Published on

Published in: Business, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. Sneaking RFID Anuradha Jambunathan – 276786 Computer Security Seminar BIT WS 06/07
  2. 2. Agenda <ul><li>What is RFID? </li></ul><ul><li>RFID vs Barcode </li></ul><ul><li>RFID System Architecture </li></ul><ul><li>Uses of RFID Systems </li></ul><ul><li>RFID Threats & Attacks </li></ul><ul><li>Protection Against Attacks </li></ul><ul><li>Conclusion </li></ul>
  3. 3. What is RFID ? <ul><li>Acronym for R adio F requency Id entification. </li></ul><ul><li>Automatic Identification Procedure </li></ul><ul><li>RFID uses radio waves to automatically identify people or other objects. </li></ul><ul><li>Useful for tracking the associated object. </li></ul>
  4. 4. RFID Vs BARCODE <ul><li>Technology Used </li></ul><ul><ul><li>RFID - Radio Technology </li></ul></ul><ul><ul><li>BARCODE - Optical Technology </li></ul></ul><ul><li>Line of Sight Reading </li></ul><ul><ul><li>RFID - Doesn’t Require Line of Sight – Pass through Barriers </li></ul></ul><ul><ul><li>BARCODE – Requires Line of Sight reading </li></ul></ul><ul><li>Efficiency </li></ul><ul><ul><li>RFID - Multiple tags read simultaneously </li></ul></ul><ul><ul><li>BARCODE - One at a Time </li></ul></ul>
  5. 5. RFID Vs BARCODE <ul><li>Storage </li></ul><ul><ul><li>RFID </li></ul></ul><ul><ul><ul><li>Large amount of Storage </li></ul></ul></ul><ul><ul><ul><li>Ability to Read and Write </li></ul></ul></ul><ul><ul><li>BARCODE </li></ul></ul><ul><ul><ul><li>Only be Read </li></ul></ul></ul><ul><li>Cost </li></ul><ul><ul><li>RFID is expensive compared to BARCODE </li></ul></ul>
  6. 6. RFID System Architecture
  7. 7. RFID Components <ul><li>RFID Tag or Transponder </li></ul><ul><ul><ul><li>Actual data carrying device of an RFID system. </li></ul></ul></ul><ul><ul><ul><li>Combination of Trans mitter and Res ponder </li></ul></ul></ul><ul><li>Types of RFID Tags </li></ul><ul><ul><ul><li>Passive Tag </li></ul></ul></ul><ul><ul><ul><li>Active Tag </li></ul></ul></ul>
  8. 8. RFID Components <ul><ul><li>Passive RFID Tag </li></ul></ul><ul><ul><li>Do not have Internal Battery Power </li></ul></ul><ul><ul><li>Short Range Communications </li></ul></ul><ul><ul><li>Read Only Tags </li></ul></ul><ul><ul><li>Active RFID Tag </li></ul></ul><ul><ul><li>Have Own Internal Battery </li></ul></ul><ul><ul><li>Long Range Communications </li></ul></ul><ul><ul><li>Read/Write Tags </li></ul></ul>
  9. 9. RFID Components <ul><li>RFID Reader </li></ul><ul><ul><li>Antenna, Transceiver and Decoder </li></ul></ul><ul><ul><li>Sends Signals to Query Tag data </li></ul></ul><ul><ul><li>Read or Read/Write the tags </li></ul></ul><ul><li>RFID Middleware </li></ul><ul><ul><li>Data processing </li></ul></ul><ul><ul><li>Connects to Backend Database </li></ul></ul>
  10. 10. Common Uses of RFID Systems <ul><li>Hospitals </li></ul><ul><li>Track Patient Location </li></ul><ul><li>Track Expensive & Critical equipments </li></ul><ul><li>Pet identification </li></ul><ul><ul><li>Animal Identification Purpose </li></ul></ul><ul><ul><li>Control Rabies – Portugal Gov </li></ul></ul><ul><li>Retail stores </li></ul><ul><li>Monitor & Control Inventory </li></ul><ul><li>Supply Chain Management </li></ul>
  11. 11. Common Uses of RFID Systems <ul><li>Traffic Monitoring </li></ul><ul><li>Roadside RFID readers to collect signals </li></ul><ul><li>Passports </li></ul><ul><li>The first RFID passports were issued by Malaysia in 1998 </li></ul><ul><li>Records the travel history of entries and exists </li></ul><ul><li>Human implants </li></ul>
  12. 12. RFID Threats <ul><li>Sniffing </li></ul><ul><li>-- Skimming of digital passports </li></ul><ul><li>Spoofing </li></ul><ul><li>-- SQL injection, Buffer Overflow attacks </li></ul><ul><li>Denial of Service </li></ul><ul><li>-- e.g.. Hospital applications </li></ul>
  13. 13. RFID Threats <ul><li>Replay Attacks </li></ul><ul><li>-- Man in the Middle Attack </li></ul><ul><li>-- e.g. Passport Readers </li></ul><ul><li>Unwanted Tracking </li></ul><ul><li>-- Tracking without the Knowledge </li></ul>
