NXP Semiconductors has sued Radboud University Nijmegen in the Netherlands to block details of a security flaw in NXP’s MIFARE Classic contactless smart cards, according to a ZDNet UK report.
“We feel the publication would not be responsible,” NXP said in an e-mail statement when asked to comment for the ZDNet UK article. “We cannot give further comments at this time, as it is in the hands of the court and the court has given a confidentiality order.” A hearing was scheduled for today but the outcome was not yet known.
Karsten Nohl, a University of Virginia graduate student who worked with others to break the cryptographic algorithm, has planned to release his work in August. The Dutch university’s research builds on Nohl’s work. Nohl said he plans to publish his research in August and that NXP has not sued him to halt publication of his work.
The MIFARE Classic line of products is possibly the world’s most widely deployed contactless product, used for many transit and physical security applications. The MIFARE Classic line includes the MIFARE 1K, MIFARE 4K and MIFARE Mini products. They are used worldwide in transit fare collection systems, access control solutions, and government ID systems. Large issuers include transit projects such as London’s Oyster program, The Netherlands’ OV-chipkaart, and Boston’s Charlie Card.
Nohl spoke with Regarding ID in the spring. He says his team spent two years working on the MIFARE project. The gist of the effort, as he describes it, involved, “taking off one layer at a time (from the tiny chip), then taking photos, (to) reconstruct the structure. There are such vast amounts of data that we can’t do it, but we could train our computers to do it. The structure encodes what the chip is doing like any microprocessor. Basically output the code that we can read and understand what the crypto is doing.”
MIFARE was first released in 1994. With 15-year-old security and advancements in computing it seems to many that vulnerabilities would exist in aging products.
“Over years you learn about attack scenarios and strive to improve the product family with new security measures,” says Manuel Albers, director of regional marketing for the Americas at NXP. He went on to explain that newer versions of the line are not vulnerable to this attack. But he is emphatic that the Classic products, even if these vulnerabilities hold true, have a viable place in the market.
Albers describes that any card issuer must evaluate the security levels and subsequent costs based on the value of the asset being protected. “It is typically the role of the system integrator to strike the right balance between the security measures and the features that are included in the card and the cost of those features … and the features that are included in the overall systems infrastructure,” he says.
In some cases a very expensive and secure card is the right decision, but in other cases it may be overkill.
Nohl suggests that it is both the age of the product and its initial design that cause the vulnerabilities. “While the security is outdated now, it wasn’t even strong to begin with,” he explains citing, “protocol-level mistakes and, in addition, a very weak cryptographic cipher that discloses the secret key.” He found several key vulnerabilities in the chip’s design including a 48-bit key, a 16-bit random number generator and a weak implementation of the random number generator’s timing.
NXP supports its issuers and adds to product line
“We take those claims very seriously, and we have spent significant time reviewing those attack scenarios,” explains Albers. “We have asked system integrators to evaluate the overall security of their implementations to determine if the security is sufficient for the assets they are protecting.”
In addition, the company is releasing a new product that includes higher security and is backward compatible with the Classic product.
“Our latest addition to the MIFARE portfolio is the MIFARE Plus, positioned between the MIFARE Classic and the DESFire line,” says Albers.
MIFARE Plus has security measures that address these current threat scenarios, but unlike NXP’s high security DESFire product, it works alongside MIFARE Classic products. Thus, MIFARE Classic users can use it in current installations, and it allows the issuer to turn on higher security measures such as AES encryption.
Parts of this story were taken from an article that appeared in the summer issue of Regarding ID.
Read the ZDNet story here.