BBC Moneybox - contactless hiccups

Ian Mason ukcrypto at sourcetagged.ian.co.uk
Mon May 20 14:07:23 BST 2013 

On May 20, 2013, at 10:49 AM, Chris Edwards wrote:

> On Mon, 20 May 2013, Roland Perry wrote:
>
>> What if the contactless credit card is adjacent to an Oyster or  
>> ITSO card in
>> your wallet?
>
> $workplace uses a mifare card based entry system (wave your wallet
> containing card at door reader).  Last year, I started frequently  
> having
> problems opening doors.  Then I realised this was due to my bank  
> having
> issued a new visa card, which has the "pay-by-wave" logo (looks a  
> bit like
> a WiFi symbol).  Removing this visa card from my wallet reinstated by
> ability to open doors.
>
> I had some idea the protocols specifically catered for multiple  
> cards, and
> that the door card reader would be able to "select" the card it  
> wants to
> talk to.  But if so, this doesn't seem to work very well (for me).
>
>

There are several collision avoidance mechanisms for RFID cards. The  
commonest uses a tree walk strategy where the reader gradually  
enumerates the possible serial number space by repeatedly transmitting  
a request for cards with a defined serial number prefix to reply and  
lengthening the prefix at every attempt. It would look something like  
this:

Reader Tx:	Any cards there?
Reader Rx:	<collision>
Reader Tx:	Any cards with a serial number starting '0' there?
Reader Rx:	<silence>
Reader Tx:	Any cards with a serial number starting '1' there?
Reader Rx:	<collision>
Reader Tx:	Any cards with a serial number starting '10' there?
Reader Rx:	<silence>
Reader Tx:	Any cards with a serial number starting '11' there?
Reader Rx:	<collision>
Reader Tx:	Any cards with a serial number starting '110' there?
Reader Rx:	This is card 11011001...

  This method has the undesirable property that it leaks all but the  
last bit of the serial number of the card it is reading. This being  
leaked by the reader (which will have a much higher transmit power  
than the card) it can be read at much greater distances than replies  
from cards. Using it implies that for a system to be even trivially  
secure, the systems security must not rely on the cards serial number  
being secret. This might seem obvious, but I've seen smart card  
systems that do rely on serial number secrecy.

An alternative collision mechanism is good old ALOHA and slotted  
ALOHA, as used in ethernet's great granddaddy at the University of  
Hawaii. This is a classic backoff and retransmit protocol and has all  
the problems of those style protocols in high traffic/crowded airspace  
situations.

I don't know which mechanism contactless payment cards use. Using  
either one there is still a race for cards to reply and a possibility  
that for implementations that stop trying once they have received a  
single complete reply that a particular card may always be singled  
out, either by serial number priority or differing choices (or  
accuracy) of retransmission timers.

Note that both protocols make it possible to enumerate all cards in  
range and then it would be an application flaw, as opposed to a reader  
flaw, that allowed two cards to be charged for the same transaction.  
It seems obvious to me that a POS system that detected two or more  
cards ought to ask for human intervention to resolve which card to  
choose but perhaps it wasn't obvious to the designers of these  
particular systems.

Ian

More information about the ukcrypto mailing list