rfid security - sdujoan/security/reports06/rfid_presentation.pdf · the short key is vulnerable to...
TRANSCRIPT
![Page 1: RFID Security - SDUjoan/security/reports06/rfid_presentation.pdf · The short key is vulnerable to brute force attack. TI did not publish the encryption algorithm E, “security by](https://reader035.vdocuments.us/reader035/viewer/2022070912/5fb3e8b77c0b4040711bb59a/html5/thumbnails/1.jpg)
1Martin Dam Pedersen, April 2006 RFID Security
RFID Security
April 10, 2006
Martin Dam PedersenDepartment of Mathematics and Computer Science
University Of Southern Denmark
![Page 2: RFID Security - SDUjoan/security/reports06/rfid_presentation.pdf · The short key is vulnerable to brute force attack. TI did not publish the encryption algorithm E, “security by](https://reader035.vdocuments.us/reader035/viewer/2022070912/5fb3e8b77c0b4040711bb59a/html5/thumbnails/2.jpg)
2Martin Dam Pedersen, April 2006 RFID Security
Outline
What is RFID
RFID usage
Security threats
Threat examples
Protection Schemes for basic and advanced tags
The future
Literature
![Page 3: RFID Security - SDUjoan/security/reports06/rfid_presentation.pdf · The short key is vulnerable to brute force attack. TI did not publish the encryption algorithm E, “security by](https://reader035.vdocuments.us/reader035/viewer/2022070912/5fb3e8b77c0b4040711bb59a/html5/thumbnails/3.jpg)
3Martin Dam Pedersen, April 2006 RFID Security
Plenty of information
![Page 4: RFID Security - SDUjoan/security/reports06/rfid_presentation.pdf · The short key is vulnerable to brute force attack. TI did not publish the encryption algorithm E, “security by](https://reader035.vdocuments.us/reader035/viewer/2022070912/5fb3e8b77c0b4040711bb59a/html5/thumbnails/4.jpg)
4Martin Dam Pedersen, April 2006 RFID Security
What is RFID
RadioFrequency IDentificationRFID System
TagsReadersBackend servers
![Page 5: RFID Security - SDUjoan/security/reports06/rfid_presentation.pdf · The short key is vulnerable to brute force attack. TI did not publish the encryption algorithm E, “security by](https://reader035.vdocuments.us/reader035/viewer/2022070912/5fb3e8b77c0b4040711bb59a/html5/thumbnails/5.jpg)
5Martin Dam Pedersen, April 2006 RFID Security
RFID System
Chip
Antenna
Tag (transponder)Small chip and antenna
Unique serial number
inexpensive(7.5cents)
Cryptography is possible in more advanced(Expensive) tags.
SymmetrickeyPublickeyHashing
![Page 6: RFID Security - SDUjoan/security/reports06/rfid_presentation.pdf · The short key is vulnerable to brute force attack. TI did not publish the encryption algorithm E, “security by](https://reader035.vdocuments.us/reader035/viewer/2022070912/5fb3e8b77c0b4040711bb59a/html5/thumbnails/6.jpg)
6Martin Dam Pedersen, April 2006 RFID Security
RFID System
Tag typespassive(HF, UHF)
powered by reader and transmits a responseVery small(Chip 0.15mm×0.15mm, Antenna size of a stamp)Read distances ranging from 2mm 5m
semipassive, active(small battery)Self powered
active tags are fully self poweredsemipassive only powers it's circuit
size of a coinlarger ranges (>10 meters)
![Page 7: RFID Security - SDUjoan/security/reports06/rfid_presentation.pdf · The short key is vulnerable to brute force attack. TI did not publish the encryption algorithm E, “security by](https://reader035.vdocuments.us/reader035/viewer/2022070912/5fb3e8b77c0b4040711bb59a/html5/thumbnails/7.jpg)
7Martin Dam Pedersen, April 2006 RFID Security
RFID Systems
Reader (transceivers)Read/Write data on tag
Communicates with back end system
![Page 8: RFID Security - SDUjoan/security/reports06/rfid_presentation.pdf · The short key is vulnerable to brute force attack. TI did not publish the encryption algorithm E, “security by](https://reader035.vdocuments.us/reader035/viewer/2022070912/5fb3e8b77c0b4040711bb59a/html5/thumbnails/8.jpg)
8Martin Dam Pedersen, April 2006 RFID Security
RFID System
Backend serverStores information about tags
can perform necessary data computations
links tagids to more rich data
![Page 9: RFID Security - SDUjoan/security/reports06/rfid_presentation.pdf · The short key is vulnerable to brute force attack. TI did not publish the encryption algorithm E, “security by](https://reader035.vdocuments.us/reader035/viewer/2022070912/5fb3e8b77c0b4040711bb59a/html5/thumbnails/9.jpg)
9Martin Dam Pedersen, April 2006 RFID Security
RFID usage
Replacement of bar codes. EPC(Electronic Product Code)
tags combined with AutoID gives unique serial numbers to items.
