summaryrefslogtreecommitdiff
path: root/paper
diff options
context:
space:
mode:
Diffstat (limited to 'paper')
-rw-r--r--paper/easycard.tex58
1 files changed, 31 insertions, 27 deletions
diff --git a/paper/easycard.tex b/paper/easycard.tex
index 1b57627..c87b3dd 100644
--- a/paper/easycard.tex
+++ b/paper/easycard.tex
@@ -4,7 +4,7 @@
\usepackage{subfigure}
\pagestyle{plain}
-%\usepackage{url}
+\usepackage{url}
\setlength{\oddsidemargin}{0in}
\setlength{\evensidemargin}{0in}
@@ -24,7 +24,7 @@
\maketitle
\begin{abstract}
-The EasyCard system, established in 2001, is the most popular store-valued card
+The EasyCard system, established in 2001, is the most popular store-valued card % FIXME: "store-valued"? Meinten Sie: "stored-value"?
in Taiwan. With more than 18 million issued cards, it is the predominant means
of paying for public transportation services in the capital Taipei.
@@ -59,7 +59,7 @@ validate it.
This paper is also directed at the legislator and the regulatory authorities,
in the hope that it will help them to produce better rules and requirements on
-the technology designed for and usedby operators of security relevant systems
+the technology designed for and used by operators of security relevant systems
such as banking.
\section{Introducing the EasyCard}
@@ -107,12 +107,12 @@ they key of at least one different sectors.
\subsection{Recovering the MIFARE CRYPTO1 keys}
Since none of the sector keys was known, the publicly available MFCUK (MiFare
-Classic Universal toolKit) implementation of the "Dark Side" attack (Nicolas T.
+Classic Universal toolKit) implementation of the ``Dark Side'' attack (Nicolas T.
Courtois) was used as a card-only attack.
All that was required was the MFCUK Free Software, as well as a RFID
reader as supported by libnfc. Compatible readers are widely available,
-among them one for EUR 30 from http://www.touchatag.com/e-store.
+among them one for EUR 30 from \url{http://www.touchatag.com/e-store}.
Using the MFCUK key recovery tool, the A and B keys for all sectors have
been recovered within FIXME. This attack can definitely be optimized
@@ -132,6 +132,7 @@ with the nfc-mfclassic program (part of libnfc).
A full dump of the newly-purchased, unused EasyCard revealed the following
content:
+\begin{verbatim}
0000000 a193 c031 88c3 0004 ba46 1214 1051 1004
0000010 140e 0100 0207 0308 0409 1008 0000 0000
0000020 0000 0000 0000 0000 0000 0000 0000 0000
@@ -196,6 +197,7 @@ content:
00003d0 0000 0000 0000 0000 0000 0000 0000 0000
00003e0 0000 0000 0000 0000 0000 0000 0000 0000
00003f0 ea02 0bda b62a 7708 008f 0000 0000 0000
+\end{verbatim}
\subsection{Re-engineering the on-card data format}
@@ -245,7 +247,7 @@ transportation as well as stores use key A for this sector, as key A is
sufficient to read and decrement the VALUE block.
Re-charging the card must happen using authentication with key B, as only
-Key B has permissions to increment and/or write to this sector.
+key B has permissions to increment and/or write to this sector.
\subsubsection{Sector 3 through 5: The transaction log}
@@ -299,7 +301,7 @@ FIXME: Transaction log pointer
\subsubsection{Sector 7: The last MRT entry/exit record}
-Block 2 (Offset 0x1e0) contains a record dscribing the last MRT station
+Block 2 (Offset 0x1e0) contains a record describing the last MRT station
that was entered using this EasyCard.
\begin{itemize}
\item Bytes 0...3 are unknown
@@ -319,7 +321,7 @@ applicable discount in case a connection is made from MRT into a bus.
\subsubsection{Sector 15: Maximum daily spending}
-Sector 2 (Offset 0x3e0) contains a record used for keeping track of
+Block 2 (Offset 0x3e0) contains a record used for keeping track of
the amount of money spent on a single day. This is needed in order
to impose a daily spending limit of (currently) NTD 3,000.
@@ -357,13 +359,13 @@ balance.
