Disclosing Silicon's Secrets, reverse-engineering hardware cryptographic RFID tags

Karsten is currently working on his PhD thesis titled Implementable Privacy for RFID Systems. His research is centered around cryptography for small devices and touches on computer security, information privacy, and the economics of information.

The security of embedded devices often relies on the secrecy of proprietary cryptographic algorithms. These algorithms and their weaknesses are frequently disclosed through reverse-engineering software, but it is commonly thought to be too expensive to reconstruct designs from a hardware implementation alone.
We reconstruct a cipher from the widely used Mifare Classic RFID tag by using a combination of image analysis of circuits and protocol analysis.
Our analysis reveals that the security of the tag is even below the level that its 48-bit key length suggests due to a number of design flaws. Weak random numbers and a weakness in the authentication protocol allow for pre-computed rainbow tables to be used to find any key in a matter of seconds. Our approach of deducing functionality from circuit images is mostly automated, hence it is also feasible for large chips. The assumption that algorithms can be kept secret should therefore to be avoided for any type of silicon chip.

(from the abstract of Usenix paper: http://www.cs.virginia.edu/~evans/pubs/usenix08/)




Karsten Nohl