Token, Transponder und RFID-Tags Angriffe auf elektronische Zugangskontrollsysteme
|
|
- Adele Barber
- 6 years ago
- Views:
Transcription
1 Berlin, 8. November 2016 Forum Modernes Zutritts- und Berechtigungsmanagement Token, Transponder und RFID-Tags Angriffe auf elektronische Zugangskontrollsysteme Timo Kasper Kasper & Oswald GmbH, Bochum, Germany
2 Dr.-Ing. Timo Kasper Dr.-Ing. David Oswald Core Competence: Embedded Security Research, Analysis, Development, Consulting, Training Many years of Research and Development experience 3
3 Embedded Devices in the Internet of Things NFC 5
4 Introduction to (Symmetric) Cryptography plaintext Simedia plaintext Simedia Alice Cipher Secret Key G3H31M Cipher Bob ciphertext ciphertext Internet Oscar 6
5 The core of (IT-)Security Security Design Report flaws Improve Analysis 8
6 Implementation Attacks on Embedded Devices Fault Injection, Reverse Engineering Side-Channel Analysis 11
7 Remote Keyless Entry (1) Uni-directional First systems: Fixed code 123xbhdsgf 123xbhdsgf 123xbhdsgf 20
8 Remote Keyless Entry (2) Uni-directional with Crypto Industry reacts: Rolling code Option 2: Attack crypto Cipher Option 1: Attack key management encrypt(124) encrypt(125) BUT there are attacks... 23
9 KeeLoq (Crypto 2008)
10 Principle of Side-Channel Analysis (here: listen to Sound) A Bank Robbery 25
11 Principle of Side-Channel Analysis The world is changing 26
12 Principle of Side-Channel Analysis (Monitor the power consumption / run-time) The world is changing the tools are, too. 27
13 Applied Side-Channel Analysis (Power) Attack target (2008): KeeLoq remote controls very widespread in cars and garages (world-wide)? Secret Key 64 Counter 32 Encryption (KeeLoq) 32 Dynamic Code secret cryptographic key of remote control! 32
14 Side-Channel Analysis of KeeLoq: Management Summary Power-analysis attack (with physical access): clone a remote control from 10 power measurements obtain Manufacturer Key from 1 power measurement Flaw of KeeLoq system: Key derivation from Manufacturer Key k M k remote_control = f(#ser, k M ) k M used in every receiver of manufacturer M Single point-of-failure 33
15 Flavio Garcia, David Oswald, Timo Kasper, Pierre Pavlidès University of Birmingham / Kasper & Oswald GmbH 36
16 Automotive RKE (Usenix 2016)
17 VW Group: Affected Vehicles Audi: A1, Q3, R8, S3, TT, other types of Audi cars (e.g. remote control 4D ) VW: Amarok, (New) Beetle, Bora, Caddy, Crafter, e-up, Eos, Fox, Golf 4, Golf 5, Golf 6, Golf Plus, Jetta, Lupo, Passat, Polo, T4, T5, Scirocco, Sharan, Tiguan, Touran, Up Seat: Alhambra, Altea, Arosa, Cordoba, Ibiza, Leon, MII, Toledo S koda: City Go, Roomster, Fabia 1, Fabia 2, Octavia, Superb, Yeti In summary: probably most VW group vehicles between 1995 and today not using Golf 7 (MQB) platform 44
18 Hitag2 RKE Attack Demo 45 45
19 Vehicles we tested using Hitag2 RKE Opel Astra H 2008 Opel Corsa D 2009 Fiat Grande Punto
20 Management Summary VW Group: secure crypto secure system extract a few worldwide keys instantly copy a remote control from 1 signal RF attack highly practical and scalable Hitag2: diversified keys but bad crypto eavesdrop 4 to 8 signals (key presses) copy remote control with some computations Poor crypto is bad, but poor key management is worse. 47
21 Embedded Devices in the Internet of Things NFC 49
22 Authentication with Login Tokens Past: One factor: Password/PIN Today: Two factors: Password/PIN and an additional token: 50
23 51
24 Yubikey 2: Overview Simulates USB keyboard Generates and enters One-Time Password (OTP) on button press Based on AES w/ 128-bit key 52
25 Yubikey OTP Generation... dhbgnhfhjcrl rgukndgttlehvhetuunugglkfetdegjd dhbgnhfhjcrl trjddibkbugfhnevdebrddvhhhlluhgh dhbgnhfhjcrl judbdifkcchgjkitgvgvvbinebdigdfd... AES encrypted = secure?! 53
26 Side-Channel Analysis of Yubikey2: Management Summary 128-bit AES key of the Yubikey 2 can be recovered (700 EM measurements = 1 hour physical access) Attacker can compute OTPs w/o Yubikey Impersonate user: Username and password still needed 54
27 Countermeasures Side-channel attacks are a threat in practice FW version 2.4 for Yubikey 2 comes with countermeasures Newly produced Yubikeys are more secure Report flaws Improve 55
