Cryptanalysis of INCrypt32 in HID's iCLASS Systems

ChangKyun KIM  Eun-Gu JUNG  Dong Hoon LEE  Chang-Ho JUNG  Daewan HAN  

Publication
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E96-A   No.1   pp.35-41
Publication Date: 2013/01/01
Online ISSN: 1745-1337
DOI: 10.1587/transfun.E96.A.35
Print ISSN: 0916-8508
Type of Manuscript: Special Section PAPER (Special Section on Cryptography and Information Security)
Category: Symmetric Key Cryptography
Keyword: 
INCrypt32,  HID's iCLASS,  RFID,  reverse engineering,  chosen message attack,  

Full Text: PDF(1.4MB)>>
Buy this Article




Summary: 
The cryptographic algorithm called INCrypt32 is a MAC algorithm to authenticate participants, RFID cards and readers, in HID Global's iCLASS systems. HID's iCLASS cards are widely used contactless smart cards for physical access control. Although INCrypt32 is a heart of the security of HID's iCLASS systems, its security has not been evaluated yet since the specification has not been open to public. In this paper, we reveal the specification of INCrypt32 by reverse-engineering iCLASS cards and investigate the security of INCrypt32 with respect to the cryptographic sense. This result is the first work to describe the details of INCrypt32 and the possibility of a secret key (64-bit) recovery in our attack environments. 242 MAC queries are required in the real environment using secure communication protocols. But the required number of MAC queries decreases to 218 if MAC quires for chosen messages with arbitrary length can be requested.