Re-reading the card after the purchase indicates the full success of the
operation. The purchase has left exactly the same changes in the card like
it would have with a card that has a genuine lower value. None of the
-erroneosly increased (or decreased) numbers had been updated.
+erroneously increased (or decreased) numbers had been updated.
This specifically confirms that the vending terminal did not have an online
connection to a centralized database. In that case, the erroneous values
on the card would have been corrected and the original value restored.
-\subsection{Increaing the value of the card}
+\subsection{Increasing the value of the card}
The approach works similar to the previous one. First, a purchase in a store
is being made, preferrably with relatively high value. Later, the transaction
@@ -400,8 +402,8 @@ system.
The underlying Mifare Classic product was launched in 1994, and thus already
relatively old and outdated technology at that time.
-It was publicly documented by NXP that the security of the system is baesd on a
-{\em prorprietary, symmetric, 48bit cipher}. Symmetric 48-bit encryption
+It was publicly documented by NXP that the security of the system is based on a
+{\em proprietary, symmetric, 48bit cipher}. Symmetric 48-bit encryption
was definitely no longer state-of-the-art in the year 2000. At that time,
the popular web-browser Netscape Navigator (used e.g. for web-based online
banking) had already introduced support for symmetric 128bit ciphers.
@@ -413,11 +415,11 @@ design} and {\em Security by obscurity}.
In the former systems, security is achieved by using well-designed systems
that have undergone public peer review and have been subject to cryptanalysis.
-As a result, the system is secure because it has undergond the review and
+As a result, the system is secure because it has undergone the review and
scrutiny of the international community of cryptographers and security experts.
So, despite making all details of the system, particularly the cryptographic
-algorithms open, an attacker is not able to circumvent the systems security.
+algorithms open, an attacker is not able to circumvent the system's security.
A system relying on {\em Security by obscurity} is only secure because
nobody knows the details of how it works. As soon as this information
@@ -469,18 +471,18 @@ technically, cards can be re-charged without making actual payment for it.
As far as cards are only used for public transportation, the incentive
for fraudulent use is relatively small and contained. Also, the amount
-of money for each transaction is realtively small.
+of money for each transaction is relatively small.
Thus, while the author would still disagree, it might be the case that
the business risk analysis inside EasyCard Corporation would have deemed the
risk of fraud in the public transport sector as acceptable.
When such a card is used as an electronic payment system in stores where
-goods of much higher value can be purcased, the threat model is quite
+goods of much higher value can be purchased, the threat model is quite
different, though.
The 2010 introduction of the EasyCard as means of payment in retail
-stores - while still relying on known-broken, 16 year old technology -
+stores -- while still relying on known-broken, 16 year old technology --
can thus only be seen as ignorant and incompetent.
It does not help that EasyCard corporation has to provide a full refund
@@ -530,21 +532,23 @@ The author of this paper expresses his gratitude to the many people
involved in trying to uncover the weaknesses of proprietary and ultimately
insecure RFID systems worldwide.
-Milosch and Brita Meriac
+\begin{description}
+\item[Milosch and Brita Meriac]
for their great work on OpenPCD and OpenPICC
-Henryk Ploetz, Karsten Nohl, starbug
+\item[Henryk Ploetz, Karsten Nohl, starbug]
for their work on MIFARE, Crypto1 and tiresome research into all kinds of proprietary snake-oil
-Jonathan Westhues
+\item[Jonathan Westhues]
for designing and openly publishing the Proxmark
-Nethemba
+\item[Nethemba]
for the Open Source implementation of the nested key attack in MFOC
-Roel Verdult
- for his research on RFID security at Radbound University and libnfc
-Nicolas T. Courtois
+\item[Roel Verdult]
+ for his research on RFID security at Radboud University and libnfc
+\item[Nicolas T. Courtois]
for his {\em darkside} paper
-Andrei Costin
- for his Open Sourc implementation of the darkside paper (MFCUK)
- http://andreicostin.com/
+\item[Andrei Costin ]
+ for his Open Source implementation of the darkside paper (MFCUK)
+ \url{http://andreicostin.com/}
+\end{description}
\section{Bibliography}
personal git repositories of Harald Welte. Your mileage may vary