28 Remote Keyless Entry (3) Bi-Directional: Challenge-Response C i challenge e k (C i ) = R i response 1. computes: R i = e k (C i )? 2. verifies: R i = R i can be extended for mutual authentication challenge must be random and big enough 57
29 Embedded Devices in the Internet of Things NFC 58
30 Contactless Smartcards / RFID ISO / ISO MHz Used in access control systems electronic passports payment systems ticketing / public transport Near Field Communication (NFC) One insecure example: Mifare Classic 59
31 KeeLoq (Crypto 2008)
32 Analysis of the ID-Card 1/2 Extracting Keys test our key-recovery on ID-Card extraction of all secret keys another ID-Card contains the same keys a third ID-Card contains the same keys... surprising discovery: All ID-Cards have identical keys! 61 61
33 A Practical Threat: Denial of Service disguised reader, e.g., near a waiting line at the cash desk Evil attacker: sets credit of any card in its proximity to 0 (in 40 ms) Nice attacker : charges cards of victims 64
34 My favourite Attack: Converting Bits to Cash anonymous get anonymous ID-Card (10 deposit) modify credit balance return card at cash desk deposit and up to 150 paid out in cash! 65
35 Analysis of a Contactless Payment System 5 years after the Attack. new issued cards are Mifare DESfire (EV1) old Mifare Classic cards are still working improved backend: shadow accounts are used ( and still manually checked ) Report flaws Improve 66
36 A Versatile NFC Emulator and more
37 2006: Kaffeetassen Transponder (Coffee Cup Tag) 69
38 Fake Tag 72
39 The Primal- (2011) A Versatile Emulator for Contactless Smartcards Atmel ATXmega32 Mifare Classic: Crypto1 stream cipher Mifare DESFire MF3ICD40: Auth. with (3)DES Mifare DESFire EV1: Auth. with AES-128, (3)DES and other ISO14443 / ISO15693 cards 75
40 Rev.D 76
41 Rev.D 79
42 Rev.E 8 card slots Breakable antenna Improved USB command set Widespread open source project: 80
43 Rev.E is not enough: Upgrade MCU and FRAM Rev. F 89
44 Crowdfunding via Kickstarter, Day 45 Project successfully funded. 91
45 Crowdfunding via Kickstarter. 6 months later: Production finished. 92
46 Rev.G (Basic) RFID Reader ATXMega128 + FRAM Li-Ion Battery ISO 14443/ ISO Sniffing Log Mode 94
47 Rev.G Log Mode / Sniffing Emulation: Log reader and Chameleon data Sniffing: Chameleon is invisible during recording Precise time stamps Live logging 95
48 Card Emulator open source project: Source Code/Firmware and Hardware Layout of Rev.G Now online! 97
49 Creative Usage of (Florian RUB) 98
50 Long Range Contactless Card 99
51 A Useful Book Reading Range: more than 70 cm 100
52 Chameleon and the Magic Dragon PUFF! CHES 2015 paper: The Gap Between Promise and Reality: On the Insecurity of XOR Arbiter PUFs (Georg T. Becker) Chameleon clones a PUF (Physically Unclonable Function) 101
53 Embedded Devices in the Internet of Things NFC 105
54 Case Study: An Electronic Locking System (CRYPTO 2013)
55 Electronic Locking System with Bi-Directional Authentication Scheme Token Lock 111
56 Electronic Locking System with Bi-Directional Authentication Scheme Black-box analysis: Token and lock perform authentication protocol Token Authentication protocol Lock??? 115
57 Electronic Locking System: PIC Microcontroller in Token and Lock Embedded code? Token Lock Read-out protection! 121
58 Decapping an IC (1) 122
59 Decapping an IC (2) 123
60 Decapping an IC (3) 124
61 Decapping an IC (4) 125
62 Microscopic View of the Silicon Die 126
63 Exposure to UV-C: Disable Read-Out Protection (1) 127
64 Exposure to UV-C: Disable Read-Out Protection (2) 128
65 Exposure to UV-C: Disable Read-Out Protection (2) 129
66 Read Out the Content of the PIC Microcontroller Use standard programmer Reverse-Engineer (e.g., IDA) all secrets known 130
67 K T ID T ID L K L D challenge C compute K T = S KL (ID T, D) both: compute R KT (C, D, ID T, ID L ) = R T R L response R T (verify R L ) (verify R T ) response R L 131
68 Weaknesses and Attacks (1) Hardware Each lock stores installation-wide cryptographic key UV-C attack in ~ 30 min (decap PIC) EM - side-channel attack in ~ 15 min (close to PIC) Attacking one lock gives access to all doors 136
69 K T ID T ID L K L D challenge C compute K T = S KL (ID T, D) both: compute R KT (C, D, ID T, ID L ) = R T R L response R T (verify R L ) (verify R T ) response R L 139