  14. 14. Real World Scenarios <ul><li>In Retail Stores </li></ul><ul><ul><li>Attacker purchase product that has RFID tag attached </li></ul></ul><ul><ul><li>Writes a virus in Blank RFID Tag </li></ul></ul><ul><ul><li>Attaches the Virus Tag to the product </li></ul></ul><ul><ul><li>Whole Product database system is infected </li></ul></ul>
  15. 15. Real World Scenarios <ul><li>In Pet </li></ul><ul><ul><li>Pet with RFID Tag attached </li></ul></ul><ul><ul><li>Writes a virus in Pet RFID Tag </li></ul></ul><ul><ul><li>Asks for Pet Scan </li></ul></ul><ul><ul><li>Database system is infected </li></ul></ul><ul><ul><li>Newly-tagged animals also infected </li></ul></ul>
  16. 16. Real World Scenarios <ul><li>In Airport Baggage system </li></ul><ul><ul><li>Baggage handling Systems with RFID tags </li></ul></ul><ul><ul><li>Easier to read at greater distances </li></ul></ul><ul><ul><li>Virus Tag attached to baggage </li></ul></ul><ul><ul><li>Whole Database system is infected </li></ul></ul><ul><ul><li>E.g. Smugglers or terrorists to hide their baggage </li></ul></ul>
  17. 17. RFID Passports <ul><li>Advantages </li></ul><ul><ul><ul><li>Avoid human errors by immigration officials </li></ul></ul></ul><ul><ul><ul><li>Efficiency of processing passenger data </li></ul></ul></ul><ul><ul><ul><li>Safeguard against counterfeit passports </li></ul></ul></ul><ul><li>Problems </li></ul><ul><ul><ul><li>Skimming </li></ul></ul></ul><ul><ul><ul><li>Eavesdropping </li></ul></ul></ul>
  18. 18. Problems with RFID Systems <ul><li>Lots of Source Code </li></ul><ul><ul><li>RFID tags – Power constraint </li></ul></ul><ul><ul><li>RFID middleware – Millions of Code </li></ul></ul><ul><ul><li>Software Bugs </li></ul></ul><ul><li>Generic Protocols and Facilities </li></ul><ul><ul><li>RFID middleware on existing internet architecture </li></ul></ul><ul><ul><li>Internet attacks </li></ul></ul>
  19. 19. Problems with RFID Systems <ul><li>Back-End Databases </li></ul><ul><ul><li>Data Collection Centre – Core Part </li></ul></ul><ul><ul><li>Critical part of the RFID system </li></ul></ul><ul><ul><li>Databases have their own unique attacks </li></ul></ul><ul><li>High-Value Data </li></ul><ul><ul><li>Extremely confidential Data </li></ul></ul><ul><ul><li>Eg. Data on e-passports </li></ul></ul><ul><ul><li>Harms tagged real-world objects </li></ul></ul><ul><li>False Sense of Security </li></ul>
  20. 20. RFID-Based Exploits <ul><li>RFID tags directly exploits back-end RFID Middleware </li></ul><ul><li>Manipulation of less than 1K bits of on-tag RFID data can exploit security holes in RFID middleware </li></ul><ul><li>RFID Middleware attacks requires more cleverness than resources  </li></ul>
  21. 21. RFID Attacks <ul><li>The Main types of RFID Exploits : </li></ul><ul><ul><ul><li>SQL Injection Attack </li></ul></ul></ul><ul><ul><ul><li>Buffer Overflow Attack </li></ul></ul></ul><ul><ul><ul><li>Code Insertion Attack </li></ul></ul></ul>
  22. 22. SQL Injection Attack <ul><li>“ A SQL Injection attack is a form of attack that comes from user input that has not been checked to see that it is valid. The objective is to fool the database system into running malicious code that will reveal sensitive information” </li></ul><ul><li>RFID tag written with a virus, can attack the backend database used by the RFID middleware </li></ul><ul><li>It may be possible to trigger the database into executing SQL code that is stored on the tag. This process is referred to as SQL injection </li></ul>
  23. 23. SQL Injection Attack <ul><li>Once a virus, worm, or other malware has entered the database, subsequent tags written from the database may be infected and the problem may spread. </li></ul><ul><li>Example: Airport Baggage System Attack </li></ul><ul><li>Which uses the RFID tag attached to the baggage </li></ul>
