1 / 26

30 Minutes of RFID Analysis, Applications and Attacks Presented By Dan Cornforth

30 Minutes of RFID Analysis, Applications and Attacks Presented By Dan Cornforth. Overview. What is RFID How does the technology work Identify some of the forces behind progress to date Who is using RFID currently & for what What might RFID be useful for & by whom

jana
Download Presentation

30 Minutes of RFID Analysis, Applications and Attacks Presented By Dan Cornforth

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 30 Minutes of RFID Analysis, Applications and Attacks Presented By Dan Cornforth

  2. Overview • What is RFID • How does the technology work • Identify some of the forces behind progress to date • Who is using RFID currently & for what • What might RFID be useful for & by whom • Some potential weaknesses, attack vectors and fixes

  3. What is RFID Smartcode EPC passive RFID tag

  4. What is RFID • Radio Frequency Identification • Typical RFID infrastructure

  5. RFID Characteristics & Differentiators • Types of tag • Passive • Active • The air interface (operating frequency) • LF 125khz • HF 6.78mhz, 13.56mhz, 27.125mhz, 40.680mhz • UHF 433.920mhz, 869mhz, 915mhz • Microwave 2.45ghz, 5.8ghz, 24.125ghz • Communication modes • Full duplex • Half duplex • Variant half duplex • Coupling • Backscatter

  6. Governing Specifications • ISO 14443 • Defines 2 card types (A & B) • Modulation methods • Coding schemes • Protocol initiation procedures • ISO 15693 • Defines vicinity cards • Emergence of the EPC (Gen2) standards • Electronic Product Code • No single global body, for RFID governance and standards… yet

  7. Security Features of Common Tags • Transmit standard serial ID • UNIQUE • VeriChip • Most animal tags • HID Prox II • Requires a password authentication prior to ID transmission • Q5 • Titan • EM4469 • Challenge response, PKI and encrypted transmission of ID • DST (40 bit key) • MiFare • HiTag (48 bit key) • SmartMX (128 bit AES, 4096 bit asymmetric key)

  8. Influences & Drivers • Perceived speed, security and simplicity of the cashless society • The Hong Kong Octopus Card • Estimated 63% time saving – Amex (ExpressPay) • Asset, warehouse and stock management traditionally seen as drivers • US TREAD Act 2004 (Trans, Recall, Enhance, Acc, Doc) • Wal-Mart, FDA and US DoD mandates • Keyless entry • Centralised access management • Key duplication perceived more difficult ~ dependant • EPCglobal network • Ever decreasing size and price of the hardware

  9. Current Applications • Payments • Amex Bluecard products & ExpressPay, • Mastercard PayPass • Public transport & ticketing • The Hong Kong Octopus card • London transports Oyster card • Many more throughout Europe, US and Asia • Industrial automation • Stock and asset management through the supply chain • Electronic immobilisation • Physical access control • ePassport • Animal identification • Various medical applications

  10. Current Applications

  11. Future & Potential Applications • A potentially limitless marketing resource (e.g Tagged clothing items that may be tracked throughout a shopping mall) • What are the shopping behaviour patterns of our customers? • What else did they buy from who? • Was our store their first choice for the product they bought? • Where did they eat? • Who are they shopping with? • Which family member(s) appear to be driving the shopping experience? • OK this may appear a little far fetched but technically feasible • EPCglobal network • Potential applications appear to be limited only by • Privacy legislation • Public perception • Implementers imagination

  12. Attack Vectors • Tag destruction & read prevention • The kill command • The RFID “virus” • Device cloning & replay attacks • The relay attack • Attacking weak crypto • Side channel attacks (power analysis)

  13. Tag Destruction & Read Prevention • Nothing particularly sophisticated or glamorous here • Home made strong electro magnetic field generator • The “RFID-Zapper” • Non FCC compliant • https://events.ccc.de/congress/2005/wiki/RFID-Zapper(EN) • Foil & duct tape RFID shielded wallet for the privacy enthusiast • http://www.rpi-polymath.com/ducttape/RFIDWallet.php

