Life for us in the lockpick community is simple. If we want to tackle a specific lock we can just go buy a sample and study it.

During my search for lock knowledge, I have bought several locks simply because I felt the need to disassemble them and satisfy my curiosity. In some cases I had to use a small grinder to cut my way into the lock to make it reveal its secrets. But at the end of the day no lock ever was able to keep its inner working secret for me.

In that respect our life is easy compared to that of researchers that examine RF-ID systems. Most of the RF-ID vendors keep the inner working secret. Deep inside a one millimeter chip, a small proprietary encryption routine is held. Virtually impossible to reach, spread over five extremely thin wafers that are all interconnected.

Good luck taking that apart to see if you can reverse engineer the algorithm … or at least that must have been the thought of the inventors of the Mifare RF-ID system. Unfortunately for them, some German researchers did just that … take the one square millimeter chip apart.

And at the latest CCC congress in Berlin, Karsten Nohl and Henryk Plötz gave a brilliant and inspiring presentation about their findings (google video or MP4).

* Karsten Nohl pointing out the different layers

The researchers used a ‘simple’ setup. With lots of patience, they managed to slice off the top of the chip and reach the first layer. Using a 500X magnifying microscope they took a high resolution picture of this layer. They then used some very fine polish and ‘really really carefully’ polished away the first layer, making the second layer visible. And took another picture. And so on. The story does not say in how many tries they succeeded to make five high quality images, but it must have been a hell of a job. Not to mention laying these images on top of each other and trying to make sense out of it. According to the researchers this all was ‘painful work’. Well, I take my hat off for them as it the kind of research I greatly admire!

It took them some time, but they managed to reverse engineer the mifare encryption algorithm this way. And by that the Mifare system seems history (for serious applications).

Mifare heavily relies on keeping the encryption scheme secret. The problem is cheap/affordable RF-ID chips do not have enough CPU to do serious crypto, so keeping the inner working secret is the only defense. And during the research many more weaknesses in the Mifare system were found. Even if you do not understand everything, I strongly encourage everyone to view the video of the presentation. It is inspiring to say the least, and shows with determination even the most complex problem can be tackled (well …. almost).

The real lesson learned is that security through obscurity does not work, and only buys you some time. But it will bite you in the long run when using it in widely deployed systems. The problem now is millions of Mifare chips are deployed in the field in a huge install base. And most of the users are completely unaware of the disaster that is coming …

So far the users are ‘safe’. The researchers have not given out the full details on Mifare…. yet. But please take their advice serious: “If you rely on Mifare for anything, start migrating!”. More information about the mifare hack can be expected in the very near future.

And even though I am thrilled about this attack, I am not too happy. We use Mifare ourselves to secure some parts of some of our offices …. (sigh)

Still I would like to thank the researchers and compliment them for their excellent work and for giving us some time to migrate.

I can not wait to hear more about it!

This entry was posted on Sunday, January 6th, 2008 at 20:00 and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.