A Lightweight Authentication Protocol for MIFARE Classic System

• Main Authors: Chih Yao Yang, 楊智堯
• Other Authors: Y. R. Chen
• Format: Others
• Published: 2010
• Online Access: http://ndltd.ncl.edu.tw/handle/97292997444882796422

碩士 === 長庚大學 === 資訊管理學系 === 98 === The MIFARE Classic is a contactless smartcard that uses technology of RFID (Radio Frequency Identification) and is widely used in human daily life, such as the security control of the office buildings, the payment systems for the public transportation and the other applications. Several academic researchers have been able to crack its authentication mechanism. The method is to focus on the card hardware of MIFARE Classic. Researchers proceed with the reverse-engineering to uncover the CRYPTO1 stream cipher, which is used for 3 Pass Authentication and data encryption/decryption. After reverse-engineering decrypts the CRYPTO1, researchers discover the weaknesses of CRYPTO1 to recover the secret keys. Therefore, how to ensure the security of 3 Pass Authentication of the MIFARE Classic is a very important topic. In this paper, we focused on the security mechanisms, including mutual authentication, symmetric encryption, stream cipher, initialization state, etc. Based on the ISO 14443A standard, we proposed a lightweight authentication protocol for the MIFARE Classic system to prevent the current attacks to the MIFARE Classic. The current attacks include keystream recovery attack, replay attack, nested authentication, etc.