Published on

  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • This presentation is based on the article and the IEEE paper from today’s reader. It’s intended to highlight the security and privacy risks associated with radio-frequency identification systems.
  • RF-ID works with a reader and a tag attached to an object. The reader sends a message in the form radio waves to the tag. Similarly the tag returns an answer in the form of radio waves.
  • There are two types of tags. The passive tag is non-powered. When the reader talks to it, the signal from the reader provides it the required charge to talk back. Active tag has an on-board battery, memory and clock. Active tags are writable and more secure but also more expensive.
  • Currently most emerging uses of RF-ID are happening in the shopping stores, auto-industry to tag auto-parts, toll-gates to avoid standing in the line, various security applications (Viagra) and ID systems.
  • Before I go into more details of the security aspects, I’d like to present two generalized scenarios that capture the most basic security concerns. In scenario 1, the question arises in regards to device authentication. Does the Reader trust the Tag or vice versa. Without trust, how secure is for two devices to talk to each other?
  • In scenario 2, assume the tag and the reader trust each other but their communication channel is unprotected. Therefore, someone in the proper range with radio-wave capturing device can listen to the messages in transit. The picture here depicts passive eavesdropping, but if the eavesdropper were to intercept the messages and alter them, then it becomes a man-in-the-middle attack, which is obviously more harmful.
  • There are other more sophisticated attacks such as …
  • This a short intro about E-passport. It is what it implies. A passport that can be used electronically for some purpose. It fuses RF-ID and biometrics technology to identify individuals. It follows standards International Civil Aviation organization. The above is a sample list of countries that use E-passports.
  • ICAO standards provide a list of mandatory and optional operations to be supported by E-passports. If one implements only the mandatory operations, one has to deal with several security flaws. The data in the chip can be read by anyone nearby with a reader. Uninformed wireless transmission means the passport holder doesn’t know when and which reader is reading data from the passport. . Data in transit is unprotected as we saw before.
  • Here’s an example of an E-passport. I got it from a website. As you can see the chip on the passport contains your identification data and biometric data. It communicates in 13.56 frequency. A hacker in proper range can pose security and privacy concerns.
  • Now I am going to go over the details of various potential attacks that can jeopardize your privacy. Here we assume, one implements only the mandatory features of ICAO standards. Clandestine scanning happens when a malicious party just reads the data off the chip.
  • Clandestine tracking happens due to static chip ID stored in the chip. As you move from one location to another, readers in these locations can identify you based on the unique ID. This creates a trail of your movement.
  • Skimming and Clone happens when because the data in the chip is unprotected, someone can steal it and put it in their own passport. If there’s not a human oversight in the reader location, the fake passport will be accepted as valid. Biometric data is forged by wearing a mask or gummy finger.
  • We saw eavesdropping before. But here’s an more grave situation that can happen. Currently E-passports are envisioned to be used in airports, but with more popularity it might see use in e-commerce, access to high security labs, which might cause unforeseen security risks. Labs might require a different set of identifiers to be stored in the chip than airport customs. This effect can help an eavesdropper collect a vast amount of data about you.
  • Biometric data leakage. To use biometric identifiers, one needs to go through a biometric enrollment process where high quality pictures of the face or iris or whatever it is taken and they are run through an extraction algorithm to create a template. The template in turn is stored in the chip. Now going back to clandestine scanning/eavesdropping, the hacker can get hold the biometric template.
  • This slide shows what happens when the bio template falls in the hands of the hacker. He can use it at other places to forge his identity.
  • Next problem is perpetual access. ICAO prescribes an optional operation for basic access control. But the access control keys remain the same until a new passport is obtained. Which means a reader that gets hold the key, can store it and has access to it forever.
  • In summary, the attacks can be grouped in two categories. The first one is you lose your identity. The second is tracking or hotlisting which means a history of your movement can be built and a malicious party can identify you based simply on the unique ID of the chip without any other identifiers such as photograph or name.
  • ICAO prescribes some optional security features. Access control is of them. It allows the tag to make sure the receiver is authentic. This is the crypto process that does the access control. In the first step, the tag sends a 64 bit nonce to receiver. The receiver than creates two nonce, one secret and one public. It concats these nonce and the one received from the tag. It then encrypts that with the key KENC. CR is then mac-ed with KMAC. Thing to remember is KENC and KMAC are symmetric keys, so both parties have access to it.
  • Active authentication is another optional procedure. It allows the receiver to authenticate the tag. The process allows the tag to prove to the receiver that it has the correct combination of public private key pair.
  • This is the only mandatory crypto operation in ICAO standards. Passport issuing country digitally sign the identifiers and biometric data in the chip. But this process only assures that data in the chip has not be tampered with, but makes no guarantee about the person carrying the passport.
