Security of Wireless Embedded Devices in the Real World

Timo Kasper, David Oswald, Chris­tof Paar

Information Security Solutions (ISSE) 2011 - Securing Electronic Business Processes (November 22-23 2011, Prague, Czech Republic)


In the past years, wireless embedded devices have become omnipresent. Portable tokens communicating via an RF (Radio Frequency) interface are employed in contactless applications such as access control, identification, and payments. The survey presented in this paper focuses on those devices that employ cryptographic mechanisms as a protection against ill-intended usage or unauthorizedly accessing secured data. By analyzing different commercial products, i.e., electronic passports, the remote keyless entry system KeeLoq, a Mifare Classic based contactless payment system, and a public transport system relying on Mifare DESfire cards we demonstrate that it is feasible to recover the secret cryptographic keys from various cryptographic tokens. At hand of the real-world examples, the implications of a key extraction for the security of the respective contactless application are illustrated.

[pdf] [bib]