An Embedded System for Practical Security Analysis of Contactless Smartcards

Kasper, Timo; Carluccio, Dario; Paar, Christof

doi:10.1007/978-3-540-72354-7_13

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4462))

Included in the following conference series:

IFIP International Workshop on Information Security Theory and Practices

1775 Accesses
14 Citations
3 Altmetric

Abstract

ISO 14443 compliant smartcards are widely-used in privacy and security sensitive applications. Due to the contactless interface, they can be activated and read out from a distance. Thus, relay and other attacks are feasible, even without the owner noticing it. Tools being able to perform these attacks and carry out security analyses need to be developed. In this contribution, an implementation of a cost-effective, freely programmable ISO 14443 compliant multi function RFID reader and fake transponder is presented that can be employed for several promising purposes.

Download to read the full chapter text

Chapter PDF

Off-the-Shelf Security Testing Platform for Contactless Systems

A secure IoT-based micro-payment protocol for wearable devices

Article 17 January 2022

RFID and Contactless Technology

Keywords

References

Atmel. ATMega32 data sheet. http://www.atmel.com/dyn/resources/prod_documents/doc2503.pdf
Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, p. 513. Springer, Heidelberg (1997)
Chapter Google Scholar
BSI - German Ministry of Security. ePass - Der Reisepass mit biometrischen Merkmalen, http://www.bsi.de/fachthem/epass/
Carluccio, D.: Electromagnetic Side Channel Analysis for Embedded Crypto Devices. Master’s thesis, Chair for Communication Security at the Ruhr University Bochum, Diploma thesis (2005)
Google Scholar
Carluccio, D., Lemke, K., Paar, C.: Electromagnetic side channel analysis of a contactless smart card: first results. In: ECRYPT Workshop on RFID and Lightweight Crypto, Graz, Austria, July 2005, pp. 44–51 (2005), http://www.iaik.tu-graz.ac.at/research/krypto/events/RFID-SlidesandProceedings/Proceedings-WSonRFIDandLWCrypto.zip
EM Microelectronic. EM4094 fact sheet. http://www.emmicroelectronics.com/webfiles/product/rfid/ds/EM4094_fs.pdf
Fairchild Semiconductors. Application note 313: DC electrical characteristics of MM74HC high speed logic, http://www.fairchildsemi.com/an/AN/AN-313.pdf
Finke, T., Kelter, H.: Radio Frequency Identification – Abhörmöglichkeiten der Kommunikation zwischen Lesegerät und Transponder am Beispiel eines ISO14443-Systems. BSI - German Ministry of Security. http://www.bsi.de/fachthem/rfid/Abh_RFID.pdf
Finkenzeller, K.: RFID Handbook: Fundamentals and Applications in Contactless Smart Cards and Identification, 2nd edn. John Wiley and Sons, Chichester (2003)
Book Google Scholar
FTDI. FT245 USB chip data sheet. http://www.ftdichip.com/Documents/DataSheets/DS_FT245R_v105.pdf
Hancke, G.: A practical relay attack on ISO 14443 proximity cards (2005), http://www.cl.cam.ac.uk/~gh275/relay.pdf
Hancke, G.P., Kuhn, M.G.: An RFID distance bounding protocol. In: Proceedings of IEEE/Create-Net SecureComm 2005, pp. 67–73. IEEE Computer Society Press, Los Alamitos (2005)
Google Scholar
International Rectifier. Data sheet for IRFD110 N-channel MOSFET. http://www.irf.com/product-info/datasheets/data/irfd110.pdf
ISO/IEC 14443. Identification cards - Contactless integrated circuit(s) cards - Proximity cards - part 1-4 (2001), www.iso.ch
Juels, A., Molnar, D., Wagner, D.: Security and privacy issues in e-passports. In: Security and Privacy for Emerging Areas in Communications Networks, SecureComm 2005, September 2005, pp. 74–88. IEEE Computer Society Press, Los Alamitos (2005)