Animal tracking
Payment systemsTollpayment at Storebæltsbroen (BroBizz)
Stockholm road pricing
Anti theft
Anti forgery
![Page 10: RFID Security - SDUjoan/security/reports06/rfid_presentation.pdf · The short key is vulnerable to brute force attack. TI did not publish the encryption algorithm E, “security by](https://reader035.vdocuments.us/reader035/viewer/2022070912/5fb3e8b77c0b4040711bb59a/html5/thumbnails/10.jpg)
10Martin Dam Pedersen, April 2006 RFID Security
RFID usage
Access control
Supply chain Inventory Control
Logistics
Retail shops
Human implants
Libraries
Etc.......
![Page 11: RFID Security - SDUjoan/security/reports06/rfid_presentation.pdf · The short key is vulnerable to brute force attack. TI did not publish the encryption algorithm E, “security by](https://reader035.vdocuments.us/reader035/viewer/2022070912/5fb3e8b77c0b4040711bb59a/html5/thumbnails/11.jpg)
11Martin Dam Pedersen, April 2006 RFID Security
Security threats
Eavesdropping
Cloning
Spoofing
Tracking
DOS
![Page 12: RFID Security - SDUjoan/security/reports06/rfid_presentation.pdf · The short key is vulnerable to brute force attack. TI did not publish the encryption algorithm E, “security by](https://reader035.vdocuments.us/reader035/viewer/2022070912/5fb3e8b77c0b4040711bb59a/html5/thumbnails/12.jpg)
12Martin Dam Pedersen, April 2006 RFID Security
Threat examples
Someone checking whats in your bag
Cloning access control badges gives access to unauthorized personal in buildings/cars.
Harvesting id's from store shelfs makes it possible to calculate how much is sold from the store.
Tracking a persons movement, violating the concept of “location privacy”
![Page 13: RFID Security - SDUjoan/security/reports06/rfid_presentation.pdf · The short key is vulnerable to brute force attack. TI did not publish the encryption algorithm E, “security by](https://reader035.vdocuments.us/reader035/viewer/2022070912/5fb3e8b77c0b4040711bb59a/html5/thumbnails/13.jpg)
13Martin Dam Pedersen, April 2006 RFID Security
Protection Schemesfor basic tags
Killing/Sleepingusing PIN
Special device incorporated in shopping bag.
If killed it's not usable in “smart” home devices.
Collection of id'sTag is sending a different id at each reader query
Reader stores all id's, and can therefore identify the tag.
To avoid harvesting id's, slow down responses when queried too quickly
Readers can refresh id's
![Page 14: RFID Security - SDUjoan/security/reports06/rfid_presentation.pdf · The short key is vulnerable to brute force attack. TI did not publish the encryption algorithm E, “security by](https://reader035.vdocuments.us/reader035/viewer/2022070912/5fb3e8b77c0b4040711bb59a/html5/thumbnails/14.jpg)
14Martin Dam Pedersen, April 2006 RFID Security
Protection Schemesfor basic tags
Encrypting id, public/private keyID on tag encrypted with the banks public key
Bank can decrypt with private key
to avoid tracking, reencrypt periodically by El Gamal which gives a different cipher text.
Epk
(S)Bank holds
SK
ReaderTag
tag transmits Epk
(S)
reencrypt
![Page 15: RFID Security - SDUjoan/security/reports06/rfid_presentation.pdf · The short key is vulnerable to brute force attack. TI did not publish the encryption algorithm E, “security by](https://reader035.vdocuments.us/reader035/viewer/2022070912/5fb3e8b77c0b4040711bb59a/html5/thumbnails/15.jpg)
15Martin Dam Pedersen, April 2006 RFID Security
Protection Schemesfor advanced tags
Hash LockLocked tag only transmits metaID.
Unlocked can do all operations.
Locking mechanism.1) Reader R selects a nonce and computes metaID=hash(key).2) R writes metaID to tag T.3) T enters locked state.4) R stores the pair (metaID, key).
![Page 16: RFID Security - SDUjoan/security/reports06/rfid_presentation.pdf · The short key is vulnerable to brute force attack. TI did not publish the encryption algorithm E, “security by](https://reader035.vdocuments.us/reader035/viewer/2022070912/5fb3e8b77c0b4040711bb59a/html5/thumbnails/16.jpg)
16Martin Dam Pedersen, April 2006 RFID Security
Protection Schemesfor advanced tags
Hash Lockunlocking mechanism.
