From d72bcdb8f9630ece273978d4979ea25a63e15997 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Henryk=20Pl=C3=B6tz?= Date: Tue, 17 Aug 2010 06:01:45 +0200 Subject: Typos and typography --- paper/easycard.tex | 58 +++++++++++++++++++++++++++++------------------------- 1 file changed, 31 insertions(+), 27 deletions(-) diff --git a/paper/easycard.tex b/paper/easycard.tex index 1b57627..c87b3dd 100644 --- a/paper/easycard.tex +++ b/paper/easycard.tex @@ -4,7 +4,7 @@ \usepackage{subfigure} \pagestyle{plain} -%\usepackage{url} +\usepackage{url} \setlength{\oddsidemargin}{0in} \setlength{\evensidemargin}{0in} @@ -24,7 +24,7 @@ \maketitle \begin{abstract} -The EasyCard system, established in 2001, is the most popular store-valued card +The EasyCard system, established in 2001, is the most popular store-valued card % FIXME: "store-valued"? Meinten Sie: "stored-value"? in Taiwan. With more than 18 million issued cards, it is the predominant means of paying for public transportation services in the capital Taipei. @@ -59,7 +59,7 @@ validate it. This paper is also directed at the legislator and the regulatory authorities, in the hope that it will help them to produce better rules and requirements on -the technology designed for and usedby operators of security relevant systems +the technology designed for and used by operators of security relevant systems such as banking. \section{Introducing the EasyCard} @@ -107,12 +107,12 @@ they key of at least one different sectors. \subsection{Recovering the MIFARE CRYPTO1 keys} Since none of the sector keys was known, the publicly available MFCUK (MiFare -Classic Universal toolKit) implementation of the "Dark Side" attack (Nicolas T. +Classic Universal toolKit) implementation of the ``Dark Side'' attack (Nicolas T. Courtois) was used as a card-only attack. All that was required was the MFCUK Free Software, as well as a RFID reader as supported by libnfc. Compatible readers are widely available, -among them one for EUR 30 from http://www.touchatag.com/e-store. +among them one for EUR 30 from \url{http://www.touchatag.com/e-store}. Using the MFCUK key recovery tool, the A and B keys for all sectors have been recovered within FIXME. This attack can definitely be optimized @@ -132,6 +132,7 @@ with the nfc-mfclassic program (part of libnfc). A full dump of the newly-purchased, unused EasyCard revealed the following content: +\begin{verbatim} 0000000 a193 c031 88c3 0004 ba46 1214 1051 1004 0000010 140e 0100 0207 0308 0409 1008 0000 0000 0000020 0000 0000 0000 0000 0000 0000 0000 0000 @@ -196,6 +197,7 @@ content: 00003d0 0000 0000 0000 0000 0000 0000 0000 0000 00003e0 0000 0000 0000 0000 0000 0000 0000 0000 00003f0 ea02 0bda b62a 7708 008f 0000 0000 0000 +\end{verbatim} \subsection{Re-engineering the on-card data format} @@ -245,7 +247,7 @@ transportation as well as stores use key A for this sector, as key A is sufficient to read and decrement the VALUE block. Re-charging the card must happen using authentication with key B, as only -Key B has permissions to increment and/or write to this sector. +key B has permissions to increment and/or write to this sector. \subsubsection{Sector 3 through 5: The transaction log} @@ -299,7 +301,7 @@ FIXME: Transaction log pointer \subsubsection{Sector 7: The last MRT entry/exit record} -Block 2 (Offset 0x1e0) contains a record dscribing the last MRT station +Block 2 (Offset 0x1e0) contains a record describing the last MRT station that was entered using this EasyCard. \begin{itemize} \item Bytes 0...3 are unknown @@ -319,7 +321,7 @@ applicable discount in case a connection is made from MRT into a bus. \subsubsection{Sector 15: Maximum daily spending} -Sector 2 (Offset 0x3e0) contains a record used for keeping track of +Block 2 (Offset 0x3e0) contains a record used for keeping track of the amount of money spent on a single day. This is needed in order to impose a daily spending limit of (currently) NTD 3,000. @@ -357,13 +359,13 @@ balance. Re-reading the card after the purchase indicates the full success of the operation. The purchase has left exactly the same changes in the card like it would have with a card that has a genuine lower value. None of the -erroneosly increased (or decreased) numbers had been updated. +erroneously increased (or decreased) numbers had been updated. This