30 Minutes of RFID Analysis, Applications and Attacks Presented By Dan Cornforth - PowerPoint PPT Presentation

jana
slide1 l.
Skip this Video
Loading SlideShow in 5 Seconds..
30 Minutes of RFID Analysis, Applications and Attacks Presented By Dan Cornforth PowerPoint Presentation
Download Presentation
30 Minutes of RFID Analysis, Applications and Attacks Presented By Dan Cornforth

play fullscreen
1 / 26
Download Presentation
30 Minutes of RFID Analysis, Applications and Attacks Presented By Dan Cornforth
341 Views
Download Presentation

30 Minutes of RFID Analysis, Applications and Attacks Presented By Dan Cornforth

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. 30 Minutes of RFID Analysis, Applications and Attacks Presented By Dan Cornforth

  2. Overview • What is RFID • How does the technology work • Identify some of the forces behind progress to date • Who is using RFID currently & for what • What might RFID be useful for & by whom • Some potential weaknesses, attack vectors and fixes

  3. What is RFID Smartcode EPC passive RFID tag

  4. What is RFID • Radio Frequency Identification • Typical RFID infrastructure

  5. RFID Characteristics & Differentiators • Types of tag • Passive • Active • The air interface (operating frequency) • LF 125khz • HF 6.78mhz, 13.56mhz, 27.125mhz, 40.680mhz • UHF 433.920mhz, 869mhz, 915mhz • Microwave 2.45ghz, 5.8ghz, 24.125ghz • Communication modes • Full duplex • Half duplex • Variant half duplex • Coupling • Backscatter

  6. Governing Specifications • ISO 14443 • Defines 2 card types (A & B) • Modulation methods • Coding schemes • Protocol initiation procedures • ISO 15693 • Defines vicinity cards • Emergence of the EPC (Gen2) standards • Electronic Product Code • No single global body, for RFID governance and standards… yet

  7. Security Features of Common Tags • Transmit standard serial ID • UNIQUE • VeriChip • Most animal tags • HID Prox II • Requires a password authentication prior to ID transmission • Q5 • Titan • EM4469 • Challenge response, PKI and encrypted transmission of ID • DST (40 bit key) • MiFare • HiTag (48 bit key) • SmartMX (128 bit AES, 4096 bit asymmetric key)

  8. Influences & Drivers • Perceived speed, security and simplicity of the cashless society • The Hong Kong Octopus Card • Estimated 63% time saving – Amex (ExpressPay) • Asset, warehouse and stock management traditionally seen as drivers • US TREAD Act 2004 (Trans, Recall, Enhance, Acc, Doc) • Wal-Mart, FDA and US DoD mandates • Keyless entry • Centralised access management • Key duplication perceived more difficult ~ dependant • EPCglobal network • Ever decreasing size and price of the hardware

  9. Current Applications • Payments • Amex Bluecard products & ExpressPay, • Mastercard PayPass • Public transport & ticketing • The Hong Kong Octopus card • London transports Oyster card • Many more throughout Europe, US and Asia • Industrial automation • Stock and asset management through the supply chain • Electronic immobilisation • Physical access control • ePassport • Animal identification • Various medical applications

  10. Current Applications

  11. Future & Potential Applications • A potentially limitless marketing resource (e.g Tagged clothing items that may be tracked throughout a shopping mall) • What are the shopping behaviour patterns of our customers? • What else did they buy from who? • Was our store their first choice for the product they bought? • Where did they eat? • Who are they shopping with? • Which family member(s) appear to be driving the shopping experience? • OK this may appear a little far fetched but technically feasible • EPCglobal network • Potential applications appear to be limited only by • Privacy legislation • Public perception • Implementers imagination

  12. Attack Vectors • Tag destruction & read prevention • The kill command • The RFID “virus” • Device cloning & replay attacks • The relay attack • Attacking weak crypto • Side channel attacks (power analysis)

  13. Tag Destruction & Read Prevention • Nothing particularly sophisticated or glamorous here • Home made strong electro magnetic field generator • The “RFID-Zapper” • Non FCC compliant • https://events.ccc.de/congress/2005/wiki/RFID-Zapper(EN) • Foil & duct tape RFID shielded wallet for the privacy enthusiast • http://www.rpi-polymath.com/ducttape/RFIDWallet.php

