September/October 2011



Another one bites the dust (Mifare DESFire)!

Another one bites the dust (Mifare DESFire)!

I'm not sure it's a big surprise but this month David Oswald and Christof Paar from the Horst Gortz Institute for IT Security in Bochum Germany have given a paper at the CHES (Cryptographic Hardware and Embedded Systems) conference in Japan on how to break the Mifare DESFire MF31CD40 contactless memory chip.

So back to basics, do we need to panic, is it important and will there be further repercussions? Really it's no to all these questions but don't go away yet because that would belittle the quality of their work.

They used Side Channel Analysis (SCA) by using an electromagnetic probe to contactlessly measure the power signal taken by the chip. Using these techniques they were able to recover the 2 DES keys (56 bits each) from the chip under test.

After fairly extensive test set up work over several months they were able to show that they could recover the keys in a matter of a few hours using Correlation Power Attacks (CPA) with equipment costing about $3000.

The main work overhead was collecting the necessary 250,000 traces for analysis.

The details of their analysis is freely available on the net as 'Breaking Mifare DESFire MF31CD40: Power Analysis and Templates in the Real World'.

The authors took a reasonable approach in warning NXP back in April that they were going to release their findings at the CHES conference. Perhaps even more impressive and I have criticised NXP in the past for the way they have handled such problems is the letter they put out to their customers at the time of the CHES conference. It was really quite matter of fact, no cover up and a reasonable statement of what NXP are doing about it and what the practical consequences are likely to be. The short answer is that they will discontinue the MF31CD40 chip at the end of this year migrating customers onto the Mifare DESFire EV1 which they introduced in 2008 as we reported at the time of the initial attacks on the Mifare Classic in volume 17, Number 1, January 2008 of smartcard news.

So now we get down to the discrepancy between the German researchers and NXP. The researchers claim that their attack poses a severe threat to many real world applications that employ the broken chip. NXP by comparison play this down, pointing out that it is unlikely that the technical community is suddenly going to spend their time breaking commercial systems for which the main application is mass transit cards.

But more important as they point out is that in most cases the system providers will have other security features in their system and will not be just dependant on the chip. It doesn't really need to be said but they also assume that the system providers will not be using global keys, i.e. the same key in every card.

There is also a little note in the NXP letter that they are not aware of banking data being held on the DESFire cards. Perhaps not but I would comment that if these cards are used for stored value then there is possibly a bigger concern.

To support their case Oswald and Paar cite the Czech railway in-karta, the Australian myki card and the Clippercard in San Francisco.

We understand that Victoria's Transport Ticketing Authority (TTA) has started a migration plan to upgrade more than 1.1 million myki transport smartcards for the state's trains, trams and buses which were originally issued in 2009 and worth $8.1 million to Mifare DESFire EV1 version of the technology, which should be resistant to such side channel attacks.

The researchers in their paper also quote that during their research they came across a number of mobile payments based on this Mifare DESFire chip, I think I would be surprised to find a payment system of any significance based on this chip which is after all just a memory chip and that's not the way you do payments.

By Dr. David Everett, Smartcard & Identity News





Whitepapers

21/03/2019 Headlines

France Fines Google $57 Million for European Privacy Rule Breach

Google lacked transparency and clarity in the way it informs users about its handling of personal data and failed to properly obtain their consent for personali.....Read More

New Payment Services Laws Passed in Singapore

New payment services laws have been passed by Singapore's parliament in a move that will streamline existing laws while bringing many new fintech providers into.....Read More

Twitter Warns that Private Tweets were Public for Years

Private tweets sent by users of Twitter's Android app could have been exposed publicly for years.

Twitter said it had discovered a security flaw which me.....Read More

Exchange Loses Big over Airdrop Miscue

Computer glitches are never fun, but when they result in the loss of money, they can be completely debilitating. Coinnest, a cryptocurrency exchange out of Sout.....Read More

Name and Shame Firms with Poor Cyber Security, Government Told

The government should name and shame companies whose cyber security measures fail to protect consumers' data and firms should implement Active Cyber Defence, an.....Read More

Sirin Labs Opens First Blockchain Smartphone Store in London

Sirin Labs has opened the first blockchain smartphone store located in London. The intention is to attract crypto enthusiasts passionate for blockchain and dece.....Read More


Video Interviews

Tim Jones talks on the wealth of networks

Christophe Dolique of Gemplus talks about ·SIM

Dominique Brule of Philips Semiconductors talks about Near Field Communication