Judge approves TRO to stop DEFCON presentation
David G. Koontz
david_koontz at xtra.co.nz
Sat Aug 9 22:31:50 EDT 2008
Jim Youll wrote:
> these have been circulating for hours, but they are content-free title
> slides...
>
> On Aug 9, 2008, at 7:38 PM, Ivan Krstić wrote:
>
>> On Sat, 09 Aug 2008 17:11:11 -0400, "Perry E. Metzger"
>> <perry at piermont.com>
>> wrote:
>>> Las Vegas - Three students at the Massachusetts Institute of
>>> Technology (MIT) were ordered this morning by a federal court
>>> judge to cancel their scheduled presentation about vulnerabilities
>>> in Boston's transit fare payment system, violating their First
>>> Amendment right to discuss their important research.
>>
>> <http://www-tech.mit.edu/V128/N30/subway/Defcon_Presentation.pdf>
There's also the synopsis as an exhibit to the case found in the Wired
article. Note the recommendations for corrective action are familiar from
the previous reported weaknesses to the MIFARE system.
http://blog.wired.com/27bstroke6/2008/08/injunction-requ.html
DefCon: Boston Subway Officials Sue to Stop Talk on Fare Card Hacks --
Update: Restraining Order Issued; Talk Cancelled
http://blog.wired.com/27bstroke6/files/vulnerability_assessment_of_the_mtba_system.pdf
Vulnerability Assessment of the MTBA System (Exhibit 1 to Case
1:08-cv-11364-GAO).
A report on the Dutch Public Transit Card:
http://staff.science.uva.nl/~delaat/sne-2006-2007/p41/report.pdf
Recently updated Dutch information by Andy Tanenbaum:
http://www.cs.vu.nl/~ast/ov-chip-card/
The fellows at Raboud University Nijmegan:
http://www.ru.nl/ds/research/rfid/
(Where we'll probably be able to find the Esorics 2008 presentation.
'Dismantling MIFARE Classic', in October.)
I'd imagine there is sufficient information available to replicate the
attack, there's info on the MIFARE Classic cryptographic algorithm.
http://www.cs.virginia.edu/~kn5f/pdf/Mifare.Cryptanalysis.pdf
http://www.cs.virginia.edu/~kn5f/pdf/OV-card_security.pdf
Algebraic Attacks on the Crypto-1 Stream Cipher in MiFare Classic
http://eprint.iacr.org/2008/166.pdf
Security Evalution of the disposable OV-chipkaart v1.7 updated 13 April 08
http://staff.science.uva.nl/~delaat/sne-2006-2007/p41/Report.pdf
(which has a description of the memory structure found on the cards as well
as a lot of useful protocol information.)
And the Translink Netherlands report on why disclosure doesn't matter:
http://www.translink.nl/media/bijlagen/nieuws/TNO_ICT_-_Security_Analysis_OV-Chipkaart_-_public_report.pdf
(translation: security through obscurity? still obscure enough)
And of course we've seen the Raboud video link found on Youtube:
http://www.youtube.com/v/NW3RGbQTLhE&hl=en
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list