30 Minutes of RFID - Analysis, Applications and Attacks

1,908 views

Published on

Published in: Business, Technology
  • Be the first to comment

  • Be the first to like this

30 Minutes of RFID - Analysis, Applications and Attacks

  1. 1. 30 Minutes of RFID Analysis, Applications and Attacks Presented By Dan Cornforth
  2. 2. <ul><li>What is RFID </li></ul><ul><li>How does the technology work </li></ul><ul><li>Identify some of the forces behind progress to date </li></ul><ul><li>Who is using RFID currently & for what </li></ul><ul><li>What might RFID be useful for & by whom </li></ul><ul><li>Some potential weaknesses, attack vectors and fixes </li></ul>Overview
  3. 3. <ul><li>Smartcode EPC passive RFID tag </li></ul>What is RFID
  4. 4. <ul><li>Radio Frequency Identification </li></ul><ul><li>Typical RFID infrastructure </li></ul>What is RFID
  5. 5. <ul><li>Types of tag </li></ul><ul><ul><li>Passive </li></ul></ul><ul><ul><li>Active </li></ul></ul><ul><li>The air interface (operating frequency) </li></ul><ul><ul><li>LF 125khz </li></ul></ul><ul><ul><li>HF 6.78mhz, 13.56mhz, 27.125mhz, 40.680mhz </li></ul></ul><ul><ul><li>UHF 433.920mhz, 869mhz, 915mhz </li></ul></ul><ul><ul><li>Microwave 2.45ghz, 5.8ghz, 24.125ghz </li></ul></ul><ul><li>Communication modes </li></ul><ul><ul><li>Full duplex </li></ul></ul><ul><ul><li>Half duplex </li></ul></ul><ul><ul><li>Variant half duplex </li></ul></ul><ul><li>Coupling </li></ul><ul><ul><li>Backscatter </li></ul></ul>RFID Characteristics & Differentiators
  6. 6. <ul><li>ISO 14443 </li></ul><ul><ul><li>Defines 2 card types (A & B) </li></ul></ul><ul><ul><li>Modulation methods </li></ul></ul><ul><ul><li>Coding schemes </li></ul></ul><ul><ul><li>Protocol initiation procedures </li></ul></ul><ul><li>ISO 15693 </li></ul><ul><ul><li>Defines vicinity cards </li></ul></ul><ul><li>Emergence of the EPC (Gen2) standards </li></ul><ul><ul><li>Electronic Product Code </li></ul></ul><ul><li>No single global body, for RFID governance and standards… yet </li></ul>Governing Specifications
  7. 7. <ul><li>Transmit standard serial ID </li></ul><ul><ul><li>UNIQUE </li></ul></ul><ul><ul><li>VeriChip </li></ul></ul><ul><ul><li>Most animal tags </li></ul></ul><ul><ul><li>HID Prox II </li></ul></ul><ul><li>Requires a password authentication prior to ID transmission </li></ul><ul><ul><li>Q5 </li></ul></ul><ul><ul><li>Titan </li></ul></ul><ul><ul><li>EM4469 </li></ul></ul><ul><li>Challenge response, PKI and encrypted transmission of ID </li></ul><ul><ul><li>DST (40 bit key) </li></ul></ul><ul><ul><li>MiFare </li></ul></ul><ul><ul><li>HiTag (48 bit key) </li></ul></ul><ul><ul><li>SmartMX (128 bit AES, 4096 bit asymmetric key) </li></ul></ul>Security Features of Common Tags
  8. 8. <ul><li>Perceived speed, security and simplicity of the cashless society </li></ul><ul><ul><li>The Hong Kong Octopus Card </li></ul></ul><ul><ul><li>Estimated 63% time saving – Amex (ExpressPay) </li></ul></ul><ul><li>Asset, warehouse and stock management traditionally seen as drivers </li></ul><ul><li>US TREAD Act 2004 (Trans, Recall, Enhance, Acc, Doc) </li></ul><ul><li>Wal-Mart, FDA and US DoD mandates </li></ul><ul><li>Keyless entry </li></ul><ul><ul><li>Centralised access management </li></ul></ul><ul><ul><li>Key duplication perceived more difficult ~ dependant </li></ul></ul><ul><li>EPCglobal network </li></ul><ul><li>Ever decreasing size and price of the hardware </li></ul>Influences & Drivers
  9. 9. <ul><li>Payments </li></ul><ul><ul><li>Amex Bluecard products & ExpressPay, </li></ul></ul><ul><ul><li>Mastercard PayPass </li></ul></ul><ul><li>Public transport & ticketing </li></ul><ul><ul><li>The Hong Kong Octopus card </li></ul></ul><ul><ul><li>London transports Oyster card </li></ul></ul><ul><ul><li>Many more throughout Europe, US and Asia </li></ul></ul><ul><li>Industrial automation </li></ul><ul><ul><li>Stock and asset management through the supply chain </li></ul></ul><ul><li>Electronic immobilisation </li></ul><ul><li>Physical access control </li></ul><ul><li>ePassport </li></ul><ul><li>Animal identification </li></ul><ul><li>Various medical applications </li></ul>Current Applications
