It sure seems like the CharlieCard, which is used by the Boston subway system, has a serious security weakness. The MBTA has sued 3 MIT students to stop them from giving a planned talk at DEFCON.
Doesn’t this seem backwards to you? Shouldn’t the MBTA be suing the vendor who sold them the flawed system? Security problems go away by mandating independant security testing before a product is accepted, not by trying to get security researchers to be quiet. This is a good example of how the reactive approach doesn’t work. The flaws are still in the system and suing researchers has just shined a bright light on them.
Update 08/09/2008 6:00pm EST:
The EFF is appealing the injunction which is blocking the students from speaking about the results of their testing.
A telling quote from Kurt Opsahl, staff attorney at the EFF gets to the heart of the issue:
“Courts have found that the First Amendment covers these things. We believe that this is a protected speech activity. When you discuss security issues, if you are telling the truth, that is something that should be protected.”
Apparently the MBTA has known about this problem since at least March, 2008 when a graduate student from the University of Virginia announced he was able to break the encryption system.
The U of VA researcher gave an interview where he described why security by obscurity is not a valid security approach for a cryptosystem:
Q: What are your thoughts on security by obscurity? Is NXP using this method of protection?
A: Security-through-obscurity hardly ever works. The lack of proper peer-review often even hurts the security of the system. Our Mifare work discovered several vulnerabilities that could be fixed without increasing the cost of the cards. NXP did for a long time rely on obscurity for the security of some of their products, but now decided against this outdated design approach and instead bases the security of newer RFID cards on publicly scrutinized cryptography and independent evaluations.
Q: Can you explain “Kerckhoffs Principle” and why it applies to your work?
A: Kerchoff, who lived in the 19th century, observed that keeping anything secret is really hard. So instead of relying on the secrecy of your whole system, it would a lot easier to only rely on the secrecy of a small secret key. Security systems should hence be publicly known and analyzed, and only the key should be secret. When properly realised for RFID cards, Kerchoff’s principle means that by analyzing their own cards, thieves cannot compromise your cards. This is contrary to our Mifare work, where we only analyzed a few copies of the the secret algorithm that is found in all cards and were consequently able affect the security of all the other billion cards out there.
The MBTA not only accepted a security system which relied on security by obscurity but once accepting this flawed model must try to maintain this obscurity with the court system.
The documents detailing the presentation are here.