End to end system security risk considerations for implementing MIFARE Classic

MIFARE Classic Crypto1, contactless card, end-to-end system security, vulnerabilities, threat and attack analysis, countermeasures

Threat model
Copying data from one card to another card

This document assumes that copying the data of one MIFARE Classic card to another can be protected by cryptographically linking the data somehow to the UID, as specified in the general guidelines for contactless cards in Reference [4].

Restoring a previously valid state onto the same card
If an attacker is able to read all the relevant information from a card and store that data somewhere, then use the card e.g. to make some train rides and would then be able to write the original data back to the card, readers of a system, especially when not real time on-line will accept the card as it did accept the card earlier.
However, depending on the design of the backend system, this kind of fraud can be detected after consolidation of the information from all the readers.

Use of emulating devices
The remaining risk deals with MIFARE Classic emulating devices or emulator cards. Although no emulator cards are known to exist, it is conceivable that they could be developed if a market is created for them, emerging from potential viable criminal business cases. Emulator cards are assumed to have the following properties:
Any UID can be programmed into it.
Any key can be programmed into it. This could also be done via another interface than the contactless interface, not using the MIFARE protocol. Any data can be programmed into it. This could also be done via another interface than
the contactless interface, not using the MIFARE protocol. Timing of the communication is identical to a genuine MIFARE card.
Those emulator cards can take the identity of a valid MIFARE Classic card and could be loaded with the same keys and same content as a legitimate MIFARE Classic card. Once the card is made identical to an existing MIFARE Classic card, the infrastructure cannot distinguish between that emulator card and the genuine MIFARE Card. 

Attack scenarios
This document assumes two attack scenarios; one is dealing with cards owned by someone who is not involved in the attack and the other dealing with cards that are either owned by the attacker or stolen from the legitimate owner. In the first scenario the attacker will only have a short time available to interrogate the card.

Attacker only has access to card for a short time
Attacker has single short access to the card only

The attacker eavesdrops the communication between a legitimate reader and the legitimate card of someone who is not involved in the attack. Practically this means that the attacker will have the card only available for a short period of time. For this scenario we assume that the attacker can record enough data to retrieve all keys in seconds. Of course only those keys that actually are used in the transaction can be retrieved. After those keys have been retrieved, all data that was either read or written in the transaction can be retrieved as well (from the recorded transaction) and all this material can be copied into an emulator card. However the data and the keys which were not involved in the transaction cannot be retrieved in this attack. Data of sectors for which the key was used in the transaction can be read from the card using the recovered key. But by the time the keys are known, the card will have disappeared out of the attacker’s reach. Keys of sectors that were not involved in the transaction, and which the reader does not use for authentication cannot be retrieved with this attack. However there is still a threat if the attacker is able to deploy attack 5 as described in chapter 2. This scenario is described in next section.

Attacker has access to the card during a few successive short times
If the attacker can have access to a card for some minutes, or a few successive short times (sub second) with a few minutes interval, the following attack scenario is possible:
1. The attacker retrieves one key of the card. There are various possibilities
a.If one of the keys on the card is not diversified, the attacker may know the key (e.g. the MAD key) or can use one of attacks #1-4 above to retrieve the key, if necessary using his own legitimate card (if he has one). This key is then valid for all other cards as well. This step requires no access to the card under attack.
b.The attacker first reads the UID of the card. This step requires one sub second access to the card at any location. Then he uses attack #3 above to retrieve the key of one of the sectors for that card by interrogating the legitimate reader of the infrastructure.
c.The attacker uses attack #1 or attack #2 to obtain one key. This step requires one sub second access to the communication of the card with a legitimate reader of the system.
2. The attacker accesses the card to retrieve sufficient material for all keys in less than a second. This is the start of attack #5.
3. The attacker calculates the keys from the recorded data out of step 2 in just about one second per key. This step requires no access to the card.
4. The attacker interrogates the card again and reads all the data. This step requires one sub second access to the card.
This scenario shows that an attacker who has two or three times access to a card with maximum two minutes in between (and often much less, as less keys are relevant) is enough to retrieve the entire content of the card (UID, keys and data).

Attacker has permanent access to the card
Practically this means that the attacker will have the card available for an unlimited period of time. The latest attacks (#4 and #5 in chapter 2) have made clear that an attacker is now able to retrieve all the keys and all the data without a legitimate MIFARE reader. So in this situation an attacker is able to make a full copy of the card if he has enough time to interrogate it. After the pre-computation has been done (which could take a few days or weeks) a full copy of the card could be made in just a few minutes.
Note that in most practical systems the currently time intensive attack #4 can just be replaced with the much faster attacks #1-3 involving a legitimate reader.