Faculty of Information Technology, BUT

Publication Details

Modeling of Contactless Smart Card Protocols and Automated Vulnerability Finding

HENZL Martin and HANÁČEK Petr. Modeling of Contactless Smart Card Protocols and Automated Vulnerability Finding. In: 2013 International Symposium on Biometrics and Security Technologies (ISBAST). Chengdu: IEEE Computer Society, 2013, pp. 141-148. ISBN 978-0-7695-5010-7.
Czech title
Modelování protokolů bezkontaktních čipových karet a automatické hledání zranitelností
Type
conference paper
Language
english
Authors
Keywords
contactless smart card, security, vulnerability, model, Mifare DESFire
Abstract
We present a method of automated vulnerability finding in protocols that use contactless smart cards. We focus on smart cards with contactless interface because they are simpler than their counterparts with contact interface and provide less functionality, which can be modeled more easily. Our method uses model checking to find possible attacks in a model of the protocol implementation on particular smart card. There is a possibility to model arbitrary smart card, we demonstrate this method on one of the currently most widespread contactless smart cards - the Mifare DESFire. Using our method we were able to locate a couple of weaknesses of this smart card which may cause vulnerability if the protocol is not implemented properly. This method can be used by developers to evaluate security of their protocol implementation on particular smart card.
Published
2013
Pages
141-148
Proceedings
2013 International Symposium on Biometrics and Security Technologies (ISBAST)
Conference
International Symposium on Biometrics and Security Technologies, Chengdu, CN
ISBN
978-0-7695-5010-7
Publisher
IEEE Computer Society
Place
Chengdu, CN
BibTeX
@INPROCEEDINGS{FITPUB10257,
   author = "Martin Henzl and Petr Han\'{a}\v{c}ek",
   title = "Modeling of Contactless Smart Card Protocols and Automated Vulnerability Finding",
   pages = "141--148",
   booktitle = "2013 International Symposium on Biometrics and Security Technologies (ISBAST)",
   year = 2013,
   location = "Chengdu, CN",
   publisher = "IEEE Computer Society",
   ISBN = "978-0-7695-5010-7",
   language = "english",
   url = "https://www.fit.vut.cz/research/publication/10257"
}
Back to top