70 Cryptographic Functions R and S ID T ID L D C O O DES * R T R L ID T D K T O DES * O* K L
71 Cryptographic Functions R and S Security Vulnerabilities ID T ID L ZD R C O 1.) 40 Bits of Z R reused as C leaks internal value O DES * R T R L ID T D ) 128-Bit key K T computed from 64 unknown bits K T O DES * O* Z S K L ) O has bad cryptographic properties 144
72 Weaknesses and Attacks (2) Wireless Lock-only attack initiate some (not successful) protocol runs compute valid K T open door(s) Efforts for computing K T on a PC: Protocol Runs Run-Time Key Candidates 3 3,36 min 21, ,5 s 1 5 1,2 s ms 1 145
73 A System Designer s Perspective: How to Secure the Internet of Things? Use peer-reviewed crypto and random numbers Do not educate your attacker Do not start with a weak product that must be upgraded Implementation attacks: Practical threat, but: Use certified devices (secure hardware) Algorithmic countermeasures (secure software) System level: Second line of defense! Shadow accounts / Logging (detect fraud) Key diversification (minimize impact) Expect the Unexpected 153
74 Thank you! Questions? Comments? Contact:
75 Secure Against Cyber Attacks 156
76 Kasper & Oswald Prüfsiegel Unabhängige Sicherheitsanalyse Verbesserungsvorschläge Diskretion über Firmeninterna 157
Lock It and S,ll Lose It - On the (In)Security of Automo,ve Remote Keyless Entry Systems
Lock It and S,ll Lose It - On the (In)Security of Automo,ve Remote Keyless Entry Systems Flavio D. Garcia 1, David Oswald 1, Timo Kasper 2 and Pierre Pavlidès 1 1. University of Birmingham, UK 2. Kasper
More informationOverview of some automotive RKE systems
Overview of some automotive RKE systems Pierre Pavlidès OWASP Gothenburg Day 2016 November 24, 2016 Pierre Pavlidès Overview of some automotive RKE systems 1 / 42 Before we start Slides at http://r.rogdham.net/26
More informationLOCK IT AND STILL LOSE IT ON THE (IN)SECURITY OF AUTOMOTIVE REMOTE KEYLESS ENTRY SYSTEMS
LOCK IT AND STILL LOSE IT ON THE (IN)SECURITY OF AUTOMOTIVE REMOTE KEYLESS ENTRY SYSTEMS FLAVIO GARCIA, DAVID OSWALD, TIMO KASPER, PIERRE PAVLIDES PRESENTED BY JACOB BEDNARD, WAYNE STATE UNIVERSITY CSC5991
More informationDescription: Autologic Assist plus:
Autologic Assist plus: Description: AssistPlus is the central hub of any modern workshop. Four times faster and more feature rich than the Blue Box, AssistPlus is a platform that expands as new functions
More informationDAB/DAB+ DVB-T MUSIC INTERFACES. Electronics. JuNa PPHU AUDI VW SKODA SEAT. Design and production of electronic devices
Design and production of electronic devices Electronics DAB/DAB+ DVB-T MUSIC INTERFACES AUDI VW SKODA SEAT JRDAB-01 MOST bus DAB / DAB + RADIO MODULES Digital DAB/DAB+ tuner for factory AUDI MMI systems.
More informationSecurity in NFC Readers
Security in Readers Public Content and security, a different kind of wireless Under the hood of based systems Enhancing the security of an architecture Secure data exchange Information security goals Cryptographic
More informationSuperVAG KEY - application list
EN SuperVAG KEY - application list Professional diagnostic tool and Lockmisth solution for VAG cars (VW, Skoda, Seat and Audi). SuperVAG brings solution for: Key Programming, now with Smart Direct Key
More informationAutomotive Security: The Bad and the Ugly. Flavio Garcia University of Birmingham
Automotive Security: The Bad and the Ugly Flavio Garcia University of Birmingham The automotive industry has undergone a major transformation Digital Mechanical Shift in Responsibility and Culture Mechanical
More informationZ-E2050 DEVICE INSTALLATION MANUAL
Z-E2050 DEVICE INSTALLATION MANUAL EN COMPATIBILITY LIST Model Model Version Model Year VW Amarok 2H as of 2010 VW Beetle Cabrio 5C 2011 2015 VW Beetle Coupé 5C 2011 2015 VW Caddy 2K/2C 2003 2013 VW CC
More informationLeveraging the full potential of NFC to reinvent physical access control. Friday seminar,
Leveraging the full potential of NFC to reinvent physical access control Wireless@KTH Friday seminar, 2012-08-31 NFC (Near Field Communication) A new radio communication technology for mobile phones Uses
More informationSmartCAN Application List Ryder Towing Equipment Ltd March 2015.
