|COOKIES: By using this website you agree that we can place Google Analytics Cookies on your device for performance monitoring.|
On the (in)security of widely-used RFID access control systems
If you have a question about this talk, please contact Laurent Simon.
Abstract: Over the last few years much attention has been paid to the (in)security of the cryptographic mechanisms used in RFID and contactless smart cards. Experience has shown that the secrecy of proprietary ciphers does not contribute to their cryptographic strength. Most notably the Mifare Classic, which has widespread application in public transport ticketing (e.g. Oyster) and access control systems, has been thoroughly broken in the last few years. Other prominent examples include KeeLoq and Hitag2 used in car keys and CryptoRF used in access control and payment systems.
This talk summarizes our own contribution to this field. We will briefly show some of the weaknesses we found in the Mifare classic. Then we will show that the security of its higher-end competitors like Atmel’s CryptoRF and HID ’s iClass – which were proposed as secure successors of the Mifare Classic – is not (significantly) higher. We will also cover security issues of the Hitag2 key fob to conclude with a discussion on responsible disclosure principles.
Bio: Garcia is a faculty member in the Birmingham’s Security and Privacy Group, and is currently employed as a “Birmingham Fellow”. His work focuses on the design and evaluation of cryptographic primitives and protocols for small embedded devices like RFID and smart cards. His research achievements include breakthroughs such as the discovery of vulnerabilities in Mifare Classic, iClass, CryptoMemory and HiTag2. The first of these, Mifare Classic, was widely used for electronic payment (e.g. London Underground) and access control (e.g. Amsterdam Airport). Garcia showed that the cryptography in the card was fatally flawed. HiTag2, the most widely used key fob used in car keys was also found to be insecure.
Garcia’s work has been widely recognised as world leading including “Best Paper” awards from the leading IEEE Security & Privacy and Usenix Woot conferences and the 2008 I/O Award from the Dutch research council for the best paper bringing computer science research to the attention of the general public. Garcia joined the security group at the University of Birmingham in February 2013.
This talk is part of the Computer Laboratory Security Seminar series.
This talk is included in these lists:
Note that ex-directory lists are not shown.
Other listsInformation Structure Clinical Ethics Forum Festival of Ideas 2013
Other talksExperiments with internal solitary waves in stratified fluids The Global Transformation Financial market implications of monetary policy coordination Inferno XXVI, Purgatorio XXVI, Paradiso XXVI Postcapitalist practices of communing and a performative politics of assemblage Transcription