Hacking Mifare Transport Cards

London's Oyster card has been cracked, and the final details will become public in October. NXP Semiconductors, the Philips spin-off that makes the system, lost a court battle to prevent the researchers from publishing. People might be able to use this information to ride for free, but the sky won't be falling. And the publication of this serious vulnerability actually makes us all safer in the long run.

Here's the story. Every Oyster card has a radio-frequency identification chip that communicates with readers mounted on the ticket barrier. That chip, the "Mifare Classic" chip, is used in hundreds of other transport systems as well — Boston, Los Angeles, Brisbane, Amsterdam, Taipei, Shanghai, Rio de Janeiro — and as an access pass in thousands of companies, schools, hospitals, and government buildings around Britain and the rest of the world.

The security of Mifare Classic is terrible. This is not an exaggeration; it's kindergarten cryptography. Anyone with any security experience would be embarrassed to put his name to the design. NXP attempted to deal with this embarrassment by keeping the design secret.

The group that broke Mifare Classic is from Radboud University Nijmegen in the Netherlands. They demonstrated the attack by riding the Underground for free, and by breaking into a building. Their two papers (one is already online) will be published at two conferences this autumn.

The second paper is the one that NXP sued over. They called disclosure of the attack "irresponsible," warned that it will cause "immense damages," and claimed that it "will jeopardize the security of assets protected with systems incorporating the Mifare IC." The Dutch court would have none of it: "Damage to NXP is not the result of the publication of the article but of the production and sale of a chip that appears to have shortcomings."

Exactly right. More generally, the notion that secrecy supports security is inherently flawed. Whenever you see an organization claiming that design secrecy is necessary for security — in ID cards, in voting machines, in airport security — it invariably means that its security is lousy and it has no choice but to hide it. Any competent cryptographer would have designed Mifare's security with an open and public design.

Secrecy is fragile. Mifare's security was based on the belief that no one would discover how it worked; that's why NXP had to muzzle the Dutch researchers. But that's just wrong. Reverse-engineering isn't hard. Other researchers had already exposed Mifare's lousy security. A Chinese company even sells a compatible chip. Is there any doubt that the bad guys already know about this, or will soon enough?

Publication of this attack might be expensive for NXP and its customers, but it's good for security overall. Companies will only design security as good as their customers know to ask for. NXP's security was so bad because customers didn't know how to evaluate security: either they don't know what questions to ask, or didn't know enough to distrust the marketing answers they were given. This court ruling encourages companies to build security properly rather than relying on shoddy design and secrecy, and discourages them from promising security based on their ability to threaten researchers.

It's unclear how this break will affect Transport for London. Cloning takes only a few seconds, and the thief only has to brush up against someone carrying a legitimate Oyster card. But it requires an RFID reader and a small piece of software which, while feasible for a techie, are too complicated for the average fare dodger. The police are likely to quickly arrest anyone who tries to sell cloned cards on any scale. TfL promises to turn off any cloned cards within 24 hours, but that will hurt the innocent victim who had his card cloned more than the thief.

The vulnerability is far more serious to the companies that use Mifare Classic as an access pass. It would be very interesting to know how NXP presented the system's security to them.

And while these attacks only pertain to the Mifare Classic chip, it makes me suspicious of the entire product line. NXP sells a more secure chip and has another on the way, but given the number of basic cryptography mistakes NXP made with Mifare Classic, one has to wonder whether the "more secure" versions will be sufficiently so.

This essay originally appeared in the Guardian.

Posted on August 7, 2008 at 6:07 AM • 41 Comments

Comments

D0RAugust 7, 2008 7:14 AM

> Cloning takes only a few seconds, and the thief only has to brush up
> against someone carrying a legitimate Oyster card. But it requires an
> RFID reader and a small piece of software which, while feasible
> for a techie, are too complicated for the average fare dodger.

Just deploy the RFID reader in a narrow passage where a large number of people happen to pass by: a metro station entrance, an escalator, a lift. You may choose to conceal the equipment or just install it in plain view pretending you're an electrician -- in a crowded metro station nobody'll notice. Come back some time after to recover all the data you've harvested. This can be done not only on Oyster cards but also on cards storing more valuable data.

