Article

On Bad Randomness and Cloning of Contactless Payment and Building Smart Cards

Authors:

Marek GrajekAuthors Info & Claims

SPW '13: Proceedings of the 2013 IEEE Security and Privacy Workshops

Pages 105 - 110

https://doi.org/10.1109/SPW.2013.29

Published: 23 May 2013 Publication History

Abstract

In this paper we study the randomness of some random numbers found in real-life smart card products. We have studied a number of symmetric keys, codes and random nonces in the most prominent contactless smart cards used in buildings, small payments and public transportation used by hundreds of millions of people every day. Furthermore we investigate a number of technical questions in order to see to what extent the vulnerabilities we have discovered could be exploited by criminals. In particular we look at the case MiFare Classic cards, of which some two hundred million are still in use worldwide. We have examined some 50 real-life cards from different countries to discover that it is not entirely clear if what was previously written about this topic is entirely correct. These facts are highly relevant to the practical feasibility of card cloning in order to enter some buildings, make small purchases or in public transportation in many countries. We also show examples of serious security issues due to poor entropy with another very popular contactless smart card used in many buildings worldwide.

Cited By

View all

Hughes JDiffie W(2022)The Challenges of IoT, TLS, and Random Number Generators in the Real WorldQueue10.1145/354693320:3(18-40)Online publication date: 18-Jul-2022
https://dl.acm.org/doi/10.1145/3546933
Mandal KFan XGong G(2016)Design and Implementation of Warbler Family of Lightweight Pseudorandom Number Generators for Smart DevicesACM Transactions on Embedded Computing Systems10.1145/280823015:1(1-28)Online publication date: 20-Feb-2016
https://dl.acm.org/doi/10.1145/2808230

Recommendations

Security and Privacy Implications of NFC-enabled Contactless Payment Systems
ARES '17: Proceedings of the 12th International Conference on Availability, Reliability and Security

Nowadays, contactless payments are becoming increasingly common as new smartphones, tablets, point-of-sale (POS) terminals and payment cards (often termed "tap-and-pay" cards) are designed to support Near Field Communication (NFC) technology. However, ...
Modelling consumers' payment behaviour towards contactless cards

Mobile payment technologies have led the development of an open and collaborative payment ecosystem, where financial institutions and merchants have provided innovative solutions to conduct business with consumers. One of these new evolving payment ...
Wireless Internet Payment System Using Smart Cards
ITCC '05: Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II - Volume 02

Advancements in the wireless technology have given rise to various payment methods and protocols. The recent, and probably latest KSL Protocol has been implemented for mobile credit card payments. This paper proposes a Smart Card based Wireless Internet ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

SPW '13: Proceedings of the 2013 IEEE Security and Privacy Workshops

May 2013

180 pages

ISBN:9780769550176

Publisher

IEEE Computer Society

United States

Publication History

Published: 23 May 2013

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 15 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Hughes JDiffie W(2022)The Challenges of IoT, TLS, and Random Number Generators in the Real WorldQueue10.1145/354693320:3(18-40)Online publication date: 18-Jul-2022
https://dl.acm.org/doi/10.1145/3546933
Mandal KFan XGong G(2016)Design and Implementation of Warbler Family of Lightweight Pseudorandom Number Generators for Smart DevicesACM Transactions on Embedded Computing Systems10.1145/280823015:1(1-28)Online publication date: 20-Feb-2016
https://dl.acm.org/doi/10.1145/2808230

Abstract

Cited By

Recommendations

Security and Privacy Implications of NFC-enabled Contactless Payment Systems

Modelling consumers' payment behaviour towards contactless cards

Wireless Internet Payment System Using Smart Cards

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations