slide1
Download
Skip this Video
Download Presentation
RFID Devices and Cryptography Analysis of the DST40

Loading in 2 Seconds...

play fullscreen
1 / 18

RFID Devices and Cryptography Analysis of the DST40 - PowerPoint PPT Presentation


  • 285 Views
  • Uploaded on

Bono, S.C., et al, Security Analysis of a Cryptographically-Enabled RFID Device. In P. McDaniel, ed., USENIX Security '05, pp. 1-16. 2005. RFID Devices and Cryptography Analysis of the DST40. A review of the article:. Dennis Galvin Practical Aspects of Modern Cryptography 07-Mar-2006.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'RFID Devices and Cryptography Analysis of the DST40' - aldis


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1
Bono, S.C., et al, Security Analysis of a Cryptographically-Enabled RFID Device. In P. McDaniel, ed., USENIX Security '05, pp. 1-16. 2005RFID Devices and CryptographyAnalysis of the DST40

A review of the article:

Dennis Galvin

Practical Aspects of Modern Cryptography

07-Mar-2006

dst40
DST40
  • Texas Instruments
  • Cryptographically Secured RFID system
  • DST :: Digital Signature Transponder
  • 40-bit key
  • Used in a number of applications
    • Exxon Mobil SpeedPass(TM)
    • Automotive Immobilizers
      • 2005 Ford
      • Some European Mfgrs. 2000 – 2005

TI spec sheet photo

slide3
Sample TI DST40 Based Immobilizer Systemfrom: http://rfid.bluestarinc.com/resources/Immobilizer_Systems.pdf
slide4
Sample TI DST40 Based Immobilizer Systemfrom: http://rfid.bluestarinc.com/resources/Immobilizer_Systems.pdf
breaking the dst40
Breaking the DST40
  • Reverse engineer the cipher
  • Build a key cracker
  • Build the whole system – proof is in the pudding
  • What's the big deal?
    • Black box
    • Use DST as oracle
reverse engineering the cipher
Reverse engineering the cipher

Kaiser, U. Universal immobilizer crypto engine.

In Fourth Conference on the Advanced Encryption Standard (AES) (2004).

Guest Presentation.: http://www.aes4.org/english/events/aes4/downloads/AES4_UICE_slides.pdf

reverse engineering the cipher7
Reverse engineering the cipher

What's missing?

Kaiser, U. Universal immobilizer crypto engine.

In Fourth Conference on the Advanced Encryption Standard (AES) (2004).

Guest Presentation.: http://www.aes4.org/english/events/aes4/downloads/AES4_UICE_slides.pdf

reverse engineering the cipher8
Reverse engineering the cipher

What's missing?

Routing Networks

Key Scheduling Alg

f-box internals

g-box internals

h-box internals

Theory vs practice

Kaiser, U. Universal immobilizer crypto engine.

In Fourth Conference on the Advanced Encryption Standard (AES) (2004).

Guest Presentation.: http://www.aes4.org/english/events/aes4/downloads/AES4_UICE_slides.pdf

build the key cracker
Build the key cracker
  • High end Intel based PC (3.4 GHz)
build the key cracker10
Build the key cracker
  • High end Intel based PC (3.4 GHz)
  • Hardware based
    • Xilinx FPGA
    • parallelize operations
    • put 32 cores down on an FPGA
      • each core does full encryption in 200 clock cycles
      • 100 Mhz clock
    • now can search whole 40-bit keyspace in 21 hrs
      • on average only need to search half of the space
build the key cracker11
Build the key cracker
  • High end Intel based PC (3.4 GHz)
  • Hardware based
    • Xilinx FPGA
    • parallelize operations
    • put 32 cores down on an FPGA
      • each core does full encryption in 200 clock cycles
      • 100 Mhz clock
    • now can search whole 40-bit keyspace in 21 hrs
      • on average only need to search half of the space
  • Parallelize again
    • put 16 FPGA's to the task
    • 512 cores
    • Cracked 5 DSTs from TI in less than 2 hrs.
build the key cracker12
Build the key cracker
  • High end Intel based PC (3.4 GHz)
  • Hardware based
    • Xilinx FPGA
    • parallelize operations
    • put 32 cores down on an FPGA
      • each core does full encryption in 200 clock cycles
      • 100 Mhz clock
    • now can search whole 40-bit keyspace in 21 hrs
      • on average only need to search half of the space
  • Parallelize again
    • put 16 FPGA's to the task
    • 512 cores
    • Cracked 5 DSTs from TI in less than 2 hrs.
  • Hellman Time-Memory Tradeoff (future work)
putting it all together rf protocol
Putting it all together: RF Protocol
  • Easiest Piece of the puzzle
    • Build the device to actively interrogate DST
      • Antenna from TI's development kit
      • 12-bit DAC/ADC board capable of 1 Mhz
      • From this can actively interrogate responses to known challenges, feed back into the key cracker
putting it all together rf protocol14
Putting it all together: RF Protocol
  • Easiest Piece of the puzzle
    • Build the device to actively interrogate DST
      • Antenna from TI's development kit
      • 12-bit DAC/ADC board capable of 1 Mhz
      • From this can actively interrogate responses to known challenges, feed back into the key cracker
    • Build the device to simulate a DST
      • Use the same physical setup as above
      • Now can take information from the active attack plus the cracked keys and use it
        • Start the car
        • Buy gas
what happenned
What happenned
  • What went wrong?
    • 40 bits too weak
    • Security by Obscurity
    • LFSR, only 80-bits state
what happenned16
What happenned
  • What went wrong?
    • 40 bits too weak
    • Security by Obscurity
    • LFSR, only 80-bits state
  • How to fix
    • Use bigger key
    • Don't use LFSR
      • SHA1, maybe even SHA256
implications
Implications
  • Other Crypto enabled applications of RFID
    • RFID Scheduled for Passports
    • Possible use in Identity cards
    • Medical Insurance Cards
    • Hospital Bracelets?
web sites
Web sites:
  • http://rfid-analysis.org/ (authors' web site)
  • http://www.ti.com/rfid/default.htm (Texas Instr.)
ad