ENH: RFID Card Security

[BobGlicksman]

Mifare Classic cards are subject to nested attacks wherein a hacker station that authenticates with a card using a known encryption key receives the state of the pseudorandom number generator at that time. If the hacker station keeps careful track of clocks from that point on, that state of the pseudorandom number generator will be know to the attacker at any time thereafter, as long as the card remains powered. This allows the attacker to subsequently attempt to authenticate with an encrypted sector of unknown key, receiving the encrypted current state of the pseudorandom number generator at that time as the card challenge message. Since the attacker knows the plaintext of the pseudorandom number generator at this time and also knows the cyphertext of that message, the secret encryption key can easily be determined.

Defense against this attack simply requires that ALL sectors of the card be encrypted with a key(s) that is secret to the attacker. Specifically, no sector should be left with the publicly known default "factory fresh" key. The current station code only encrypts the Maker Nexus sector with a secret key and leaves all others sectors with the publicly known default key. The code should be modified to encrypt all sectors with a secret key(s).

This straightforward attack only applies to the original Classic 1K and 4K cards. The Mifare Classic EV1 cards have security improvements that obviate this attack vector. However, Classic EV1 cards are still vulnerable to "hardened nested" attacks where an attacker can successfully authenticate with an "open" sector (known key) and can use the information from this transaction to reduce the key entropy from 48 bits to around 30 bits, making a subsequent brute force attack feasible. Therefore, even though the Maker Nexus RFID system is specified to use EV1 cards only, it is still advisable to encrypt every sector with a secret key and not leave any sector for a known key (e.g. the factory default key).