Brute Force Cryptanalysis of MIFARE Classic Cards on GPU

Cihangir Tezcan

2017

Abstract

MIFARE Classic is the most widely deployed contactless smartcard on the market. However, many active and passive attacks are provided after its proprietary stream cipher CRYPTO1 was reverse engineered. The short 48-bit key of the CRYPTO1 cipher, leaked parity bits and the encrypted error code that is sent after a failed authentication (which is corrected in the hardened new cards) allow the adversary to perform offline brute force attack and avoid detection. Such an attack requires wireless interaction with a card for less than a second and then a brute force attack which was shown to take around 9 days on a single GTX280 GPU.We optimized this brute force attack on modern GPUs by using bitsliced implementation technique and observed that a brute force attack on a GTX970 GPU can be performed in less than 5 hours. Although this attack is not applicable to hardened MIFARE Classic cards, a similar attack using the short key length and the leaked parity bits can be performed when a single key is known, possibly using the default keys for unused sectors. Such an attack requires wireless interaction with a card for less than a second and then a brute force attack which was shown to take approximately one month on a single GTX460 GPU. Our bitsliced implementation of this attack takes less than 7 hours on a GTX970 GPU.

References

  1. Biham, E. (1997). A fast new DES implementation in software. In Biham, E., editor, Fast Software Encryption, 4th International Workshop, FSE 7897, Haifa, Israel, January 20-22, 1997, Proceedings, volume 1267 of Lecture Notes in Computer Science, pages 260-272. Springer.
  2. Chih, M.-Y., Shih, J.-R., Yang, B.-Y., Ding, J., and Cheng, C.-M. (2010). MIFARE Classic: Practical attacks and defenses. In Proceedings of the 19th Cryptology and Information Security Conference (CISC 2010), Hsinchu, Taiwan.
  3. Chiu, Y., Hong, W., Chou, L., Ding, J., Yang, B., and Cheng, C. (2013). A practical attack on patched MIFARE classic. In Lin, D., Xu, S., and Yung, M., editors, Information Security and Cryptology - 9th International Conference, Inscrypt 2013, Guangzhou, China, November 27-30, 2013, Revised Selected Papers, volume 8567 of Lecture Notes in Computer Science, pages 150-164. Springer.
  4. Courtois, N. (2009). The dark side of security by obscurity - and cloning mifare classic rail and building passes, anywhere, anytime. In Fernández-Medina, E., Malek, M., and Hernando, J., editors, SECRYPT 2009, Proceedings of the International Conference on Security and Cryptography, Milan, Italy, July 7-10, 2009, SECRYPT is part of ICETE - The International Joint Conference on e-Business and Telecommunications, pages 331-338. INSTICC Press.
  5. de Koning Gans, G., Hoepman, J., and Garcia, F. D. (2008). A practical attack on the MIFARE classic. In Grimaud, G. and Standaert, F., editors, Smart Card Research and Advanced Applications, 8th IFIP WG 8.8/11.2 International Conference, CARDIS 2008, London, UK, September 8-11, 2008. Proceedings, volume 5189 of Lecture Notes in Computer Science, pages 267-282. Springer.
  6. Garcia, F. D., de Koning Gans, G., Muijrers, R., van Rossum, P., Verdult, R., Schreur, R. W., and Jacobs, B. (2008). Dismantling MIFARE classic. In Jajodia, S. and López, J., editors, Computer Security - ESORICS 2008, 13th European Symposium on Research in Computer Security, Málaga, Spain, October 6-8, 2008. Proceedings, volume 5283 of Lecture Notes in Computer Science, pages 97-114. Springer.
  7. Garcia, F. D., van Rossum, P., Verdult, R., and Schreur, R. W. (2009). Wirelessly pickpocketing a mifare classic card. In 30th IEEE Symposium on Security and Privacy (S&P 2009), 17-20 May 2009, Oakland, California, USA, pages 3-15. IEEE Computer Society.
  8. Meijer, C. and Verdult, R. (2015). Ciphertext-only cryptanalysis on hardened mifare classic cards. In Ray, I., Li, N., and Kruegel, C., editors, Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, October 12-6, 2015, pages 18-30. ACM.
  9. Nohl, K., Evans, D., Starbug, and Plötz, H. (2008). Reverseengineering a cryptographic RFID tag. In van Oorschot, P. C., editor, Proceedings of the 17th USENIX Security Symposium, July 28-August 1, 2008, San Jose, CA, USA, pages 185-194. USENIX Association.
Download


Paper Citation


in Harvard Style

Tezcan C. (2017). Brute Force Cryptanalysis of MIFARE Classic Cards on GPU . In Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-209-7, pages 524-528. DOI: 10.5220/0006262705240528


in Bibtex Style

@conference{icissp17,
author={Cihangir Tezcan},
title={Brute Force Cryptanalysis of MIFARE Classic Cards on GPU},
booktitle={Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2017},
pages={524-528},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006262705240528},
isbn={978-989-758-209-7},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Brute Force Cryptanalysis of MIFARE Classic Cards on GPU
SN - 978-989-758-209-7
AU - Tezcan C.
PY - 2017
SP - 524
EP - 528
DO - 10.5220/0006262705240528