RFID and weak security

NXP Mifare Classic RFID chips are widely used in transportation or access control in Europe. NOHL Karsten, a researcher, publishes a cryptanalysis of this chip (the paper). His analysis demonstrates that the design was extremely weak. The cipher uses a LSFR and a 48-bit key.

It is obvious that the design was weak. Nevertheless, the main design constraint was probably to have a small number of gates for the implementation to reduce the cost. The security assumed that this algorithm would stay secret, in other words violating the principle of Kerckoffs. Furthermore, using a 48 bit key was inadequate. Currently, it is recommended to have at least a 90 bit key. With 48 bit key, it is easy to have a brut force attack.

Is it a problem? It depends on the application using the chip and its security assumptions. If the hypothesis is that the chip is extremely secure, than the answer is that it is an error. If the goal is to protect low cost assets, then the answer is right solution. As always, security is not simple and Manichean.

Forecasts: RFID will spread. Due to this massive use, cost constraints will be such that we will anticipate that many RFID chip will implement weak algorithm but with low cost. I will surely report many such events.

Leave a Reply

Your email address will not be published. Required fields are marked *