Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
RFID Vulnerabilities, Flaws and Exploits   Mauro Risonho de Paula Assumpção  Backtrack Brazil  [email_address] NÃO ENVIADO...
What is RFID?   <ul><li>Radio Frequency Identification </li></ul><ul><li>Identification devices where the interface for co...
Main types   <ul><li>Memory cards with access control   </li></ul><ul><ul><li>Main applications are: ticketing in public t...
Main types   <ul><li>Proximity cards for physical access control   </li></ul><ul><ul><li>Besides the Mifare, there are sev...
Main types   <ul><li>Cryptographic cards   </li></ul><ul><ul><li>There are also cards with contactless cryptographic copro...
Where the fun begins ...   A little more on the Mifare
Mifare Classic <ul><li>Structure of memory   </li></ul><ul><ul><li>16 sectors   </li></ul></ul><ul><ul><li>4 blocks per se...
Mifare Classic <ul><li>Structure of memory   </li></ul>Blocks Sector
Mifare Classic <ul><li>Serial number   </li></ul><ul><ul><li>4 or 7 bytes static (hardcoded)   </li></ul></ul><ul><ul><li>...
Mifare Classic <ul><li>Block diagram </li></ul>
Mifare Classic <ul><li>Main components   </li></ul><ul><ul><li>Interface RF   </li></ul></ul><ul><ul><li>Anti-collision: a...
Mifare Classic <ul><li>3-step authentication   </li></ul><ul><ul><li>The reader specifies the sector to be accessed and us...
Mifare Classic <ul><li>Authentication three steps (continued)   </li></ul><ul><ul><li>The reader returns to the card numbe...
Mifare Classic <ul><li>Authentication 3 steps (continued)   </li></ul><ul><ul><li>The card decrypts the challenge and send...
Mifare Classic <ul><li>Card Access   </li></ul><ul><ul><li>Set of commands supported by the card's owner and are programme...
Reading Mifare cards
Reading Mifare cards   <ul><li>Tools </li></ul><ul><ul><li>Contactless reader (HID Omnikey 5321)   </li></ul></ul><ul><ul>...
Reading Mifare cards <ul><li>Protocol Mifare Classic </li></ul><ul><li>Size: 1024 bytes </li></ul><ul><li>Authenticating s...
Reading Mifare cards <ul><li>The Mifare card reading blank was only possible because he was set up with keys (A and B) sta...
Safety aspects
Safety aspects   <ul><li>Mifare card security is supported by the proprietary algorithm CRYPTO1   </li></ul><ul><li>First ...
Safety aspects <ul><li>Vulnerabilities CRYPTO1   </li></ul><ul><ul><li>Time dependence of the random number generator allo...
Safety aspects <ul><li>Operation CRYPTO1   </li></ul>
Safety aspects <ul><li>Other articles which were published on the security of Mifare cards   </li></ul><ul><ul><li>A Pract...
Safety aspects <ul><li>The attacks made so far, allowed the creation of clones of smart cards using auxiliary equipment   ...
Safety aspects
Safety aspects
DEMO
Safety aspects <ul><li>The security problems are pointed out related to the fragility of CRYPTO1 </li></ul><ul><li>The att...
References
References   <ul><li>ISO 14443-1 / 2 / 3 </li></ul><ul><li>NXP - Mifare functional specification (2008) </li></ul><ul><li>...
Upcoming SlideShare
Loading in …5
×

