BBC Moneybox - contactless hiccups

Mon May 20 15:51:16 BST 2013

On 20 May 2013, at 14:07, Ian Mason <ukcrypto at sourcetagged.ian.co.uk> wrote:

> 
> On May 20, 2013, at 10:49 AM, Chris Edwards wrote:
> 
>> On Mon, 20 May 2013, Roland Perry wrote:
>> 
>>> What if the contactless credit card is adjacent to an Oyster or ITSO card in
>>> your wallet?
>> 
>> $workplace uses a mifare card based entry system (wave your wallet
>> containing card at door reader).  Last year, I started frequently having
>> problems opening doors.  Then I realised this was due to my bank having
>> issued a new visa card, which has the "pay-by-wave" logo (looks a bit like
>> a WiFi symbol).  Removing this visa card from my wallet reinstated by
>> ability to open doors.
>> 
>> I had some idea the protocols specifically catered for multiple cards, and
>> that the door card reader would be able to "select" the card it wants to
>> talk to.  But if so, this doesn't seem to work very well (for me).
>> 
>> 
> 
> There are several collision avoidance mechanisms for RFID cards. The commonest uses a tree walk strategy where the reader gradually enumerates the possible serial number space by repeatedly transmitting a request for cards with a defined serial number prefix to reply and lengthening the prefix at every attempt.
[...]

> This method has the undesirable property that it leaks all but the last bit of the serial number of the card it is reading. 

Surely it only leaks the common initial substring?  Yes, in the limit that is, as you say, n-1 bits of an n bit serial, but on average it will be substantially less than that, depending on how the serial numbers are allocated.

ian