  14. Physical Read Prevention

  15. Physical Read Prevention

  16. The Kill Command • Primarily a privacy and anti-counterfeiting mechanism • Technical implementation left to device manufacturer • Achieved via • Blowing an embedded fuse, following issue of correct “kill” string • Set a “killed” value in memory, disabling the protocol state machine • Logical layout of tag memory as per EPC Class 0 &1 Gen1 standards

  17. The RFID “virus” • Nothing particularly notable or new to see here • This is a PoC attack • Bad data written to tag • Middleware supporting the RFID infrastructure reads the bad data from the tag without sanitising the input • The potential for SQL injection attack against a backend database exists • Not strictly an RFID specific attack • Not an ideal SQL injection scenario • Knowledge of backend database construct and product is a prerequisite

  18. Device Cloning & Replay • Effective against ID only and symmetric devices • Reprogram another tag to emulate another device ID • Certain models of HiTag can be programmed to emulate other devices serial numbers • Reproduction and replay of the tag transmission • http://cq.cx/verichip.pl • Off the shelf parts • 125 khz & 13.56 mhz • Sniff, behave as a reader and behave as a device • The USRP (Universal Software Radio Peripheral) http://ettus.com

  19. Device Cloning & Replay

  20. The Relay Attack • Effective against challenge response, cryptographically & non cryptographically sound devices • For those who have read Ross Andersons “Security Engineering” think “MiG in the middle” attack • The scenario • An RFID enabled point of sale for good or services • Using a contactless smartcard • Employing a cryptographically sound communication channel between the device and the reader • How the attack works • At the checkout the POS issues a challenge to the card in customer A’s wallet, which is waved before the reader • Our customer relays this challenge via an RFID proxy to another card holders wallet elsewhere (Cardholder B) • Card holder B’s card responds to the valid proxied challenge • The response from B’s card is relayed to A’s card in answer to A’s purchase at the POS. • The hardware for this attack cost the Cambridge based researchers approximately $250

  21. Attacking Weak Encryption • Texas Instruments DST (Digital Signal Transponder) • Basis for the SpeedPass payments system primarily used at petrol stations in the US • Uses a proprietary 40 bit undisclosed algorithm • The attack involved three distinct stages • Reverse engineering of the algorithm • Brute force key cracking • Tag simulation

  22. Attacking Weak Encryption

  23. Power Analysis Attacks • What is it? • Side channel cryptanalysis attack against the chip • Generally aimed at the implementation rather than the algorithm • Focuses on the relation of changes within the power consumption across the chip with operations within the cryptosystem • Requires logic analysis equipment • Goals • Extraction of cryptographic key material • Peter Gutmann quote: “You simply cannot make a credit-card form factor device robust, capable, or secure.”

  24. Mitigation • Ensure real cryptography is used • AES & friends ~ good • Snake oil infinity bit proprietary algorithm ~ bad • Greater device tamper resistance • Help place side channel attacks outside the realms of a moderately funded attacker • Equates to a more expensive device • Pressure device manufactures for the development & implementation of a distance bounding protocol within high security devices • Equates to a more expensive device • Ensure appropriate device selection and testing from project outset • Recalling devices issued to a nations dairy herd or passport holders may prove costly

  25. References & Resources • Fundamentals and Applications in Contactless Smartcards & IdentificationKlaus Finkenzeller • Python library for exploring RFID devices http://rfidiot.org • Practical Relay Attacks Against ISO 14443 Proximity CardsGerhard Hancke & Dr Markus Kuhn • Low Cost Attacks on Tamper Resistant DevicesRoss Anderson & Markus Kuhn • A New Approach to Hardware Security Analysisin Semiconductors Sergi Skorobogatov • RFID EssentialsO’Reilly • Texas Instruments DST attack http://www.jhu.edu/news_info/news/home05/jan05/rfid.html • RFID relay attacks http://www.cl.cam.ac.uk/~gh275/relay.pdf • RFID virus http://www.rfidvirus.org/papers/percom.06.pdf • Smartdust http://en.wikipedia.org/wiki/smartdust

  26. Questions http://www.security-assessment.com dan.cornforth@security-assessment.com