Nullcon 2011 RFID - NÂO ENVIADO AO EVENTO

1,643 views

Published on

Nullcon 2011 RFID - NÂO ENVIADO AO EVENTO

Published in: Technology, Business
  • Be the first to comment

Nullcon 2011 RFID - NÂO ENVIADO AO EVENTO

  1. 1. RFID Vulnerabilities, Flaws and Exploits Mauro Risonho de Paula Assumpção Backtrack Brazil [email_address] NÃO ENVIADO AO EVENTO
  2. 2. What is RFID? <ul><li>Radio Frequency Identification </li></ul><ul><li>Identification devices where the interface for communication with the reader is wireless </li></ul><ul><li>It encompasses the physical layer and communication protocols for identification devices (people, goods comsume, animals, etc.) </li></ul><ul><li>May be proprietary or standardized </li></ul>
  3. 3. Main types <ul><li>Memory cards with access control </li></ul><ul><ul><li>Main applications are: ticketing in public transport and physical access control </li></ul></ul><ul><ul><li>Memory is divided into sectors where each sector is protected by an encryption key </li></ul></ul><ul><ul><li>Operates at 13.56 MHz with a maximum range for reading / writing to 10cm </li></ul></ul><ul><ul><li>Mifare standard card is the ISO14443 series </li></ul></ul>
  4. 4. Main types <ul><li>Proximity cards for physical access control </li></ul><ul><ul><li>Besides the Mifare, there are several others also known as proximity cards </li></ul></ul><ul><ul><li>Contactless cards from a proprietary format: </li></ul></ul><ul><ul><ul><li>Indala, HID iClass, HID Prox and other </li></ul></ul></ul><ul><ul><li>Operating in the 125MHz band with short-range </li></ul></ul>
  5. 5. Main types <ul><li>Cryptographic cards </li></ul><ul><ul><li>There are also cards with contactless cryptographic coprocessor </li></ul></ul><ul><ul><li>Can have both interfaces (contact and contactless) </li></ul></ul><ul><ul><li>We also support the standard ISO14443 </li></ul></ul>
  6. 6. Where the fun begins ... A little more on the Mifare
  7. 7. Mifare Classic <ul><li>Structure of memory </li></ul><ul><ul><li>16 sectors </li></ul></ul><ul><ul><li>4 blocks per sector (one block = 16 bytes) </li></ul></ul><ul><ul><li>Control access by individual sector </li></ul></ul><ul><ul><ul><li>Key A and Key B </li></ul></ul></ul><ul><ul><ul><li>Access conditions </li></ul></ul></ul><ul><ul><li>Each key has 48 bits </li></ul></ul><ul><ul><li>Serial number + manufacturer information are hardcoded in the block 0/setor 0 </li></ul></ul>
  8. 8. Mifare Classic <ul><li>Structure of memory </li></ul>Blocks Sector
  9. 9. Mifare Classic <ul><li>Serial number </li></ul><ul><ul><li>4 or 7 bytes static (hardcoded) </li></ul></ul><ul><ul><li>7 random bytes, where each new channel of communication established with the reader a new serial number is generated </li></ul></ul>
  10. 10. Mifare Classic <ul><li>Block diagram </li></ul>
  11. 11. Mifare Classic <ul><li>Main components </li></ul><ul><ul><li>Interface RF </li></ul></ul><ul><ul><li>Anti-collision: allows interaction of two or more cards with a single reader (ISO 14443) </li></ul></ul><ul><ul><li>Authentication: controls access to any region of memory </li></ul></ul><ul><ul><li>ALU (Arithmetic Logic Unit): manages the operations of addition / subtraction when the card stores values in memory </li></ul></ul><ul><ul><li>Crypto: algorithm implementation CRYPTO1 (stream cipher) to establish secure channel between card and reader </li></ul></ul>
  12. 12. Mifare Classic <ul><li>3-step authentication </li></ul><ul><ul><li>The reader specifies the sector to be accessed and used the A or B key to access this </li></ul></ul><ul><ul><li>The card reads the key sent by the reader and encrypt a random number which is sent to the reader (challenge card) <Passing 1> </li></ul></ul><ul><ul><li>The reader decrypts the challenge using the same card key </li></ul></ul>
  13. 13. Mifare Classic <ul><li>Authentication three steps (continued) </li></ul><ul><ul><li>The reader returns to the card number along with a new decoded random number encrypted by the reader (the reader challenge) <Passing 2> </li></ul></ul><ul><ul><li>The card checks the decrypted number compared to the same that was previously sent </li></ul></ul>
  14. 14. Mifare Classic <ul><li>Authentication 3 steps (continued) </li></ul><ul><ul><li>The card decrypts the challenge and sends the reader back to the reader <Passing 3> </li></ul></ul><ul><ul><li>The reader checks the response returned by the card </li></ul></ul><ul><ul><li>At the end of this process is established an encrypted communications channel between card and reader </li></ul></ul>
