Abstract
With more than 300 million cards sold, HID iClass is one of the most popular contactless smart cards on the market. It is widely used for access control, secure login and payment systems. The card uses 64-bit keys to provide authenticity and integrity. The cipher and key diversification algorithms are proprietary and little information about them is publicly available. In this paper we have reverse engineered all security mechanisms in the card including cipher, authentication protocol and key diversification algorithms, which we publish in full detail. Furthermore, we have found six critical weaknesses that we exploit in two attacks, one against iClass Standard and one against iClass Elite (a.k.a., iClass High Security). In order to recover a secret card key, the first attack requires one authentication attempt with a legitimate reader and 222 queries to a card. This attack has a computational complexity of 240 MAC computations. The whole attack can be executed within a day on ordinary hardware. Remarkably, the second attack which is against iClass Elite is significantly faster. It directly recovers the master key from only 15 authentication attempts with a legitimate reader. The computational complexity of this attack is lower than 225 MAC computations, which means that it can be fully executed within 5 seconds on an ordinary laptop.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Identification cards – contactless integrated circuit(s) cards – vicinity cards (ISO/IEC 15693), International Organization for Standardization (ISO) (2000)
Cummings, N.: Sales training. Slides from HID Technologies (March 2006)
HID Global: iClass RW100, RW150, RW300, RW400 readers (2009)
Garcia, F.D., de Koning Gans, G., Muijrers, R., van Rossum, P., Verdult, R., Schreur, R.W., Jacobs, B.: Dismantling MIFARE Classic. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 97–114. Springer, Heidelberg (2008)
Garcia, F.D., van Rossum, P., Verdult, R., Wichers Schreur, R.: Dismantling SecureMemory, CryptoMemory and CryptoRF. In: 17th ACM Conference on Computer and Communications Security (CCS 2010), ACM/SIGSAC, pp. 250–259 (2010)
Plötz, H., Nohl, K.: Peeling Away Layers of an RFID Security System. In: Danezis, G. (ed.) FC 2011. LNCS, vol. 7035, pp. 205–219. Springer, Heidelberg (2012)
Verdult, R., Garcia, F.D., Balasch, J.: Gone in 360 seconds: Hijacking with Hitag2. In: 21st USENIX Security Symposium (USENIX Security 2012). USENIX Association (2012)
Nohl, K., Evans, D., Starbug, P.H.: Reverse engineering a cryptographic RFID tag. In: 17th USENIX Security Symposium (USENIX Security). USENIX Association, 185–193 (2008)
de Koning Gans, G., Hoepman, J.-H., Garcia, F.D.: A Practical Attack on the MIFARE Classic. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 267–282. Springer, Heidelberg (2008)
Garcia, F.D., van Rossum, P., Verdult, R., Wichers Schreur, R.: Wirelessly pickpocketing a MIFARE Classic card. In: 30th IEEE Symposium on Security and Privacy (S&P 2009), pp. 3–15. IEEE Computer Society (2009)
Courtois, N.T.: The dark side of security by obscurity - and cloning MIFARE Classic rail and building passes, anywhere, anytime. In: 4th International Conference on Security and Cryptography (SECRYPT 2009), pp. 331–338. INSTICC Press (2009)
Bogdanov, A.: Linear Slide Attacks on the KeeLoq Block Cipher. In: Pei, D., Yung, M., Lin, D., Wu, C. (eds.) Inscrypt 2007. LNCS, vol. 4990, pp. 66–80. Springer, Heidelberg (2008)
Kasper, M., Kasper, T., Moradi, A., Paar, C.: Breaking KeeLoq in a Flash: On Extracting Keys at Lightning Speed. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 403–420. Springer, Heidelberg (2009)
Courtois, N.T., O’Neil, S., Quisquater, J.-J.: Practical Algebraic Attacks on the Hitag2 Stream Cipher. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 167–176. Springer, Heidelberg (2009)
