bachelor

Recommendations

Info

20 Security analysis and threat model 2.3.1 Card integrity One thing to note is that security is not only about keeping hackers from cheating, it is also about keeping the card in a consistent state. Securing against cards getting corrupt is done very effectively; as was required all transactions are indivisible, and in case of disturbances in the terminal/carddialogue. As was learned in the previous chapter, if the connection is lost at any point, subsequent transactions will always be able to (re)establish a working state of the card. 2.3.2 Mifare keys As stated in the first chapter it is difficult to defend against attacks on Mifare with attacks in the public domain that are capable of dumping a card in minutes. However, RKF has done what it could securing the Mifare card by not using standard keys for any of the sectors. This was determined by experiment using the mfoc 1 program, testing all sectors on the card with the default Mifare keys. See section A.1 for the complete output of the experiment. 2.3.3 MAC Securing the data by means of a MAC is obviously a good idea if the maintainers of the system want to keep control over what is written to the card. One could ask why RKF chose to implement MACs instead of just encrypting the contents, or using cryptographic signing. The answer to the former might be that it would be convenient to be able to read the contents without having to decrypt it. Digital signatures are likely not implemented because they need to be stored in full to be checkable, which is not the case with MACs. Reducing the length of the MAC just means it is more likely to collide. In any case, using DES as a security mechanism in 2010 is a bad idea. However, since the documents used date back to 2002 it is not completely sure that DES- MAC is still the MAC cipher used. Using a reader it was possible to establish that either the bit ordering on the cards has changed, or the system implements a new MAC-algorithm, which can only be considered a welcome improvement. See section 4.1.1 for more information on this update. 1 http://www.proxmark.org/forum/topic/381/mifare-classic-offline-cracker/
2.3 Analysis of the security 21 2.3.4 Database sanity checks Other than the different IDs the system gathers, it is difficult to say what is being sent to the back-office. It is, however, certain that rollback attacks are detectable, by looking at page 52 in [6]. Sanity checks account for most of the security of Rejsekortet; if the MAC proves to be secure, then there will still be rollback attacks, and if the MAC is broken there will just be more to crosscheck. Threat assessments on a case-to-case basis will be introduced in the next chapter. 2.3.5 Anonymous travel cards The introduction of completely anonymous travel cards may prove to be somewhat risky on the maintainers of the system. This means there is little to no risk in cheating with those. They will likely be disabled after next database sanity check, but then the attacker can just buy a new card and continue cheating. 2.3.6 Vandalism Vandalism is largely ignored in Rejsekortet. It is possible to gain write access to cards in their touchless nature, and this makes them easy to corrupt or wipe, if the attacker knows the Mifare keys for the cards. However, with NFC cards like Mifare, the distance between card and reader has to be very short, under 10 cm. This makes it virtually impossible to “pickpocket” or in other ways read or write a card without being noticed. It will still be possible to set up “rogue terminals” on stations and such, to get people to unknowingly let their cards corrupt. Because of the proximity needed to write to the cards, the vandalism attacks described in the next chapter can be considered speculative and not really suitable for any real-world scenario. As such the system can be considered more or less resistant to vandalism; the “walking through the train and wiping everything” example is impossible, not because of a precaution taken by RKF, but because of physical constraints. Israeli researchers have tried to extend the range of Mifare reading; they successfully read/wrote a Mifare card at a 25 cm distance 2 . However, 25 centimeters is still not enough to carry out most vandalism attacks. 2 http://www.eng.tau.ac.il/~yash/kw-usenix06/index.html
Page 1 and 2: Cryptanalysis of Rejsekortet Jens C
Page 3: 3 Abstract. This bachelor thesis an
Page 7: Resumé Denne bachelorafhandling er
Page 10 and 11: vi Glossary Rejsekort(et) Danish fo
Page 12 and 13: viii
Page 14 and 15: x CONTENTS 4.3 Other improvements .
Page 16 and 17: 2 On Rejsekortet Disclaimer: This r
Page 18 and 19: 4 On Rejsekortet are even capable o
Page 20 and 21: 6 On Rejsekortet 1.2.3 Mifare Mifar
Page 22 and 23: 8 On Rejsekortet 1. Reader sends a
Page 24 and 25: 10 On Rejsekortet Time of transacti
Page 26 and 27: 12 On Rejsekortet Figure 1.3: The C
Page 28 and 29: 14 On Rejsekortet 1.3.2.1 CBC-MAC C
Page 30 and 31: 16 On Rejsekortet
Page 32 and 33: 18 Security analysis and threat mod
Page 36 and 37: 22 Security analysis and threat mod
Page 38 and 39: 24 Attacks on Rejsekortet 3.1 Rollb
Page 40 and 41: 26 Attacks on Rejsekortet 3.2 Attac
Page 42 and 43: 28 Attacks on Rejsekortet and cumbe
Page 44 and 45: 30 Attacks on Rejsekortet hash valu
Page 46 and 47: 32 Attacks on Rejsekortet 3.2.4 Int
Page 48 and 49: 34 Attacks on Rejsekortet 3.2.5 App
Page 50 and 51: 36 Attacks on Rejsekortet 3.2.6.2 T
Page 52 and 53: 38 Attacks on Rejsekortet Language
Page 54 and 55: 40 Attacks on Rejsekortet It is not
Page 56 and 57: 42 Attacks on Rejsekortet specifica
Page 58 and 59: 44 Attacks on Rejsekortet might pro
Page 60 and 61: 46 Attacks on Rejsekortet that the
Page 62 and 63: 48 Attacks on Rejsekortet
Page 64 and 65: 50 Improvements 4.1.1 New MAC algor
Page 66 and 67: 52 Improvements functions tend to b
Page 68 and 69: 54 Improvements
Page 70 and 71: 56 Conclusion of the pre-computatio
Page 72 and 73: 58 Related research Sector 04 - UNK
Page 74 and 75: 60 Mail correspondence enquire abou
Page 76 and 77: 62 Mail correspondence * Kodningspr
Page 78 and 79: 64 Mail correspondence Som ingeniø
Page 80: 66 BIBLIOGRAPHY [9] Philippe Oechsl

bachelor

Create successful ePaper yourself

Delete template?

Save as template?