Collaborate Disseminate
I am doing thesis on “NFC relay attack” in my BSc last year. I have studied 10-15 papers and learned the basics of NFC and relay attack. Still I am no where near to understand how relay attack is performed on NFC and how the … Continue reading What should I know to prevent relay attack on NFC?
Near Field Communication (NFC) is something we take for granted these days. Nearly all smartphones have it. We even have NFC interfaces for all our favorite development boards. NFC’s history goes back all the way to 1997, when an early version was used in Star Wars special edition toys. Radio Frequency Identification (RFID), which NFC builds on, goes back even further. The patent citation trail leads all the way back to 1983 in a patent awarded to [Charles Walton]. NFC is much more than RFID though. The idea of two way communication between devices opens up tons of possibilities for …read more
I’m trying to understand the security of a contactless smartcard system, used for access control and payment. The card is a Mifare DESFire EV1 implementing ISO 14443 (see the this documentation collection).
I’ve read about side channel attacks targeted on extracting the private key from the smartcard (see Side-Channel Analysis of Cryptographic RFIDs with Analog Demodulation). They were successful but appear to be quite difficult to perform.
As I understand the authentication process of such cards, the reader and the card must both prove their knowledge of the secret key by a challenge-response procedure (the protocol is not public but has been reverse engineered in the paper Cloning Cryptographic RFID Cards for 25$ in chapter 3.2.). So all the reading devices must know the secret key, too. But there can be many readers from many vendors (e.g. coffee machines, small USB readers at cash registers, access control panels…), do all of them really have the secret key? Is there a standard on how the key has to be stored? It may be possible in some cases that the cards are authenticated over the network but I know that some of the devices work offline.
I’d expect them to be a quite promising attack vector, as coffee machine vendors generally don’t care much about security. Are there any papers describing a successful attack? Or is there just a similar chip in any of these readers where the key is stored in the same way?
