I'm not sure it's a big surprise but this month David Oswald and Christof Paar from the Horst Gortz Institute for IT Security in Bochum Germany have given a paper at the CHES (Cryptographic Hardware and Embedded Systems) conference in Japan on how to break the Mifare DESFire MF31CD40 contactless memory chip.
So back to basics, do we need to panic, is it important and will there be further repercussions? Really it's no to all these questions but don't go away yet because that would belittle the quality of their work.
They used Side Channel Analysis (SCA) by using an electromagnetic probe to contactlessly measure the power signal taken by the chip. Using these techniques they were able to recover the 2 DES keys (56 bits each) from the chip under test.
After fairly extensive test set up work over several months they were able to show that they could recover the keys in a matter of a few hours using Correlation Power Attacks (CPA) with equipment costing about $3000.
The main work overhead was collecting the necessary 250,000 traces for analysis.
The details of their analysis is freely available on the net as 'Breaking Mifare DESFire MF31CD40: Power Analysis and Templates in the Real World'.
The authors took a reasonable approach in warning NXP back in April that they were going to release their findings at the CHES conference. Perhaps even more impressive and I have criticised NXP in the past for the way they have handled such problems is the letter they put out to their customers at the time of the CHES conference. It was really quite matter of fact, no cover up and a reasonable statement of what NXP are doing about it and what the practical consequences are likely to be. The short answer is that they will discontinue the MF31CD40 chip at the end of this year migrating customers onto the Mifare DESFire EV1 which they introduced in 2008 as we reported at the time of the initial attacks on the Mifare Classic in volume 17, Number 1, January 2008 of smartcard news.
So now we get down to the discrepancy between the German researchers and NXP. The researchers claim that their attack poses a severe threat to many real world applications that employ the broken chip. NXP by comparison play this down, pointing out that it is unlikely that the technical community is suddenly going to spend their time breaking commercial systems for which the main application is mass transit cards.
But more important as they point out is that in most cases the system providers will have other security features in their system and will not be just dependant on the chip. It doesn't really need to be said but they also assume that the system providers will not be using global keys, i.e. the same key in every card.
There is also a little note in the NXP letter that they are not aware of banking data being held on the DESFire cards. Perhaps not but I would comment that if these cards are used for stored value then there is possibly a bigger concern.
To support their case Oswald and Paar cite the Czech railway in-karta, the Australian myki card and the Clippercard in San Francisco.
We understand that Victoria's Transport Ticketing Authority (TTA) has started a migration plan to upgrade more than 1.1 million myki transport smartcards for the state's trains, trams and buses which were originally issued in 2009 and worth $8.1 million to Mifare DESFire EV1 version of the technology, which should be resistant to such side channel attacks.
The researchers in their paper also quote that during their research they came across a number of mobile payments based on this Mifare DESFire chip, I think I would be surprised to find a payment system of any significance based on this chip which is after all just a memory chip and that's not the way you do payments.
By Dr. David Everett, Smartcard & Identity News