1) Reader R queries Tag T for its metaID.2) R looks up (metaID,key).3) R sends key to T.4) if (hash(key) == metaID), T unlocks itself
Spoofing attack is possible, but can be detected.
![Page 17: RFID Security - SDUjoan/security/reports06/rfid_presentation.pdf · The short key is vulnerable to brute force attack. TI did not publish the encryption algorithm E, “security by](https://reader035.vdocuments.us/reader035/viewer/2022070912/5fb3e8b77c0b4040711bb59a/html5/thumbnails/17.jpg)
17Martin Dam Pedersen, April 2006 RFID Security
Protection Schemesfor advanced tags
Symmetric key tagsC = E
k(M)
Challengeresponse protocol1) Tag identifies itself by transmitting T2) Reader generates a nonce N and transmits it to the tag3) Tag computes and returns C = E
k(N)
4) Reader checks that C indeed is equal to Ek(N).
![Page 18: RFID Security - SDUjoan/security/reports06/rfid_presentation.pdf · The short key is vulnerable to brute force attack. TI did not publish the encryption algorithm E, “security by](https://reader035.vdocuments.us/reader035/viewer/2022070912/5fb3e8b77c0b4040711bb59a/html5/thumbnails/18.jpg)
18Martin Dam Pedersen, April 2006 RFID Security
Protection Schemesfor advanced tags
Symmetric key tagsIf implemented in the right way, almost impossible to break.
In practice resource constraints leads to bad implementations.
![Page 19: RFID Security - SDUjoan/security/reports06/rfid_presentation.pdf · The short key is vulnerable to brute force attack. TI did not publish the encryption algorithm E, “security by](https://reader035.vdocuments.us/reader035/viewer/2022070912/5fb3e8b77c0b4040711bb59a/html5/thumbnails/19.jpg)
19Martin Dam Pedersen, April 2006 RFID Security
Protection Schemesfor advanced tags
The Digital Signature Transponder(DST) from TI(texas Instruments)
Theft protection in cars. Used in SpeedPassTM(payment device to ExxonMobil petrol stations)
Performs a challengeresponse protocol.
C = Ek(R), where R is 40 bits, and C is 24 bits, secret key k
is 40 bits.
The short key is vulnerable to brute force attack.
TI did not publish the encryption algorithm E, “security by obscurity”.
Cracked in 2004 !!
![Page 20: RFID Security - SDUjoan/security/reports06/rfid_presentation.pdf · The short key is vulnerable to brute force attack. TI did not publish the encryption algorithm E, “security by](https://reader035.vdocuments.us/reader035/viewer/2022070912/5fb3e8b77c0b4040711bb59a/html5/thumbnails/20.jpg)
20Martin Dam Pedersen, April 2006 RFID Security
Protection Schemesfor advanced tags
ManinthemiddleattackAlmost any security application of RFID, involves a presumption of physical proximity.
Can bypass any cryptographic protocol
Phone equipped with a GPS receiver could sign outgoing messages.
LeechGhost
RFIDReader
Long distance
![Page 21: RFID Security - SDUjoan/security/reports06/rfid_presentation.pdf · The short key is vulnerable to brute force attack. TI did not publish the encryption algorithm E, “security by](https://reader035.vdocuments.us/reader035/viewer/2022070912/5fb3e8b77c0b4040711bb59a/html5/thumbnails/21.jpg)
21Martin Dam Pedersen, April 2006 RFID Security
The future
More and more RFID tags in new applications
D.O.S. becomes a larger problem
Cheaper tags makes it possible to build in more advanced cryptography for the same money
Probably don't replace bar codes completely because of the cost(5 cent tag on a 29 cent chocolate bar) .
![Page 22: RFID Security - SDUjoan/security/reports06/rfid_presentation.pdf · The short key is vulnerable to brute force attack. TI did not publish the encryption algorithm E, “security by](https://reader035.vdocuments.us/reader035/viewer/2022070912/5fb3e8b77c0b4040711bb59a/html5/thumbnails/22.jpg)
22Martin Dam Pedersen, April 2006 RFID Security
Literature
Ari Juels, RSA Laboratories: ”RFID Security and Privacy: A Research Survey”
RSAlabs page on rfid: http://www.rsasecurity.com/rsalabs/node.asp?id=2115
Wikipedia: http://en.wikipedia.org/wiki/Rfid
Stephen August Weis: “Security and Privacy in RadioFrequency Identification Devices”
http://www.rfidjournal.com/