bachelor
bachelor
bachelor
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
2.3 Analysis of the security 21<br />
2.3.4 Database sanity checks<br />
Other than the different IDs the system gathers, it is difficult to say what is<br />
being sent to the back-office. It is, however, certain that rollback attacks are<br />
detectable, by looking at page 52 in [6].<br />
Sanity checks account for most of the security of Rejsekortet; if the MAC proves<br />
to be secure, then there will still be rollback attacks, and if the MAC is broken<br />
there will just be more to crosscheck. Threat assessments on a case-to-case basis<br />
will be introduced in the next chapter.<br />
2.3.5 Anonymous travel cards<br />
The introduction of completely anonymous travel cards may prove to be somewhat<br />
risky on the maintainers of the system. This means there is little to no risk<br />
in cheating with those. They will likely be disabled after next database sanity<br />
check, but then the attacker can just buy a new card and continue cheating.<br />
2.3.6 Vandalism<br />
Vandalism is largely ignored in Rejsekortet. It is possible to gain write access<br />
to cards in their touchless nature, and this makes them easy to corrupt or wipe,<br />
if the attacker knows the Mifare keys for the cards.<br />
However, with NFC cards like Mifare, the distance between card and reader has<br />
to be very short, under 10 cm. This makes it virtually impossible to “pickpocket”<br />
or in other ways read or write a card without being noticed. It will still be<br />
possible to set up “rogue terminals” on stations and such, to get people to<br />
unknowingly let their cards corrupt.<br />
Because of the proximity needed to write to the cards, the vandalism attacks described<br />
in the next chapter can be considered speculative and not really suitable<br />
for any real-world scenario. As such the system can be considered more or less<br />
resistant to vandalism; the “walking through the train and wiping everything”<br />
example is impossible, not because of a precaution taken by RKF, but because<br />
of physical constraints. Israeli researchers have tried to extend the range of Mifare<br />
reading; they successfully read/wrote a Mifare card at a 25 cm distance 2 .<br />
However, 25 centimeters is still not enough to carry out most vandalism attacks.<br />
2 http://www.eng.tau.ac.il/~yash/kw-usenix06/index.html