27C3 - Version 1.6.3
27th Chaos Communication Congress
We come in peace
Speakers | |
---|---|
Henryk Plötz | |
Milosch Meriac |
Schedule | |
---|---|
Day | Day 3 - 2010-12-29 |
Room | Saal 2 |
Start time | 17:15 |
Duration | 01:00 |
Info | |
ID | 4114 |
Event type | Lecture |
Track | Hacking |
Language used for presentation | English |
Feedback | |
---|---|
Did you attend this event? Give Feedback |
Analyzing a modern cryptographic RFID system
HID iClass demystified
Popular contactless systems for physical access control still rely on obscurity. As we have shown, time and time again, proprietary encryption systems are weak and easy to break. In a follow-up to last year's presentation we will now demonstrate attacks on systems with 'proper' cryptographic algorithms.
Since we broke the last of the big players on the market at 26C3, most vendors are now migrating to new systems which rectify our main point of concern: proprietary algorithms. All new technologies use AES or 3DES for encryption and/or authentication and vendors tirelessly tout the security of their systems and the use of these algorithms between card, reader and host. We will discuss the design of the successor to a system we attacked last year, and demonstrate how a system can be insecure despite the use of secure cryptoprimitives.