Reverse-Engineering a Cryptographic RFID Tag

The security of embedded devices often relies on the secrecy of proprietary cryptographic algorithms. These
algorithms and their weaknesses are frequently disclosed through reverse-engineering software, but it is
commonly thought to be too expensive to reconstruct designs from a hardware implementation alone. This
paper challenges that belief by presenting an approach to reverse-engineering a cipher from a silicon implementation. Using this mostly automated approach, we reveal a cipher from an RFID tag that is not known
to have a software or micro-code implementation. We reconstruct the cipher from the widely used Mifare
Classic RFID tag by using a combination of image analysis of circuits and protocol analysis. Our analysis reveals that the security of the tag is even below the level that its 48-bit key length suggests due to a number of
design flaws. Weak random numbers and a weakness in the authentication protocol allow for pre-computed
rainbow tables to be used to find any key in a matter of seconds. Our approach of deducing functionality from circuit images is mostly automated, hence it is also feasible for large chips. The assumption that
algorithms can be kept secret should therefore to be avoided for any type of silicon chip.
Il faut qu’il n’exige pas le secret, et qu’il puisse sans inconvenient tomber entre les mains de l’ennemi. ´
([A cipher] must not depend on secrecy, and it must not matter if it falls into enemy hands.)
August Kerckhoffs, La Cryptographie Militaire, January 1883 [13]



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s