Breaking Mifare DESFire MF3ICD40: Power Analysis and Templates in the Real World

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6917)


With the advent of side-channel analysis, implementations of mathematically secure ciphers face a new threat: by exploiting the physical characteristics of a device, adversaries are able to break algorithms such as AES or Triple-DES (3DES), for which no efficient analytical or brute-force attacks exist. In this paper, we demonstrate practical, noninvasive side-channel attacks on the Mifare DESFire MF3ICD40 contactless smartcard, a 3DES-based alternative to the cryptanalytically weak Mifare Classic [9,25]. We detail on how to recover the complete 112-bit secret key of the employed 3DES algorithm, using non-invasive power analysis and template attacks. Our methods can be put into practice at a low cost with standard equipment, thus posing a severe threat to many real-world applications that employ the DESFire MF3ICD40 smartcard.


contactless smartcard side-channel analyis templates DESFire 


  1. 1.
    Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The EM side-channel(s). In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 29–45. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. 2.
    Brier, E., Clavier, C., Olivier, F.: Correlation Power Analysis with a Leakage Model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. 3.
    BSI – German Ministry of Security. Mifare DESFire8 MF3ICD81 Public Evaluation Documentation. Electronic resource (October 2008)Google Scholar
  4. 4.
    Carluccio, D.: Electromagnetic Side Channel Analysis for Embedded Crypto Devices. Master’s thesis, Ruhr-University Bochum (2005)Google Scholar
  5. 5.
    Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  6. 6.
    Clavier, C., Coron, J.-S., Dabbous, N.: Differential Power Analysis in the Presence of Hardware Countermeasures. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 13–48. Springer, Heidelberg (2000)Google Scholar
  7. 7.
    Czech Railways. In-karta (March 2011),
  8. 8.
    Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., Shalmani, M.T.M.: On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoq Code Hopping Scheme. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 203–220. Springer, Heidelberg (2008)Google Scholar
  9. 9.
    Garcia, F.D., de Koning Gans, G., Muijrers, R., van Rossum, P., Verdult, R., Schreur, R.W., Jacobs, B.: Dismantling MIFARE classic. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 97–114. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  10. 10.
    Gebotys, C.H., Ho, S., Tiu, C.C.: EM Analysis of Rijndael and ECC on a Wireless Java-Based PDA. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 250–264. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual Information Analysis – A Generic Side-Channel Distinguisher. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 426–442. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  12. 12.
    Hutter, M., Mangard, S., Feldhofer, M.: Power and EM Attacks on Passive 13.56 MHz RFID Devices. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 320–333. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  13. 13.
    ISO. ISO/IEC 14443-3: Identification Cards – Contactless Integrated Circuit(s) Cards – Proximity Cards – Part 3: Initialization and Anticollision (February 2001)Google Scholar
  14. 14.
    ISO. ISO/IEC 14443-4: Identification cards – Contactless Integrated Circuit(s) Cards – Proximity Cards – Part 4: Transmission Protocol (February 2001)Google Scholar
  15. 15.
    ISO. ISO/IEC 15693-3: Identification Cards – Contactless Integrated Circuit Cards – Vicinity Cards – Part 3: Anticollision and Transmission Protocol (April 2009)Google Scholar
  16. 16.
    Kasper, T., Carluccio, D., Paar, C.: An Embedded System for Practical Security Analysis of Contactless Smartcards. In: Sauveron, D., Markantonakis, K., Bilas, A., Quisquater, J.-J. (eds.) WISTP 2007. LNCS, vol. 4462, pp. 150–160. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  17. 17.