I believe that passive RFID tags are simply too dangerous to store sensitive information. All cards using technology of this kind should be equipped with a button to press in order to close the circuit so that they broadcast the data only when they're supposed to. Or at least the cards should be faraday-caged in a metal box when not in use. (DIFRwear at http://difrwear.com sells wallets of this kind; I don't know how much they're effective.)

MartinAugust 7, 2008 7:18 AM

@Bruce:
"That chip, the "Mifare Classic" chip, is used in hundreds of other transport systems as well — Boston, Los Angeles, Brisbane, Oslo, Amsterdam, Taipei, Shanghai, Rio de Janeiro — and as an access pass in thousands of companies, schools, hospitals, and government buildings around Britain and the rest of the world."

The MIFARE Classic chip is not used in Oslo. The system uses the MIFARE DESFire chips, which, as far as I know, have not yet been cracked. Disposable tickets use the MIFARE UltraLight, AFAIK. See the following URL for a PDF with specifications for the Norwegian ticketing system (section 8 contains the smart card specifications):

http://www.vegvesen.no/vegnormaler/hb/206/...

Wikipedia article about the different MIFARE chips:

http://en.wikipedia.org/wiki/MIFARE

kybAugust 7, 2008 7:42 AM

I notice that the Oyster cards remember your journeys. If that information is transmitted to the system, they could cross reference it with their database, and shut off any card that doesn't remember all the recent journeys correctly.

Presumably this is how they promise to shut off cloned cards within 24 hours (as it's likely the legitimate owner will travel within 24 hours).

JeroenAugust 7, 2008 8:03 AM

Funny detail:

One of the reasons why the judge denied NXP's demand for copyright protection is that this requires a published work, while the whole point of the suit was that NXP did NOT publish the algorithm, and wanted it to stay that way.

MurrayAugust 7, 2008 8:41 AM

TFL have a history of re-issuing cards at their cost if a problem occurs:
http://www.contactlessnews.com/2008/07/21/...

I suspect that when they detect a cloned card they'll disable it and the legitimate card and re-issue. As long as they can detect clones quickly enough, it won't be financially worth cloning.

JoeAugust 7, 2008 8:52 AM

You should weigh in on Linus's comments about revealing security flaws in the Linux kernel.

Nick HoffmanAugust 7, 2008 8:57 AM

Once the details are made public, I'm interested to know if NXP will be informing its affected customers. Considering NXP's past behaviour, I doubt they will. However, that means that most affected customers will probably not know of the public flaws in their security systems.

Any suggestions on how customers can be notified?

SparkyAugust 7, 2008 9:01 AM

Even the travel history hack won't work; all you need to do, is walk past someone with a valid card, and make sure you make it to the gates before he does.

The only thing that might prevent this, is that there would be at least 30 different pieces of video footage showing the perpetrator using the fake card, considering the huge number of camera's in London. Using this footage, the free-rider could be caught by old-fashioned police officers.

@Bruce: there did the next story, about the RFID passports, go?

Mike BAugust 7, 2008 9:12 AM

The issue with transport cards (and in some cases access cards) is that they have to be first and foremost functional designs. This means there is a hard limit of 200ms for a transaction, another hard limit for power and related softer design goals for card/reader proximity.

Why all these requirements? Because one needs to maintain proper throughput at faregates. Longer transaction times means that riders start to hit the faregates or just queue up at them. Queues mean people miss their trains or just get angry from waiting in a queue and angry people tend to get bitchy and blame the State appointed management of the public transport agencies.

This functionality/security tradeoff is nothing new with RFID chips. One might remember there was a hack to the NYC Metrocards allowing someone who bent a card at the right place to get free rides. A source at the MTA provided me with the details of the attack and it was basically the bending would damage a data field on the mag stripe card so it could not be written or read to $0. I asked him if the transaction could not be completed why open the faregate? The response was "Because we'd have to deal with thousands of extra customer service complaints per day when the cards fail for natural reasons." (the eventual fix was to require a second swipe to erase the whole card when the PPR cards reach 0 before the gate is opened).

Arguably the most secure computer is a cinder block because it has no functionality that could be compromised by an attacker and is pointless to steal. However in the real world most people want their technology to do something for reasonable cost. If you give someone a choice between a functional system or one that cost more and is markedly dysfunctional guess which one they'll pick.

