Skip to main content
SpringerLink
Log in

Peeling Away Layers of an RFID Security System

  • Conference paper
Financial Cryptography and Data Security (FC 2011)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7035))

Included in the following conference series:

Abstract

The Legic Prime system uses proprietary RFIDs to secure building access and micropayment applications. The employed algorithms rely on obscurity and consequently did not withstand scrutiny.

This paper details how the algorithms were found from opening silicon chips as well as interacting with tags and readers. The security of the tags is based on several secret check-sums but no secret keys are employed that could lead to inherent security on the cards. Cards can be read, written to and spoofed using an emulator. Beyond these card weaknesses, we find that Legic’s trust delegation model can be abused to create master tokens for all Legic installations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Article “ISO14443” in the openpcd wiki, section “LEGIC RF”, revision as of 00:32 (September 6, 2010), http://www.openpcd.org/index.php?title=ISO14443&oldid=193#LEGIC_RF

  2. ISO 14443 Part 2 Amendment 1, dRAFT 2nd P-DAM BALLOT TEXT

    Google Scholar 

  3. PROXMARK III community, http://www.proxmark.org/

  4. Bono, S., Green, M., Stubblefield, A., Juels, A., Rubin, A., Szydlo, M.: Security analysis of a cryptographically-enabled RFID device. In: USENIX Security Symposium (2005)

    Google Scholar 

  5. Nohl, K., Evans, D., Starbug, Ploetz, H.: Reverse-engineering a cryptographic RFID tag. In: USENIX Security Symposium (2008)

    Google Scholar 

  6. Sandhu, R.S.: Cryptographic implementation of a tree hierarchy for access control. Information Processing Letters 27(2), 95–98 (February 1988), http://dx.doi.org/10.1016/0020-01908890099-3

  7. Stigge, M., Plötz, H., Müller, W., Redlich, J.P.: Reversing crc–theory and practice (2006), http://sar.informatik.hu-berlin.de/research/publications/SAR-PR-2006-05/SAR-PR-2006-05_.pdf

Download references

Author information

Authors and Affiliations

  1. Humboldt-Universität zu Berlin, Germany

    Henryk Plötz

  2. Security Research Labs, Berlin, Germany

    Karsten Nohl

Authors
  1. Henryk Plötz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Karsten Nohl
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

George Danezis

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Plötz, H., Nohl, K. (2012). Peeling Away Layers of an RFID Security System. In: Danezis, G. (eds) Financial Cryptography and Data Security. FC 2011. Lecture Notes in Computer Science, vol 7035. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27576-0_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-27576-0_17

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-27575-3

  • Online ISBN: 978-3-642-27576-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation