Abstract
Many Radio Frequency IDentification (RFID) applications such as car immobilizers and access control systems make use of the proprietary stream cipher Hitag 2 from the company NXP. Previous analysis has shown that the cipher is vulnerable to different attacks due to the low complexity of the cipher and its short 48-bit secret key. However, all these attacks either rely on expensive reconfigurable hardware, namely the Field Programmable Gate Array (FPGA) cluster COPACOBANA, or are impractical. In this paper we develop the first bit-sliced OpenCL implementation for the exhaustive key search of Hitag 2 that runs on off-the-shelf hardware. Our implementation is able to reveal the secret key of a Hitag 2 transponder in less than 11 hours on a single Tesla C2050 card in the worst case. The speed of our approach can be further improved due to its scalability, i.e., we estimate a speed of less than one hour on a heterogeneous platform cluster consisting of CPUs and GPUs that can be realized with a budget of less than 5,000 €. This result enables anyone to obtain the secret key with only two sniffed communications in shorter time and with significantly less cost compared to systems such as the COPACOBANA.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Agosta, G., Barenghi, A., De Santis, F., Pelosi, G.: Record Setting Software Implementation of DES using CUDA. In: Proceedings of the 2010 Seventh International Conference on Information Technology: New Generations, ITNG 2010, pp. 748–755. IEEE Computer Society, Washington, DC (2010)
Bachani, R.: Time-memory-data cryptanalysis of the HiTag2 stream cipher. Master’s thesis, Technical University of Denmark (2008), http://code.google.com/p/cryptanalysis-of-hitag2/
Biham, E.: A Fast New DES Implementation in Software, pp. 260–272. Springer (1997)
Bogdanov, A., Paar, C.: On the Security and Efficiency of Real-World Lightweight Authentication Protocols (2008)
Courtois, N.T., O’Neil, S.: FSE Rump Session – Hitag 2 Cipher (2008), http://fse2008rump.cr.yp.to/00564f75b2f39604dc204d838da01e7a.pdf (August 30, 2012)
Courtois, N.T., O’Neil, S., Quisquater, J.-J.: Practical Algebraic Attacks on the Hitag2 Stream Cipher. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 167–176. Springer, Heidelberg (2009)
Henryk Plötz, K.N.: Breaking Hitag 2 (August 2009), https://har2009.org/program/attachments/113_breaking_hitag2_part1_hardware.pdf
NXP. HITAG 2 transponder IC, http://www.nxp.com/products/identification_and_security/smart_label_and_tag_ics/hitag/series/HITAG_2_TRANSPONDER_IC.html#overview (August 30, 2012)
NXP. HT2 Transponder Family Communication Protocol – Revision 2.1, http://www.proxmark.org/files/index.php?dir=Documents%2F125+kHz+-+Hitag%2F&download=HT2protocol.pdf (August 30, 2012)
SILCA. Die neueste Silca Transponder Technologie, http://www.silca.de/media/112090/v4/File/silca-id46-solution-rw4.pdf (August 30, 2012)
Soos, M.: Cracking Industrial Ciphers at a Whim (April 2011), http://50-56-189-184.static.cloud-ips.com/wordpress/wp-content/uploads/2011/04/hes2011.pdf (August 30, 2012)
Stembera, P.: Cryptanalysis of Hitag-2 Cipher. Master’s thesis, Czech Technical University in Prague (2011), https://dip.felk.cvut.cz/browse/pdfcache/stembpe1_2011dipl.pdf (August 30, 2012)
Unknown. Hitag2 Stream Cipher C Implementation and Graphical Description (2006-2007), http://cryptolib.com/ciphers/hitag2/ (June 14, 2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Immler, V. (2012). Breaking Hitag 2 Revisited. In: Bogdanov, A., Sanadhya, S. (eds) Security, Privacy, and Applied Cryptography Engineering. SPACE 2012. Lecture Notes in Computer Science, vol 7644. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34416-9_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-34416-9_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34415-2
Online ISBN: 978-3-642-34416-9
eBook Packages: Computer ScienceComputer Science (R0)