Security analysis of contactless cards

The MIFARE Classic is the most widely used contactless smart card chip in the world. Its design and implementation details are kept secret by its manufacturer but several academic researchers have already cracked the encryption. Arduino is a programmable single-board microcontroller. It has gained popularity among the DIY community in the recent years. Any hobbyist is able to purchase one because it is readily available, relatively inexpensive, easy to develop and simple to setup. This project aims to study the architecture of MIFARE Classis, understand the weaknesses in its security and investigate the feasibility of exploiting those vulnerabilities using a DIY Arduino project setup. I will illustrate how the MIFARE Classic operates as a contactless smart card as well as the cryptosystem employs by MIFARE Classic. I will also break down the architecture of MIFARE Classic to explain its weaknesses. Last but not least, I will justify why it is not feasible to mount a cryptographic attack with just a simple DIY Arduino setup.