Alfa Romeo Brera : 2008 > YES NO YES NO YES Audi A1 2014 > YES + Park lights YES YES YES YES Audi A3 : 2003 > YES + Park lights YES YES YES YES Audi A3 : 2013 > YES + Park lights YES YES YES YES Audi A4
More informationRFID & NFC. Erik Poll. Digital Security Radboud University Nijmegen
RFID & NFC Erik Poll Digital Security Radboud University Nijmegen 1 RFID tags RFID = Radio-Frequency IDentification RFID devices are called tags or transponders More powerful RFID tags also called contactless
More informationFlavio D. Garcia Gerhard de Koning Gans Roel Verdult Exposing iclass Key Diversification
Usenix WOOT 2011 Flavio D. Garcia Gerhard de Koning Gans Roel Verdult Exposing iclass Key Diversification Contents Introduction RFID iclass and Picopass Key Diversification iclass Key Diversification DES
More informationDEFCON 26 - Playing with RFID. by Vanhoecke Vinnie
DEFCON 26 - Playing with RFID by Vanhoecke Vinnie 1. Contents 2. Introduction... 3 3. RFID Frequencies... 3 Low frequency... 3 High frequency... 3 Ultra-high frequency... 3 4. MIFARE... 4 MIFARE Classic...
More informationRFID tags. Inductive coupling is used for. energy transfer to card transmission of clock signal data transfer
RFID 1 RFID tags RFID = Radio-Frequency IDentification RFID devices are called tags or transponders More powerful RFID tags can be called (contactless) smartcards Inductive coupling is used for energy
More informationAVDI ABRITES Commander for VAG - VW,Audi, Seat, Skoda V24.0+Hyundai V2.1 + Kia V2.1+Tag V6.2 +VVDI ImmoPlus V Digit Nissan Pin Code Calculator
AVDI ABRITES Commander for VAG - VW,Audi, Seat, Skoda V24.0+Hyundai V2.1 + Kia V2.1+Tag V6.2 +VVDI ImmoPlus V13.6+20 Digit Nissan Pin Code Calculator AVDI Commander for VAG is a Windows PC based diagnostic
More informationNFC is the double click in the internet of the things
NFC is the double click in the internet of the things Name Frank Graeber, Product Manager NFC Subject 3rd Workshop on RFID Systems and Technologies Date 12.06.2007 Content NFC Introduction NFC Technology
More informationNotes on NFC ticket design on MIFARE Ultralight C (updated ) Tuomas Aura. Application is a data structure
Notes on NFC ticket design on MIFARE Ultralight C (updated 2017-12-13) Tuomas Aura Application is a data structure The inexpensive smart cards used for ticketing applications, such as MIFARE Ultralight,
More informationRFID DEFCON 26 Vinnie Vanhoecke Lorenzo Bernardi
RFID Workshop @ DEFCON 26 Vinnie Vanhoecke Lorenzo Bernardi Page 1 Content Introduction RFID theory Basics Tools Protocols Mifare Challenges Page 2 RFID basics RFID theory: RFID basics RFID = Radio Frequency
More informationACR1252U. NFC Forum Certified Reader. Technical Specifications V1.03. Subject to change without prior notice.
ACR1252U NFC Forum Certified Reader Technical Specifications V1.03 Subject to change without prior notice Table of Contents 1.0. Introduction... 3 2.0. Features... 4 3.0. Typical Applications... 5 4.0.
More informationSecurity of Embedded Hardware Systems Insight into Attacks and Protection of IoT Devices
Security of Embedded Hardware Systems Insight into Attacks and Protection of IoT Devices Dr. Johann Heyszl, Head of Hardware Security Department Fraunhofer-Institute for Applied and Integrated Security
More informationRFID Skimming and Cloning Attacks on Presto Cards
RFID Skimming and Cloning Attacks on Presto Cards Chris Weber 1 (100216595), Azhar Saiyed 2 (100464089), Maaz Kamani 3 (100453151), Pirasanth Sivalingam 4 (100460273) Faculty of Business and IT, University
More informationCRYPTOGRAPHIC ENGINEERING ASSIGNMENT II Theoretical: Design Weaknesses in MIFARE Classic
CRYPTOGRAPHIC ENGINEERING ASSIGNMENT II Theoretical: Design Weaknesses in MIFARE Classic Özgecan Payzin, s4159721 ozgecan.payzin@student.ru.nl April 1, 2013 1 Introduction The MIFARE Classic is one of
More informationCracking HiTag2 Crypto
Cracking HiTag2 Crypto Weaponising Academic Attacks for Breaking and Entering Kev Sheldrake rtfcode@gmail.com @kevsheldrake github/rtfcode rtfc.org.uk Kev Sheldrake Hacker Researcher Reverse engineer Maker
More informationCSE 127: Computer Security Cryptography. Kirill Levchenko
CSE 127: Computer Security Cryptography Kirill Levchenko October 24, 2017 Motivation Two parties want to communicate securely Secrecy: No one else can read messages Integrity: messages cannot be modified
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More information1.264 Lecture 26. Security protocols. Next class: Anderson chapter 4. Exercise due before class
1.264 Lecture 26 Security protocols Next class: Anderson chapter 4. Exercise due before class 1 Encryption Encryption is the process of: Transforming information (referred to as plaintext) Using an algorithm
More informationSECURITY OF CPS: SECURE EMBEDDED SYSTEMS AS A BASIS
SECURITY OF CPS: SECURE EMBEDDED SYSTEMS AS A BASIS Christoph Krauß, christoph.krauss@aisec.fraunhofer.de Dagstuhl Seminar 11441: Science and Engineering of CPS, November 2011 Overview Introduction Securing
More informationBank Infrastructure - Video - 1
Bank Infrastructure - 1 05/09/2017 Threats Threat Source Risk Status Date Created Account Footprinting Web Browser Targeted Malware Web Browser Man in the browser Web Browser Identity Spoofing - Impersonation
More informationiclass SE Platform Solutions The New Standard in Access Control
iclass SE Platform Solutions The New Standard in Access Control iclass SE Platform iclass SE SOLUTIONS Next generation access control solutions for increased security, adaptability, and enhanced performance.
