
Contactless Smartcards and RFID Tokens
Contactless Smartcards, i.e. microcontroller chipcards equipped with an RFID interface, have been widely adopted for payment, access control and identification solutions. In this contect many platforms, from simple fixed code systems over Mifrace Classic to Mifare DESFire MF3ICD40 have been proven insecure. Besides vulnerabilities of the underlying hardware also flaws in the design of the backend have often been shown to be the root of the insecurity of the overall system, thus often attacks remain undetected.
Publications
Seitenkanalanalyse kontaktloser SmartCards. Timo Kasper, David Oswald, Christof Paar. Datenschutz und Datensicherheit – DuD – Ausgabe 11/2011. PDF (German)
Breaking Mifare DESFire MF3ICD40: Power Analysis and Templates in the Real World. David Oswald, Christof Paar. Workshop on Cryptographic Hardware and Embedded Systems CHES 2011. Nara, Japan. PDF
All You Can Eat or Breaking a Real-World Contactless Payment System. Timo Kasper, Michael Silbermann, Christof Paar. Financial Cryptography and Data Security 2010. PDF
Wireless security threats: Eavesdropping and detecting of active RFIDs and remote controls in the wild. Timo Kasper, David Oswald, Christof Paar. 19th International Conference on Software, Telecommunications and Computer Networks (SoftCOM) Hvar, Croatia, 2011. PDF
An Embedded System for Practical Security Analysis of Contactless Smartcards.
Timo Kasper, Dario Carluccio, Christof Paar. Workshop in Information Security Theory and Practices 2007, Crete, Greece, Mai 2007.PDF
E-Passport: Cracking Basic Access Control Keys with COPACOBANA
Yifei Liu, Timo Kasper, Kerstin Lemke-Rust, Christof Paar. On the move, Vilamoura, Portugal, 2007. PDF
Cryptanalysis with COPACOBANA Tim Güneysu, Timo Kasper, Martin Novotny, Christof Paar, Andy Rupp. IEEE Transactions on Computers vol. 57, no. 11, 2008. PDF
Chameleon: A Versatile Emulator for Contactless Smartcards. Timo Kasper, Ingo von Maurich, David Oswald, Christof Paar. 13th International Conference on Information Security and Cryptology – ICISC 2010. Seoul, Korea. PDF
Open Source Projects
Chameleon14443: Low-cost, ISO 14443 compliant emulator for Contactless Smartcards: Project at sourceforge.net
Reader14443: Customized RFID Reader for Contactless Smartcards: Project at sourceforge.net