Abstract
MIFARE Classic is a contactless smart card which is widely used in several public transport systems. The researchers had presented different methods to clone a card in a practical card-only scenario. Among them, they recover the second or subsequent sector key by trying to accurately estimate the time information between two consecutive authentication attempts in a nested authentication. In this paper, we study the security of the MIFARE Classic in another practical scenario, where the adversary only communicates with a legitimate reader. The worst scenario to recover the second or subsequent sector key in a nested authentication only requires about 8 authentication attempts to the legitimate reader on average and the off-line search in about 328 s on Garcia’s ordinary computer without estimating the time information between two consecutive authentications. Following this result, it is possible for the attackers to simulate or forge a legal card to authenticate successfully with a legitimate reader. To avoid this weakness, the reader must verify some information on the legal card at the beginning and it requires to be protected in some sense.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