  10. 10. Current Applications
  11. 11. <ul><li>A potentially limitless marketing resource (e.g Tagged clothing items that may be tracked throughout a shopping mall) </li></ul><ul><ul><li>What are the shopping behaviour patterns of our customers? </li></ul></ul><ul><ul><li>What else did they buy from who? </li></ul></ul><ul><ul><li>Was our store their first choice for the product they bought? </li></ul></ul><ul><ul><li>Where did they eat? </li></ul></ul><ul><ul><li>Who are they shopping with? </li></ul></ul><ul><ul><li>Which family member(s) appear to be driving the shopping experience? </li></ul></ul><ul><ul><li>OK this may appear a little far fetched but technically feasible </li></ul></ul><ul><li>EPCglobal network </li></ul><ul><li>Potential applications appear to be limited only by </li></ul><ul><ul><li>Privacy legislation </li></ul></ul><ul><ul><li>Public perception </li></ul></ul><ul><ul><li>Implementers imagination </li></ul></ul>Future & Potential Applications
  12. 12. <ul><li>Tag destruction & read prevention </li></ul><ul><li>The kill command </li></ul><ul><li>The RFID “virus” </li></ul><ul><li>Device cloning & replay attacks </li></ul><ul><li>The relay attack </li></ul><ul><li>Attacking weak crypto </li></ul><ul><li>Side channel attacks (power analysis) </li></ul>Attack Vectors
  13. 13. <ul><li>Nothing particularly sophisticated or glamorous here </li></ul><ul><li>Home made strong electro magnetic field generator </li></ul><ul><ul><li>The “RFID-Zapper” </li></ul></ul><ul><ul><li>Non FCC compliant </li></ul></ul><ul><ul><li>https://events.ccc.de/congress/2005/wiki/RFID-Zapper(EN) </li></ul></ul><ul><li>Foil & duct tape RFID shielded wallet for the privacy enthusiast </li></ul><ul><ul><li>http://www.rpi-polymath.com/ducttape/RFIDWallet.php </li></ul></ul>Tag Destruction & Read Prevention
  14. 14. Physical Read Prevention
  15. 15. Physical Read Prevention
  16. 16. <ul><li>Primarily a privacy and anti-counterfeiting mechanism </li></ul><ul><li>Technical implementation left to device manufacturer </li></ul><ul><li>Achieved via </li></ul><ul><ul><li>Blowing an embedded fuse, following issue of correct “kill” string </li></ul></ul><ul><ul><li>Set a “killed” value in memory, disabling the protocol state machine </li></ul></ul><ul><li>Logical layout of tag memory as per EPC Class 0 &1 Gen1 standards </li></ul>The Kill Command
  17. 17. <ul><li>Nothing particularly notable or new to see here </li></ul><ul><li>This is a PoC attack </li></ul><ul><ul><li>Bad data written to tag </li></ul></ul><ul><ul><li>Middleware supporting the RFID infrastructure reads the bad data from the tag without sanitising the input </li></ul></ul><ul><ul><li>The potential for SQL injection attack against a backend database exists </li></ul></ul><ul><li>Not strictly an RFID specific attack </li></ul><ul><li>Not an ideal SQL injection scenario </li></ul><ul><li>Knowledge of backend database construct and product is a prerequisite </li></ul>The RFID “virus”
  18. 18. <ul><li>Effective against ID only and symmetric devices </li></ul><ul><li>Reprogram another tag to emulate another device ID </li></ul><ul><ul><li>Certain models of HiTag can be programmed to emulate other devices serial numbers </li></ul></ul><ul><li>Reproduction and replay of the tag transmission </li></ul><ul><ul><li>http://cq.cx/verichip.pl </li></ul></ul><ul><ul><li>Off the shelf parts </li></ul></ul><ul><ul><li>125 khz & 13.56 mhz </li></ul></ul><ul><ul><li>Sniff, behave as a reader and behave as a device </li></ul></ul><ul><ul><li>The USRP (Universal Software Radio Peripheral) </li></ul></ul><ul><ul><li> http://ettus.com </li></ul></ul>Device Cloning & Replay
  19. 19. Device Cloning & Replay
