Government ID, Smart Cards, Identification and Authentication
CBORD: Securing buildings, transactions, and the bottom line. www.cbord.com

Nohl: NXP making ‘terrible decision’

Thursday, July 10, 2008

Dutch semiconductor manufacturer NXP is making a mistake suing Radboud University Nijmegen in the Netherlands, says Karsten Nohl, a University of Virginia graduate student who worked with others to break the MIFARE cryptographic algorithm. “It’s a terrible decision, there is no legal case to be made,” Nohl says. “This was reverse engineered legally without any help from NXP.”

NXP has sued the university to block details of a security flaw in NXP’s MIFARE Classic contactless smart cards. The MIFARE Classic line of products is possibly the world’s most widely deployed contactless product, used for many transit and physical security applications.

The university had sent its research to NXP for review before publishing it, Nohl says. The university did this to inform NXP of the vulnerability in hopes that the chip manufacturer would remedy the situation and inform users that the systems are weak. In the future researchers might not be as kind and instead just publish the research without letting NXP review it first. While Nohl has just about completed his work on MIFARE, if he were to do any additional work he would probably publish it without pre-informing NXP.

Nohl is planning on releasing his research on MIFARE in August. He has been working with NXP and doesn’t think he will be sued. “I had been invited to meet with and discuss how to make their technology more secure,” he says.

Also, Nohl’s research is more theoretical while the university’s actually shows individuals how to crack the security of the chip, he says. “NXP has no problem with what we have,” he says. “The research isn’t about breaking the card but we describe the method of how the card is broken.”

The hearing to prevent the university from publishing its research was held in Dutch court today, but a decision isn’t expected until next week, Nohl says.

The MIFARE Classic line includes the MIFARE 1K, MIFARE 4K and MIFARE Mini products. They are used worldwide in transit fare collection systems, access control solutions, and government ID systems. Large issuers include transit projects such as London’s Oyster program, The Netherlands’ OV-chipkaart, and Boston’s Charlie Card.

For more information see our previous coverage here[end] 

Related Articles
NJ Transit reports 'overwhelming' success with Google Wallet

New Jersey Transit’s use of NFC payments with Google Wallet has been an “overwhelming and resounding success,” according to NJ Transit spokesman John Durson.

Introduced on the NJ Transit network in October 2011, Google Wallet enables riders to purchase tickets with the tap of an NFC-enabled phone at New York Penn Station, Newark Liberty Airport’s rail station and on 7 city bus lines.

read more »
Cubic, UC San Diego teams to research generation travel technologies

Cubic Transportation Systems and the University of California San Diego (UC San Diego) have entered into a collaborative partnership to research the next generation of intelligent travel technologies for cities.

read more »
Calgary pilots smart card payments for public transit

Calgary, Alberta is pushing forward with the anticipated summer launch of a new smart card payment system for public transit, according to the Calgary Herald.

read more »
Cubic customer tops one million mobile transit tickets sold in Frankfurt

Cubic Transportation Systems announced that Rhein-Main-Verkehrsverbund GmbH (RMV), one of Europe’s largest transport associations, has sold more than one million mobile phone transit tickets with Cubic’s smart phone app and mobile ticketing solution.

read more »
Melbourne replaces paper tickets with smart cards for public transit

In Transport Ticketing Authority (TTA) in Melbourne, Australia is making a questionable decision by deciding to do away with its paper tickets on buses and V/Line inter-urban services, according to theage.com.au.

read more »
Norway transit selects Arcontia for e-ticketing system

Arcontia Technology AB, a Swedish producer of contactless smart card readers and terminals, has won a contract for devices to be used by Norwegian public transport authority Ruter AS.

read more »

Copyright © 2012, AVISIAN, Inc. All rights reserved.