Loading…

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

Like this presentation? Why not share!

Like this? Share it with your network

Share
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,312
On Slideshare
1,310
From Embeds
2
Number of Embeds
1

Actions

Shares
Downloads
18
Comments
0
Likes
0

Embeds 2

http://www.slideshare.net 2

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Eavesdropping Attacks on High-Frequency RFID Tokens Gerhard P. Hancke July 11, 2008 Eavesdropping Attacks on High-Frequency RFID Tokens – p.
  • 2. What is the talk about? NOT presenting a new attack method Overall eavesdropping is a straight forward attack NOT announcing that HF RFID can be eavesdropped Already a recognised threat Look at issues around RFID eavesdropping Ambiguities, perceptions and relevance (past and present) Discuss our eavesdropping experiment Provide details method, observations and experiences It is NOT all about the distance results (which can be affected by various variables) Some points in the talk might appear obvious:-) Eavesdropping Attacks on High-Frequency RFID Tokens – p.
  • 3. Why is eavesdropping still important? Credit Cards Reported cases of personal information sent in the clear e-Passports Some issues surrounding the entropy of the key Travel/Ticketing Mifare Classic Crypto1 recently reverse engineered and shown to exhibit weaknesses Access Control Some systems still use simple IDs or minimal crypto It seems that various end users still care... Eavesdropping Attacks on High-Frequency RFID Tokens – p.
  • 4. Attack background Eavesdropping scenarios are well known Government/public sector reports(e.g. NIST, DHS, BSI), academic papers, press report etc Practical results are limited to a few publications T. Finke and H. Kelter(BSI). RFID – Abhörmöglichkeiten der Kommunikation zwischen Lesegerät und Transponder am Beispiel eines ISO 14443-Systems J. Guerrieri and D. Novotny (NIST). HF RFID Eavesdropping and Jamming Tests W. Tobergte and R. Bienert (NXP). Eavesdropping and activation distance for ISO/IEC 14443 devices Mains points of interest Distance still an issue being debated/reported Is it feasible in terms of cost and effort for an attacker? Eavesdropping Attacks on High-Frequency RFID Tokens – p.
  • 5. Ambiguity: Type of attack? Eavesdropping and skimming often listed as threats to RFID Some semantics: ‘Recovered’ or ‘Retrieved’ data sounds like eavesdropping while ‘Read’ should imply skimming Eavesdropping Attacks on High-Frequency RFID Tokens – p.
  • 6. Ambiguity: What is ‘RFID’? Several technologies ISO 14443 A/B ISO 15693 ISO 18000 ISO 18092 EPC Different applications product tags tickets – single/multi-use credit cards travel documents Eavesdropping Attacks on High-Frequency RFID Tokens – p.
  • 7. Ambiguity: What ‘distance’? The distance at which an attacker can detect a transaction The distance at which an attacker can reliably recover the data sent on the forward channel The distance at which an attacker can reliably recover the data sent on the backward channel Eavesdropping Attacks on High-Frequency RFID Tokens – p.
  • 8. Other Issues Document the method – equipment, setup, data recovery? Simulation/calculation still requires a well documented and substantiated model Practical implementation and results probably more trusted What is the attack environment – in a field, noisy lab, shielded chamber? Put the report somewhere accessible – rumours are often worse than facts Eavesdropping Attacks on High-Frequency RFID Tokens – p.
  • 9. Experimental Setup Eavesdropping Attacks on High-Frequency RFID Tokens – p.
  • 10. RF Equipment Dynamic Sciences R-1250 Wide Range Receiver (100 Hz to 1 GHz) Selectable bandwidth (50 Hz to 200 MHz), AM/FM/IF output RF and pre-detection gain (50 dB and 30 dB respectively) R-1150-10A Portable Antenna Kit H-field ferrite core antenna (10 MHz to 30 MHz) Eavesdropping Attacks on High-Frequency RFID Tokens – p. 1
  • 11. Antenna Orientation Ideally H-field lines should go though the antenna...leads to decent directional effect Eavesdropping Attacks on High-Frequency RFID Tokens – p. 1
