Contactless Smartcards and RFID Tokens

Contactless Smartcards, i.e. microcontroller chipcards equipped with an RFID interface, have been widely adopted for payment, access control and identification solutions. In this contect many platforms, from simple fixed code systems over Mifrace Classic to Mifare DESFire MF3ICD40 have been proven insecure. Besides vulnerabilities of the underlying hardware also flaws in the design of the backend have often been shown to be the root of the insecurity of the overall system, thus often attacks remain undetected.

Publications

Seitenkanalanalyse kontaktloser SmartCards. Timo Kas­per, David Os­wald, Chris­tof Paar. Da­ten­schutz und Da­ten­si­cher­heit – DuD – Aus­ga­be 11/2011. PDF (German)

Breaking Mifare DESFire MF3ICD40: Power Analysis and Templates in the Real World. David Oswald, Christof Paar. Work­shop on Cryp­to­gra­phic Hard­ware and Em­bed­ded Sys­tems CHES 2011. Nara, Japan. PDF

All You Can Eat or Breaking a Real-World Contactless Payment System. Timo Kasper, Michael Silbermann, Christof Paar. Financial Cryptography and Data Security 2010. PDF

Wireless security threats: Eavesdropping and detecting of active RFIDs and remote controls in the wild. Timo Kasper, David Oswald, Christof Paar. 19th International Conference on Software, Telecommunications and Computer Networks (SoftCOM) Hvar, Croatia, 2011. PDF

An Embedded System for Practical Security Analysis of Contactless Smartcards.
Timo Kasper, Dario Carluccio, Christof Paar. Workshop in Information Security Theory and Practices 2007, Crete, Greece, Mai 2007.PDF

E-Passport: Cracking Basic Access Control Keys with COPACOBANA
Yifei Liu, Timo Kasper, Kerstin Lemke-Rust, Christof Paar. On the move, Vilamoura, Portugal, 2007. PDF

Cryptanalysis with COPACOBANA Tim Güneysu, Timo Kasper, Martin Novotny, Christof Paar, Andy Rupp. IEEE Transactions on Computers vol. 57, no. 11, 2008. PDF

Chameleon: A Versatile Emulator for Contactless Smartcards. Timo Kas­per, Ingo von Mau­rich, David Os­wald, Chris­tof Paar. 13th In­ter­na­tio­nal Con­fe­rence on In­for­ma­ti­on Se­cu­ri­ty and Cryp­to­lo­gy – ICISC 2010. Seoul, Korea. PDF

 

Open Source Projects

Chameleon14443: Low-cost, ISO 14443 compliant emulator for Contactless Smartcards: Project at sourceforge.net

mini_chameleon

Reader14443: Customized RFID Reader for Contactless Smartcards: Project at sourceforge.net

reader14443