Onderzoek van veiligheid van NFC-gebaseerde betalingssystemen

Abstract

Near Field Communication is a rising technology that is being used globally by millions of people every day. Its most sold contactless card is NXP's MIFARE Classic, which uses undisclosed and proprietary authentication and encryption protocols that are based on a secret key. In the last few years, these protocols have been reverse engineered and disclosed to the world, revealing serious weaknesses. Attacks have been developed based on these weaknesses.

In this thesis, we describe these weaknesses and attacks and implement one of the attacks. Using these attacks, it is possible to recover any key in use by a card. Moreover, we describe and implement two important attacks within a proof of concept scenario. These attacks are carried out using common consumer hardware running Android. The scenario is based on a simple assumption in which the programmer made an error by not checking some of the returned values assumed to be correct.