  14. Physical Read Prevention

  15. Physical Read Prevention

  16. The Kill Command • Primarily a privacy and anti-counterfeiting mechanism • Technical implementation left to device manufacturer • Achieved via • Blowing an embedded fuse, following issue of correct “kill” string • Set a “killed” value in memory, disabling the protocol state machine • Logical layout of tag memory as per EPC Class 0 &1 Gen1 standards

  17. The RFID “virus” • Nothing particularly notable or new to see here • This is a PoC attack • Bad data written to tag • Middleware supporting the RFID infrastructure reads the bad data from the tag without sanitising the input • The potential for SQL injection attack against a backend database exists • Not strictly an RFID specific attack • Not an ideal SQL injection scenario • Knowledge of backend database construct and product is a prerequisite

  18. Device Cloning & Replay • Effective against ID only and symmetric devices • Reprogram another tag to emulate another device ID • Certain models of HiTag can be programmed to emulate other devices serial numbers • Reproduction and replay of the tag transmission • http://cq.cx/verichip.pl • Off the shelf parts • 125 khz & 13.56 mhz • Sniff, behave as a reader and behave as a device • The USRP (Universal Software Radio Peripheral) http://ettus.com

  19. Device Cloning & Replay

  20. The Relay Attack • Effective against challenge response, cryptographically & non cryptographically sound devices • For those who have read Ross Andersons “Security Engineering” think “MiG in the middle” attack • The scenario • An RFID enabled point of sale for good or services • Using a contactless smartcard • Employing a cryptographically sound communication channel between the device and the reader • How the attack works • At the checkout the POS issues a challenge to the card in customer A’s wallet, which is waved before the reader • Our customer relays this challenge via an RFID proxy to another card holders wallet elsewhere (Cardholder B) • Card holder B’s card responds to the valid proxied challenge • The response from B’s card is relayed to A’s card in answer to A’s purchase at the POS. • The hardware for this attack cost the Cambridge based researchers approximately $250

  21. Attacking Weak Encryption • Texas Instruments DST (Digital Signal Transponder) • Basis for the SpeedPass payments system primarily used at petrol stations in the US • Uses a proprietary 40 bit undisclosed algorithm • The attack involved three distinct stages • Reverse engineering of the algorithm • Brute force key cracking • Tag simulation

  22. Attacking Weak Encryption

  23. Power Analysis Attacks • What is it? • Side channel cryptanalysis attack against the chip • Generally aimed at the implementation rather than the algorithm • Focuses on the relation of changes within the power consumption across the chip with operations within the cryptosystem • Requires logic analysis equipment • Goals • Extraction of cryptographic key material • Peter Gutmann quote: “You simply cannot make a credit-card form factor device robust, capable, or secure.”

  24. Mitigation • Ensure real cryptography is used • AES & friends ~ good • Snake oil infinity bit proprietary algorithm ~ bad • Greater device tamper resistance • Help place side channel attacks outside the realms of a moderately funded attacker • Equates to a more expensive device • Pressure device manufactures for the development & implementation of a distance bounding protocol within high security devices • Equates to a more expensive device • Ensure appropriate device selection and testing from project outset • Recalling devices issued to a nations dairy herd or passport holders may prove costly

  25. References & Resources • Fundamentals and Applications in Contactless Smartcards & IdentificationKlaus Finkenzeller • Python library for exploring RFID devices http://rfidiot.org • Practical Relay Attacks Against ISO 14443 Proximity CardsGerhard Hancke & Dr Markus Kuhn • Low Cost Attacks on Tamper Resistant DevicesRoss Anderson & Markus Kuhn • A New Approach to Hardware Security Analysisin Semiconductors Sergi Skorobogatov • RFID EssentialsO’Reilly • Texas Instruments DST attack http://www.jhu.edu/news_info/news/home05/jan05/rfid.html • RFID relay attacks http://www.cl.cam.ac.uk/~gh275/relay.pdf • RFID virus http://www.rfidvirus.org/papers/percom.06.pdf • Smartdust http://en.wikipedia.org/wiki/smartdust

  26. Questions http://www.security-assessment.com dan.cornforth@security-assessment.com

More Related