Your SlideShare is downloading. ×
0
Eavesdropping Attacks on
High-Frequency RFID Tokens
Gerhard P. Hancke
July 11, 2008
Eavesdropping Attacks on High-Frequenc...
What is the talk about?
NOT presenting a new attack method
Overall eavesdropping is a straight forward attack
NOT announci...
Why is eavesdropping still important?
Credit Cards
Reported cases of personal information sent in the clear
e-Passports
So...
Attack background
Eavesdropping scenarios are well known
Government/public sector reports(e.g. NIST, DHS, BSI),
academic p...
Ambiguity: Type of attack?
Eavesdropping and skimming often listed as threats to RFID
Some semantics: ‘Recovered’ or ‘Retr...
Ambiguity: What is ‘RFID’?
Several technologies
ISO 14443 A/B
ISO 15693
ISO 18000
ISO 18092
EPC
Different applications
pro...
Ambiguity: What ‘distance’?
The distance at which an attacker can detect a transaction
The distance at which an attacker c...
Other Issues
Document the method – equipment, setup, data
recovery?
Simulation/calculation still requires a well documente...
Experimental Setup
Eavesdropping Attacks on High-Frequency RFID Tokens – p. 9
RF Equipment
Dynamic Sciences R-1250 Wide Range Receiver (100 Hz to 1
GHz)
Selectable bandwidth (50 Hz to 200 MHz), AM/FM/...
Antenna Orientation
Ideally H-field lines should go though the antenna...leads to
decent directional effect
Eavesdropping A...
HF RFID Readers/Tokens
Reader
ACG Multi-ISO RFID Reader
Antenna dimension: 9 cm × 6 cm
Tokens
14443A: NXP Mifare Classic
1...
Environment
12.4 12.6 12.8 13.0 13.2 13.4 13.6 13.8 14.0 14.2 14.4 14.6
0
0.005
0.01
0.015
0.02
0.025
0.03
0.035
0.04
0.04...
Additional experimental variation
Influences on carrier amplitude and modulation index/depth
Coupling – token orientation, ...
Method
Generate reference data
Identify spectrum of interest
Determine whether the experiment was successful
Calibration a...
Reference Data: ISO 14443 A
0.5 1 1.5 2 2.5 3 3.5 4 4.5 5 5.5 6
x 10
5
0
0.25
0.5
0.75
Amplitude Spectrum of Forward Chann...
Reference Data: ISO 14443 B
0.5 1 1.5 2 2.5 3
x 10
5
0
0.25
0.5
0.75
Amplitude Spectrum of Forward Channel
Frequency (Hz)
...
Reference Data: ISO 15693
0.5 1 1.5 2 2.5 3 3.5 4 4.5 5 5.5 6
x 10
5
0
0.25
0.5
0.75
Amplitude Spectrum of Forward Channel...
Capture and Calibration
Oscilloscope Settings
Sample 30 MHz IF output at 100 MS/s for a duration
of 320 ms
Manual trigger
...
Data Recovery
N correlators project the received signal r(t) onto base
functions fk(t)
yk =
T
0 r(t)fk(t)dt, k = 1, 2, . ....
Data Recovery(2)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
(f)
(e)
(d)
(c)
(b)
(a)
Example of recovering data fro...
Results
ISO 14443A ISO 14443B ISO 15693
Entrance hall
1 m FB FB FB
3 m Fx xB Fx
5 m Fx xx Fx
10 ma
Fx xx Fx
Lab corridor
3...
Finke and Kelter (2006)
H-field loop, receiver (fc ≈ 14.50 MHz, BW = 300 kHz)
NXP Pegoda Reader, ISO 14443 A token
Environm...
Finke and Kelter (2006)
Trace 1m Trace 3m
Eavesdropping successful to 2 m
If implemented additional data recovery could be...
Guerrieri and Novotny (2006)
Equipment is documented but not in too much detail
Eavesdropping Attacks on High-Frequency RF...
