Victoria keeps Myki cards, downplays hack

Update: The Victorian Government is unfazed by a publicised hack of the system behind its Myki transport smartcards and will continue to issue the public with its remaining stockpile of around a million cards.

The myki smartcard ticketing system was introduced in December 2009 for the state's trains, trams and buses.

Questions over the security of myki emerged after two German researchers reportedly hacked the Triple DES encryption of Mifare's DESFire cards, which myki used.

David Oswald and Christof Paar from the University of Ruhr in Germany said in a research paper (pdf) that the hack "has severe implications for real-world systems”.

The manufacturer of the DESFire microprocessor, which was used on the affected myki cards, recommended customers upgrade to the latest EV1 card model.

However, Victoria's Transport Ticketing Authority (TTA) said it would only begin issuing EV1 myki cards once stocks of the existing card ran out.

CEO Bernie Carolan said that existing myki customers "do not need to worry about the security of their myki card."

Carolan said it was unlikely that the researchers' sophisticated hack against the Mifare technology would be easily repeatable.

"Advice in a statement issued by the chip's manufacturer indicates that laboratory conditions, very expert knowledge and plenty of time is required to carry out the claimed attack," he said.

"It cannot be done simply by walking past a cardholder."

In any event, Carolan said that no personal information is stored on myki cards.

"The only information available to a hacker would be the card balance and last 10 transactions," he said.

Carolan maintained that the Mifare DESFire was "the safest smart card available on the market" and was "far more technologically advanced than other models".

He said that myki was protected by four security measures that "minimised the chances of this sort of attack".

The measures "relate to security key diversification, fraud detection countermeasures, blocking of fraudulent cards and an additional binding of card information", he said.

The research

Paar presented the research at the Cryptographic Hardware and Embedded Systems in Japan earlier this month.

“Operators and vendors of commercial RFID systems can no longer rely on the mathematical security of the employed cryptographic algorithms, but also have to take into account that an adversary may be able to obtain secret keys by means of SCA (side-channel attacks)," the researchers said.

“Thus, appropriate protective measures on the system level [such as] ensuring that each smartcard has a unique secret key and storing sensitive data in a separate database in the backend whenever possible, are mandatory to guarantee maximum security.”

The researchers' side-channel attacks targeted weaknesses in the MF3ICD40 card’s DESFire microprocessor implementation.

But the complexity of the attacks meant it was unlikely they would be mimicked.

The compromise require encoded message to be captured by a magnetic near-field probe and recorded by a digital storage oscilloscope and processed by an analogue demodulator and filter.

The attacks were also expensive, Oswald and Paar said, taking up to a year to conduct and requiring some $3000 worth of equipment.

The compromise of MF3ICD40 followed the hack of the Mifare Classic, in which the proprietary cipher Crypto1 was reverse-engineered.

Similar Mifare cards were also used in transport systems in San Francisco and the Czech Republic.

Copyright © SC Magazine, Australia