bachelor
bachelor
bachelor
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
2.2 Attack classes 19<br />
2.2 Attack classes<br />
There are four basic kinds of attacks that can be applied to Rejsekortet, each<br />
representing four different ways of approaching defrauding of the system. They<br />
are as follows:<br />
• Rollback attacks in which the attacker loads back an older state of the<br />
card. This kind of attacks need not much more than the possession of a<br />
card reader to be carried out.<br />
• Attacking the MAC allows forging of valid data to make the system<br />
think it issued it itself. This leads to the attacker being able to add<br />
money, tickets, discount rates, etc. to his/her card. A successful MAC<br />
attack would require the recovery of the key for the DES-MAC used, which<br />
has a complexity of 2 56 .<br />
• Masquerading attacks in which an adversary impersonates another (legitimate)<br />
user of the system.<br />
• Attacks on the infrastructure. These attacks will not be described<br />
in much detail, only possible attack vectors will be set forward. It is<br />
impossible to know how the system works without physical access to the<br />
innards, therefore this kinds of attacks will remain speculative until more<br />
details about the hardware is known.<br />
Another thing that has to be taken into consideration is vandalism. Even though<br />
this kind of attacks does not offer anything to the attacker, it must still be taken<br />
seriously—one cannot leave out the possibility of people deliberately trying to<br />
disrupt the system for fun.<br />
2.3 Analysis of the security<br />
As written in 1.3 Rejsekortet has three lines of defense. The first one is the<br />
use of Mifare Classic itself; the user is not supposed to be reading or writing<br />
to his/her card at all! However, as described in 1.3.1.1 some attacks on Mifare<br />
makes it possible to do just that, making the Rejsekort security depend solely<br />
on the DES-MAC and database sanity checks.<br />
This section will describe some remarks—both positive and negative—to the<br />
security system described in the available documents.