Algebraic Attacks on the Crypto-1 Stream Cipher in MiFare Classic and Oyster Cards

MiFare Crypto 1 is a lightweight stream cipher used in London\u27s Oyster card, Netherland\u27s OV-Chipcard, US Boston\u27s CharlieCard, and in numerous wireless access control and ticketing systems worldwide. Recently, researchers have been able to recover this algorithm by reverse engineering. We have examined MiFare from the point of view of the so called algebraic attacks . We can recover the full 48-bit key of MiFare algorithm in 200 seconds on a PC, given 1 known IV (from one single encryption). The security of this cipher is therefore close to zero. This is particularly shocking, given the fact that, according to the Dutch press, 1 billion of MiFare Classic chips are used worldwide, including in many governmental security systems

Strengthening Crypto-1 Cipher Against Algebraic Attacks

In the last few years, several studies addressed the problem of data security in Mifare Classic. One of its weaknesses is the low random number quality. This causes SAT solver attacks to have lower complexity. In order to strengthen Crypto-1 against SAT solver attacks, a modification of the feedback function with better cryptographic properties is proposed. It applies a primitive polynomial companion matrix. SAT solvers cannot directly attack the feedback shift register that uses the modified Boolean feedback function, the register has to be split into smaller groups. Experimental testing showed that the amount of memory and CPU time needed were highest when attacking the modified Crypto-1 using the modified feedback function and the original filter function. In addition, another modified Crypto-1, using the modified feedback function and a modified filter function, had the lowest percentage of revealed variables. It can be concluded that the security strength and performance of the modified Crypto-1 using the modified feedback function and the modified filter function are better than those of the original Crypto-1

Criptografía ligera en internet de las cosas para la industria

La Criptografía Ligera o Liviana (Lightweight Cryptography) es uno de los temas de actualidad de la Criptología. Una gran variedad de algoritmos “livianos” han sido diseñados para garantizar Confidencialidad, Autenticidad e Integridad de los datos en dispositivos de lo que se ha dado en llamar Internet de las Cosas (IoT por sus siglas en inglés). Algunos de ellos surgen del ámbito académico y se aplican en la Industria; otros son propietarios, desarrollados por las empresas para satisfacer sus requerimientos de seguridad. En este trabajo se presenta el estado del arte de algunos de tales algoritmos empleados en diferentes dispositivos IoT. Se describen brevemente sus características criptológicas generales y se muestran los diferentes ataques a los que fueron sometidos. Finalmente se enumeran algunas de las tendencias para el diseño e implementación de dichas primitivas.VIII Workshop Seguridad informática.Red de Universidades con Carreras en Informátic

Criptografía ligera en internet de las cosas para la industria

La Criptografía Ligera o Liviana (Lightweight Cryptography) es uno de los temas de actualidad de la Criptología. Una gran variedad de algoritmos “livianos” han sido diseñados para garantizar Confidencialidad, Autenticidad e Integridad de los datos en dispositivos de lo que se ha dado en llamar Internet de las Cosas (IoT por sus siglas en inglés). Algunos de ellos surgen del ámbito académico y se aplican en la Industria; otros son propietarios, desarrollados por las empresas para satisfacer sus requerimientos de seguridad. En este trabajo se presenta el estado del arte de algunos de tales algoritmos empleados en diferentes dispositivos IoT. Se describen brevemente sus características criptológicas generales y se muestran los diferentes ataques a los que fueron sometidos. Finalmente se enumeran algunas de las tendencias para el diseño e implementación de dichas primitivas.VIII Workshop Seguridad informática.Red de Universidades con Carreras en Informátic

Security and Privacy in RFID Applications

Concerns about privacy and security may limit the deployment of RFID technology and its benefits, therefore it is important they are identified and adequately addressed. System developers and other market actors are aware of the threats and are developing a number of counter measures. RFID systems can never be absolutely secure but effort needs to be made to ensure a proper balance between the risks and the costs of counter measures. The approach taken to privacy and security should depend on the application area and the context of a specific application. In this chapter, we selected and discussed four application areas, but there are many others where privacy and security issues are relevant.JRC.J.4-Information Societ

Smart homes under siege: Assessing the robustness of physical security against wireless network attacks

© 2024 The Authors. Published by Elsevier Ltd. This is an open access article distributed under the terms of the Creative Commons Attribution License (CC BY), https://creativecommons.org/licenses/by/4.0/Nowadays domestic smart security devices, such as smart locks, smart doorbells, and security cameras, are becoming increasingly popular with users, due to their ease of use, convenience, and declining prices. Unlike conventional non-smart security devices, such as alarms and locks, performance standards for smart security devices, such as the British TS 621, are not easily understandable by end users due to the technical language employed. Users also have very few sources of unbiased information regarding product performance in real world conditions and protection against attacks from cyber attacker-burglars and, as a result, tend to take manufacturer claims at face value. This means that, as this work proves, users may be exposed to threats, such as theft, impersonation (should an attacker steal their credentials), and even physical injury, if the device fails and is used to prevent access to hazardous environments. As such, this paper deploys several attacks using popular wireless attack vectors (i.e., 433MHz radio, Bluetooth, and RFID) against domestic smart security devices to assess the protection offered against a cyber attacker-burglar. Our results suggest that users are open to considerable cyber physical attacks, irrespective if they use lesser known (i.e., no name) or branded smart security devices, due to the poor security offered by these devices.Peer reviewe