More informationSweet Dreams and Nightmares: Security in the Internet of Things
Sweet Dreams and Nightmares: Security in the Internet of Things Timo Kasper, David Oswald, Christof Paar To cite this version: Timo Kasper, David Oswald, Christof Paar. Sweet Dreams and Nightmares: Security
More information1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class
1.264 Lecture 27 Security protocols Symmetric cryptography Next class: Anderson chapter 10. Exercise due after class 1 Exercise: hotel keys What is the protocol? What attacks are possible? Copy Cut and
More informationTROUBLESHOOTING TKM & KEYLINE CLONING TOOL
TROUBLESHOOTING TKM & KEYLINE CLONING TOOL 884 DECRYPTOR MINI & TKM WHAT DO THE LIGHTS INDICATE? The green light indicates 884 Decryptor Mini is connected to the device. The three red lights indicate the
More informationMultifunctional Identifiers ESMART Access
AIR TAG Multifunctional Identifiers ESMART Access Contents ESMART Access technology 4 Key advantages of ESMART Access 6 Multifunctional identifiers ESMART Access 8 AIRTAG RFID keyfobs 9 Silicone RFID
More informationTHE BEST OF BOTH WORLDS. Dual-frequency RAIN RFID cards add flexibility while increasing smarts and security. By Mahdi Mekic, NXP Semiconductors
THE BEST OF BOTH WORLDS Dual-frequency RAIN RFID cards add flexibility while increasing smarts and security By Mahdi Mekic, NXP Semiconductors A new generation of contactless smartcards, built to support
More information18-642: Security Vulnerabilities
18-642: Security Vulnerabilities 11/20/2017 Security Vulnerabilities Anti-Patterns for vulnerabilities Ignoring vulnerabilities until attacked Assuming vulnerabilities won t be exploited: Unsecure embedded
More informationEvaluation of the feasible attacks against RFID tags for access control systems
Evaluation of the feasible attacks against RFID tags for access control systems Hristo Dimitrov & Kim van Erkelens University of Amsterdam February 4, 2014 1 / 20 Contents 1 Introduction 2 Background 3
More informationECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria. Stefan Mangard.
Building Secure Hardware ECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria Stefan Mangard Infineon Technologies, Munich, Germany Stefan.Mangard@infineon.com Outline Assets and Requirements
More informationIDCore. Flexible, Trusted Open Platform. financial services & retail. Government. telecommunications. transport. Alexandra Miller
IDCore Flexible, Trusted Open Platform financial services & retail enterprise > SOLUTION Government telecommunications transport Trusted Open Platform Java Card Alexandra Miller >network identity >smart
More informationFare Media: Past, Present and Future. Hassan Tavassoli APTA Fare Collection Workshop San Diego, California March 29, 2010
Fare Media: Past, Present and Future Hassan Tavassoli APTA Fare Collection Workshop San Diego, California March 29, 2010 Evolution of Transit Fare Media Other Form Factors (contactless tokens and tags,
More informationKeeLoq and Side-Channel Analysis Evolution of an Attack
KeeLoq and Side-Channel Analysis Evolution of an Attack Christof Paar, Thomas Eisenbarth, Markus Kasper, Timo Kasper and Amir Moradi Chair for Embedded Security Electrical Engineering and Information Sciences
More informationSystem-Level Failures in Security
System-Level Failures in Security Non linear offset component (ms) 0.0 0.5 1.0 1.5 2.0 Variable skew De noised Non linear offset Temperature 26.4 26.3 26.2 26.1 26.0 25.9 25.8 Temperature ( C) Fri 11:00
More informationWHAT FUTURE FOR CONTACTLESS CARD SECURITY?