I feel it is somewhat unfair to blame Mifare for the lame security of its cards when it was trying to do the best it could under numerous constraints. I point the finger at the transit agencies for trying to use techno-wizardry to essentially shift a higher cost burden onto the riders. RFID based systems are rolled out as a time saver like EZpass, however in reality RFID fare collection systems have longer transaction times than old token or mag stripe systems. The real advantages accrue to the operators who save on reader maintenance, save on ticket issuance, eliminate ride hoarding in advance of a fare increase, can more easily implement distance based fares and can benefit from any adoption of their system as a larger micropayment network.

Mag stripes might be dumb and copyable, but at least one had to get physical access to the card to clone it. RFID cards are nothing but a scam that have the wonderful side effect of rendering your transit pass vulnerable to remote hijacking by third parties. Much like voting, leave the techno-wizardry at home and just stick with something robust with practical security measures.

SecureAppsAugust 7, 2008 9:42 AM

Wanting to keep algorithms private doesn't inheritently make them incompetent nor does wanting to keep the flaw hidden (see DNS attack).

That isn't to say this specific flaw is weak or poorly designed. Just that the openness in and of itself doesn't make a difference with regard to compentacy.

And secrecy does support security. It doesn't guarantee it, and it doesn't protect it. But if only a few people know how something works, it makes it harder to break. Again, that isn't to say security through obscruity is a solution nor that openness is bad.

Sometimes generalizations are worse.

Henryk PlötzAugust 7, 2008 9:53 AM

@Mike B.: Your comment is true for 1994 all the way through the nineties. However, Mifare Classic should have been EOL'd by around 2000 when EFF showed their DES cracker (56 bits, while Mifare Classic is 48 bits), at least for building access applications.

The design constraints on Mifare Classic were the design constraints of 1994. Since at least 2002 NXP sold Triple DES based cards with, as far as I can tell, infinitely better security properties.

@JR: There's not so much to confirm, it's all plausible and they certainly have the manpower and equipment to demonstrate a full break. The Radboud group's interest was sparked by our 24C3 talk, where we intentionally didn't give all algorithmic details in order to have a process of responsible disclosure. The Radboud group filled in the missing bits on their own, so they have known the full algorithm for some time (I think since about spring this year). They then developed some attacks of their own, which probably are different from the Courtois/Nohl/O'Neill attack, but similarly potent.

SparkyAugust 7, 2008 10:18 AM

I'm surprised they didn't publish every single detail after NXP lost the lawsuit. I know I would have.

They notified NXP, gave them time to come up with a solution, and as a sign of gratitude, NXP sued them.

Also, I'm very pleasantly surprised by the verdict; the judge basically told NXP "they didn't screw up, you did. Goodbye."

gregAugust 7, 2008 11:18 AM

@Joe

IIRC Linus comments where that they are bugs plain and simple... He doesn't want to have to treat some bugs as special when they are fix WRT the kernel git logs....

Quite frankly I can't blame him. Its hard to come up with a bug in C/asm thats NOT a potential security bug.

He was not talking about pretending they not there, just that as far as kernel dev goes they are not special....

MarkAugust 7, 2008 11:51 AM

"TfL promises to turn off any cloned cards within 24 hours, but that will hurt the innocent victim who had his card cloned more than the thief."

The depressing thing is that with the attitude of the authorities over here, it is not hard to see Tfl refusing to reimburse those victims who cannot 'prove their id' i.e. provide ID that matches the personal details that were given when the card was originally purchased. In other words, a failure on the part of Tfl becomes yet another stick with which to beat those passengers attempting to preserve some last vestige of privacy from our increasingly aggressive and overbearing state. Maybe things will be different now Thieving Ken has gone. Maybe.

DaedalaAugust 7, 2008 12:00 PM

@ Mike B

It's entirely ok for the security on the cards to be bad as a result of the constraints of the application. The problem is that I see no indication that they explained this to the people they were selling the chips to. NXP claimed that the security on the chips would "protect the assets of the systems."

I would be very surprised if the customers of NXP accepted the risks to their systems knowingly.

The problem isn't bad security. It's lying about it.

AnonymousAugust 7, 2008 2:18 PM

@Sparky: "[W]here did the next story, about the RFID passports, go?"

It's still there, at:

www.schneier.com/blog/archives/2008/08/uk_electronic_p.html

but not showing on the blog front page or on the sidebar.

Zero comments thus far, unsurprisingly, 8)

I guess whatever software runs Bruce's blog had a bit of a senior moment.