  • 12. HF RFID Readers/Tokens Reader ACG Multi-ISO RFID Reader Antenna dimension: 9 cm × 6 cm Tokens 14443A: NXP Mifare Classic 14443B: Contactless payment card (unknown manufacturer) 15693: NXP I-Code These specific products are not especially vulnerable – just what I had available Eavesdropping Attacks on High-Frequency RFID Tokens – p. 1
  • 13. Environment 0.05 0.05 0.045 0.045 0.04 0.04 0.035 0.035 0.03 0.03 |Y (f)| |Y (f)| 0.025 0.025 0.02 0.02 0.015 0.015 0.01 0.01 0.005 0.005 0 0 12.4 12.6 12.8 13.0 13.2 13.4 13.6 13.8 14.0 14.2 14.4 14.6 12.4 12.6 12.8 13.0 13.2 13.4 13.6 13.8 14.0 14.2 14.4 14.6 Frequency (MHz) Frequency (MHz) Hardware lab corridor Main entrance hall Locations have different background noise profiles This effects eavesdropping success... Eavesdropping Attacks on High-Frequency RFID Tokens – p. 1
  • 14. Additional experimental variation Influences on carrier amplitude and modulation index/depth Coupling – token orientation, antenna tuning Power Consumption Parameters of the reader – antenna size, transmitted power Have not yet investigated this fully... Eavesdropping Attacks on High-Frequency RFID Tokens – p. 1
  • 15. Method Generate reference data Identify spectrum of interest Determine whether the experiment was successful Calibration and signal capture Set up the receiver Capture and store output of the receiver Data recovery Implement some signal processing Eavesdropping Attacks on High-Frequency RFID Tokens – p. 1
  • 16. Reference Data: ISO 14443 A Amplitude Spectrum of Forward Channel 0.75 0.5 |Y (f)| 0.25 0 0.5 1 1.5 2 2.5 3 3.5 4 4.5 5 5.5 6 Frequency (Hz) 5 x 10 Amplitude Spectrum of Backward Channel 1 0.75 |Y (f)| 0.5 0.25 0 3 4 5 6 7 8 9 10 11 Frequency (Hz) 5 x 10 Forward: 106 kbit/s Modified Miller (3µs pulses), 100% ASK Backward: 106 kbit/s Manchester, ASK onto 847 kHZ sub-carrier, carrier modulation index of 8–12% Eavesdropping Attacks on High-Frequency RFID Tokens – p. 1
  • 17. Reference Data: ISO 14443 B Amplitude Spectrum of Forward Channel 0.75 0.5 |Y (f)| 0.25 0 0.5 1 1.5 2 2.5 3 Frequency (Hz) x 10 5 Amplitude Spectrum of Backward Channel 1 0.75 |Y (f)| 0.5 0.25 0 3 4 5 6 7 8 9 10 11 Frequency (Hz) x 10 5 Forward: 106 kbit/s NRZ, 10% ASK Backward: 106 kbit/s NRZ, BPSK onto 847 kHZ sub-carrier, carrier modulation index of 8–12% Eavesdropping Attacks on High-Frequency RFID Tokens – p. 1
  • 18. Reference Data: ISO 15693 Amplitude Spectrum of Forward Channel 0.75 0.5 |Y (f)| 0.25 0 0.5 1 1.5 2 2.5 3 3.5 4 4.5 5 5.5 6 Frequency (Hz) 5 x 10 Amplitude Spectrum of Backward Channel 0.5 |Y (f)| 0.25 0 3 4 5 6 7 8 9 10 11 Frequency (Hz) 5 x 10 Forward: 26.48 kbit/s ‘1 of 4’ PPM (9.44 µspulse), 100% ASK Backward: 26.48 kbit/s NRZ, ASK onto 423 kHZ sub-carrier, carrier modulation index of 8–12% Eavesdropping Attacks on High-Frequency RFID Tokens – p. 1
  • 19. Capture and Calibration Oscilloscope Settings Sample 30 MHz IF output at 100 MS/s for a duration of 320 ms Manual trigger Receiver Settings fc = 13.56 MHz, BW = 2 MHz (try filter side-bands in software) fc = 14.4 MHz and 13.98 MHz, BW = 500 kHz and 200 kHz Calibration Receiver gain adjusted with analog knob (gain therefore measured with a reference input signal) Eavesdropping Attacks on High-Frequency RFID Tokens – p. 1
  • 20. Data Recovery N correlators project the received signal r(t) onto base functions fk (t) T yk = 0 r(t)fk (t)dt , k = 1, 2, . . . , N Rectangular base function simplifies to integrator: 1 T yk = √ r(t)dt T 0 1 ISO 14443A: Forward channel T = 3 µs, backward channel T = 212 kHz = 4.72 µs 1 ISO 14443B: Forward channel T = 106 kHz = 9.44 µs, backward channel T = 1061kHz = 9.44 µs 1 ISO 15693: Forward channel T = 9.44 µs, backward channel T = 52.96 kHz = 18.88 µs Eavesdropping Attacks on High-Frequency RFID Tokens – p. 2
  • 21. Data Recovery(2) (a) (b) (c) (d) (e) (f) 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 Example of recovering data from a noisy signal Eavesdropping Attacks on High-Frequency RFID Tokens – p. 2
  • 22. Results ISO 14443A ISO 14443B ISO 15693 Entrance hall 1m FB FB FB 3m Fx xB Fx 5m Fx xx Fx 10 ma Fx xx Fx Lab corridor 3m FB FB Fx 4m Fx xB Fx F – Forward channel, B – Backward channel a: Reader/Antenna in same horizontal plane Eavesdropping Attacks on High-Frequency RFID Tokens – p. 2
