A small view on "RFID security technology discussion"

Two days ago, I saw an article about RFID security in TSRC. <RFID security technology discussion>: http://www.bkjia.com/Article/201406/310854.html, I had a little bit of views.
RFIDAttack Simulation
1Card data sniffing
The so-called "sniffing" mentioned in this article is analyzed based on the context analysis (whether the reader can be read successfully depends on the communication distance of the RF card) and the original video of the author. The success condition of such a method depends only on the distance, and there is no other encryption mechanism. This is just a UID read. The title of the author is "card data sniffing", but the content has nothing to do with this attack method.
In fact, "sniffing" should be the data that eavesdroppers on the interaction between the card reader and the card. From this perspective, the author should be unfamiliar with the concept of sniffing.
If you want to use Proxmark 3 to sniff a card that complies with the ISO/IEC14443A standard, the command is hf14asnoop. The official manual also clearly states that this attack method should be used when the card reader communicates with the card. Instead of "sniffing" a device.
2, Analog card data replay
The author writes a simulated card to replay the data, and the data here should refer to the UID obtained previously without any key. Simulate the UID value of a High-Frequency card, which only simulates the UID data. This is different from data replay.
Replay Attack, through the communication data between the monitoring card and the card reader, and then disguised as a legitimate card, and interact with the card reader, thus bypassing system authentication. If important information is stored on the card, the communication data between the invigilator card and the card reader is recorded to record the communication data of the card reader authentication card, thus disguising the data as valid card reader and card for interaction. During the replay process, you can modify the content of the replay.
From this perspective, the author should be unfamiliar with the concept of data replay.
3Card copy
When writing the card copy part, the author mentioned the simplest authentication situation. It only uses UID for authentication. But not just writing UID? For cards that comply with the ISO/IEC 14443 standard, the following describes UID specifications.



The matching diagram is from MIFARE and handling of UIDs [an000027]. Whether it is 4 byte UID, 7 byte UID or 10 Byte UID, a bcc is followed. xor is performed on the first 4 bytes for verification. From this we can see that the author's understanding of UID is not profound enough. Besides, the Data of Block 0/Sector 0 is not only UID, but also Manufacturer Data, as shown in MIFARE Classic 1 K.

Matching diagram from MIFARE Classic 1 K datasheet
Writing UID only may not ensure that this card is a valid card.
For MIFARE Classic card replication, all Data of the two cards should be identical, including all Data in the Manufacturer's Data Block (Manufacturer Data: Block 0/Sector 0. Data blocks and Sector trailer include Key A and Key B and access control.
4Card Data cracking and tampering
In this section, the author "Some Mifare Classic cards (such as class A Cards) have been cracked for A long time." how to crack the cards and get data with them, I turned to the analysis of card data, and I didn't know what the author said about the-type card and what MIFARE Classic series cards were not cracked. At this time, the author of the question refers to the analysis of the card data.
RFID attacks are intended for RFID security vulnerabilities. The author focuses on the data analysis of e-wallet to describe the simulation of RFID attacks. We cannot see the real vulnerabilities in this section of the MIFARE Classic series cards. The real vulnerabilities should be MIFARE Classic encryption algorithm defects and non-standard use of card-class keys, in addition, for the entire application system, the designers did not connect to the consumer system, allowing attackers to crack keys and tamper with data.
RFIDWhy
Radio Frequency IDentification (RFID) technology, its interaction process should be called coupling. Coupling types include Inductive Coupling and Electromagnetic Backscatter coupling)
RFIDWhat is the relationship with NFC?
"I believe many people cannot tell the relationship between RFID and NFC (short-range wireless communication technology). They are often seen in Weibo or articles being confused. In general, the following points can be used to explain: "The author seems to be a bit confused about the relationship between the two.
1. NFC itself evolved Based on RFID. RFID can barely be regarded as NFC's "dad ";
RFID itself is a very broad concept, while NFC has some features that can be used as RFID, rather than being stubborn. The following 2nd points and 3rd points share the same problem between the so-called "Frequency Band difference" and "communication distance difference", with no primary or secondary relationship.
4. Differences in working modes
NFC integrates those functions, not in comparison with RFID, but because of technical compatibility.

Image matching from Philips <NFC vs 2011-0443 vs Felica>
PS: regarding technology compatibility, NXP MIFARE®And Sony's FeliCa™All fixed the instruction sets. For example, NXP also has related documents to describe and describe product compatibility. For example: AN1305 <MIFARE Classic as NFC Type MIFARE Classic Tag> and AN1304 <NFC Type MIFARE Classic Tag Operation>
Defense solution Discussion
1.Avoid using Mfiare Classic Chip cards and Chip cards with stronger encryption algorithms, such as CPU cards;
When you change to a CPU card, the physical media is upgraded, and there are also many solutions to simulate the MIFARE Classic series card through the CPU card. You are physically different, but you still use the same technology. There will still be an old vulnerability. The default key enumeration is also applicable to attacks such as listening. CPU cards do not represent security, and there are also many security problems with CPU cards.
2.Sensitive data such as the amount involved should be encrypted, and plaintext storage is prohibited;
The data itself is encrypted, and the protection of the card itself is the most robust protection. However, if the card is cracked, data re-encryption does not make much sense.
3.Online operations are performed between the card reader and the backend host database, and system verification is performed through instant connections;
Such a real-time system architecture can only be applied in a small range. If a network problem occurs, the system will not work. The starting point of defense should not be in this place. No matter whether it is synchronous or asynchronous (offline, regularly uploaded to the server for data comparison), the system will have timestamps and replay attacks will have a certain amount of available space.
4.Using the uid for encryption and setting the uid white list increases the attacker's cracking cost, but may be bypassed by special cards;
The premise provided by the author for reference here seems to be that the user passes UID authentication. Such verification is very weak, and the reference is given under a relatively weak premise. Such a statement, however, may be bypassed by a special card, should not be regarded as a defense. The defense should minimize the possibility of attacks if it is known. As mentioned in the first article, replacing the card with a better encryption algorithm not only recognizes UID, but also adds some other measures, such as checking data.
5.Non-default password encryption is adopted for the entire sector to increase the cracking cost, but brute-force cracking may be implemented through DarkSide.
This point should be clearly pointed out that not all IC cards have DarkSide attacks on MIFARE Classic chip series cards. The so-called defense by the author always seems to be the demolition of the east wall to make up the west wall. Raise a small threshold, but it does not fix the problem. In addition, DarkSide attacks target PRNG (pseudo-random number generator) instead of brute-force cracking. MIFARE keys can also be cracked using "sniffing.
The above is just a small personal opinion, not targeting any organization or individual. I hope you can point out something wrong.