AnonymousAugust 7, 2008 2:29 PM

I would like to point out that Nokia already makes Mifare-compatible cell phones which are capable of reading and writing Mifare cards (including Oyster). (Google for 6131nfc and 6212).

This means that in a couple of years, *everyone* will have a programmable, compatible reader/writer in their hands.

So, this would be a *really* good time to start looking into securing your RFID systems.

BooAugust 7, 2008 2:45 PM

@daedala I do believe that NXP's customers were aware of Mifare's problems. It's just that once there are 700 million chips out there (from multiple manufacturers) the price just beats all the security risks.

Mifare is *very* cheap. In fact, it's so cheap that even if it is cracked, any losses due to the cracking are still less than the cost of deploying a more secure infrastructure.

Which does explain a lot.

Clive RobinsonAugust 7, 2008 3:05 PM

As many of you who read this blog I have been bitching about the Oyster card system and it's security for quite some time.

As far as I can see the whole system lacks any real security especialy the backend database and the staff that have either direct or indirect access to it.

One great joy of the system is that the last 25 journies are stored on the card it's self, another that it's full use is mandatory for children to get the "free travel" asspect.

Two things arise from this, the first is that the unchecked staff with card readers (and this includes agency staff doing questionairs) get to see where a (/your) child has got on a bus / tram / tube as well as getting off for trams and tubes. It does not take a great deal of thought to see how vulnerable the child becomes when the last twenty five journies become known (think home / school / route used).

Secondly all the journy info for all cards gets logged for an undisclosed period of time supposedly to prevent fraud so atleast seven years.

Again it does not take a great deal of thought as to just how usefull that data is for all sorts of reasons. Most of which would probably be considered by most card holders as an invasion of their privacy.

Aparty from the preditory aspects the data is of value to both public and private investigators. As with all data of this sort it's value is highest as a leaver to get further information out of a person. It appears that the Met police are starting to wake up to this, however it is clear that certain classes of youth are already well versed in this in that they swap outer cloathing Oyster cards and mobile phones thus obscuring their real movments. It therfore can be assumed that the brighter criminals have woken upto this asspect of the system as well.

Therfore the only people the data is likley to have use as a lever against are those going about their ordinary business who have the misfortune to be in the general area of a crime.

However as far as the police are concerned the person was in the area the rest as they say is "what you make of it" and as has just been seen the Met Police are not averse to presenting false and misleading evidence against people of less than average IQ and getting them locked up instead of the finding the real criminal (see stuff about Jill Dando's killing and the recent aquital of the man who has spent the last eight years behind bars).

Mike BAugust 7, 2008 6:04 PM

@Daedala et al Even if the crypto is good RFID crypto cards have little or no defenses against even the most basic side channel attacks (power, time). Time is especially problematic due to the 200ms transaction window. I had this conversation with someone from that company who sells side channel filters for smart cards at CardTech 2006 and I was told flat out that for contactless farecards side channel protection is jut not (yet) possible.

If the transit agencies actually bothered to do some research instead of just listening to vendors they would know that no matter what they did they would have little better security than mag strips. As I said before, I don't think that security is any sort of consideration for these transit companies. Fraud can be minimized on any system with back end auditing. In cases where riders loose their stored value the agencies don't care because they got paid just the same.

David KeechAugust 7, 2008 6:47 PM

@Clive:

Initially I was going to disagree with you. Having access to a printout of a child's last 25 journeys doesn't make the child any more vulnerable; the criminal could simply follow the child to get the same information.

The difference is that we are talking about London here. The CCTV capital of the world. At my old Tube station I sometimes used like to take the stairs instead of the lift and I counted 20 security cameras covering the 212 steps. You were practically visible in two different cameras at all times within the Tube station. For a criminal to know someone's movements WITHOUT having to follow them around means that they aren't going to be on the CCTV footage and this makes the criminal less likely to be caught.

Of course, regardless of any security aspects, this data should be kept secure for privacy reasons.

allan kellyAugust 8, 2008 3:49 AM

Shortly before Christmas last year my Oyster card stopped working. I had to go to the ticket office and ask for a replacement.

This involved filling in a two page A4 form. One of questions asked for my password, this is the password for my account on the Oyster website (https://oyster.tfl.gov.uk).

So much for the "never tell anyone your password" rule.