specifically confirms that the vending terminal did not have an online connection to a centralized database. In that case, the erroneous values on the card would have been corrected and the original value restored. -\subsection{Increaing the value of the card} +\subsection{Increasing the value of the card} The approach works similar to the previous one. First, a purchase in a store is being made, preferrably with relatively high value. Later, the transaction @@ -400,8 +402,8 @@ system. The underlying Mifare Classic product was launched in 1994, and thus already relatively old and outdated technology at that time. -It was publicly documented by NXP that the security of the system is baesd on a -{\em prorprietary, symmetric, 48bit cipher}. Symmetric 48-bit encryption +It was publicly documented by NXP that the security of the system is based on a +{\em proprietary, symmetric, 48bit cipher}. Symmetric 48-bit encryption was definitely no longer state-of-the-art in the year 2000. At that time, the popular web-browser Netscape Navigator (used e.g. for web-based online banking) had already introduced support for symmetric 128bit ciphers. @@ -413,11 +415,11 @@ design} and {\em Security by obscurity}. In the former systems, security is achieved by using well-designed systems that have undergone public peer review and have been subject to cryptanalysis. -As a result, the system is secure because it has undergond the review and +As a result, the system is secure because it has undergone the review and scrutiny of the international community of cryptographers and security experts. So, despite making all details of the system, particularly the cryptographic -algorithms open, an attacker is not able to circumvent the systems security. +algorithms open, an attacker is not able to circumvent the system's security. A system relying on {\em Security by obscurity} is only secure because nobody knows the details of how it works. As soon as this information @@ -469,18 +471,18 @@ technically, cards can be re-charged without making actual payment for it. As far as cards are only used for public transportation, the incentive for fraudulent use is relatively small and contained. Also, the amount -of money for each transaction is realtively small. +of money for each transaction is relatively small. Thus, while the author would still disagree, it might be the case that the business risk analysis inside EasyCard Corporation would have deemed the risk of fraud in the public transport sector as acceptable. When such a card is used as an electronic payment system in stores where -goods of much higher value can be purcased, the threat model is quite +goods of much higher value can be purchased, the threat model is quite different, though. The 2010 introduction of the EasyCard as means of payment in retail -stores - while still relying on known-broken, 16 year old technology - +stores -- while still relying on known-broken, 16 year old technology -- can thus only be seen as ignorant and incompetent. It does not help that EasyCard corporation has to provide a full refund @@ -530,21 +532,23 @@ The author of this paper expresses his gratitude to the many people involved in trying to uncover the weaknesses of proprietary and ultimately insecure RFID systems worldwide. -Milosch and Brita Meriac +\begin{description} +\item[Milosch and Brita Meriac] for their great work on OpenPCD and OpenPICC -Henryk Ploetz, Karsten Nohl, starbug +\item[Henryk Ploetz, Karsten Nohl, starbug] for their work on MIFARE, Crypto1 and tiresome research into all kinds of proprietary snake-oil -Jonathan Westhues +\item[Jonathan Westhues] for designing and openly publishing the Proxmark -Nethemba +\item[Nethemba] for the Open Source implementation of the nested key attack in MFOC -Roel Verdult - for his research on RFID security at Radbound University and libnfc -Nicolas T. Courtois +\item[Roel Verdult] + for his research on RFID security at Radboud University and libnfc +\item[Nicolas T. Courtois] for his {\em darkside} paper -Andrei Costin - for his Open Sourc implementation of the darkside paper (MFCUK) - http://andreicostin.com/ +\item[Andrei Costin ] + for his Open Source implementation of the darkside paper (MFCUK) + \url{http://andreicostin.com/} +\end{description} \section{Bibliography} -- cgit v1.2.3