WHAT FUTURE FOR CONTACTLESS CARD SECURITY? Alain Vazquez (alain.vazquez@louveciennes.sema.slb.com) 1/27 AV Contents Major contactless features : summary Contactless major constraints Major security issues
More informationNFC FOR CONSUMABLES AND ACCESSORIES
NFC FOR CONSUMABLES AND ACCESSORIES JORDI JOFRE NFC READERS NFC EVERYWHERE 22/02/2018 WEBINAR SERIES: HOW TO DEVELOP NFC APPLICATIONS PUBLIC Agenda NFC for product authentication & identification NFC portfolio
More informationHacking new NFC cards
Hacking new NFC cards NTAG2x, Ultralight EV1/C, Desfire EV2, ISO-15693, meal EMV cards abyssal see #brmlab IRC for contact 6.12.2018 New cards Mifare Ultralight C, Ultralight EV1 descendant of simple Ultralight
More informationNetwork Security (NetSec)
Chair of Network Architectures and Services Department of Informatics Technical University of Munich Network Security (NetSec) IN2101 WS 17/18 Prof. Dr.-Ing. Georg Carle Dr. Heiko Niedermayer Cornelius
More informationCache Timing Attacks in Cryptography
Cache Timing Attacks in Cryptography Erik Zenner Technical University Denmark (DTU) Institute for Mathematics e.zenner@mat.dtu.dk DTU, Oct. 10, 2007 Erik Zenner (DTU-MAT) Cache Timing Attacks in Cryptography
More informationSecuring IoT devices with STM32 & STSAFE Products family. Fabrice Gendreau Secure MCUs Marketing & Application Managers EMEA Region
Securing IoT devices with STM32 & STSAFE Products family Fabrice Gendreau Secure MCUs Marketing & Application Managers EMEA Region 2 The leading provider of products and solutions for Smart Driving and
More informationSecurity: Cryptography
Security: Cryptography Computer Science and Engineering College of Engineering The Ohio State University Lecture 38 Some High-Level Goals Confidentiality Non-authorized users have limited access Integrity
More informationNEAR FIELD COMMUNICATION
NEAR FIELD COMMUNICATION (GUIDED BY:MISS ANUJA V NAIR) BY: REJOY MENDEZ ROLL NO:24 S7 ECE OVERVIEW INTRODUCTION FEATURES OF NFC TECHNOLOGICAL OVERVIEW COMPARISON WITH OTHER TECHNOLOGY SECURITY ASPECTS
More informationBluetooth mobile solutions APPLICATION NOTE / FAQ. Page 1 on 24
Bluetooth mobile solutions APPLICATION NOTE / FAQ Page 1 on 24 Table of Contents I. Introduction... 5 II. Bluetooth Smart technology General principles... 5 III. Frequently Asked Questions... 5 A. STid
More informationAtmel Trusted Platform Module June, 2014
Atmel Trusted Platform Module June, 2014 1 2014 Atmel Corporation What is a TPM? The TPM is a hardware-based secret key generation and storage device providing a secure vault for any embedded system Four
More informationLecture 1 Applied Cryptography (Part 1)
Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication
More informationIntroduction to Electronic Identity Documents
Tutorial Introduction to Electronic Identity Documents Klaus Schmeh cryptovision I'm Klaus Schmeh, Chief Editor Marketing at cryptovision. I have published a number of books. Identity Documents Conventional
More informationC and C++ Secure Coding 4-day course. Syllabus
C and C++ Secure Coding 4-day course Syllabus C and C++ Secure Coding 4-Day Course Course description Secure Programming is the last line of defense against attacks targeted toward our systems. This course
More informationConnecting to the future ELATEC RFID SYSTEMS
Connecting to the future ELATEC RFID SYSTEMS ELATEC GmbH Enabling success RFID SYSTEMS Focus on the goal Adaptable to our customer s requirements, Elatec products and technologies are the core that has
More informationAuthentication Handshakes
AIT 682: Network and Systems Security Topic 6.2 Authentication Protocols Instructor: Dr. Kun Sun Authentication Handshakes Secure communication almost always includes an initial authentication handshake.
More informationACR1251U-A1 USB NFC Reader with SAM Slot
ACR1251U-A1 USB NFC Reader with SAM Slot Technical Specifications V1.05 Subject to change without prior notice Table of Contents 1.0. Introduction... 3 2.0. Features... 4 3.0. Typical Applications... 5
More informationA Novel Approach to RFID Authentication: The Vera M4H Unclonable RFID IC
A Novel Approach to RFID Authentication: The Vera M4H Unclonable RFID IC Presenter: Vivek Khandelwal, Vice President of Marketing & Business Development 1 Agenda» Company Overview» PUF Technology Overview»
More informationVEHICLE FITTING INFORMATION VEHICLE SEAT FITTING METHOD. IMAX SP Group 123, Belt Fit Only - Team Tex European Market June 2016
VEHICLE FITTING INFORMATION VEHICLE SEAT FITTING METHOD IMAX SP Group 123, Belt Fit Only Team Tex European Market June 2016 This car seat is classified for Universal use. It is suitable to fix into seat
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 3.3: Security Handshake Pitfalls CSC 474/574 Dr. Peng Ning 1 Authentication Handshakes Secure communication almost always includes an initial authentication
More informationBlock Ciphers. Secure Software Systems
1 Block Ciphers 2 Block Cipher Encryption function E C = E(k, P) Decryption function D P = D(k, C) Symmetric-key encryption Same key is used for both encryption and decryption Operates not bit-by-bit but