As it happens the Oyster website has one of those obscure rules for password (must include a number or something) which I can't remember but means that I almost always use the "I forgot my password" feature.

SamAugust 8, 2008 5:37 AM

e-passports are even worse.

The Times newspaper has reported that security flaws in the contactless chips used in modern passports allow them to be cloned without being identified as fake.


Researchers used a publicly available programming tool, a £40 card reader and two £10 RFID chips to clone and manipulate two passport chips to a standard where they were ready to be planted inside fake or stolen paper passports.


http://www.itpro.co.uk/605217/...

bobAugust 8, 2008 8:43 AM

You could make a great DOS attack on the subway with this; have three or four redteam members ride a single subway line frequently for a week. In their briefcase, backpack, laptop, whatever that they are carrying, have scanners set to read as many original cards as possible.

Then clone all the unique cards they have and starting early on a Sunday, have as many people as they can get to use the cards ride the subway in one day. That night, the reconcile fails, the cards get cancelled and 500? 1000? commuters all on the same single tube line cant get the gates to open when they try to ride to work the next morning.

Next time, shift the MO; target a busy station that serves many lines. Disguise your selves as buskers and target any line, but all from that station.

Then get really creative. Target a single school or business.

Hours of fun for all ages.

James LickAugust 8, 2008 11:04 PM

I am sure that with pervasive surveillance it would be possible to identify and catch someone using a cloned card. However, if there are only a few people using cloned cards then the financial loss is unlikely to be worth the effort. You aren't going to be able to justify spending police time on such a low amount of money.

If the aggregate loss is large enough to justify the police time that would mean there are lots of people using cloned cards. You would not be able to go after everyone, just a few lucky people who will be made example of.

The EasyCard used in Taipei, referenced in the article, started out as a payment card for the subway system, but has expanded to the bus system, commuter trains, parking lots and meters, and some taxi cabs. It seems there is a new use for them popping up everyday.

They also have hybrid Credit Card / EasyCards which have the feature of being able to automatically add value via a credit charge. It would be interesting if cloning those cards would also clone the credit card part, which would expand the potential of fraud enormously.

KavouraAugust 12, 2008 5:35 AM

In regards to TfL they do not comply with the UK's Data Protection Act (according to what I read in Which? magazine), so all the data they collect and store could be used for any illegal purpose, as TfL believe that they are above the law.

The other serious problem I see with the Oystercards is the new Barclaycard Oystercard, which is a combined credit card, Oystercard and payment card. If that card was cloned, then the cloned card could run up huge credit card bills for the original cardholder. I realised this as soon as they came out and I have seen staff trying to force these cards on commuters at stations for about a year or so. I refuse to have one, I would never trust a payment card or credit card with an RFID chip as it is so prone to being copied or having money taken from it by unscrupulous people (and there are many bad people out there waiting to steal everything from you).

The security flaws in the Mifare chips need to be fixed ASAP and all current cards with these chips replaced with news ones that are secure. I also have an RFID chip in my security pass for work, it allows me to access the building. If someone cloned that they could gain access, although during the daytime there are security guards posted at every door to physically look at every pass to see if it is genuine, although at nighttime a criminal with a cloned security pass would have no trouble getting access to any part of the building.

The US Government is also placing RFID chips into driving licences in America, maybe these ones have the security problems too or are they much better?

Overall I think that we would be better off WITHOUT any RFID chips in use at all. There are better ways around it and despite the convenience, if any chip is cloned then the inconvenience for the victim would outweigh the benefits.

Atlhough if we do have RFID, maybe the ones used in Oslo (according to another post on here) would be better than Mifare chips.

olesmartieAugust 13, 2008 7:03 PM

What annoys me is that there are many good smartcard transit systems out there, using other secure cards and that have well-designed system security. These systems are now being impacted by the public's perception, based on what's happening in London, the Netherlands and Boston, and most likely will also occur soon in Sweden and Denmark.
It IS possible to design good, reliable and secure transit systems using smart cards, but first you have to employ a top security consultant as part of your design team.

RrrAugust 14, 2008 8:13 AM

@olesmartie: I can't be sure, being only a tourist, but last I was in Gothenburg Sweden I saw what looked like contactless pass card readers in the trams there. The locals would whisk some object before it when getting on. It seems to me some such system is already deployed in that city. And I have long heard about plans to deploy a smart card system in the whole Stockholm county area, though I don't know how far those plans have advanced. Yet.