Guerrieri and Novotny (2006)
Close range Long range
Experimented with two antenna/reader orientations
Eavesdropping Attack...
Guerrieri and Novotny (2006)
RFID equipment
NXP Pegoda reader
Seven ISO 14443A tokens (4 manufacturers)
Data recovery
Rece...
Build your own receiver
Is the attack really feasible for attackers?
RFID at the easier side of the RF design space
No nee...
Making Antennas
Instructions
Books: J.J. Carr. Practical Antenna Handbook
Application notes: TI’s Antenna Cookbook
Eavesdr...
Mixer and Filters
RF Mixers
Buy a suitable IC, cheap and easy to use – e.g. NXP SA615
Mix to an IF suitable for filters
Fil...
Reference Designs
Last resort, use designs that are already available...
for example Sniffer at www.opendpcd.org?
Eavesdro...
Sample Traces
Backward channel for ISO 14443 A and B
Eavesdropping Attacks on High-Frequency RFID Tokens – p. 32
Signal Capture and Data Recovery
Sampling rate is dependent on the output of the receiver
Need to sample at least 2× IF
Di...
Conclusion
Presented details of a possible eavesdropping setup
Hope this helps understanding of the attack
Not claiming th...
Future Work
Novel hardware implementation
Can you achieve the same performance as a commercial
receiver in less space, for...
Done
Thank you, and any questions?
gerhard.hancke@rhul.ac.uk
Eavesdropping Attacks on High-Frequency RFID Tokens – p. 36
Upcoming SlideShare
Loading in...5
×

RFIDSec talk - Eavesdropping Attacks on High-Frequency RFID ...

933

Published on

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
933
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
19
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "RFIDSec talk - Eavesdropping Attacks on High-Frequency RFID ..."

  1. 1. Eavesdropping Attacks on High-Frequency RFID Tokens Gerhard P. Hancke July 11, 2008 Eavesdropping Attacks on High-Frequency RFID Tokens – p. 1
  2. 2. What is the talk about? NOT presenting a new attack method Overall eavesdropping is a straight forward attack NOT announcing that HF RFID can be eavesdropped Already a recognised threat Look at issues around RFID eavesdropping Ambiguities, perceptions and relevance (past and present) Discuss our eavesdropping experiment Provide details method, observations and experiences It is NOT all about the distance results (which can be affected by various variables) Some points in the talk might appear obvious:-) Eavesdropping Attacks on High-Frequency RFID Tokens – p. 2
  3. 3. Why is eavesdropping still important? Credit Cards Reported cases of personal information sent in the clear e-Passports Some issues surrounding the entropy of the key Travel/Ticketing Mifare Classic Crypto1 recently reverse engineered and shown to exhibit weaknesses Access Control Some systems still use simple IDs or minimal crypto It seems that various end users still care... Eavesdropping Attacks on High-Frequency RFID Tokens – p. 3
  4. 4. Attack background Eavesdropping scenarios are well known Government/public sector reports(e.g. NIST, DHS, BSI), academic papers, press report etc Practical results are limited to a few publications T. Finke and H. Kelter(BSI). RFID – Abhörmöglichkeiten der Kommunikation zwischen Lesegerät und Transponder am Beispiel eines ISO 14443-Systems J. Guerrieri and D. Novotny (NIST). HF RFID Eavesdropping and Jamming Tests W. Tobergte and R. Bienert (NXP). Eavesdropping and activation distance for ISO/IEC 14443 devices Mains points of interest Distance still an issue being debated/reported Is it feasible in terms of cost and effort for an attacker? Eavesdropping Attacks on High-Frequency RFID Tokens – p. 4