  24. 24. SQL Injection Attack <ul><li>Suppose the airport middleware has a template for queries </li></ul><ul><ul><li>&quot;Look up the next flight to <x>&quot; </li></ul></ul><ul><li>where <x> is the airport code written on the tag when the bag was checked in. </li></ul><ul><li>The middleware then builds a query from the fetched data. </li></ul><ul><li>Suppose the bag has a bogus tag with data </li></ul><ul><li>&quot;LHR; shutdown“ </li></ul>
  25. 25. SQL Injection Attack <ul><li>Incorrectly filtered escape characters </li></ul><ul><li>“ This form of SQL injection attack takes place when the user input data is not properly filtered for escape characters and is directly passed on into the SQL query ” </li></ul><ul><li>Example: </li></ul><ul><ul><li>Stmt: = “SELECT * FROM users WHERE name = “’+ username + ’”;” </li></ul></ul><ul><li>The Above SQL Stmt can cause problems in Authentication systems </li></ul>
  26. 26. Buffer Overflow Attack <ul><li>“ A buffer overflow is an anomalous condition where a process attempts to store data beyond the boundaries of a fixed length buffer.” </li></ul><ul><li>Results Writing extra information or executable code on adjacent memory locations. </li></ul><ul><li>The overwritten data may include other buffers, variables and program flow data. </li></ul>
  27. 27. Buffer Overflow - Causes <ul><li>Improper use of languages such as C or C++ that are considered to be non memory-safe. </li></ul><ul><li>Functions without bounds checking like strcpy, strlen, gets etc </li></ul><ul><li>Functions with null termination problems like strncpy, strncat etc </li></ul><ul><li>User- created functions with pointer bugs </li></ul>
  28. 28. Buffer Overflow Attack - Example <ul><li>Attacker entering intentionally longer data than actually allocated in the Buffer </li></ul><ul><li>Example in RFID system </li></ul><ul><li>Suppose an application uses 128-byte tags </li></ul><ul><li>Attacker tries to use a 512-byte fake tag or an even larger one  Buffer Overflow Attack </li></ul>
  29. 29. Exploitations of Buffer Overflow <ul><li>Classified as : </li></ul><ul><ul><ul><li>Stack - Based exploitation </li></ul></ul></ul><ul><ul><ul><li>Heap - Based exploitation </li></ul></ul></ul>
  30. 30. Exploitations of Buffer Overflow <ul><li>Stack - Based exploitation </li></ul><ul><ul><li>Manipulate the program by overwriting a local variable or Return address on the stack </li></ul></ul><ul><li>Heap - Based exploitation </li></ul><ul><ul><li>Generally do not contain return addresses such as the stack </li></ul></ul><ul><ul><li>Overwrite internal structures such as linked list and pointers </li></ul></ul>
  31. 31. Code Insertion Attack <ul><li>Malicious code injected into an application by an attacker, using any of scripting languages like VBScript, JavaScript, Perl etc </li></ul><ul><li>Special Characters in Input data like </li></ul><ul><li>< > . ' % ; ) ( & + - </li></ul><ul><li>Inserting malicious URLs </li></ul>
  32. 32. Protect against RFID Attacks <ul><li>Code review </li></ul><ul><li>Rigorous Code Review of Middleware Code </li></ul><ul><li>Bounds checking </li></ul><ul><li>Proper bounds checking either by programmer or compiler </li></ul><ul><li>Right choice of programming language </li></ul><ul><li>This Prevents against buffer Overflow attacks </li></ul>
  33. 33. Protect against RFID Attacks <ul><li>Parameter binding </li></ul><ul><li>Use Stored procedures </li></ul><ul><li>Bound parameters using the PREPARE statement are not treated as a value </li></ul><ul><li>Prevents against SQL Injection Attack </li></ul><ul><li>Sanitize the input </li></ul><ul><li>Use built-in data sanitizing available functions </li></ul><ul><li>Limit Database Permissions </li></ul><ul><li>Offer limited rights </li></ul><ul><li>Tables should be made read-only or inaccessible </li></ul><ul><li>The execution of multiple SQL statements in a single query. </li></ul>
  34. 34. Conclusion <ul><li>We have Discussed </li></ul><ul><ul><li>RFID in General </li></ul></ul><ul><ul><li>RFID Attacks </li></ul></ul><ul><ul><li>Prevention solutions </li></ul></ul><ul><li>“ Talking barcodes that change our lives” </li></ul><ul><li>BBC NEWS </li></ul>
  35. 35. Danke Schön