Abstract
The limited computational capabilities of low-cost RFID cards may induce security weaknesses stemming from concessions made in hardware. In particular, RFID cards with weak pseudo-random number generators (PRNGs) can leak secret information. Current generation RFID cards, such as the Mifare DESFire EV1, improve on the cryptographic and random number generation capabilities of previous cards such as the Mifare Classic. However, there is not yet a published analysis on the quality of the true random number generator (TRNG) used in Mifare DESFire EV1 cards. This paper represents the first study of the randomness of the DESFire EV1, and shows preliminary results that highlight a distinct pattern of biases in its TRNG.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Lee, S.M., Hwang, Y.J., Lee, D.H., Lim, J.I.: Efficient authentication for low-cost RFID systems. In: Gervasi, O., Gavrilova, M.L., Kumar, V., Laganà , A., Lee, H.P., Mun, Y., Taniar, D., Tan, C.J.K. (eds.) ICCSA 2005. LNCS, vol. 3480, pp. 619–627. Springer, Heidelberg (2005). doi:10.1007/11424758_65
Kasper, T., Oswald, D., Paar, C.: New methods for cost-effective side-channel attacks on cryptographic RFIDs. In: The 5th Workshop on RFID Security (RFIDSec). Citeseer (2009)
Garcia, F.D., Koning Gans, G., Muijrers, R., Rossum, P., Verdult, R., Schreur, R.W., Jacobs, B.: Dismantling MIFARE classic. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 97–114. Springer, Heidelberg (2008). doi:10.1007/978-3-540-88313-5_7
Merhi, M., Hernandez-Castro, J., Peris-Lopez, P.: Studying the PRNG of a low-cost RFID tag. In: 2011 IEEE International Conference on RFID-Technologies and Applications (RFID-TA), pp. 381–385. IEEE (2011)
Garcia, F.D., Van Rossum, P., Verdult, R., Schreur, R.W.: Wirelessly pick pocketing a mifare classic card. In: 2009 30th IEEE Symposium on Security and Privacy, pp. 3–15. IEEE (2009)
Koning Gans, G., Hoepman, J.-H., Garcia, F.D.: A practical attack on the MIFARE classic. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 267–282. Springer, Heidelberg (2008). doi:10.1007/978-3-540-85893-5_20
Kasper, T., Silbermann, M., Paar, C.: All you can eat or breaking a real-world contactless payment system. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 343–350. Springer, Heidelberg (2010). doi:10.1007/978-3-642-14577-3_28
Chiu, Y.-H., Hong, W.-C., Chou, L.-P., Ding, J., Yang, B.-Y., Cheng, C.-M.: A practical attack on Patched MIFARE classic. In: Lin, D., Xu, S., Yung, M. (eds.) Inscrypt 2013. LNCS, vol. 8567, pp. 150–164. Springer, Cham (2014). doi:10.1007/978-3-319-12087-4_10
Verdult, R., de Koning Gans, G., Garcia, F.D.: A toolbox for RFID protocol analysis. In: 2012 Fourth International EURASIP Workshop on RFID Technology (EURASIP RFID), pp. 27–34. IEEE (2012)
Liu, Z., Peng, D.: True random number generator in RFID systems against traceability. In: 2006 3rd IEEE Consumer Communications and Networking Conference (CCNC 2006), vol. 1, pp. 620–624. IEEE (2006)
Oswald, D., Paar, C.: Breaking mifare DESFire MF3ICD40: power analysis and templates in the real world. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 207–222. Springer, Heidelberg (2011). doi:10.1007/978-3-642-23951-9_14
NXP Semiconductors. Mifare DESFire EV1 4K: Mifare DESFire EV1 contactless multi-application IC. NXP Semiconductors. http://www.nxp.com/products/identification-and-security/mifare-ics/mifare-desfire/. Accessed 5 Sep 2016
Anderson, W.: A study of entropy. https://sites.google.com/site/astudyofentropy/background-information/the-tests. Accessed 7 Sep 2016
National Institute of Standards and Technology. NIST computer security resource center (CSRC). http://csrc.nist.gov/groups/ST/toolkit/rng/index.html. Accessed 7 Sep 2016
Rukhin, A., Soto, J., Nechvatal, J., Smid, M., Barker, E.: A statistical test suite for random and pseudorandom number generators for cryptographic applications. Technical report, DTIC Document (2001)
Walker, J.: Ent. A pseudo-random number sequence testing program. https://www.fourmilab.ch/random/. Accessed 07 Sep 2016
Acknowledgements
This work was funded by Innovate UK as part of the authenticated Self project, under reference number 102050. This work was partly sponsored by the ICT COST Action IC1403 Cryptacus in the EU Framework Horizon 2020. We would also like to thank NXP Semiconductors Ltd. for their timely and professional communication following the responsible disclosure of our findings.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Hurley-Smith, D., Hernandez-Castro, J. (2017). Bias in the Mifare DESFire EV1 TRNG. In: Hancke, G., Markantonakis, K. (eds) Radio Frequency Identification and IoT Security. RFIDSec 2016. Lecture Notes in Computer Science(), vol 10155. Springer, Cham. https://doi.org/10.1007/978-3-319-62024-4_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-62024-4_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-62023-7
Online ISBN: 978-3-319-62024-4
eBook Packages: Computer ScienceComputer Science (R0)