|COOKIES: By using this website you agree that we can place Google Analytics Cookies on your device for performance monitoring.|
On the (in)security of widely-used RFID access control systems
If you have a question about this talk, please contact Laurent Simon.
Abstract: Over the last few years much attention has been paid to the (in)security of the cryptographic mechanisms used in RFID and contactless smart cards. Experience has shown that the secrecy of proprietary ciphers does not contribute to their cryptographic strength. Most notably the Mifare Classic, which has widespread application in public transport ticketing (e.g. Oyster) and access control systems, has been thoroughly broken in the last few years. Other prominent examples include KeeLoq and Hitag2 used in car keys and CryptoRF used in access control and payment systems.
This talk summarizes our own contribution to this field. We will briefly show some of the weaknesses we found in the Mifare classic. Then we will show that the security of its higher-end competitors like Atmel’s CryptoRF and HID ’s iClass – which were proposed as secure successors of the Mifare Classic – is not (significantly) higher. We will also cover security issues of the Hitag2 key fob to conclude with a discussion on responsible disclosure principles.
Bio: Garcia is a faculty member in the Birmingham’s Security and Privacy Group, and is currently employed as a “Birmingham Fellow”. His work focuses on the design and evaluation of cryptographic primitives and protocols for small embedded devices like RFID and smart cards. His research achievements include breakthroughs such as the discovery of vulnerabilities in Mifare Classic, iClass, CryptoMemory and HiTag2. The first of these, Mifare Classic, was widely used for electronic payment (e.g. London Underground) and access control (e.g. Amsterdam Airport). Garcia showed that the cryptography in the card was fatally flawed. HiTag2, the most widely used key fob used in car keys was also found to be insecure.
Garcia’s work has been widely recognised as world leading including “Best Paper” awards from the leading IEEE Security & Privacy and Usenix Woot conferences and the 2008 I/O Award from the Dutch research council for the best paper bringing computer science research to the attention of the general public. Garcia joined the security group at the University of Birmingham in February 2013.
This talk is part of the Computer Laboratory Security Seminar series.
This talk is included in these lists:
Note that ex-directory lists are not shown.
Other listsHitachi Cambridge Seminar Series Graduate Workshops in Economic and Social History Soft Condensed MatterTermly Meeting
Other talksLong-distance wound signals in Arabidopsis leaves Better the bug you know? – Basic bioscience underpinning infection control Long term health economic modelling of screening strategies for cardiovascular disease prevention (work in progress). The Surrey Communication and Language in Education Study (SCALES): a population study of language impairment at school entry Creating a Shallow-Water Wave Environment Creatures, Citizens or Consumers? Liberal Education for the Post-Christian Age