Category Archives: Hack

Some thoughts about RFID and passports

Posted on by
Reply

Last week, I discussed with a well known cryptographer: JJQ. We were exchanging about RFID security, last mifare hack, and security of RFID-based passports. During the discussion, we went through a new threat.
Let us now assume that the RFID passport is largely used, and even that one country requires RFID-based passport for entering. We assume that forging a RFID-based passport is extremely difficult (it will never be impossible, law 1). We may assume that forging the paper part of the passport will be easier (else why replacing them with more expensive passports). But the forgery would be detected by mismatch between the information in the passport and the RFID.
The obvious attack would be to blast the RFID of the passport. Then the border guard would check only the paper part. Nevertheless, this may not be sufficient because we may assume that the border guard will be watchful because he faces an exceptional case.
Let us now assume that the attacker was able to build a gimmick that blasts all the RFID of every passports in a plane before leaving it. You will have several hundreds of exceptional cases. In other words, the border guards will be overwhelmed by the situation. Furthermore, if the attacker will present itself among the last ones, then his probability to go through with the forged passport will significantly raise.
Here it is a nice example of combined attacks: technique to blast the RFID and social engineering by creating an exceptional situation to stress the border guards.
Thus, for such type of applications, Denial of Services attacks should be carefully studied and prevented.

SlySoft announces that it broke BD+

Posted on by
Reply

Slysoft, the manufacturer of AnyDVD HD software announced that the new version allows to copy BD+ protected disks. See Press Release
AnyDVD was the first commercial package that allowed to rip AACS protected discs. Successive versions keep the pace with the changes in the revocation of players. For more information about the hacks read Security newsletter 5 and Security newsletter 6

BluRay consortium decided to launch its BD+ protection. BD+ is a layer of additional protections on top of AACS. One of the most interesting feature of BD+ is SPDC (Self Protecting Digital Content). SPDC was developed by CRI, the company of Paul Kocher. Paul Kocher is well known for his devastating side channel attacks on smart cards such ad Differential Power Attack or Differential Timing Attack. Recently, CRI sold the SPDC technology to Macrovision. SPDC allows to append to a BD title a small application that redefines the security mechanism of the player. In other words, it would be possible for reach title to have a different security protection. Renewability is one key element (Law 1).

What does the announcement of SlySoft mean?
Two scenarios are possible.
1- SlySoft has designed a class attack, i.e. an attack that definitively defeats any BD+ implementation for instance by finding a lethal weakness.
2- SlySoft has been able to defeat the current protection of new BD+ titles.
In view of the announcement, scenario 2 is more realistic. SlySoft acknowledges that BD+ is not yet using all the available features. In other words, the current version of anyDVD breaks the current titles. A new SPDC code would require SlySoft to design new circumventing code (Three months in the company Dungeon :Wink:)

BD+ has been designed for renewability. The concept of BD+ acknowledges that hackers will find their way. But BD+ also allows a new race to start.

Conclusion
The question is not too much to know if some BD+ titles could be ripped. It is more how long it will take to find a method to rip them. If the new protection remains secure for enough weeks to preserve the maximum sales, then BD+ will be successful.

I will be provocative. This first BD+ hack is the best justification of the existence of BD+. Dynamic defense is better than static defense. Security is never absolute. It is a compromise.

In any case, we will keep you informed of any news on the AACS front.

RFID and weak security

Posted on by
Reply

NXP Mifare Classic RFID chips are widely used in transportation or access control in Europe. NOHL Karsten, a researcher, publishes a cryptanalysis of this chip (the paper). His analysis demonstrates that the design was extremely weak. The cipher uses a LSFR and a 48-bit key.

It is obvious that the design was weak. Nevertheless, the main design constraint was probably to have a small number of gates for the implementation to reduce the cost. The security assumed that this algorithm would stay secret, in other words violating the principle of Kerckoffs. Furthermore, using a 48 bit key was inadequate. Currently, it is recommended to have at least a 90 bit key. With 48 bit key, it is easy to have a brut force attack.

Is it a problem? It depends on the application using the chip and its security assumptions. If the hypothesis is that the chip is extremely secure, than the answer is that it is an error. If the goal is to protect low cost assets, then the answer is right solution. As always, security is not simple and Manichean.

Forecasts: RFID will spread. Due to this massive use, cost constraints will be such that we will anticipate that many RFID chip will implement weak algorithm but with low cost. I will surely report many such events.