Blogger: Mark Diodati
Some of you may have read that the proprietary symmetric key cryptographic algorithm of the MIFARE Classic card has been broken. The MIFARE Classic card is used in physical access control systems (PACS) and contactless payment systems (including tollway and public transportation systems). By some estimates, there are 500 million MIFARE cards deployed worldwide, and the majority of them are MIFARE Classic cards. Karsten Nohl and his team completed the hack, and the team was able to clone a MIFARE Classic card in less than two minutes (the “skimming” or reading of the card takes less than a few seconds). Perhaps not co-incidentally, NXP (the owners of the MIFARE intellectual property) announced on March 10 that they have a new-and-improved MIFARE card that leverages AES 128-bit encryption. The first samples will be available in Q4 of 2008. The refreshment of hundreds of millions of cards will be completed at a much later date.
You may be aware of the MIFARE vs. HID Prox card religious war in the PACS space. From my experience talking with customers, there are more HID Prox cards used in PACS in the United States as compared to the MIFARE card. The MIFARE proponents consistently tout the security value of MIFARE technology over HID Prox technology, and have pointed to the fact that HID Prox cards could be readily cloned. You can see a video of the HID Prox card clone, from the 2007 RSA Conference here. The conventional wisdom was that the MIFARE card was unclonable. The conventional wisdom was wrong.
The impact of the MIFARE hack for those reliant payment systems (and its consumers) is increased fraud. The cloning of the card does not require possession, only proximity. I am unaware of any preventative measures that would preclude a fraudster from walking around a parking garage and cloning those tollway cards that are mounted in everyone’s windshield. Some people might consider this an act of civil disobedience, particularly if they drive on the Illinois Tollway with any frequency (as Triumph the Insult Comic Dog would say “I keed!”). Also, skimming and cloning the user’s public transportation card while they ride the train is a likely outcome. If you are aware of any preventative measures, please let me know.
What is the impact to PACS security? The reality is that many PACS deployments did not leverage the MIFARE encryption features. The management of symmetric keys across the relatively complex PACS environment (specifically, cards, readers, controllers, and hosts) remains a daunting process. For these deployments without encryption, it’s business as usual. Those organizations that deployed the MIFARE technology with encryption should realize that they are not as secure as they thought. Either way, as we have said before, no authentication method is bulletproof. Organizations should be using other controls – like auditing and security event correlation – to enhance the security of their PACS.
Finally, when will people learn their lesson? Cryptographic algorithms should be public so that they can be scrutinized and tested. Secret algorithms aren’t more valuable because they are secret. Bruce Schneier has been saying this for years.
If you are interested more details on PACS architecture and components, I recommend my recent Burton Group research document “Let’s Get Logical: The Convergence of Physical Access Control and Identity Systems” (subscription required).