Security of Contactless Smart Card Protocols

Tato práce analyzuje hrozby pro protokoly využívající bezkontaktní čipové karty a představuje metodu pro poloautomatické hledání zranitelností v takových protokolech pomocí model checkingu. Návrh a implementace bezpečných aplikací jsou obtížné úkoly, i když je použit bezpečný hardware. Specifikace na vysoké úrovni abstrakce může vést k různým implementacím. Je důležité používat čipovou kartu správně, nevhodná implementace protokolu může přinést zranitelnosti, i když je protokol sám o sobě bezpečný. Cílem této práce je poskytnout metodu, která může být využita vývojáři protokolů k vytvoření modelu libovolné čipové karty, se zaměřením na bezkontaktní čipové karty, k vytvoření modelu protokolu a k použití model checkingu pro nalezení útoků v tomto modelu. Útok může být následně proveden a pokud není úspěšný, model je upraven pro další běh model checkingu. Pro formální verifikaci byla použita platforma AVANTSSAR, modely jsou psány v jazyce ASLan++. Jsou poskytnuty příklady pro demonstraci použitelnosti navrhované metody. Tato metoda byla použita k nalezení slabiny bezkontaktní čipové karty Mifare DESFire. Tato práce se dále zabývá hrozbami, které není možné pokrýt navrhovanou metodou, jako jsou útoky relay. This thesis analyses contactless smart card protocol threats and presents a method of semi-automated vulnerability finding in such protocols using model checking. Designing and implementing secure applications is difficult even when secure hardware is used. High level application specifications may lead to different implementations. It is important to use the smart card correctly, inappropriate protocol implementation may introduce a vulnerability, even if the protocol is secure by itself. The goal of this thesis is to provide a method that can be used by protocol developers to create a model of arbitrary smart card, with focus on contactless smart cards, to create a model of the protocol, and to use model checking to find attacks in this model. The attack can be then executed and if not successful, the model is refined for another model checker run. The AVANTSSAR platform was used for the formal verification, models are written in the ASLan++ language. Examples are provided to demonstrate usability of the proposed method. This method was used to find a weakness of Mifare DESFire contactless smart card. This thesis also deals with threats not possible to cover by the proposed method, such as relay attacks.

Healthy food intake advisor using decision support system

: The difficulties to decide the food to eat and do not have enough knowledge that what foods should be avoided when pregnant or when facing some health problem. Healthy Food Advisor is an Android based application which acts as a healthy controller to all of the users. The purpose of developing this application is to suggest healthy food to users based on their personal condition in order to make them have a healthy lifestyle. Users are required to record all of the details such as age, height and weight, so the application and calculate the Body Mass Index (BMI) value and ca loric needs to user. Application will recommended the most suitable food lists to users according to their personal condition. Through this application, users no longer need to spend more time to think on a meal and busy to search from online that the nutrition information of food. The methodology used to develop this Android based application is Object-oriented Software Development (OOSD) model. Software technology used to develop this application is Ionic Framework where this technology uses web technology language to develop mobile hybrid application. Database used for this system is Firebase while programming language used to develop this application is AngularJS, HTML, TypeScript and SCSS. Hereby, this application is able to provide a simple and portable solution to help people decide the food and increase the knowledge of the public

Lightweight cryptography on ultra-constrained RFID devices

Devices of extremely small computational power like RFID tags are used in practice to a rapidly growing extent, a trend commonly referred to as ubiquitous computing. Despite their severely constrained resources, the security burden which these devices have to carry is often enormous, as their fields of application range from everyday access control to human-implantable chips providing sensitive medical information about a person. Unfortunately, established cryptographic primitives such as AES are way to 'heavy' (e.g., in terms of circuit size or power consumption) to be used in corresponding RFID systems, calling for new solutions and thus initiating the research area of lightweight cryptography. In this thesis, we focus on the currently most restricted form of such devices and will refer to them as ultra-constrained RFIDs. To fill this notion with life and in order to create a profound basis for our subsequent cryptographic development, we start this work by providing a comprehensive summary of conditions that should be met by lightweight cryptographic schemes targeting ultra-constrained RFID devices. Building on these insights, we then turn towards the two main topics of this thesis: lightweight authentication and lightweight stream ciphers. To this end, we first provide a general introduction to the broad field of authentication and study existing (allegedly) lightweight approaches. Drawing on this, with the (n,k,L)^-protocol, we suggest our own lightweight authentication scheme and, on the basis of corresponding hardware implementations for FPGAs and ASICs, demonstrate its suitability for ultra-constrained RFIDs. Subsequently, we leave the path of searching for dedicated authentication protocols and turn towards stream cipher design, where we first revisit some prominent classical examples and, in particular, analyze their state initialization algorithms. Following this, we investigate the rather young area of small-state stream ciphers, which try to overcome the limit imposed by time-memory-data tradeoff (TMD-TO) attacks on the security of classical stream ciphers. Here, we present some new attacks, but also corresponding design ideas how to counter these. Paving the way for our own small-state stream cipher, we then propose and analyze the LIZARD-construction, which combines the explicit use of packet mode with a new type of state initialization algorithm. For corresponding keystream generator-based designs of inner state length n, we prove a tight (2n/3)-bound on the security against TMD-TO key recovery attacks. Building on these theoretical results, we finally present LIZARD, our new lightweight stream cipher for ultra-constrained RFIDs. Its hardware efficiency and security result from combining a Grain-like design with the LIZARD-construction. Most notably, besides lower area requirements, the estimated power consumption of LIZARD is also about 16 percent below that of Grain v1, making it particularly suitable for passive RFID tags, which obtain their energy exclusively through an electromagnetic field radiated by the reading device. The thesis is concluded by an extensive 'Future Research Directions' chapter, introducing various new ideas and thus showing that the search for lightweight cryptographic solutions is far from being completed