  5. 5. Ambiguity: Type of attack? Eavesdropping and skimming often listed as threats to RFID Some semantics: ‘Recovered’ or ‘Retrieved’ data sounds like eavesdropping while ‘Read’ should imply skimming Eavesdropping Attacks on High-Frequency RFID Tokens – p. 5
  6. 6. Ambiguity: What is ‘RFID’? Several technologies ISO 14443 A/B ISO 15693 ISO 18000 ISO 18092 EPC Different applications product tags tickets – single/multi-use credit cards travel documents Eavesdropping Attacks on High-Frequency RFID Tokens – p. 6
  7. 7. Ambiguity: What ‘distance’? The distance at which an attacker can detect a transaction The distance at which an attacker can reliably recover the data sent on the forward channel The distance at which an attacker can reliably recover the data sent on the backward channel Eavesdropping Attacks on High-Frequency RFID Tokens – p. 7
  8. 8. Other Issues Document the method – equipment, setup, data recovery? Simulation/calculation still requires a well documented and substantiated model Practical implementation and results probably more trusted What is the attack environment – in a field, noisy lab, shielded chamber? Put the report somewhere accessible – rumours are often worse than facts Eavesdropping Attacks on High-Frequency RFID Tokens – p. 8
  9. 9. Experimental Setup Eavesdropping Attacks on High-Frequency RFID Tokens – p. 9
  10. 10. RF Equipment Dynamic Sciences R-1250 Wide Range Receiver (100 Hz to 1 GHz) Selectable bandwidth (50 Hz to 200 MHz), AM/FM/IF output RF and pre-detection gain (50 dB and 30 dB respectively) R-1150-10A Portable Antenna Kit H-field ferrite core antenna (10 MHz to 30 MHz) Eavesdropping Attacks on High-Frequency RFID Tokens – p. 10
  11. 11. Antenna Orientation Ideally H-field lines should go though the antenna...leads to decent directional effect Eavesdropping Attacks on High-Frequency RFID Tokens – p. 11
  12. 12. HF RFID Readers/Tokens Reader ACG Multi-ISO RFID Reader Antenna dimension: 9 cm × 6 cm Tokens 14443A: NXP Mifare Classic 14443B: Contactless payment card (unknown manufacturer) 15693: NXP I-Code These specific products are not especially vulnerable – just what I had available Eavesdropping Attacks on High-Frequency RFID Tokens – p. 12
  13. 13. Environment 12.4 12.6 12.8 13.0 13.2 13.4 13.6 13.8 14.0 14.2 14.4 14.6 0 0.005 0.01 0.015 0.02 0.025 0.03 0.035 0.04 0.045 0.05 Frequency (MHz) |Y(f)| 12.4 12.6 12.8 13.0 13.2 13.4 13.6 13.8 14.0 14.2 14.4 14.6 0 0.005 0.01 0.015 0.02 0.025 0.03 0.035 0.04 0.045 0.05 Frequency (MHz) |Y(f)| Hardware lab corridor Main entrance hall Locations have different background noise profiles This effects eavesdropping success... Eavesdropping Attacks on High-Frequency RFID Tokens – p. 13
  14. 14. Additional experimental variation Influences on carrier amplitude and modulation index/depth Coupling – token orientation, antenna tuning Power Consumption Parameters of the reader – antenna size, transmitted power Have not yet investigated this fully... Eavesdropping Attacks on High-Frequency RFID Tokens – p. 14
  15. 15. Method Generate reference data Identify spectrum of interest Determine whether the experiment was successful Calibration and signal capture Set up the receiver Capture and store output of the receiver Data recovery Implement some signal processing Eavesdropping Attacks on High-Frequency RFID Tokens – p. 15
