75:
60 Mail correspondence enquire abou
Page 76 and 77:
62 Mail correspondence * Kodningspr
Page 78 and 79:
64 Mail correspondence Som ingeniø
Page 80:
66 BIBLIOGRAPHY [9] Philippe Oechsl
show all

bachelor

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?