Your SlideShare is downloading. ×
Nullcon 2011   RFID - NÂO ENVIADO AO EVENTO
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Nullcon 2011 RFID - NÂO ENVIADO AO EVENTO

1,517
views

Published on

Nullcon 2011 RFID - NÂO ENVIADO AO EVENTO

Nullcon 2011 RFID - NÂO ENVIADO AO EVENTO

Published in: Technology, Business

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,517
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
28
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. RFID Vulnerabilities, Flaws and Exploits Mauro Risonho de Paula Assumpção Backtrack Brazil [email_address] NÃO ENVIADO AO EVENTO
  • 2. What is RFID?
    • Radio Frequency Identification
    • Identification devices where the interface for communication with the reader is wireless
    • It encompasses the physical layer and communication protocols for identification devices (people, goods comsume, animals, etc.)
    • May be proprietary or standardized
  • 3. Main types
    • Memory cards with access control
      • Main applications are: ticketing in public transport and physical access control
      • Memory is divided into sectors where each sector is protected by an encryption key
      • Operates at 13.56 MHz with a maximum range for reading / writing to 10cm
      • Mifare standard card is the ISO14443 series
  • 4. Main types
    • Proximity cards for physical access control
      • Besides the Mifare, there are several others also known as proximity cards
      • Contactless cards from a proprietary format:
        • Indala, HID iClass, HID Prox and other
      • Operating in the 125MHz band with short-range
  • 5. Main types
    • Cryptographic cards
      • There are also cards with contactless cryptographic coprocessor
      • Can have both interfaces (contact and contactless)
      • We also support the standard ISO14443
  • 6. Where the fun begins ... A little more on the Mifare
  • 7. Mifare Classic
    • Structure of memory
      • 16 sectors
      • 4 blocks per sector (one block = 16 bytes)
      • Control access by individual sector
        • Key A and Key B
        • Access conditions
      • Each key has 48 bits
      • Serial number + manufacturer information are hardcoded in the block 0/setor 0
  • 8. Mifare Classic
    • Structure of memory
    Blocks Sector
  • 9. Mifare Classic
    • Serial number
      • 4 or 7 bytes static (hardcoded)
      • 7 random bytes, where each new channel of communication established with the reader a new serial number is generated
  • 10. Mifare Classic
    • Block diagram
  • 11. Mifare Classic
    • Main components
      • Interface RF
      • Anti-collision: allows interaction of two or more cards with a single reader (ISO 14443)
      • Authentication: controls access to any region of memory
      • ALU (Arithmetic Logic Unit): manages the operations of addition / subtraction when the card stores values in memory
      • Crypto: algorithm implementation CRYPTO1 (stream cipher) to establish secure channel between card and reader
  • 12. Mifare Classic
    • 3-step authentication
      • The reader specifies the sector to be accessed and used the A or B key to access this
      • The card reads the key sent by the reader and encrypt a random number which is sent to the reader (challenge card) <Passing 1>
      • The reader decrypts the challenge using the same card key
  • 13. Mifare Classic
    • Authentication three steps (continued)
      • The reader returns to the card number along with a new decoded random number encrypted by the reader (the reader challenge) <Passing 2>
      • The card checks the decrypted number compared to the same that was previously sent
  • 14. Mifare Classic
    • Authentication 3 steps (continued)
      • The card decrypts the challenge and sends the reader back to the reader <Passing 3>
      • The reader checks the response returned by the card
      • At the end of this process is established an encrypted communications channel between card and reader
  • 15. Mifare Classic
    • Card Access
      • Set of commands supported by the card's owner and are programmed into the chip reader
      • An application interacts with the card using a specific bilbioteca of NXP which is linked directly with the controller chip reader
  • 16. Reading Mifare cards
  • 17. Reading Mifare cards
    • Tools
      • Contactless reader (HID Omnikey 5321)
      • Opensource library for interaction with readers and contactless devices - Librfid (ww.openmrtd.org / projects / librfid /)
      • Sample of a blank card Mifare 1K
  • 18. Reading Mifare cards
    • Protocol Mifare Classic
    • Size: 1024 bytes
    • Authenticating sector 0: mifare auth succeeded!
    • Reading sector 0
    • Reading block 0: Page 0x0: d4 0f 01 ac 76 88 04 00 47 c1 1e 38 65 00 48 05
    • Reading block 1: Page 0x1: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    • Reading block 2: Page 0x2: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    • Reading block 3: Page 0x3: 00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff
    • Authenticating sector 1: mifare auth succeeded!
    • Reading sector 1
    • Reading block 4: Page 0x4: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    • Reading block 5: Page 0x5: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    • Reading block 6: Page 0x6: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    • Reading block 7: Page 0x7: 00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff
    • Authenticating sector 2: mifare auth succeeded!
    • And so for the other sectors and blocks ...
    número de série dados Chave A Chave B Access cond. bits
  • 19. Reading Mifare cards
    • The Mifare card reading blank was only possible because he was set up with keys (A and B) standard
    • A card, such as the “Bilhete Único” could not be read or changed (Used in Bus - Brazil)
  • 20. Safety aspects
  • 21. Safety aspects
    • Mifare card security is supported by the proprietary algorithm CRYPTO1
    • First work was done by Karsten Nohl, &quot;Starbug and Henryk Plötz the Chaos Communication Camp 2007 in Berlin
    • The CRYPTO1 was the focus of this first analysis of the Mifare cards
    • The operation of CRYPTO1 was deduced through reverse engineering
  • 22. Safety aspects
    • Vulnerabilities CRYPTO1
      • Time dependence of the random number generator allows control of the numbers to be generated
      • Only 16 bits of the 32 bits used to authenticate three steps are in fact random
      • Reverse Engineering by observation of the chip allowed to deduct the functioning of CRYPTO1
  • 23. Safety aspects
    • Operation CRYPTO1
  • 24. Safety aspects
    • Other articles which were published on the security of Mifare cards
      • A Practical Attack on the MIFARE Classic – CARDIS 2008, LNCS 5189, pp. 267–282, 2008.
      • Dismantling MIFARE Classic – ESORICS 2008, LNCS 5283, pp. 97–114, 2008.
  • 25. Safety aspects
    • The attacks made so far, allowed the creation of clones of smart cards using auxiliary equipment
    • It was also possible to manipulate the contactless communication channel in order to observe the data traffic
  • 26. Safety aspects
  • 27. Safety aspects
  • 28. DEMO
  • 29. Safety aspects
    • The security problems are pointed out related to the fragility of CRYPTO1
    • The attacks shown not to apply for PKI smart cards, such as electronic passports
  • 30. References
  • 31. References
    • ISO 14443-1 / 2 / 3
    • NXP - Mifare functional specification (2008)
    • Mifare Security. Karsten Nohl, &quot;Starbug&quot; e Henryk Plötz
    • A Practical Attack on the MIFARE Classic. Gerhard de Koning Gans, Jaap-Henk Hoepman, and Flavio D. Garcia.
    • Dismantling MIFARE Classic. Flavio D. Garcia, Gerhard de Koning Gans, Ruben Muijrers, Peter van Rossum, Roel Verdult, Ronny Wichers Schreur, and Bart Jacobs

×