Skip to main content
SpringerLink
Log in

Chameleon: A Versatile Emulator for Contactless Smartcards

  • Conference paper
Information Security and Cryptology - ICISC 2010 (ICISC 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6829))

Included in the following conference series:

Abstract

We develop a new, custom-built hardware for emulating contactless smartcards compliant to ISO 14443. The device is based on a modern low-cost microcontroller and can support basically all relevant (cryptographic) protocols used by contactless smartcards today, e.g., those based on AES or Triple-DES. As a proof of concept, we present a full emulation of Mifare Classic cards on the basis of our highly optimized implementation of the stream cipher Crypto1. The implementation enables the creation of exact clones of such cards, including the UID. We furthermore reverse-engineered the protocol of DESFire EV1 and realize the first emulation of DESFire and DESFire EV1 cards in the literature. We practically demonstrate the capabilities of our emulator by spoofing several real-world systems, e.g., creating a contactless payment card which allows an attacker to set the stored credit balance as desired and hence make an infinite amount of payments.

The work described in this paper has been supported in part by the European Commission through the ICT programme under contract ICT-2007-216676 ECRYPT II.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Atmel. ATmega32 Data Sheet, http://www.atmel.com/dyn/resources/prod_documents/doc2503.pdf

  2. Atmel. ATxmega192A3 Data Sheet, http://www.atmel.com/dyn/resources/prod_documents/doc8068.pdf

  3. Atmel. AVR XMEGA A Manual, http://www.atmel.com/dyn/resources/prod_documents/doc8077.pdf

  4. Carluccio, D.: Electromagnetic Side Channel Analysis for Embedded Crypto Devices, Diplomarbeit, Ruhr-University Bochum (March 2005)

    Google Scholar 

  5. Courtois, N.: The Dark Side of Security by Obscurity and Cloning Mifare Classic Rail and Building Passes, Anywhere, Anytime. In: SECRYPT 2009, pp. 331–338. INSTICC Press (2009)

    Google Scholar 

  6. Crapto1. Open Implementation of Crypto1 (2008), http://code.google.com/p/crapto1

  7. de Koning Gans, G., Hoepman, J., Garcia, F.: A Practical Attack on the MIFARE Classic. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 267–282. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  8. Federal Office for Information Security, Germany. Advanced Security Mechanisms for Machine Readable Travel Documents – Extended Access Control, http://www.bsi.de/fachthem/epass/EACTR03110_v110.pdf

  9. Future Technology Devices International Ltd. FT245R Datasheet, http://www.ftdichip.com/Support/Documents/DataSheets/ICs/DS_FT245R.pdf

  10. Garcia, F., de Koning Gans, G., Muijrers, R., Van Rossum, P., Verdult, R., Schreur, R., Jacobs, B.: Dismantling MIFARE Classic. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 97–114. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  11. Garcia, F., van Rossum, P., Verdult, R., Schreur, R.: Wirelessly Pickpocketing a Mifare Classic Card. In: Symposium on Security and Privacy, pp. 3–15. IEEE, Los Alamitos (2009)

    Google Scholar 

  12. IAIK Graz. HF Demo Tag, http://www.iaik.tugraz.at/content/research/rfid/tag_emulators

  13. ISO/IEC 14443-A. Identification Cards - Contactless Integrated Circuit(s) Cards - Proximity Cards - Part 1-4 (2001), http://www.iso.ch

  14. Kasper, T., Carluccio, D., Paar, C.: An Embedded System for Practical Security Analysis of Contactless Smartcards. In: Sauveron, D., Markantonakis, K., Bilas, A., Quisquater, J.-J. (eds.) WISTP 2007. LNCS, vol. 4462, pp. 150–160. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  15. Kasper, T., Oswald, D., Paar, C.: EM Side-Channel Attacks on Commercial Contactless Smartcards Using Low-Cost Equipment. In: Youm, H.Y., Yung, M. (eds.) WISA 2009. LNCS, vol. 5932, pp. 79–93. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  16. Kasper, T., Silbermann, M., Paar, C.: All You Can Eat or Breaking a Real-World Contactless Payment System. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 343–350. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  17. Nohl, K., Evans, D.: Reverse-engineering a Cryptographic RFID Tag. In: USENIX Security Symposium, pp. 185–193 (2008)

    Google Scholar 

  18. NXP. About MIFARE (2001), http://mifare.net/about/

  19. NXP. Mifare Classic 1K MF1 IC S50 Functional Specification (2008), http://www.nxp.com

  20. OpenPICC. Programmable RFID-tag, http://www.openpcd.org/openpicc.0.html

  21. Proxmark III. A Radio Frequency IDentification Tool, http://www.proxmark.org/

  22. Silbermann, M.: Security Analysis of Contactless Payment Systems in Practice. Diplomarbeit, Ruhr-University Bochum (November 2009)

    Google Scholar 

  23. Touchatag. Touchatag RFID Reader, http://www.touchatag.com/

  24. Verdult, R.: Proof of Concept, Cloning the OV-Chip Card, http://www.sos.cs.ru.nl/applications/rfid/2008-concept.pdf

Download references

Author information

Authors and Affiliations

  1. Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany

    Timo Kasper, Ingo von Maurich, David Oswald & Christof Paar

Authors
  1. Timo Kasper
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ingo von Maurich
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. David Oswald
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Christof Paar
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of IT Convergence Application Engineering, Pukyong National University, 599-1 Daeyeon 3-Dong Namgu, 608-737, Busan, Republic of Korea

    Kyung-Hyune Rhee

  2. Department of Computer Science and Information Technology, INHA University, 253 Yonghyun-dong, Nam-gu, 402-751, Incheon, Republic of Korea

    DaeHun Nyang

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kasper, T., von Maurich, I., Oswald, D., Paar, C. (2011). Chameleon: A Versatile Emulator for Contactless Smartcards. In: Rhee, KH., Nyang, D. (eds) Information Security and Cryptology - ICISC 2010. ICISC 2010. Lecture Notes in Computer Science, vol 6829. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24209-0_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-24209-0_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-24208-3

  • Online ISBN: 978-3-642-24209-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation