1

If I understood well its functioning, the card send an ID (NFC tag) if it has received a correct encryption key.

Probably by the reader?

So it must be possible to attack the reader instead of the card, wouldn't it?

Maxim
  • 15
  • 1
  • 3

1 Answers1

2

The key is not sent by the reader. A challenge-reponse protocol is used for the reader to prove to the card it holds the key. To attack this over the air you would need to break the underlying algorithm - which makes this question "how secure is Triple-DES / AES.

If you are asking about attacking the reader directly then yes the reader has to store the key. These are usually programmable - so with access to that interface you may be able to lift the key. But this is going to be highly reader and key distribution method dependent.

It is also worth noting the cards support per-application keys. A well designed system would segregate functionality so if a single application had keys compromised others would still remain secure. For example for a canteen system you could have different keys for topping up the card and spending the balance. If the cafeteria tills card readers became compromised it would still not be possible to add false balance - only to withdraw it.

Hector
  • 10,893
  • 3
  • 41
  • 44