  15. 15. Mifare Classic <ul><li>Card Access </li></ul><ul><ul><li>Set of commands supported by the card's owner and are programmed into the chip reader </li></ul></ul><ul><ul><li>An application interacts with the card using a specific bilbioteca of NXP which is linked directly with the controller chip reader </li></ul></ul>
  16. 16. Reading Mifare cards
  17. 17. Reading Mifare cards <ul><li>Tools </li></ul><ul><ul><li>Contactless reader (HID Omnikey 5321) </li></ul></ul><ul><ul><li>Opensource library for interaction with readers and contactless devices - Librfid (ww.openmrtd.org / projects / librfid /) </li></ul></ul><ul><ul><li>Sample of a blank card Mifare 1K </li></ul></ul>
  18. 18. Reading Mifare cards <ul><li>Protocol Mifare Classic </li></ul><ul><li>Size: 1024 bytes </li></ul><ul><li>Authenticating sector 0: mifare auth succeeded! </li></ul><ul><li>Reading sector 0 </li></ul><ul><li>Reading block 0: Page 0x0: d4 0f 01 ac 76 88 04 00 47 c1 1e 38 65 00 48 05 </li></ul><ul><li>Reading block 1: Page 0x1: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 </li></ul><ul><li>Reading block 2: Page 0x2: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 </li></ul><ul><li>Reading block 3: Page 0x3: 00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff </li></ul><ul><li>Authenticating sector 1: mifare auth succeeded! </li></ul><ul><li>Reading sector 1 </li></ul><ul><li>Reading block 4: Page 0x4: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 </li></ul><ul><li>Reading block 5: Page 0x5: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 </li></ul><ul><li>Reading block 6: Page 0x6: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 </li></ul><ul><li>Reading block 7: Page 0x7: 00 00 00 00 00 00 ff 07 80 69 ff ff ff ff ff ff </li></ul><ul><li>Authenticating sector 2: mifare auth succeeded! </li></ul><ul><li>And so for the other sectors and blocks ... </li></ul>número de série dados Chave A Chave B Access cond. bits
  19. 19. Reading Mifare cards <ul><li>The Mifare card reading blank was only possible because he was set up with keys (A and B) standard </li></ul><ul><li>A card, such as the “Bilhete Único” could not be read or changed (Used in Bus - Brazil) </li></ul>
  20. 20. Safety aspects
  21. 21. Safety aspects <ul><li>Mifare card security is supported by the proprietary algorithm CRYPTO1 </li></ul><ul><li>First work was done by Karsten Nohl, &quot;Starbug and Henryk Plötz the Chaos Communication Camp 2007 in Berlin </li></ul><ul><li>The CRYPTO1 was the focus of this first analysis of the Mifare cards </li></ul><ul><li>The operation of CRYPTO1 was deduced through reverse engineering </li></ul>
  22. 22. Safety aspects <ul><li>Vulnerabilities CRYPTO1 </li></ul><ul><ul><li>Time dependence of the random number generator allows control of the numbers to be generated </li></ul></ul><ul><ul><li>Only 16 bits of the 32 bits used to authenticate three steps are in fact random </li></ul></ul><ul><ul><li>Reverse Engineering by observation of the chip allowed to deduct the functioning of CRYPTO1 </li></ul></ul>
  23. 23. Safety aspects <ul><li>Operation CRYPTO1 </li></ul>
  24. 24. Safety aspects <ul><li>Other articles which were published on the security of Mifare cards </li></ul><ul><ul><li>A Practical Attack on the MIFARE Classic – CARDIS 2008, LNCS 5189, pp. 267–282, 2008. </li></ul></ul><ul><ul><li>Dismantling MIFARE Classic – ESORICS 2008, LNCS 5283, pp. 97–114, 2008. </li></ul></ul>
  25. 25. Safety aspects <ul><li>The attacks made so far, allowed the creation of clones of smart cards using auxiliary equipment </li></ul><ul><li>It was also possible to manipulate the contactless communication channel in order to observe the data traffic </li></ul>
  26. 26. Safety aspects
  27. 27. Safety aspects
  28. 28. DEMO
  29. 29. Safety aspects <ul><li>The security problems are pointed out related to the fragility of CRYPTO1 </li></ul><ul><li>The attacks shown not to apply for PKI smart cards, such as electronic passports </li></ul>
  30. 30. References
  31. 31. References <ul><li>ISO 14443-1 / 2 / 3 </li></ul><ul><li>NXP - Mifare functional specification (2008) </li></ul><ul><li>Mifare Security. Karsten Nohl, &quot;Starbug&quot; e Henryk Plötz </li></ul><ul><li>A Practical Attack on the MIFARE Classic. Gerhard de Koning Gans, Jaap-Henk Hoepman, and Flavio D. Garcia. </li></ul><ul><li>Dismantling MIFARE Classic. Flavio D. Garcia, Gerhard de Koning Gans, Ruben Muijrers, Peter van Rossum, Roel Verdult, Ronny Wichers Schreur, and Bart Jacobs </li></ul>

×