    Kasper, T., Oswald, D., Paar, C.: EM Side-Channel Attacks on Commercial Contactless Smartcards Using Low-Cost Equipment. In: Youm, H.Y., Yung, M. (eds.) WISA 2009. LNCS, vol. 5932, pp. 79–93. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  18. 18.
    Kasper, T., Oswald, D., Paar, C.: Side-Channel Analysis of Cryptographic RFIDs with Analog Demodulation. Springer LNCS Proceedings of RFIDSec 2011, Northampton, USA (to appear)Google Scholar
  19. 19.
    Kasper, T., von Maurich, I., Oswald, D., Paar, C.: Chameleon: A versatile emulator for contactless smartcards. In: Rhee, K.-H. (ed.) ICISC 2010. LNCS, vol. 6829, pp. 189–206. Springer, Heidelberg (to appear)Google Scholar
  20. 20.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  21. 21.
    Langer EMV-Technik. Details of Near Field Probe Set RF 2. WebsiteGoogle Scholar
  22. 22.
    Mahalanobis, P.C.: On the Generalised Distance in Statistics. In: Proceedings National Institute of Science, India, vol. 2, pp. 49–55 (April 1936)Google Scholar
  23. 23.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, Heidelberg (2007)zbMATHGoogle Scholar
  24. 24.
    NIST. FIPS 46-3 Data Encryption Standard (DES),
  25. 25.
    Nohl, K., Evans, D., Plötz, H.: Reverse-Engineering a Cryptographic RFID Tag. In: USENIX Security Symposium, pp. 185–194. USENIX Association (2008)Google Scholar
  26. 26.
    NXP. Mifare DESFire Contactless Multi-Application IC with DES and 3DES Security MF3ICD40 (April 2004)Google Scholar
  27. 27.
    Ochs, K.: Transmission of Digital Signals. Lecture notes (2006)Google Scholar
  28. 28.
    Oswald, D., Paar, C.: Breaking Mifare DESFire MF3ICD40: Power Analysis and Templates in the Real World — Extended Version (2011),
  29. 29.
    Pico Technology. PicoScope 5200 USB PC Oscilloscopes (2008)Google Scholar
  30. 30.
    Plos, T., Hutter, M., Feldhofer, M.: Evaluation of Side-Channel Preprocessing Techniques on Cryptographic-Enabled HF and UHF RFID-Tag Prototypes. In: Dominikus, S. (ed.) Workshop on RFID Security 2008, pp. 114–127 (2008)Google Scholar
  31. 31.
    Rechberger, C., Oswald, E.: Practical Template Attacks. In: Lim, C.H., Yung, M. (eds.) WISA 2004. LNCS, vol. 3325, pp. 443–457. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  32. 32.
    Rohr, A., Nohl, K., Plötz, H.: Establishing Security Best Practices in Access Control (September 2010),
  33. 33.
    Schindler, W., Lemke, K., Paar, C.: A Stochastic Model for Differential Side Channel Cryptanalysis. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 30–46. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  34. 34.
    Schwartz, M., Bennett, W.R., Stein, S.: Communication Systems and Techniques. Wiley, Chichester (1966)Google Scholar
  35. 35.
    Standaert, F.-X., Archambeau, C.: Using Subspace-Based Template Attacks to Compare and Combine Power and Electromagnetic Information Leakages. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 411–425. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  36. 36.
    State Government Victoria. myki (March 2011),
  37. 37.
    van Woudenberg, J.G.J., Witteman, M.F., Bakker, B.: Improving Differential Power Analysis by Elastic Alignment. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 104–119. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  38. 38.
    Vishay Semiconductors, Inc. BAT43 Schottky Diode DatasheetGoogle Scholar
  39. 39.
    Wikipedia. Contactless Smart Card — Wikipedia, The Free Encyclopedia (2011) (accessed March 5, 2011)Google Scholar
  40. 40.
    Wikipedia. MIFARE — Wikipedia, The Free Encyclopedia (2011) (accessed March 25, 2011)Google Scholar
  41. 41.
    Wikipedia. Sample Mean and Sample Covariance — Wikipedia, The Free Encyclopedia (2011) (accessed April 1, 2011)Google Scholar

Copyright information

© International Association for Cryptologic Research 2011

Authors and Affiliations

  1. 1.Horst Görtz Institute for IT SecurityRuhr-University BochumGermany

Personalised recommendations