The abovementioned features of MACed or encrypted messaging may be leveraged in order to implement over-the-air services. Over-the-air services TLDR: What it is all about Where the encrypted packet contains the encrypted credit value and CRC32 of the whole command (INS byte + file ID + credit value). Thus, the MAC of the operation depends on all previous operations since the last authentication. What is unusual about this CMAC is that it’s stateful - the IV is retained between operations.
The MAC is calculated using a custom CMAC algorithm which uses a session key cipher in CBC mode. when reading a file, the card would append a signature which may be then verified by the reader to ensure authenticity/integrity.when writing to a file, the reader must properly sign the command or the operation would fail.The payload for reading/writing operations is provided in plaintext but with MAC (Message Authentication Code) appended to the end. The file is read or written normally, using unprotected plaintext. Also, note that the EV2 secure messaging provides much better security, but we are not going to describe it here. For ordinary operations like file read/write, it is required to know the session key only if the secure communication mode is enabled for the particular file (which is described in the next section). Note: After the authentication process, the commands are still sent in plaintext. This protocol makes it impossible to decipher the generated session key out of sniffed communication unless the attacker knows the authentication key. Both communication sides prove each other that they can encrypt/decrypt with the cipher (=> implies knowing the valid authentication key).įinally, they agree on some (random) session key that could be used in some further operations that require cryptographic signing/encryption. Instead, the two sides of communication exchange encrypted messages. To have a successful authentication, both sides must know the proper authentication key for a DES/3DES/AES symmetric cipher. The authentication between the card and the “reader” is a variant of the shared-secret challenge-response scheme. Note: MIFARE and DESFire are trademarks of NXP B.V. This means that some operations (sometimes) could be performed securely even when there are some untrusted proxies/sniffers between the communication sides (namely the card and the readers).įirst, let’s talk a little bit about what are the abovementioned features and what is the profit of using them. When studying MIFARE® DESFire® EV1 communication, one may notice that these cards offer both secure AES authentication and the Secure Messaging feature.
Proof of concept: Over-the-air Top-up with MIFARE® DESFire® EV1 cards
0 kommentar(er)
