本文档提供了一系列关于电子护照(ePassport)及其它智能卡的安全研究资料,包括ePassport模拟器软件、eCL0WN实用工具等。这些工具能够帮助用户读取、复制电子护照芯片内容,并验证其数据。此外,还探讨了荷兰自动废物登记系统的安全性与可靠性,以及荷兰智能计量系统的安全分析。
 |  |
Downloads
In this section you can find the following software and documents:
- ePassport emulator
- eCL0WN
- crapto1gui
- Presentation slides Black Hat Briefings Europe 2009
- Security and Reliability of Automated Waste Registration in The Netherlands
- Security analysis of Dutch smart metering systems
ePassport emulator
The epassport_emulator is an ePassport / eID emulator for JavaCard. It
implements functionality as described in ICAO Doc 9303. Additionally it
implements functionality to write files and key data to the emulator.
| Name: | epassport_emulator |
| Version: | 1.02 (build 20090120) |
| Details: | http://seclists.org/fulldisclosure/2009/Jan/0788.html |
| Tested on: | 72k JCOP v4.1 Nokia NFC "secure element" |
| Supported by: | RFIDIOt by Adam Laurie RFIDIOT-vonjeek by The Hacker's Choice ecl0wn by dexlab (see below) |
| Download: | 7 kbyte ZIP |
[ back ]
eCL0WN
eCL0WN is a J2ME ePassport utility for Nokia NFC phones that allows you to
read and clone your ePassport's chip content. Just follow six easy steps:
- Upload eCL0WN to your phone and start it
- Set the passport key
- Read an ePassport
- View details on your phone (sorry Dutch and German folks, JPEG-2000 not supported)
- Write data to an emulator
- Verify written data with e.g. Golden Reader Tool
| Name: | eCL0WN |
| Version: | 1.01 (build 20090120) |
| Details: | http://seclists.org/fulldisclosure/2009/Jan/0789.html |
| Tested on: | Nokia 6131 NFC Nokia 6212 NFC |
| Supported by: | epassport_emulator 1.02 (see above) |
| Download: | 34 kbyte ZIP |
[ back ]
crapto1gui
Crapto1gui is a Windows implementation of the crapto1 tool. It allows you to crack crypto-1 Mifare Classic keys. If you're using the ProxMark3 RFID sniffer on the Windows platform this utility might save you some time, avoiding copying data from one system to another. The ZIP contains a standalone binary and source code (CodeGear C++ Builder 2009).
| Name: | crapto1gui (binary + source) |
| Version: | 1.01 (build 20090611) |
| Details: | http://code.google.com/p/crapto1/ |
| Tested on: | Windows x86 Windows x64 |
| Supported tag: | Mifare Classic |
| Download: | 353 kbyte ZIP |
[ back ]
ePassports reloaded goes mobile
This presentation will examine the different mechanisms used in ePassports to prevent cloning and creation of electronic travel documents with non-original content and ways to attack these mechanisms. Additionally we dive into the process of integrating emulator chips in existing travel documents. Also a new ePassport attack suite will be presented, allowing you to backup your passport chip with a mobile phone.
| Title: | ePassports reloaded goes mobile |
| Author: | Jeroen van Beek (dexlab) |
| Download: | 4.98 Mbyte PDF |
[ back ]
Security and Reliability of Automated Waste Registration in The Netherlands
Electronic registration of domestic waste is in wide use, often to raise taxes based on the amount of waste households produce, but not much prior research into the technical aspects of this area has been done. Two basic methods are found: personal household containers and shared underground containers. This report tries to de ne requirements for such systems and compares several systems in actual use to these requirements.
Every municipality surveyed employed a different combination of systems, each having their own strengths and weaknesses. All use radio frequency identification (RFID) but many can easily be copied. Encryption is hardly used. No critical security risks were found, but a number of issues still need addressing.
Jeroen van Beek (and others) supervised this project.
| Title: | Security and Reliability of Automated Waste Registration in The Netherlands |
| Authors: | Dick Visser Thijs Kinkhorst |
| Download: | 553 kbyte PDF |
[ back ]
Security analysis of Dutch smart metering systems
Smart meters enable utility companies to automatically readout metering data and to give consumers insight in their energy usage, which should lead to a reduction of energy usage. To regulate smart meter functionality the Dutch government commissioned the NEN to create a Dutch standard for smart meters which resulted in the NTA-8130 specification. Currently
the Dutch grid operators are experimenting with smart meters in various pilot projects. In this project we have analyzed the current smart meter implementations and the NTA using an abstract model based on the the CIA-triad (Confidentiality, Integrity and Availability). It is important that no information can be attained by unauthorized parties, that smart meters
cannot be tampered with and that suppliers get correct metering data.
We conclude that the NTA is not specific enough about the security requirements of smart meters, which leaves this open for interpretation by manufacturers and grid operators. Suppliers do not take the privacy aspect of the consumer data seriously. Customers can only get their usage information through poorly secured websites. The communication channel for local meter configuration is not secured sufficiently: consumers might even be able to reconfigure their own meters. Also, the communication channels that are used between the smart meter and gas or water meter are often not sufficiently protected against data manipulation. It is important that communication at all stages, starting from the configuration of the meter to the back-end systems and websites, is encrypted using proven technologies and protected by proper authentication mechanisms.
Jeroen van Beek (and others) supervised this project.
| Title: | Security analysis of Dutch smart metering systems |
| Authors: | Sander Keemink Bart Roos |
| Download: | 2.28 Mbyte PDF |
[ back ]
| copyright © 2008 - 2009 dexlab. all rights reserved. |
扫一扫
121
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
