Dismantling iClass and iClass Elite

11 years 7 months ago

Download www.cs.ru.nl

With more than 300 million cards sold, HID iClass is one of the most popular contactless smart cards on the market. It is widely used for access control, secure login and payment systems. The card uses 64-bit keys to provide authenticity and integrity. The cipher and key diversiﬁcation algorithms are proprietary and little information about them is publicly available. In this paper we have reverse engineered all security mechanisms in the card including cipher, authentication protocol and key diversiﬁcation algorithms, which we publish in full detail. Furthermore, we have found six critical weaknesses that we exploit in two attacks, one against iClass Standard and one against iClass Elite (a.k.a., iClass High Security). In order to recover a secret card key, the ﬁrst attack requires one authentication attempt with a legitimate reader and 222 queries to a card. This attack has a computational complexity of 240 MAC computations. The whole attack can be executed within a day on ordi...

Flavio D. Garcia, Gerhard de Koning Gans, Roel Ver

Real-time Traffic

Authentication Protocol | Computational Complexity | Contactless Smart Cards | ESORICS 2012 | Security Privacy |

claim paper

Post Info
More Details (n/a)

Added	29 Sep 2012
Updated	29 Sep 2012
Type	Journal
Year	2012
Where	ESORICS
Authors	Flavio D. Garcia, Gerhard de Koning Gans, Roel Verdult, Milosch Meriac

Comments (0)

Sciweavers

Dismantling iClass and iClass Elite

Authentication Protocol | Computational Complexity | Contactless Smart Cards | ESORICS 2012 | Security Privacy |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers