File:HID-iCLASS-security.pdf

Heart of Darkness - exploring the uncharted backwaters of HID iCLASS security.

This paper provides detailed information on iCLASS reader and key security. It explains the security problems found without revealing the extracted secret keys (DES authentication Key and the 3DES data encryption key for iCLASS Standard Security cards). The chosen approach of not releasing the encryption and authentication keys gives iCLASS vendors and customers an important headstart to update readers and cards to High Security mode in order to stop attackers from forging, reading and cloning iCLASS Standard Security cards. This paper also explains, how Standard Security and High Security keys were extracted from a RW400 reader without leaving visible traces.