Security flaws with the MIFARE card
Chia, Song Hao
Date of Issue2016
School of Computer Engineering
The use of smart cards is increasingly common in Singapore as it is embarking towards its vision of becoming a smart nation. Among the various types of smart card technologies being used, one of them is the MIFARE Classic card. Its communication is based on ISO-14443 Type A standard, and the authentication and encryption protocols are proprietary. However these protocols have been cracked by academic researchers and there are also attacks which have been made public to recover the secret keys required to read and write the data on these cards. In this project, analysis on their attack methods and it was implemented on the MIFARE Classic chip. The attack allows us to recover all secret keys within minutes and with just commercial off-the-shelf hardware. There are 2 case studies in this project where the attack was carried out on real life application of the MIFARE Classic in Nanyang Technological University (NTU). The first is the staff and student matriculation card. This card is being used as part of the access control system in NTU and successful attacks will allow one to be able to bypass this system by replicating the data of any valid NTU personnel. The second type of card is the pre-paid card used by the hostels in NTU to charge residents for their usage of the air conditioning. The internal data structures of both cards are analyzed and the exact bytes of data that represent the important information are found. The results show that the data can also be manipulated to cheat the systems that they have been implemented in. Possible solutions to this security issue were also discussed.
Final Year Project (FYP)
Nanyang Technological University