The dark side of security by obscurity: And cloning MiFare classic rail and building passes, anywhere, anytime

SECRYPT 2009 - International Conference on Security and Cryptography, Proceedings

Volumn , Issue , 2009, Pages 331-338

  Courtois, Nicolas T ^a  

^a UNIVERSITY COLLEGE LONDON   (United Kingdom)

Author keywords

Access control; Contactless smart cards; Covert channels; Crime science; Critical application development management; Electronic subversion; Implementation backdoors; Industrial secrets; Information assurance; London oyster card; MiFare classic; OV chipkaart; Reverse engineering; RFID; Secure hardware devices

Indexed keywords

BACKDOORS; CONTACTLESS SMART CARD; COVERT CHANNELS; CRITICAL APPLICATIONS; ELECTRONIC SUBVERSION; HARDWARE DEVICES; INDUSTRIAL SECRETS; INFORMATION ASSURANCE;

ACCESS CONTROL; CLONING; CRIME; CRYPTOGRAPHY; NETWORK PROTOCOLS; SECURITY SYSTEMS; SMART CARDS;

NETWORK SECURITY;

EID: 74549123338     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (13)

1. de Koning Gans, G., Hoepman, J.-H., and Garcia, F. D. (2008). A Practical Attack on the MIFARE Classic. In Procedings of the 8th Smart Card Research and Advanced Applications, CARDIS 2008, LNCS.
2. Garcia, F. D., de Koning Gans, G., Muijrers, R., van Rossum, P., Verdult, R., and Wichers Schreur, R. (2008). Dismantling MIFARE Classic. In Procedings of the 13th European Symposium on Research in Computer Security, ESORICS 2008, LNCS.
3. Garcia, F. D., van Rossum, P., Verdult, R., and Wichers Schreur, R. (2009). Wirelessly Pickpocketing a Mifare Classic Card. In Accepted at Oakland IEEE Symposium on Security and Privacy.
4. Kerckhoffs, A. (1883). La cryptographie militaire, volume IX of Journal des sciences militaires.
5. Nohl, K. (2008). Contains an open-source mifare classic implementation of mifare classic for ti trf7960 evm. personal web page, www.cs.virginia.edu/ ~kn5f/.
6. Nohl, K., Evans, D., Starbug, and Plotz, H. (2008). Reverse-Engineering a Cryptographic RFID Tag. In 17th USENIX Security Symposium, pages 185-194, San Jose, CA, USA. USENIX.
7. NXP-statement, P. (2008). On the court decision to allow the publication by radboud university nijmegen. www.mifare.net/news/statement-on-court-decision. asp.
8. Rankl, W. and Effing, W. (2003). Smart Card Handbook. Wiley.
9. Rescorla, E. (2004). Is finding security holes a good idea? In WEIS 2004, 3rd Workshop on the Economics of Information Security.
10. Roel (2009). Mifare classic clones. Web forum www.proxmark.org/forum/ topic/169/mifare-classic-clones/.
11. Schneier, B. (2008). The ethics of vulnerability research. A blog covering security and security technology, www.schneier.com/blog/archives/2008/ 05/the-ethics-of-v.html.
12. Schneier, B. and Shostack, A. (1999). Breaking up is hard to do: modeling security threats for smart cards. In WOST'99: Proceedings of the USENIX Workshop on Smartcard Technology, pages 19-19, Berkeley, CA, USA. USENIX Association.
13. Young, A. and Yung, M. (1996). The dark side of black box cryptography. In Advances in Cryptology - CRYPTO'96.