Brute Force Cryptanalysis of MIFARE Classic Cards on GPU

MIFARE Classic is the most widely deployed contactless smartcard on the market. However, many active and passive attacks are provided after its proprietary stream cipher CRYPTO1 was reverse engineered. The short 48-bit key of the CRYPTO1 cipher, leaked parity bits and the encrypted error code that is sent after a failed authentication (which is corrected in the hardened new cards) allow the adversary to perform offline brute force attack and avoid detection. Such an attack requires wireless interaction with a card for less than a second and then a brute force attack which was shown to take around 9 days on a single GTX280 GPU. We optimized this brute force attack on modern GPUs by using bitsliced implementation technique and observed that a brute force attack on a GTX970 GPU can be performed in less than 5 hours. Although this attack is not applicable to hardened MIFARE Classic cards, a similar attack using the short key length and the leaked parity bits can be performed when a single key is known, possibly using the default keys for unused sectors. Such an attack requires wireless interaction with a card for less than a second and then a brute force attack which was shown to take approximately one month on a single GTX460 GPU. Our bitsliced implementation of this attack takes less than 7 hours on a GTX970 GPU.


Internet Connection Sharing Through NFC for Connection Loss Problem in Internet-of-Things Devices
Turk, Ismail; Coşar, Ahmet (2015-08-28)
Contactless devices and smart cards have been widely in use in daily life transactions for a long time. At first, those systems were designed to work fully offline for both the reader and the card side. With technological improvements, Internet connection can be available even in very small embedded devices (IoT devices). As a result, current systems have connected devices as a part of the transaction design and so keeping the system operational all the time relies on the availability of continuous Internet...
Differential factors and differential cryptanalysis of block cipher PRIDE
Doğan, Erol; Özkan Yıldırım, Sevgi; Tezcan, Cihangir; Department of Cyber Security (2017)
Today, IoT devices are used in very critical areas like payment cards, contactless keys and biometric authentication. Moreover, while the number of IoT Technologies increases, cryptographic systems that are optimized for IoT devices that require less cost, less power, and less memory are highly required in today’s industry. Therefore, in recent years several lightweight block ciphers are published to satisfy industry needs. However, there are still more work needed to be sure about the security of these blo...
Tengilimoglu, Bengisu; Bazlamaçcı, Cüneyt Fehmi (2014-04-25)
The concept of partial reconfiguration has been introduced by leading FPGA vendors in recent years. Partial reconfiguration is a technique that allows to reprogram/reconfigure a specific part of an FPGA during run-time. This method allows switching between design modules that are not necessary to function at the same time without interrupting the FPGA's processing of the current task Hence larger designs can be implemented on the same FPGA. This work is an implementation of partial reconfiguration on an FPG...
Performance analysis of elliptic curve multiplication algorithms for elliptic curve cryptography
Özcan, Ayça Bahar; Yücel, Melek D; Department of Electrical and Electronics Engineering (2006)
Elliptic curve cryptography (ECC) has been introduced as a public-key cryptosystem, which offers smaller key sizes than the other known public-key systems at equivalent security level. The key size advantage of ECC provides faster computations, less memory consumption, less processing power and efficient bandwidth usage. These properties make ECC attractive especially for the next generation public-key cryptosystems. The implementation of ECC involves so many arithmetic operations; one of them is the ellipt...
Having 4G, Enabling Cloud Based Execution for NFC based Financial Transactions
Turk, Ismail; Coşar, Ahmet (2015-11-03)
Near Field Communication (NFC) is a technology which has found wide use in recent years in Mobile Sector. NFC enables your mobile handset to become your secure wallet and it also converts your mobile to a device that easily communicates with NFC tags in a contactless way to trigger any desired action such as approving your credit card payment without requiring you to type your pin number. The Secure Element is a component in NFC which is a tamper-resistant device used to store sensitive user credentials (su...
Citation Formats
C. Tezcan, “Brute Force Cryptanalysis of MIFARE Classic Cards on GPU,” 2017, Accessed: 00, 2020. [Online]. Available: