Ubiquitous Computing at a Crossroads: Art, Science, Politics and Design 

January 6th and 7th 2009
Huxley Building, Imperial College London

RFID security and the Mifare Classic

Peter van Rossum, Radboud Universiteit Nijmegen

Presentation slides

RFID technology is increasingly being applied in access control systems, public transport payment systems, vehicle identification systems, etc. Security issue surrounding the use of this technology are well-known (relay, weak cryptography and random number generators, replay, tracing, etc.) and (at a cost) avoidable, but are not always dealt with by the deployers of these systems.  Widespread abuse has, seemingly, not yet occured, but the technology becoming more popular (mobile phone with RFID technology, hobbiest applications) this is only a matter of time. As as example, we shall look at the widely used Mifare Classic RFID chip, which is the most widely used contactless smart card. It is used, for instance, in the London Oyster Card and the Dutch OV-Chipkaart. Recent research has shown that the security features of this card are virtually inexistent; we will look at the problems with this card and the implications for existing infrastructure.