  • We need to revisit access control crypto process to show a weakness in there.
  • ICAO standards specifies a max number of bits used in access control keys to be 52 bits. This creates a low entropy for the keys. Entropy is the uncertainty involved in tracking a scrambled number back to its original.
  • RFID Talk

    1. 1. RF-ID: Security and Privacy Risks -Ashraful Alam
    2. 2. How does RF-ID work? Tag Reader Pictures taken from http://www.trovan.com/aboutrfidhow.htm
    3. 3. Types of Tags <ul><li>Passive Tag ( power-less): </li></ul><ul><li>Active Tag ( self-powered ): </li></ul>Short Range (3m or less) Long Range (100m or more) Battery Memory Clock
    4. 4. Typical/Potential Uses of RFID <ul><li>Replacement for barcodes in grocery and retail </li></ul><ul><li>Sensor-enabled tags in auto-industry </li></ul><ul><li>Toll-gates </li></ul><ul><li>Security applications </li></ul><ul><li>Individual Identification systems </li></ul>The paper discusses the security and privacy risks from personal individual ID systems perspective.
    5. 5. General Security and Privacy Risks <ul><li>Scenario 1 (device authentication): </li></ul>? Is the Reader authentic? Is the Tag authentic?
    6. 6. General Security and Privacy Risks <ul><li>Scenario 2 (unprotected communication): </li></ul>Query Answer eavesdropping
    7. 7. General Security and Privacy Risks <ul><li>Other scenarios: </li></ul><ul><ul><ul><li>Laser/Water Etching </li></ul></ul></ul><ul><ul><ul><li>X-ray </li></ul></ul></ul><ul><ul><ul><li>Ion probing </li></ul></ul></ul><ul><ul><ul><li>TEMPEST attack </li></ul></ul></ul><ul><ul><ul><li>Clock glitching </li></ul></ul></ul><ul><ul><ul><li>Circuit disruption etc. </li></ul></ul></ul>
    8. 8. E-Passport <ul><li>Fusion of RF-ID and Biometrics technology to provide identification. </li></ul><ul><li>Follows International Civil Aviation Organization ( ICAO ) guidelines for interoperability. </li></ul>Malaysia, Myanmar Australia, New Zealand USA Netherlands, Germany, Belgium
    9. 9. E-Passport <ul><li>Flaws in ICAO Standards: </li></ul><ul><ul><li>Unprotected data: The digitally signed data page information contained within the electronic chip is freely available to any suitably equipped device. </li></ul></ul><ul><ul><li>Uninformed wireless transmission: There is no mechanism to notify the passport holder when data is wirelessly transmitted to a requesting party. </li></ul></ul><ul><ul><li>Unprotected wireless transmission: The information is transmitted wirelessly in the clear (not encrypted). </li></ul></ul>
    10. 10. E-Passport
    11. 11. Possible Attacks on E-Passports <ul><li>Without additional security features, ICAO standards can make E-Passports vulnerable to: </li></ul><ul><li>1. Clandestine Scanning </li></ul>Sign (Name, Birth date Passport No.) + Biometric data Hacker Approx. 3 feet
    12. 12. Possible Attacks on E-Passports <ul><li>2. Clandestine Tracking </li></ul>Unique Chip ID Location 1 Location 2 Location 3 Movement History
    13. 13. Possible Attacks on E-Passports <ul><li>3. Skimming and cloning </li></ul>Valid Passport Fake Passport Stolen data Accepted Accepted because the digital signature on e-passport confirms data integrity, not carrier authenticity.