  16. 16. Reference Data: ISO 14443 A 0.5 1 1.5 2 2.5 3 3.5 4 4.5 5 5.5 6 x 10 5 0 0.25 0.5 0.75 Amplitude Spectrum of Forward Channel Frequency (Hz) |Y(f)| 3 4 5 6 7 8 9 10 11 x 10 5 0 0.25 0.5 0.75 1 Amplitude Spectrum of Backward Channel Frequency (Hz) |Y(f)| Forward: 106 kbit/s Modified Miller (3µs pulses), 100% ASK Backward: 106 kbit/s Manchester, ASK onto 847 kHZ sub-carrier, carrier modulation index of 8–12% Eavesdropping Attacks on High-Frequency RFID Tokens – p. 16
  17. 17. Reference Data: ISO 14443 B 0.5 1 1.5 2 2.5 3 x 10 5 0 0.25 0.5 0.75 Amplitude Spectrum of Forward Channel Frequency (Hz) |Y(f)| 3 4 5 6 7 8 9 10 11 x 10 5 0 0.25 0.5 0.75 1 Amplitude Spectrum of Backward Channel Frequency (Hz) |Y(f)| Forward: 106 kbit/s NRZ, 10% ASK Backward: 106 kbit/s NRZ, BPSK onto 847 kHZ sub-carrier, carrier modulation index of 8–12% Eavesdropping Attacks on High-Frequency RFID Tokens – p. 17
  18. 18. Reference Data: ISO 15693 0.5 1 1.5 2 2.5 3 3.5 4 4.5 5 5.5 6 x 10 5 0 0.25 0.5 0.75 Amplitude Spectrum of Forward Channel Frequency (Hz) |Y(f)| 3 4 5 6 7 8 9 10 11 x 10 5 0 0.25 0.5 Amplitude Spectrum of Backward Channel Frequency (Hz) |Y(f)| Forward: 26.48 kbit/s ‘1 of 4’ PPM (9.44 µspulse), 100% ASK Backward: 26.48 kbit/s NRZ, ASK onto 423 kHZ sub-carrier, carrier modulation index of 8–12% Eavesdropping Attacks on High-Frequency RFID Tokens – p. 18
  19. 19. Capture and Calibration Oscilloscope Settings Sample 30 MHz IF output at 100 MS/s for a duration of 320 ms Manual trigger Receiver Settings fc = 13.56 MHz, BW = 2 MHz (try filter side-bands in software) fc = 14.4 MHz and 13.98 MHz, BW = 500 kHz and 200 kHz Calibration Receiver gain adjusted with analog knob (gain therefore measured with a reference input signal) Eavesdropping Attacks on High-Frequency RFID Tokens – p. 19
  20. 20. Data Recovery N correlators project the received signal r(t) onto base functions fk(t) yk = T 0 r(t)fk(t)dt, k = 1, 2, . . . , N Rectangular base function simplifies to integrator: yk = 1√ T T 0 r(t)dt ISO 14443A: Forward channel T = 3 µs, backward channel T = 1 212 kHz = 4.72 µs ISO 14443B: Forward channel T = 1 106 kHz = 9.44 µs, backward channel T = 1 106 kHz = 9.44 µs ISO 15693: Forward channel T = 9.44 µs, backward channel T = 1 52.96 kHz = 18.88 µs Eavesdropping Attacks on High-Frequency RFID Tokens – p. 20
  21. 21. Data Recovery(2) 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 (f) (e) (d) (c) (b) (a) Example of recovering data from a noisy signal Eavesdropping Attacks on High-Frequency RFID Tokens – p. 21
  22. 22. Results ISO 14443A ISO 14443B ISO 15693 Entrance hall 1 m FB FB FB 3 m Fx xB Fx 5 m Fx xx Fx 10 ma Fx xx Fx Lab corridor 3 m FB FB Fx 4 m Fx xB Fx F – Forward channel, B – Backward channel a: Reader/Antenna in same horizontal plane Eavesdropping Attacks on High-Frequency RFID Tokens – p. 22
  23. 23. Finke and Kelter (2006) H-field loop, receiver (fc ≈ 14.50 MHz, BW = 300 kHz) NXP Pegoda Reader, ISO 14443 A token Environment: Office/lab Eavesdropping Attacks on High-Frequency RFID Tokens – p. 23
  24. 24. Finke and Kelter (2006) Trace 1m Trace 3m Eavesdropping successful to 2 m If implemented additional data recovery could be 3 m? Eavesdropping Attacks on High-Frequency RFID Tokens – p. 24
  25. 25. Guerrieri and Novotny (2006) Equipment is documented but not in too much detail Eavesdropping Attacks on High-Frequency RFID Tokens – p. 25
  26. 26. Guerrieri and Novotny (2006) Close range Long range Experimented with two antenna/reader orientations Eavesdropping Attacks on High-Frequency RFID Tokens – p. 26
