Abstract
The Legic Prime system uses proprietary RFIDs to secure building access and micropayment applications. The employed algorithms rely on obscurity and consequently did not withstand scrutiny.
This paper details how the algorithms were found from opening silicon chips as well as interacting with tags and readers. The security of the tags is based on several secret check-sums but no secret keys are employed that could lead to inherent security on the cards. Cards can be read, written to and spoofed using an emulator. Beyond these card weaknesses, we find that Legic’s trust delegation model can be abused to create master tokens for all Legic installations.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Article “ISO14443” in the openpcd wiki, section “LEGIC RF”, revision as of 00:32 (September 6, 2010), http://www.openpcd.org/index.php?title=ISO14443&oldid=193#LEGIC_RF
ISO 14443 Part 2 Amendment 1, dRAFT 2nd P-DAM BALLOT TEXT
PROXMARK III community, http://www.proxmark.org/
Bono, S., Green, M., Stubblefield, A., Juels, A., Rubin, A., Szydlo, M.: Security analysis of a cryptographically-enabled RFID device. In: USENIX Security Symposium (2005)
Nohl, K., Evans, D., Starbug, Ploetz, H.: Reverse-engineering a cryptographic RFID tag. In: USENIX Security Symposium (2008)
Sandhu, R.S.: Cryptographic implementation of a tree hierarchy for access control. Information Processing Letters 27(2), 95–98 (February 1988), http://dx.doi.org/10.1016/0020-01908890099-3
Stigge, M., Plötz, H., Müller, W., Redlich, J.P.: Reversing crc–theory and practice (2006), http://sar.informatik.hu-berlin.de/research/publications/SAR-PR-2006-05/SAR-PR-2006-05_.pdf
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Plötz, H., Nohl, K. (2012). Peeling Away Layers of an RFID Security System. In: Danezis, G. (eds) Financial Cryptography and Data Security. FC 2011. Lecture Notes in Computer Science, vol 7035. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27576-0_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-27576-0_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-27575-3
Online ISBN: 978-3-642-27576-0
eBook Packages: Computer ScienceComputer Science (R0)