Rfid okuyucunun geliştirilmesi

06.03.2018 tarihli ve 30352 sayılı Resmi Gazetede yayımlanan “Yükseköğretim Kanunu İle Bazı Kanun Ve Kanun Hükmünde Kararnamelerde Değişiklik Yapılması Hakkında Kanun” ile 18.06.2018 tarihli “Lisansüstü Tezlerin Elektronik Ortamda Toplanması, Düzenlenmesi ve Erişime Açılmasına İlişkin Yönerge” gereğince tam metin erişime açılmıştır.RFID sistemlerin dayandığı temel güvenlik Tag'ların şifreleme sistemidir. Ancak bugüvenlik, Tag'ların şifrelerinin kırılmasıyla artık anlamını yitirmiştir. Üretici firmalarkonusunda gösterilen katı tutumlar bu güne kadar sistemlere fazla müdahaleedilememesine neden olmuştur. Ancak, RFID sistemlerinin revaç bulması vesistemin parasal hareketler üzerine kurgulanmış olması çeşitli saldırılara maruzkalmasını kolaylaştırmıştır. Birçok haberleşme ve Tag şifreleri kırılarak, sistemlerkullanılamaz hale getirmiştir. Bu nedenle üretilen Tag'ların güvenliği arttırılırken biryandan da Tag okuyucuların güvenliği arttırılmalıdır. Standart üretim Tag'larakarşılık hemen her servis sağlayıcı sistemlerinde kendi tasarladıkları okuyucuyukullanmaktadır. Bu nedenle oluşan güvenlik açığı geliştirilen yeni nesil birokuyucuyla aşılmaya çalışılmıştır. Sakarya Üniversitesinde geliştirilen bir okuyucusayesinde veri alma, verme, azaltma, arttırma, bakiye bilgileri gibi transferlerbirbirlerinden ayrılarak farklı okuyuculara yönlendirilmiştir. Bu parçalı işlemlerkopyalama ve şifre kırma işlemlerini oldukça zorlaştırmıştır. Güvenli veri transferiiçin daha fazla şifreleme, beraberinde uzun süreli işlemleri getirmiştir. SakaryaÜniversitesinde ve Sakarya Büyükşehir Belediyesinin otobüslerinde yapılandenemelerde bu sürenin işlemler için sorun teşkil etmediği görülmüştür. Bu tez deOkuyucu ile Tag arasındaki haberleşme (authentication) bilgileri referans alınarakçeşitli kombinasyon bilgileri karşılaştırılmak suretiyle kopyalama ve korsansızmaların önüne geçilmiştir. Bunun için iki ardışık haberleşmede değişik sektörlereyazılan tarih, saat, ay ve yazılan bloklar çapraz karşılaştırılmış ve sızıntılar karalisteye alınarak engellenmiştir.RFID and contactless smart cards have become pervasive technologies nowadays.Over the last few years, more and more systems adopted this technology asreplacement for barcodes, magnetic stripe cards and paper tickets for a variety ofapplications. Contactless cards consist of a small piece of memory that can beaccessed wirelessly, but unlike RFID tags, they also have some computingcapabilities. Most of these cards implement some sort of simple symmetric-keycryptography, which makes them suitable for applications that require access control.The MIFARE Classic is the most widely used contactless smart card in the market.Its design and implementation details are kept secret by its manufacturer. Due to aweakness in the pseudo-random generator (CRYPTO1 stream cipher), it is able tocrack the Crypto-1 in as little as 0.1 seconds if the attacker can access or eavesdropthe RF communications with the (genuine) reader. MIFARE classic card can becloned in a much more practical card-only scenario, where the attacker only needs tobe in the proximity of the card for a number of minutes, therefore making usurpationof identity through pass cloning feasible at any moment and under anycircumstances.In this thesis we designed a new MIFARE reader which overcomes of all the securityvulnerability with a low cost solution. Our new MIFARE reader has been tested withsuccess in two different places in Sakarya, Turkey. One of them was used at theSakarya University Campus for different applications like cashless payment(refectory, canteen), Automatic loading and information points, card publishing,security (building access, door access). The other was tested at the public transport inSakarya