Cracking DES: Secrets of Encryption Research, Wiretap Politics and Chip Design
Cracking DES: Secrets of Encryption Research, Wiretap Politics and Chip Design
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Reverse-engineering a cryptographic RFID tag
SS'08 Proceedings of the 17th conference on Security symposium
Attacks on the DECT Authentication Mechanisms
CT-RSA '09 Proceedings of the The Cryptographers' Track at the RSA Conference 2009 on Topics in Cryptology
Extending SAT Solvers to Cryptographic Problems
SAT '09 Proceedings of the 12th International Conference on Theory and Applications of Satisfiability Testing
Wirelessly Pickpocketing a Mifare Classic Card
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Practical Algebraic Attacks on the Hitag2 Stream Cipher
ISC '09 Proceedings of the 12th International Conference on Information Security
Cryptanalysis of alleged A5 stream cipher
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Dismantling SecureMemory, CryptoMemory and CryptoRF
Proceedings of the 17th ACM conference on Computer and communications security
Gone in 360 seconds: Hijacking with Hitag2
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Hi-index | 0.00 |
iClass is one of the most widely used contactless smartcards on the market. It is used extensively in access control and payment systems all over the world. This paper studies the built-in key diversification algorithm of iClass. We reverse engineered this key diversification algorithm by inspecting the update card key messages sent by an iClass reader to the card. This algorithm uses a combination of single DES and a proprietary key fortification function called 'hash0'. We show that the function hash0 is not one-way nor collision resistant. Moreover, we give the inverse function hash0-1 that outputs a modest amount (on average 4) of candidate pre-images. Finally, we show that recovering an iClass master key is not harder than a chosen plaintext attack on single DES. Considering that there is only one master key in all iClass readers, this enables an attacker to clone cards and gain access to potentially any system using iClass.