Start protocol and implementation weakness section

1 files changed, 5 insertions, 0 deletions

diff --git a/paper/easycard.tex b/paper/easycard.tex
index cccb877..0c965d4 100644
--- a/paper/easycard.tex
+++ b/paper/easycard.tex
@@ -81,6 +81,11 @@ FIXME: Summarize the existing research on mifare classic systems
 

 MIFARE Classic security came under increased scrutiny following a talk at the 24$^{\textnormal{th}}$ Chaos Communication Congress in December 2007 which described some of the first results of silicon reverse engineering research on the MIFARE Classic 1k chip. For reasons of responsible disclosure not all details were initially published. These details these were then independently, and partially orthogonally, explored by a group of Dutch security researchers out of Radboud University Nijmegen, fueled by the rollout of a new Dutch public transport payment system based on MIFARE Classic, the OV Chipkaart.

 

+This section describes all known weaknesses and attacks on the MIFARE Classic system, in approximate historical order and ascending severity.

+

+\subsubsection{Protocol and implementation errors}

+One of the first results was that the random number generators (RNG) that are implemented in both card and reader are time-based and easy to predict. Both RNGs start up when the corresponding device is first powered up -- in the case of the reader that's a reset, in the case of the card that's when the card enters a sufficiently strong field -- and then create a fixed number sequence with a fixed clock.

+

 % Protocol- and implementation errors: RNG, keystream recovery, re-auth

 % Theoretical results: filter function bias, algebraic attack

 % Practical results and demo