Soos, M., Nohl, K., Castelluccia, C.: Extending SAT Solvers to Cryptographic Problems. In: Kullmann, O. (ed.) SAT 2009. LNCS, vol. 5584, pp. 244–257. Springer, Heidelberg (2009)
Biryukov, A., Kizhvatov, I., Zhang, B.: Cryptanalysis of the Atmel Cipher in SecureMemory, CryptoMemory and CryptoRF. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 91–109. Springer, Heidelberg (2011)
Balasch, J., Gierlichs, B., Verdult, R., Batina, L., Verbauwhede, I.: Power Analysis of Atmel CryptoMemory – Recovering Keys from Secure EEPROMs. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 19–34. Springer, Heidelberg (2012)
Garcia, F.D., de Koning Gans, G., Verdult, R.: Exposing iClass key diversification. In: 5th USENIX Workshop on Offensive Technologies (USENIX WOOT), pp. 128–136. USENIX Association (2011)
Meriac, M.: Heart of darkness - exploring the uncharted backwaters of HID iClass security. Technical report, Bitmanufaktur GmbH (December 2010); Presentation at the 27th Chaos Computer Congress (27C3)
Kim, C., Jung, E.G., Lee, D.H., Jung, C.H., Han, D.: Cryptanalysis of INCrypt32 in HID’s iClass systems. Cryptology ePrint Archive, Report 2011/469 (2011)
HID Global: HID management key letter (November 2006)
Inside Contactless Datasheet PicoPass 2KS (November 2004)
FIPS, PUB 46-3, Data Encryption Standard (DES). National Institute for Standards and Technology (NIST), Gaithersburg, MD, USA (1999)
Kohno, T., Stubblefield, A., Rubin, A.D., Wallach, D.S.: Analysis of an electronic voting system. In: 25th IEEE Symposium on Security and Privacy (S&P 2004), pp. 27–40. IEEE Computer Society (2004)
Davi, L., Dmitrienko, A., Sadeghi, A.-R., Winandy, M.: Privilege Escalation Attacks on Android. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 346–360. Springer, Heidelberg (2011)
Cummings, N.: iClass levels of security (April 2003)
Rahmati, A., Salajegheh, M., Holcomb, D., Sorber, J., Burleson, W.P., Fu, K.: TARDIS: Time and remanence decay in SRAM to implement secure protocols on embedded devices without clocks. In: 21st USENIX Security Symposium (USENIX Security 2012). USENIX Association (2012)
Rukhin, A., Soto, J., Nechvatal, J., Smid, M., Barker, E., Leigh, S., Levenson, M., Vangel, M., Banks, D., Heckert, A., Dray, J., Vo, S.: A statistical test suite for the validation of random number generators and pseudo random number generators for cryptographic applications. NIST Special Publication, pp. 800–822 (2001)
Focardi, R., Luccio, F.L.: Secure Recharge of Disposable RFID Tickets. In: Barthe, G., Datta, A., Etalle, S. (eds.) FAST 2011. LNCS, vol. 7140, pp. 85–99. Springer, Heidelberg (2012)
Tretmans, J.: Model Based Testing with Labelled Transition Systems. In: Hierons, R.M., Bowen, J.P., Harman, M. (eds.) FORTEST. LNCS, vol. 4949, pp. 1–38. Springer, Heidelberg (2008)
Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: 14th IEEE workshop on Computer Security Foundations (CSFW 2001), pp. 82–96. IEEE Computer Society (2001)
Jacobs, B., Wichers Schreur, R.: Logical Formalisation and Analysis of the Mifare Classic Card in PVS. In: van Eekelen, M., Geuvers, H., Schmaltz, J., Wiedijk, F. (eds.) ITP 2011. LNCS, vol. 6898, pp. 3–17. Springer, Heidelberg (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Garcia, F.D., de Koning Gans, G., Verdult, R., Meriac, M. (2012). Dismantling iClass and iClass Elite. In: Foresti, S., Yung, M., Martinelli, F. (eds) Computer Security – ESORICS 2012. ESORICS 2012. Lecture Notes in Computer Science, vol 7459. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33167-1_40
Download citation
DOI: https://doi.org/10.1007/978-3-642-33167-1_40
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33166-4
Online ISBN: 978-3-642-33167-1
eBook Packages: Computer ScienceComputer Science (R0)