Introduction to MIFARE Classic¶
MIFARE is a contactless card technology that was introduced in 1994. it was primarily used for transport passes, but its technological capabilities quickly made it one among the most popular smart cards for storing data and providing access control.
All MIFARE cards follow the ISO14443A industry-standard requirement and, like other contactless cards, use an antenna and chip that reacts once a card is within the field of a reader. All MIFARE® cards operate at a 13.56MHz frequency and are made by NXP Semiconductors.
What are the key benefits of a MIFARE card?¶
The beauty of MIFARE technology is that it allows for multiple application uses which is something the cards don't. They include:
- Multiple application uses
- Enhanced security encryption that's difficult to clone
- A unique serial number
Security analysis of MIFARE Classic¶
The MIFARE Classic has been scrutinized over recent years and whilst a large amount of the criticism is well justified as many problems arose with the use of RFID.
MIFARE Classic communication is based on the ISO 14443 standard. The memory within the card is split in data blocks, which are successively grouped in sectors. Each sector contains two secret 48-bit keys, shared with authentic readers. A reader will must authenticate at least one of the keys to access data and perform operations in a particular sector.
The MIFARE Classic uses a 3-pass mutual authentication. After identification on its UID, card and reader authenticate to each other. Nonces within the card are generated by using a PRNG. Following authentication, communication between the reader and the card is encrypted. Both authentication and encryption are done using the CRYPTO1 algorithm, a proprietary cipher designed by NXP.
Process of cracking MIFARE Classic¶
It was already well-known that the CRYPTO1 algorithm made use of 48-bit keys. Due to this relatively short length, knowledge of the main points of the cipher would allow researchers to brute-force the algorithm for recovering of the key. Unfortunately, the short key length isn't the sole problem for CRYPTO1 because it also suffers from other weaknesses.
By exploiting the weaknesses of the PRNG one can mount replay attacks. Exploiting the cryptographic flaws within the CRYPTO1 allows one to mount key recovery attacks within in no time.
An attacker can also be capable of eavesdropping an exchange between a reader and a card, recover the secret keys, and clone the card with little to no effort.