Nullcon 2011 RFID - NÂO ENVIADO AO EVENTO

  • 1,248 views
Uploaded on

Nullcon 2011 RFID - NÂO ENVIADO AO EVENTO

Nullcon 2011 RFID - NÂO ENVIADO AO EVENTO

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,248
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
28
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. RFID Vulnerabilities, Flaws and Exploits Mauro Risonho de Paula Assumpção Backtrack Brazil [email_address] NÃO ENVIADO AO EVENTO
  • 2. What is RFID?
    • Radio Frequency Identification
    • Identification devices where the interface for communication with the reader is wireless
    • It encompasses the physical layer and communication protocols for identification devices (people, goods comsume, animals, etc.)
    • May be proprietary or standardized
  • 3. Main types
    • Memory cards with access control
      • Main applications are: ticketing in public transport and physical access control
      • Memory is divided into sectors where each sector is protected by an encryption key
      • Operates at 13.56 MHz with a maximum range for reading / writing to 10cm
      • Mifare standard card is the ISO14443 series
  • 4. Main types
    • Proximity cards for physical access control
      • Besides the Mifare, there are several others also known as proximity cards
      • Contactless cards from a proprietary format:
        • Indala, HID iClass, HID Prox and other
      • Operating in the 125MHz band with short-range
  • 5. Main types
    • Cryptographic cards
      • There are also cards with contactless cryptographic coprocessor
      • Can have both interfaces (contact and contactless)
      • We also support the standard ISO14443
  • 6. Where the fun begins ... A little more on the Mifare
  • 7. Mifare Classic
    • Structure of memory
      • 16 sectors
      • 4 blocks per sector (one block = 16 bytes)
      • Control access by individual sector
        • Key A and Key B
        • Access conditions
      • Each key has 48 bits
      • Serial number + manufacturer information are hardcoded in the block 0/setor 0
  • 8. Mifare Classic
    • Structure of memory
    Blocks Sector
  • 9. Mifare Classic
    • Serial number
      • 4 or 7 bytes static (hardcoded)
      • 7 random bytes, where each new channel of communication established with the reader a new serial number is generated
  • 10. Mifare Classic
    • Block diagram
  • 11. Mifare Classic
    • Main components
      • Interface RF
      • Anti-collision: allows interaction of two or more cards with a single reader (ISO 14443)
      • Authentication: controls access to any region of memory
      • ALU (Arithmetic Logic Unit): manages the operations of addition / subtraction when the card stores values in memory
      • Crypto: algorithm implementation CRYPTO1 (stream cipher) to establish secure channel between card and reader
  • 12. Mifare Classic
    • 3-step authentication
      • The reader specifies the sector to be accessed and used the A or B key to access this
      • The card reads the key sent by the reader and encrypt a random number which is sent to the reader (challenge card) <Passing 1>
      • The reader decrypts the challenge using the same card key
  • 13. Mifare Classic
    • Authentication three steps (continued)
      • The reader returns to the card number along with a new decoded random number encrypted by the reader (the reader challenge) <Passing 2>
      • The card checks the decrypted number compared to the same that was previously sent
  • 14. Mifare Classic
    • Authentication 3 steps (continued)
      • The card decrypts the challenge and sends the reader back to the reader <Passing 3>
      • The reader checks the response returned by the card
      • At the end of this process is established an encrypted communications channel between card and reader
  • 15. Mifare Classic
    • Card Access
      • Set of commands supported by the card's owner and are programmed into the chip reader
      • An application interacts with the card using a specific bilbioteca of NXP which is linked directly with the controller chip reader
  • 16. Reading Mifare cards
  • 17. Reading Mifare cards
    • Tools
      • Contactless reader (HID Omnikey 5321)
      • Opensource library for interaction with readers and contactless devices - Librfid (ww.openmrtd.org / projects / librfid /)
      • Sample of a blank card Mifare 1K
  • 18. Reading Mifare cards
    • Protocol Mifare Classic
    • Size: 1024 bytes
    • Authenticating sector 0: mifare auth succeeded!
    • Reading sector 0
    • Reading block 0: Page 0x0: d4 0f 01 ac 76 88 04 00 47 c1 1e 38 65 00 48 05
    • Reading block 1: Page 0x1: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    • Reading block 2: Page 0x2: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    • Reading block 3: Page 0x3: 00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff
    • Authenticating sector 1: mifare auth succeeded!
    • Reading sector 1
    • Reading block 4: Page 0x4: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    • Reading block 5: Page 0x5: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    • Reading block 6: Page 0x6: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    • Reading block 7: Page 0x7: 00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff
    • Authenticating sector 2: mifare auth succeeded!
    • And so for the other sectors and blocks ...
    número de série dados Chave A Chave B Access cond. bits
  • 19. Reading Mifare cards
    • The Mifare card reading blank was only possible because he was set up with keys (A and B) standard
    • A card, such as the “Bilhete Único” could not be read or changed (Used in Bus - Brazil)
  • 20. Safety aspects
  • 21. Safety aspects
    • Mifare card security is supported by the proprietary algorithm CRYPTO1
    • First work was done by Karsten Nohl, &quot;Starbug and Henryk Plötz the Chaos Communication Camp 2007 in Berlin
    • The CRYPTO1 was the focus of this first analysis of the Mifare cards
    • The operation of CRYPTO1 was deduced through reverse engineering
  • 22. Safety aspects
    • Vulnerabilities CRYPTO1
      • Time dependence of the random number generator allows control of the numbers to be generated
      • Only 16 bits of the 32 bits used to authenticate three steps are in fact random
      • Reverse Engineering by observation of the chip allowed to deduct the functioning of CRYPTO1
  • 23. Safety aspects
    • Operation CRYPTO1
  • 24. Safety aspects
    • Other articles which were published on the security of Mifare cards
      • A Practical Attack on the MIFARE Classic – CARDIS 2008, LNCS 5189, pp. 267–282, 2008.
      • Dismantling MIFARE Classic – ESORICS 2008, LNCS 5283, pp. 97–114, 2008.
  • 25. Safety aspects
    • The attacks made so far, allowed the creation of clones of smart cards using auxiliary equipment
    • It was also possible to manipulate the contactless communication channel in order to observe the data traffic
  • 26. Safety aspects
  • 27. Safety aspects
  • 28. DEMO
  • 29. Safety aspects
    • The security problems are pointed out related to the fragility of CRYPTO1
    • The attacks shown not to apply for PKI smart cards, such as electronic passports
  • 30. References
  • 31. References
    • ISO 14443-1 / 2 / 3
    • NXP - Mifare functional specification (2008)
    • Mifare Security. Karsten Nohl, &quot;Starbug&quot; e Henryk Plötz
    • A Practical Attack on the MIFARE Classic. Gerhard de Koning Gans, Jaap-Henk Hoepman, and Flavio D. Garcia.
    • Dismantling MIFARE Classic. Flavio D. Garcia, Gerhard de Koning Gans, Ruben Muijrers, Peter van Rossum, Roel Verdult, Ronny Wichers Schreur, and Bart Jacobs