Smart Cards

UCL Smart Cards and RFID Security Lab:

UCL was the first university worldwide to run such a student smart cards lab on a regular basis.

Tutor: Nicolas T. Courtois.

Dates: second term, around mid-February, no longer running.

The lab is a part of UCL’s specialist M.Sc. in Information Security. In order to attend the lab sessions students need to follow the Applied Cryptography COMPGA12 module that provides the necessary background knowledge.

Extended slides about smart cards in general.

Some introductory slides about cryptography and smart cards (some repeated from the above).

Some slides about side channel attacks.

Some slides about fault attacks in practice.

Some old slides about SIM cards (with repetition of other slides).

Some old slides about GSM techology.

Some slides about MiFare and other public transportation and building cards.

Some Slides about smart cards in buildings and bad RNG.

Some Some more slides about buildings (with some repetitions w.r.t. to the two above).

Some slides about key and random generation in real-life applications.

Some slides about PUBLIC key cryptography in practice.

Some slides about digital signatures in practice with various legal/crypto/practical aspects.

Some slides about cryptography and provable security in practice.

Some slides about philosophy of cryptography and crypto engineering.

Some slides about electronic passports and ID cards.

Some slides uni-directional Pay TV, which technology quite outdated.

Some slides about payment technology.

Some inside this page – more recent slides about e-money and bitcoin.

Some slides about bank cards. See also recent slides by Murdoch.

Here is the UCL Smart Cards Lab set of exercises from 2011.

Intended Learning Outcomes:

Learn actual smart card protocols used in actual products:

  • SIM cards: showing how a quintessential phone call can
    be made calling cryptographic functions of a SIM card and demonstrating
    the weakness of some SIM cards from Greece, Estonia, Russia,
    France etc. 
  • Oyster cards: how much money is
    on your Oyster card?

    • Consider blocks 05 and 06. Then look at bytes 5 and 4,
      the result in pounds is obtained as (b5*256+ b4)/200.
  • Building passes: which ones are insecure? Which companies
    have poor key diversification?  Ooops!
  • Learn how CHIP and PIN bank cards work, what exactly happens
    during a transaction,
  • Electronic passports: implementing basic access
  • Learn about electronic identity cards,
    PKI / PGP cards etc..
  • Understand and demonstrate the security features of smart cards:
    • privacy features such as variable UID and variable ATR
  • cardholder verification features such as PIN verification on the card
  • mutual cryptographic authentication
  • secure messaging
  • key management
  • low level access to RFID cards
  • learn how to use Microsoft PC/SC API to talk to smart cards
    from their own programs written in C or C++.
  • demonstrate working attacks on smart cards.
  • play with blank and real smart cards, make things work, have fun.


Some links:

A method to recover cryptographic keys from MiFare Classic chips at home with the ACR122 USB reader can be found here:
do it yourself: hacking MiFare Classic cards.

Bacground reading can be found here:
practical key recovery attacks on Oyster cards and building passes
and here are the slides.

This method works for example for all London Oyster cards emitted before December 2009
and about 70 % of access cards used in buildings around the world.
Many companies actually use the same cryptographic keys in every card, so that once keys for one card are recovered,
all the other cards can be read and written.


Last update 23/02/2010

Leave a Reply

Your email address will not be published. Required fields are marked *