  20. 20. <ul><li>Effective against challenge response, cryptographically & non cryptographically sound devices </li></ul><ul><li>For those who have read Ross Andersons “Security Engineering” think “MiG in the middle” attack </li></ul><ul><li>The scenario </li></ul><ul><ul><li>An RFID enabled point of sale for good or services </li></ul></ul><ul><ul><li>Using a contactless smartcard </li></ul></ul><ul><ul><li>Employing a cryptographically sound communication channel between the device and the reader </li></ul></ul><ul><li>How the attack works </li></ul><ul><ul><li>At the checkout the POS issues a challenge to the card in customer A’s wallet, which is waved before the reader </li></ul></ul><ul><ul><li>Our customer relays this challenge via an RFID proxy to another card holders wallet elsewhere (Cardholder B) </li></ul></ul><ul><ul><li>Card holder B’s card responds to the valid proxied challenge </li></ul></ul><ul><ul><li>The response from B’s card is relayed to A’s card in answer to A’s purchase at the POS. </li></ul></ul><ul><li>The hardware for this attack cost the Cambridge based researchers approximately $250 </li></ul>The Relay Attack
  21. 21. <ul><li>Texas Instruments DST (Digital Signal Transponder) </li></ul><ul><ul><li>Basis for the SpeedPass payments system primarily used at petrol stations in the US </li></ul></ul><ul><ul><li>Uses a proprietary 40 bit undisclosed algorithm </li></ul></ul><ul><li>The attack involved three distinct stages </li></ul><ul><ul><li>Reverse engineering of the algorithm </li></ul></ul><ul><ul><li>Brute force key cracking </li></ul></ul><ul><ul><li>Tag simulation </li></ul></ul>Attacking Weak Encryption
  22. 22. Attacking Weak Encryption
  23. 23. <ul><li>What is it? </li></ul><ul><ul><li>Side channel cryptanalysis attack against the chip </li></ul></ul><ul><ul><li>Generally aimed at the implementation rather than the algorithm </li></ul></ul><ul><ul><li>Focuses on the relation of changes within the power consumption across the chip with operations within the cryptosystem </li></ul></ul><ul><ul><li>Requires logic analysis equipment </li></ul></ul><ul><li>Goals </li></ul><ul><ul><li>Extraction of cryptographic key material </li></ul></ul><ul><li>Peter Gutmann quote: </li></ul><ul><ul><li>“ You simply cannot make a credit-card form factor device robust, capable, or secure.” </li></ul></ul>Power Analysis Attacks
  24. 24. <ul><li>Ensure real cryptography is used </li></ul><ul><ul><li>AES & friends ~ good </li></ul></ul><ul><ul><li>Snake oil infinity bit proprietary algorithm ~ bad </li></ul></ul><ul><li>Greater device tamper resistance </li></ul><ul><ul><li>Help place side channel attacks outside the realms of a moderately funded attacker </li></ul></ul><ul><ul><li>Equates to a more expensive device </li></ul></ul><ul><li>Pressure device manufactures for the development & implementation of a distance bounding protocol within high security devices </li></ul><ul><ul><li>Equates to a more expensive device </li></ul></ul><ul><li>Ensure appropriate device selection and testing from project outset </li></ul><ul><ul><li>Recalling devices issued to a nations dairy herd or passport holders may prove costly </li></ul></ul>Mitigation
  25. 25. <ul><li>Fundamentals and Applications in Contactless Smartcards & Identification Klaus Finkenzeller </li></ul><ul><li>Python library for exploring RFID devices http://rfidiot.org </li></ul><ul><li>Practical Relay Attacks Against ISO 14443 Proximity Cards Gerhard Hancke & Dr Markus Kuhn </li></ul><ul><li>Low Cost Attacks on Tamper Resistant Devices Ross Anderson & Markus Kuhn </li></ul><ul><li>A New Approach to Hardware Security Analysis in Semiconductors </li></ul><ul><li>Sergi Skorobogatov </li></ul><ul><li>RFID Essentials O’Reilly </li></ul><ul><li>Texas Instruments DST attack </li></ul><ul><li>http://www.jhu.edu/news_info/news/home05/jan05/rfid.html </li></ul><ul><li>RFID relay attacks </li></ul><ul><li>http://www.cl.cam.ac.uk/~gh275/relay.pdf </li></ul><ul><li>RFID virus </li></ul><ul><li>http://www.rfidvirus.org/papers/percom.06.pdf </li></ul><ul><li>Smartdust </li></ul><ul><li>http://en.wikipedia.org/wiki/smartdust </li></ul>References & Resources
  26. 26. Questions <ul><li>http://www.security-assessment.com </li></ul><ul><li>[email_address] </li></ul>

×