  27. 27. Guerrieri and Novotny (2006) RFID equipment NXP Pegoda reader Seven ISO 14443A tokens (4 manufacturers) Data recovery Receiver connected to protocol analyser Eavesdropping successful if SNR > 6 dB Results Close range setup: 6–6.5 m Long range setup: 8–15 m Open questions What is the environment? Noise figures very good... What would the distance be with better data recovery? Eavesdropping Attacks on High-Frequency RFID Tokens – p. 27
  28. 28. Build your own receiver Is the attack really feasible for attackers? RFID at the easier side of the RF design space No need to spend much money on commercial receivers for simple experiments/attacks Building a receiver for 50–60cm range relatively simple Eavesdropping Attacks on High-Frequency RFID Tokens – p. 28
  29. 29. Making Antennas Instructions Books: J.J. Carr. Practical Antenna Handbook Application notes: TI’s Antenna Cookbook Eavesdropping Attacks on High-Frequency RFID Tokens – p. 29
  30. 30. Mixer and Filters RF Mixers Buy a suitable IC, cheap and easy to use – e.g. NXP SA615 Mix to an IF suitable for filters Filters Selection of off-the-shelf solutions – e.g. 10.7 MHz SAW filters Else design and build your own, there are a number of free filter design tools Eavesdropping Attacks on High-Frequency RFID Tokens – p. 30
  31. 31. Reference Designs Last resort, use designs that are already available... for example Sniffer at www.opendpcd.org? Eavesdropping Attacks on High-Frequency RFID Tokens – p. 31
  32. 32. Sample Traces Backward channel for ISO 14443 A and B Eavesdropping Attacks on High-Frequency RFID Tokens – p. 32
  33. 33. Signal Capture and Data Recovery Sampling rate is dependent on the output of the receiver Need to sample at least 2× IF Directly influences the complexity and cost i.e. Cost 2 MS/s ADC < 100 MS/s ADC Final signal processing to recover data Store and process later, 8-bit samples at 2 MS/s for 10 s → 20 MB ‘Real-time’ demodulator/decoder → How quick can it be done? Basically a storage vs processing speed trade-off Hardware requirements are not unrealistic Eavesdropping Attacks on High-Frequency RFID Tokens – p. 33
  34. 34. Conclusion Presented details of a possible eavesdropping setup Hope this helps understanding of the attack Not claiming this is the best or only approach but provides a reference, which aid others to‘re-create’ similar experiments I hope someone improves on it! Focus less on absolute distance Just too many variables involved Researcher with the best equipment wins Concentrate on feasibility and environmental parameters Cost/size/skill required by attacker to practically implement To what extent do external factors hinder or aid an attack? Eavesdropping Attacks on High-Frequency RFID Tokens – p. 34
  35. 35. Future Work Novel hardware implementation Can you achieve the same performance as a commercial receiver in less space, for less money? Data recovery routines Noise resistant receivers, hardware implementation, etc. Are E-field measurements useful? Eavesdropping for other RFID standards? NFC Active mode → Effectively two forward channels Is this mode more vulnerable to eavesdropping? Similar experiments for UHF (and other) RFID Eavesdropping Attacks on High-Frequency RFID Tokens – p. 35
  36. 36. Done Thank you, and any questions? gerhard.hancke@rhul.ac.uk Eavesdropping Attacks on High-Frequency RFID Tokens – p. 36
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×