    14. 14. Possible Attacks on E-Passports <ul><li>4. Eavesdropping </li></ul>Query Answer eavesdropping Several Meters Query Answer Airport customs Computer Lab Mall Theater Function Creep
    15. 15. Possible Attacks on E-Passports <ul><li>5. Biometric data leakage </li></ul>Clandestine scanning /Eavesdropping Hacker Biometric Enrollment Facial Image/ retina Image/ Fingerprint image Extraction Algorithm Template
    16. 16. Possible Attacks on E-Passports <ul><li>5. Biometric Spillover </li></ul>Clandestine scanning /Eavesdropping Hacker Biometric Reader Grocery Store Biometric Reader Computer Lab
    17. 17. Possible Attacks on E-Passports <ul><li>7. Perpetual Access </li></ul>Static authentication key for the passport Foreign Customs Customs DB Permanently saved
    18. 18. Summary of Attacks <ul><li>The attacks can be grouped in two categories: </li></ul><ul><li>1) Identity theft : Name, birth date, social security, photograph are falling in the hands of criminals. </li></ul><ul><li>2) Tracking and Hotlisting : Static identifiers map a person to a number/string. Once this mapping is obtained, later on, a person can be identified based simply on the presence of the identifiers. </li></ul>
    19. 19. Cryptography in E-Passports <ul><li>Access Control (Receiver authentication): </li></ul>r R , k R R {0, 1} 64 (k R = receiver’s secret nonce) S R := r R || r T || k R C R := E K ENC (S R ) M R := M K MAC (C R ) C R ||M R r T R {0, 1} 64 Check if M KMAC (C R ) == M R If yes, Decrypt(C R ) = r R || r T || k R k T R {0, 1} 64, (k T = tag’s secret nonce) S T := r T || r R || k T ,, C T := E K ENC (S T ) M T := M K MAC (C T ) C T ||M T Receiver Tag Session Key = K T (XOR) R T Session Key = K T (XOR) R T K ENC and K MAC are symmetric keys If you are in a country whose symmetric keys are not stored in your e-passport Tag, access control is useless
    20. 20. Cryptography in E-Passports <ul><li>Active authentication (Tag authentication): </li></ul>r R R {0, 1} 64 M 1 R {0, 1} 64 X := M 1 ||r R Sig SK1 (X) Decrypt SK2 (X) = X Check if r R in X matches it’s own r R If yes, Tag is authenticated. Public Key of Tag Private Key of Tag
    21. 21. Cryptography in E-Passports <ul><li>Passive authentication (ICAO mandatory): </li></ul>Passport Issuing Country P Private Key = K P K (Name, …) Digital Signature ensures data integrity but not holder authenticity
    22. 22. Cryptography in E-Passports <ul><li>Revisiting Access Control: </li></ul>r R , k R R {0, 1} 64 (k R = receiver’s secret nonce) S R := r R || r T || k R C R := E K ENC (S R ) M R := M K MAC (C R ) C R ||M R r T R {0, 1} 64 Check if M KMAC (C R ) == M R If yes, Decrypt(C R ) = r R || r T || k R k T R {0, 1} 64, (k T = tag’s secret nonce) S T := r T || r R || k T ,, C T := E K ENC (S T ) M T := M K MAC (C T ) C T ||M T Receiver Tag Session Key = K T (XOR) R T Session Key = K T (XOR) R T K ENC and K MAC are symmetric keys
    23. 23. Cryptography in E-Passports <ul><li>Weakness in ICAO Access Control: </li></ul><ul><ul><li>Entropy of K ENC and K MAC are too small ( 52 bits max.) </li></ul></ul><ul><ul><ul><li>Definition: Entropy – Probability (or lg measure of the number of exhaustive searches) of finding a piece of data. </li></ul></ul></ul><ul><ul><li>Fixed keys for access control. No facility for reader revocation. </li></ul></ul>
    24. 24. Improving the Situation <ul><li>Faraday Cages </li></ul><ul><ul><li>Add RF blocking materials to the cover </li></ul></ul><ul><li>Larger secrets for Access Control </li></ul><ul><ul><li>Current size has a 52 bits entropy. Can be brute-forced in couple of hours. </li></ul></ul><ul><ul><li>So increase the key size to 128 bits </li></ul></ul><ul><li>Session based Identifiers </li></ul><ul><ul><li>UIDs should not persist across sessions. </li></ul></ul><ul><li>Reader revocation </li></ul><ul><ul><li>Time expiring certificates attached to readers. </li></ul></ul><ul><ul><li>Old keys are erased from reader database. </li></ul></ul>
    25. 25. Improving the Situation <ul><li>Extend ICAO Standards </li></ul><ul><ul><li>Current standards provide only the bare bones to meet interoperability criteria. </li></ul></ul><ul><ul><li>Individual parties should provide the optional security mechanisms (e.g., access control, on-board crypto processor) as well. </li></ul></ul><ul><ul><li>More research on memory-efficient cryptography </li></ul></ul>
    26. 26. Commercial Solution <ul><li>RIMCO Co. proposed secure chip with on-board crypto processor </li></ul>Crypto Processors
    27. 27. Challenges <ul><li>1. Lack of real-estate </li></ul><ul><ul><li>The ICs on the Tags are dust-sized objects. No enough space to fit in appropriate sized memory. </li></ul></ul><ul><li>2. Cost effectiveness </li></ul><ul><ul><ul><li>Price per chip needs to be under US$0.10. </li></ul></ul></ul><ul><ul><ul><li>Chips are ordered in millions. So a $0.01 cost differential can save millions of dollars for the buyers. </li></ul></ul></ul>
    28. 28. Challenges <ul><li>Catch-22 </li></ul>On-board cryptographic technologies require larger memory. VS Self-powered Active Tag improves security. Lack of real estate. Cost effectiveness