Exposing iClass Key Diversification
نویسندگان
چکیده
Gerhard de Koning Gans presented a paper that looks at the key diversification scheme built in to the iClass contactless smart card system. The key diversification scheme was known to involve a single DES operation followed by a key fortification function. Through some amount of reverse engineering, they determined that the key fortification function is highly invertible. For a given output of the fortification function, there are an average of four possible inputs that can be easily determined. Thus, the diversification scheme offers little protection over standard DES.
منابع مشابه
Dismantling iClass and iClass Elite
With more than 300 million cards sold, HID iClass is one of the most popular contactless smart cards on the market. It is widely used for access control, secure login and payment systems. The card uses 64-bit keys to provide authenticity and integrity. The cipher and key diversification algorithms are proprietary and little information about them is publicly available. In this paper we have rev...
متن کاملCryptanalysis of INCrypt32 in HID's iCLASS Systems
The cryptographic algorithm called INCrypt32 is a MAC algorithm to authenticate participants, RFID cards and readers, in HID Global’s iCLASS systems. HID’s iCLASS cards are widely used contactless smart cards for physical access control. Although INCrypt32 is a heart of the security of HID’s iCLASS systems, its security has not been evaluated yet since the specification has not been open to pub...
متن کاملHeart of Darkness - exploring the uncharted backwaters of HID iCLASS RFID reader security
This paper provides detailed information on iCLASSTMreader and key security. It explains the security problems found without revealing the extracted secret keys (DES authentication Key and the 3DES data encryption key for iCLASSTMStandard Security cards). The chosen approach of not releasing the encryption and authentication keys gives iCLASS vendors and customers an important headstart to upda...
متن کاملThe Challenge of Content Creation to facilitate Personalized eLearning Experiences Experiences
The runtime creation of pedagogically coherent learning content for an individual learner’s learning preferences is a considerable challenge. By selecting and combining appropriate learning assets into a new learning object a learner’s needs and preferences may be accounted for. There are a number key aspects that need to be addressed in order to perform this kind of personalization, such as th...
متن کاملThe Challenge of Content Creation to facilitate Personalized eLearning Experiences
The runtime creation of pedagogically coherent learning content for an individual learner’s learning preferences is a considerable challenge. By selecting and combining appropriate learning assets into a new learning object a learner’s needs and preferences may be accounted for. There are a number key aspects that need to be addressed in order to perform this kind of personalization, such as th...
متن کامل