  • 23. Finke and Kelter (2006) H-field loop, receiver (fc ≈ 14.50 MHz, BW = 300 kHz) NXP Pegoda Reader, ISO 14443 A token Environment: Office/lab Eavesdropping Attacks on High-Frequency RFID Tokens – p. 2
  • 24. Finke and Kelter (2006) Trace 1m Trace 3m Eavesdropping successful to 2 m If implemented additional data recovery could be 3 m? Eavesdropping Attacks on High-Frequency RFID Tokens – p. 2
  • 25. Guerrieri and Novotny (2006) Equipment is documented but not in too much detail Eavesdropping Attacks on High-Frequency RFID Tokens – p. 2
  • 26. Guerrieri and Novotny (2006) Close range Long range Experimented with two antenna/reader orientations Eavesdropping Attacks on High-Frequency RFID Tokens – p. 2
  • 27. Guerrieri and Novotny (2006) RFID equipment NXP Pegoda reader Seven ISO 14443A tokens (4 manufacturers) Data recovery Receiver connected to protocol analyser Eavesdropping successful if SNR > 6 dB Results Close range setup: 6–6.5 m Long range setup: 8–15 m Open questions What is the environment? Noise figures very good... What would the distance be with better data recovery? Eavesdropping Attacks on High-Frequency RFID Tokens – p. 2
  • 28. Build your own receiver Is the attack really feasible for attackers? RFID at the easier side of the RF design space No need to spend much money on commercial receivers for simple experiments/attacks Building a receiver for 50–60cm range relatively simple Eavesdropping Attacks on High-Frequency RFID Tokens – p. 2
  • 29. Making Antennas Instructions Books: J.J. Carr. Practical Antenna Handbook Application notes: TI’s Antenna Cookbook Eavesdropping Attacks on High-Frequency RFID Tokens – p. 2
  • 30. Mixer and Filters RF Mixers Buy a suitable IC, cheap and easy to use – e.g. NXP SA615 Mix to an IF suitable for filters Filters Selection of off-the-shelf solutions – e.g. 10.7 MHz SAW filters Else design and build your own, there are a number of free filter design tools Eavesdropping Attacks on High-Frequency RFID Tokens – p. 3
  • 31. Reference Designs Last resort, use designs that are already available... for example Sniffer at www.opendpcd.org? Eavesdropping Attacks on High-Frequency RFID Tokens – p. 3
  • 32. Sample Traces Backward channel for ISO 14443 A and B Eavesdropping Attacks on High-Frequency RFID Tokens – p. 3
  • 33. Signal Capture and Data Recovery Sampling rate is dependent on the output of the receiver Need to sample at least 2× IF Directly influences the complexity and cost i.e. Cost 2 MS/s ADC < 100 MS/s ADC Final signal processing to recover data Store and process later, 8-bit samples at 2 MS/s for 10 s → 20 MB ‘Real-time’ demodulator/decoder → How quick can it be done? Basically a storage vs processing speed trade-off Hardware requirements are not unrealistic Eavesdropping Attacks on High-Frequency RFID Tokens – p. 3
  • 34. Conclusion Presented details of a possible eavesdropping setup Hope this helps understanding of the attack Not claiming this is the best or only approach but provides a reference, which aid others to‘re-create’ similar experiments I hope someone improves on it! Focus less on absolute distance Just too many variables involved Researcher with the best equipment wins Concentrate on feasibility and environmental parameters Cost/size/skill required by attacker to practically implement To what extent do external factors hinder or aid an attack? Eavesdropping Attacks on High-Frequency RFID Tokens – p. 3
  • 35. Future Work Novel hardware implementation Can you achieve the same performance as a commercial receiver in less space, for less money? Data recovery routines Noise resistant receivers, hardware implementation, etc. Are E-field measurements useful? Eavesdropping for other RFID standards? NFC Active mode → Effectively two forward channels Is this mode more vulnerable to eavesdropping? Similar experiments for UHF (and other) RFID Eavesdropping Attacks on High-Frequency RFID Tokens – p. 3
  • 36. Done Thank you, and any questions? gerhard.hancke@rhul.ac.uk Eavesdropping Attacks on High-Frequency RFID Tokens – p. 3