More informationSecurity in sensors, an important requirement for embedded systems
Security in sensors, an important requirement for embedded systems Georg Sigl Institute for Security in Information Technology Technical University Munich sigl@tum.de Fraunhofer AISEC Institute for Applied
More informationTinySec: A Link Layer Security Architecture for Wireless Sensor Networks. Presented by Paul Ruggieri
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry,, David Wagner Presented by Paul Ruggieri 1 Introduction What is TinySec? Link-layer security architecture
More informationUnderstanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 6 Introduction to Public-Key Cryptography
Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 6 Introduction to Public-Key Cryptography ver. November 18, 2010 These
More informationLightweight Block Cipher Design
Lightweight Block Cipher Design Gregor Leander HGI, Ruhr University Bochum, Germany Sardinia 2015 Outline 1 Motivation 2 Industry 3 Academia 4 Lightweight: 2nd Generation 5 NIST Initiative Outline 1 Motivation
More informationConditional Multiple Differential Attack on MiFare Classic
Conditional Multiple Differential Attack on MiFare Classic or How to Steal Train Passes and Break into Buildings Worldwide Nicolas T. Courtois University College London, UK MiFare Classic Crypto-1 Stream
More informationCryptography Functions
Cryptography Functions Lecture 3 1/29/2013 References: Chapter 2-3 Network Security: Private Communication in a Public World, Kaufman, Perlman, Speciner Types of Cryptographic Functions Secret (Symmetric)
More informationConnecting Securely to the Cloud
Connecting Securely to the Cloud Security Primer Presented by Enrico Gregoratto Andrew Marsh Agenda 2 Presentation Speaker Trusting The Connection Transport Layer Security Connecting to the Cloud Enrico
More informationContents. Preface. Acknowledgments. xxiii. List of Acronyms i xxv
Preface xv Acknowledgments. xxiii List of Acronyms i xxv 1 Executive Summary 1 1.1 Towards NFC Era 2 1.1.1 Ubiquitous Computing 2 1.1.2 Mobile Phones 3 1.1.3 Technological Motivation of NFC 4 1.1.4 Wireless
More informationWeb Application Security. Philippe Bogaerts
Web Application Security Philippe Bogaerts OWASP TOP 10 3 Aim of the OWASP Top 10 educate developers, designers, architects and organizations about the consequences of the most common web application security
More informationInterface & Wiring Overview
User Manual Introduction The Autoleads ControlPro CP2-VAG52 is a universal steering control interface that is set using a pre-defined dipswitch configuration and supplied with a wiring harness for Ford
More informationNear Field Communication Security
Near Field Communication Security Thomas Patzke 22.04.2015 Who am I... Thomas Patzke (formerly Skora) Who am I... Thomas Patzke (formerly Skora) Started with security related topics somewhere in the 90s
More information9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng Basic concepts in cryptography systems Secret cryptography Public cryptography 1 2 Encryption/Decryption Cryptanalysis
More informationPersistent key, value storage
Persistent key, value storage In programs, often use hash tables - E.g., Buckets are an array of pointers, collision chaining For persistant data, minimize # disk accesses - Traversing linked lists is
More informationSwipe Your Fingerprints! How Biometric Authentication Simplifies Payment, Access and Identity Fraud
Swipe Your Fingerprints! How Biometric Authentication Simplifies Payment, Access and Identity Fraud Julian Fietkau, Starbug, Jean-Pierre Seifert Security in Telecommunications - Technische Universität
More informationConfidence 2.0 Prague 2010
New trends in public and massively used technologies Confidence 2.0 Prague 2010 Pavol Lupták Lead Security Consultant, Nethemba s.r.o. I'll be talking about... GSM/3G security Mifare Classic/DESFire Biometric
More informationadvant power Fully scalable fully flexible advanced contactless smart card system Key applications & standards
advant advanced contactless smart card system power Fully scalable fully flexible Key applications & standards 2 1 5 The LEGIC advant line has been developed to ideally support the design and realisation
More informationCSCE 548 Building Secure Software Entity Authentication. Professor Lisa Luo Spring 2018
CSCE 548 Building Secure Software Entity Authentication Professor Lisa Luo Spring 2018 Previous Class Important Applications of Crypto User Authentication verify the identity based on something you know
More informationFundamentals of Near Field Communication (NFC) Tvrtko Barbarić NXP Semiconductors
Fundamentals of Near Field Communication (NFC) Tvrtko Barbarić NXP Semiconductors Automotive Identification Wireless Infrastructure Lighting Industrial Mobile Consumer Computing Global player with local
More informationVehicle-Specific Towing Electrical Kits TF2352VAG
Vehicle-Specific Towing Electrical Kits TF2352VAG Audi: A3 2003- A4 2005-205 A5 2008- A8 20- Q2 209- Q3 20- Q5 2008-206 Seat: Alteca 206- Altea 2008- Exeo 2009- Leon: 2005- Skoda: Kodiaq 206- Octavia 2005-
