UCL Smart Cards and RFID Security Lab
UCL is the first university worldwide to run such
a student smart cards lab on a regular basis.
Tutor: Nicolas T. Courtois.
Dates: second term, around mid-February.
The lab is a part of UCL's specialist M.Sc. in Information Security. In order to attend the lab sessions students need to follow the Applied Cryptography COMPGA12 module that provides the necessary background knowledge.
Extended slides about smart cards in general.
Some introductory slides about cryptography and smart cards (some repeated from the above).
Some slides about side channel attacks.
Some slides about fault attacks in practice.
Some old slides about SIM cards (with repetition of other slides).
Some old slides about GSM techology.
Some slides about MiFare and other public transportation and building cards.
Some slides about key and random generation in real-life applications.
Some slides about smart cards in buildings and bad RNG.
Some slides about PUBLIC key cryptography in practice.
Some slides about digital signatures in practice with various legal/crypto/practical aspects.
Some slides about cryptography and provable security in practice.
Some slides about philosophy of cryptography and crypto engineering.
Some slides about electronic passports and ID cards.
Some slides uni-directional Pay TV, which technology quite outdated.
Some slides about payment technology.
Some slides about bank cards.
Here is the UCL Smart Cards Lab set of exercises from 2011.
Intended Learning Outcomes:
Some links:
A method to recover cryptographic keys from MiFare Classic chips at home with the ACR122 USB reader can be found here: do it yourself: hacking MiFare Classic cards. Bacground reading can be found here: practical key recovery attacks on Oyster cards and building passes and here are the slides. This method works for example for all London Oyster cards emitted before December 2009 and about 70 % of access cards used in buildings around the world. Many companies actually use the same cryptographic keys in every card, so that once keys for one card are recovered, all the other cards can be read and written.