Let's hope they chose something better.

olesmartieAugust 21, 2008 7:43 PM

@Rrr
Gothenburg and Stockholm are indeed planning to introduce the mifare Classic cards into their transit system.
Currently the Swedish national transit spec. RKF calls ONLY for the use of these cards. This was a design disaster back before 2000 (yes, they WERE advised of this!) and it's still being perpetuated today.
And it gets worse… The RKF system does NOT use diversified card keys, so crack one card and you can crack ALL cards! Granted, some card data is protected by MACs, but it seems that in some cases the MAC diversification algorithm is shaky.
RKF is also used by Denmark, God know why they were talked into using this system. So Copenhagen is also at risk.
Fun times ahead in Scandinavia…

@hck.brAugust 25, 2008 5:53 PM

Mifare isn't so poor technology since this is used as a simple data container having the inside system data signed or cryptographed by SAMs. A good sample is the Digicon billing system used in Sao Paulo and others cities (Brazil), that has the main security based on SAMs. The Mifare protection is only a secondary protection disposable but useful when preventing pseudo-hackers to corrupt the data trying to change it.

But systems that is only based on Mifare protection are weak and exposed.

VicVegaAugust 27, 2008 3:18 PM

I'm a Stockholm resident and I got my card today. The attached information leaflet says it is indeed an RKF card, so let's see how long before they send out something based on a new solution.

seslichatFebruary 17, 2009 2:02 PM

I can't be sure, being only a tourist, but last I was in Gothenburg Sweden I saw what looked like contactless pass card readers in the trams there. The locals would whisk some object before it when getting on. It seems to me some such system is already deployed in that city. And I have long heard about plans to deploy a smart card system in the whole Stockholm county area, though I don't know how far those plans have advanced. Yet

Gioconda GiocosaFebruary 20, 2009 6:56 AM

Hi Seslichat!
It is already partly deployed in Stockholm, started october 2008.
The 'whisking' is the confirmation of the card by holding the card towards the reader/transmitter. The system will be fully deployed in a couple of years. But: 2Don't 'whisk' the card - the reader will not confirm it until you hold it completely still, due to the radio transmission between card and rader. If you move the card around, the reader will beep five times and show a red cross, because the reading is unsuccessful.

Giconda GiocosaFebruary 25, 2009 11:29 AM

Well, I wouldn't be so bothered about the security public transport. I mean,how likely is it that someone wouldstart a full scale "bootleg" factory of Tube cards woithout getting busted quite soon, due to back office surveillance. The worrying thing is the scenario where criminals get access to government buildings, military premises, some high tech factory and stuff like that,where sensitive and classified info is stored. Or huge storage thefts through RFID card copies. And as several ransport companies seem to have implemented some kind of HMAC encryption to the cards, the eavesdropping of cards throughradio equipment would probably be useless by now. But the safety of a security system is only as strong as the risk awareness of its surveyors. If the back office personnel is uninformed and do not take their system seriously, then the risk of intrusion and hacking probably increases immensely. For example if back office staff lose their own back office RFID cards, which have key access to the back office computer system or if they do not log out when going for lunch break or by keeping password data on paper in their wallets(or worse, underneath the keyboard on a Post-itnote...) and stuff like that. Another widespread risk among company employees is surfing the wrong Internet sites on computers that store sensitive data. There are lots of risks, and many of them are purely related to human behavior, rather than to the system in itself. And by protecting the transportation cards, by making the card "unspoofable" implies that then next step is to steal hardware equipment from the Tube station or the like - and that sure is a crime, compared to the somewhat legally grey zone of reverse engineering.

sohpetMay 23, 2009 2:06 PM

I can't be sure, being only a tourist, but last I was in Gothenburg Sweden I saw what looked like contactless pass card readers in the trams there. The locals would whisk some object before it when getting on. It seems to me some such system is already deployed in that city. And I have long heard about plans to deploy a smart card system in the whole Stockholm county area, though I don't know how far those plans have advanced. Yet

C. WongJuly 16, 2009 3:09 AM

A work around to the Mifare Classic's weakness is for the reader to write a MAC back onto the card after each transaction.

The MAC key is 3DES based and is derived per the unique card serial number. The derivation key may be stored on a SAM which can be found on many readers.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..