More informationCryptanalysis of KeeLoq with COPACOBANA
Cryptanalysis of KeeLoq with COPACOBANA Martin Novotný 1 and Timo Kasper 2 1 Faculty of Information Technology Czech Technical University in Prague Kolejní 550/2 160 00 Praha 6, Czech Republic email: novotnym@fit.cvut.cz
More informationLightweight Block Cipher Design
Lightweight Block Cipher Design Gregor Leander HGI, Ruhr University Bochum, Germany Croatia 2014 Outline 1 Motivation 2 Industry 3 Academia 4 A Critical View 5 Lightweight: 2nd Generation 6 Wrap-Up Outline
More information18-642: Cryptography 11/15/ Philip Koopman
18-642: Cryptography 11/15/2017 Cryptography Overview Anti-Patterns for Cryptography Using a home-made cryptographic algorithm Using private key when public key is required Not considering key distribution
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Lecture 6 Michael J. Fischer Department of Computer Science Yale University January 27, 2010 Michael J. Fischer CPSC 467b, Lecture 6 1/36 1 Using block ciphers
More informationBreaking Korea Transit Card with Side-Channel Attack
Breaking Korea Transit Card with Side-Channel Attack -Unauthorized Recharging- Black Hat Asia 2017 Tae Won Kim, Tae Hyun Kim, and Seokhie Hong Outline 1. Attack Goal & Scenario 2. Target Device Details
More informationCSE Computer Security
CSE 543 - Computer Security Lecture 6 - Authentication September 21, 2006 URL: http://www.cse.psu.edu/~tjaeger/cse543-f06/ Project Background and Related Work Due 10/10 Questions to Answer: What is the
More informationL7: Key Distributions. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806
L7: Key Distributions Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806 9/16/2015 CSCI 451 - Fall 2015 1 Acknowledgement Many slides are from or are
More informationDATA SHEET. HT2DC20S20 HITAG 2 stick transponder INTEGRATED CIRCUITS
INTEGRATED CIRCUITS DATA SHEET Supersedes data of 1998 Mar 01 File under Integrated Circuits, IC11 2001 Oct 01 FEATURES Identification transponder for use in contactless applications Operating frequency
More informationWhite-Box Cryptography State of the Art. Paul Gorissen
White-Box Cryptography State of the Art Paul Gorissen paul.gorissen@philips.com Outline Introduction Attack models White-box cryptography How it is done Interesting properties State of the art Conclusion
More information2.1 Basic Cryptography Concepts
ENEE739B Fall 2005 Part 2 Secure Media Communications 2.1 Basic Cryptography Concepts Min Wu Electrical and Computer Engineering University of Maryland, College Park Outline: Basic Security/Crypto Concepts
More informationCS 332 Computer Networks Security
CS 332 Computer Networks Security Professor Szajda Last Time We talked about mobility as a matter of context: How is mobility handled as you move around a room? Between rooms in the same building? As your
More informationNetwork Security. Kerberos and other Frameworks for Client Authentication. Dr. Heiko Niedermayer Cornelius Diekmann. Technische Universität München
Network Security Kerberos and other Frameworks for Client Authentication Dr. Heiko Niedermayer Cornelius Diekmann Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik Version: January
More informationMicrocontrollers. Claude Dardanne Executive Vice President, General Manager, Microcontrollers, Memory & Secure MCU Group.
Microcontrollers Claude Dardanne Executive Vice President, General Manager, Microcontrollers, Memory & Secure MCU Group Francois Guibert Executive Vice President, President, Greater China and South Asia
More informationInformation Security: Principles and Practice Second Edition. Mark Stamp
Information Security: Principles and Practice Second Edition Mark Stamp August 10, 2009 Contents Preface Second Edition Preface About The Author Acknowledgments xvii xix xxiii xxv 1 Introduction 1 1.1
More informationDear John, Regards, Jaap-Henk
Date: Tue, 15 Jul 2008 11:20:04 +0200 From: Jaap-Henk Hoepman To: John Young CC: gkoningg[at]sci.ru.nl, flaviog[at]cs.ru.nl, Bart Jacobs Subject:
More information0/41. Alice Who? Authentication Protocols. Andreas Zeller/Stephan Neuhaus. Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken
0/41 Alice Who? Authentication Protocols Andreas Zeller/Stephan Neuhaus Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken The Menu 1/41 Simple Authentication Protocols The Menu 1/41 Simple
More informationThe Future of Smart Cards: Bigger, Faster and More Secure
The Future of Smart Cards: Bigger, Faster and More Secure Joerg Borchert, Vice President, Secure Mobile Solutions July 16, 2003 Page 1 N e v e r s t o p t h i n k i n g. Infineon Technologies: Overview
More informationII. LITERATURE SURVEY
Secure Transaction By Using Wireless Password with Shuffling Keypad Shweta Jamkavale 1, Ashwini Kute 2, Rupali Pawar 3, Komal Jamkavale 4,Prashant Jawalkar 5 UG students 1,2,3,4, Guide 5, Department Of
More informationACR1255U-J1 Secure Bluetooth NFC Reader
ACR1255U-J1 Secure Bluetooth NFC Reader Technical Specifications V1.07 Subject to change without prior notice Table of Contents 1.0. Introduction... 3 1.1. Smart Card Reader... 3 1.2. Compact Design...
More information