UCL Smart Cards and RFID Security Lab 
 
UCL is the first university worldwide to run such a student smart cards lab on a regular basis.

Tutor: Nicolas T. Courtois. 

Dates: second term, around mid-February.

The lab is a part of UCL's specialist M.Sc. in Information Security. In order to attend the lab sessions students need to follow the Applied Cryptography COMPGA12 module that provides the necessary background knowledge.

Some introductory slides about smart cards can be found here. 

Intended Learning Outcomes:

• Learn actual smart card protocols used in actual products:
• SIM cards: showing how a quintessential phone call can be made calling cryptographic functions of a SIM card and demonstrating the weakness of some SIM cards from Greece, Estonia, Russia, France etc. 
• Oyster cards: how much money is on your Oyster card?
• Consider blocks 05 and 06. Then look at bytes 5 and 4, the result in pounds is obtained as (b5*256+ b4)/200.
• Building passes: which ones are insecure? Which companies have poor key diversification?  Ooops!
• Learn how CHIP and PIN bank cards work, what exactly happens during a transaction,
• Electronic passports: implementing basic access control. 
• Learn about electronic identity cards, PKI / PGP cards etc..
• Understand and demonstrate the security features of smart cards:
  • privacy features such as variable UID and variable ATR
  • cardholder verification features such as PIN verification on the card
  • mutual cryptographic authentication
  • secure messaging
  • key management
  • low level access to RFID cards
• Learn how to use Microsoft PC/SC API to talk to smart cards from their own programs written in C or C++.
• Demonstrate working attacks on smart cards.
• Play with blank and real smart cards, make things work, have fun.

Some links:

A method to recover cryptographic keys from MiFare Classic chips at home with the ACR122 USB reader can be found here: do it yourself: hacking MiFare Classic cards. Bacground reading can be found here: practical key recovery attacks on Oyster cards and building passes and here are the slides. This method works for example for all London Oyster cards emitted before December 2009 and about 70 % of access cards used in buildings around the world. Many companies actually use the same cryptographic keys in every card, so that once keys for one card are recovered, all the other cards can be read and written.