Google Scholar
Kfir, Z., Wool, A.: Picking virtual pockets using relay attacks on contactless smartcard systems. Cryptology ePrint Archive, Report 2005/052 (2005), http://eprint.iacr.org
Kirschenbaum, I., Wool, A.: How to build a low-cost, extended-range RFID skimmer. Cryptology ePrint Archive, Report 2006/054 (2006), http://eprint.iacr.org/
Kumar, S., et al.: How to break DES for 8,980. In: International Workshop on Special-Purpose Hardware for Attacking Cryptographic Systems — SHARCS’06, Cologne, Germany (April 2006)
Google Scholar
Lohmann, T., Schneider, M., Ruland, C.: Analysis of power constraints for cryptographic algorithms in mid-cost RFID tags. In: Domingo-Ferrer, J., Posegga, J., Schreckling, D. (eds.) CARDIS 2006. LNCS, vol. 3928, pp. 278–288. Springer, Heidelberg (2006)
Chapter Google Scholar
Melexis. Application note: A power booster for the MLX90121. http://www.melexis.com/prodfiles/0003881_AN90121_4_1.pdf
National Semiconductor. Datasheet for LM311 voltage comparator. http://www.national.com/pf/LM/LM311.html#Datasheet
Oren, Y., Shamir, A.: Power analysis of RFID tags. http://www.wisdom.weizmann.ac.il/~yossio/rfid/
Philips. Data sheet for 4 bit binary ripple counter 74393. http://www.semiconductors.philips.com/pip/74HC393D#datasheet
Philips. Data sheet for 7408 AND gate. http://www.semiconductors.philips.com/pip/74HC08N
Philips. Data sheet for D type flip-flop 7474. http://www.semiconductors.philips.com/pip/74F74.html#datasheet
Philips. Data sheet for monostable multivibrator 74HC/HCT123. http://www.semiconductors.philips.com/pip/74HCT123D#datasheet
Philips. Data sheet for MIFARE Ultralight Contactless Single-trip Ticket IC (2003) http://www.semiconductors.philips.com
Philips. Philips scores in German stadiums. On the move, p. 3 (Mar. 2006)
Google Scholar
Rieback, M.R., Crispo, B., Tanenbaum, A.S.: The evolution of RFID security. Pervasive Computing 5(1) (2006)
Google Scholar
Texas Instruments. HF Antenna Cookbook Technical Application Report (2004), http://www.ti.com/rfid/docs/manuals/appNotes/HFAntennaCookbook.pdf
Texas Intruments. Texas Instruments to deliver RFID solution for MasterCard PayPass. http://www.ti.com/rfid/docs/news/news_releases/2005/rel01-17-05a.shtml
Tietze, U., Schenk, C.: Halbleiter-Schaltungstechnik, 11th edn. Springer, Heidelberg (2001)
MATH Google Scholar

Download references

Author information

Authors and Affiliations

Communication Security Group, Ruhr-University Bochum, Germany
Timo Kasper, Dario Carluccio & Christof Paar

Authors

Timo Kasper
View author publications
You can also search for this author in PubMed Google Scholar
Dario Carluccio
View author publications
You can also search for this author in PubMed Google Scholar
Christof Paar
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Damien Sauveron Konstantinos Markantonakis Angelos Bilas Jean-Jacques Quisquater

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Kasper, T., Carluccio, D., Paar, C. (2007). An Embedded System for Practical Security Analysis of Contactless Smartcards. In: Sauveron, D., Markantonakis, K., Bilas, A., Quisquater, JJ. (eds) Information Security Theory and Practices. Smart Cards, Mobile and Ubiquitous Computing Systems. WISTP 2007. Lecture Notes in Computer Science, vol 4462. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-72354-7_13

Download citation

DOI: https://doi.org/10.1007/978-3-540-72354-7_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-72353-0
Online ISBN: 978-3-540-72354-7
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics