On the (in)security of widely-used contactless smart cards
Flavio Garcia, School of Computer Science, University of Birmingham
Date and time: Thursday 25th April 2013 at 11:00
Location: 245, School of Computer Science
Over the last few years much attention has been paid to the (in)security of the cryptographic mechanisms used in contactless smart cards. Experience has shown that the secrecy of proprietary ciphers does not contribute to their cryptographic strength. Most notably the Mifare Classic, which has widespread application in public transport ticketing and access control systems, has been thoroughly broken in the last few years. Other prominent examples include KeeLoq and Hitag2 used in car keys and CryptoRF used in access control and payment systems.
This talk briefly summarizes our own contribution to this field. We will briefly show some of the weaknesses we found in the Mifare classic. Then we will show that the security of its higher-end competitors like Atmel's CryptoRF and HID's iClass--which were proposed as a secure successor of the Mifare Classic--is not (significantly) higher.