Presentation is loading. Please wait.

Presentation is loading. Please wait.

RFID Security and Privacy  Issues and Countermeasures

Similar presentations

Presentation on theme: "RFID Security and Privacy  Issues and Countermeasures"— Presentation transcript:

1 RFID Security and Privacy  Issues and Countermeasures
Dr. Qinghan Xiao Defence R&D Canada – Ottawa November 13, 2009

2 The agency is made up of seven research centres located across Canada
Deference R&D Canada Defense R&D Canada is an agency of the Canadian Department of National Defense responding to the scientific and technological needs of the Canadian Forces The agency is made up of seven research centres located across Canada DRDC Centre for Security Science (DRDC CSS) DRDC Centre for Operational Research and Analysis (DRDC CORA)

3 Network Information Operations Section
Attack Detection and Analysis Situational awareness of the information technology infrastructure Network traffic analysis Secure Mobile Networking Secure Ad-hoc Peer-to-Peer Networking Secure Wireless LANs Information Protection and Assurance Secure access control capability Biometrics RFID Security in a Net-Centric Environment

4 Overview of Security Risks with RFID RFID Vulnerabilities
Outline Overview of Security Risks with RFID Three areas of concern RFID Vulnerabilities Unauthorized reading/writing, trigger device, etc. Type of Attacks Reverse engineering, eavesdropping, etc. Privacy Issues Tracking and tracing, profile a person’s habits, etc. Countermeasures Authentication, encryption, etc.

5 Contactless Technologies
RFID Class Description Applications Memory Types Range Proprietary (125kHz) Basic RFID Passive Access, Inventory ROM, EPROM ~ 1 meter EPC Global/ISO18000 (900MHz – 2.45GHz) Tolling, Inventory ~ 10 meters ISO/IEC 15693 (13.56MHz) Smart Label Access, Inventory, Electronic Ticketing ROM, RAM, EEPROM, FRAM ISO/IEC14443 A/B (13.56MHz) Microcontroller Access, Payment ~ 10 cm Active RFID (303Mhz – 2400MHz) Active Inventory, Tolling ROM, RAM, EEPROM ~ 100 meters +

6 Security Risks with RFID
Network-Based Risks are related to traditional network security risks need to be addressed by the IA community Tag cloning risks become important as the government and companies increasingly take the advantage of automatic identification technologies Attack risks introduced by adopting RFID technology Networked Reader Attacks RFID-Induced Network Risks Monitoring the Air Interface Data Integrity on the Tag (encryption of data on tags) Blocking Access to Tags Permanently Disabling Tags (kill tags) System Interface (Hospital) RF Saturation and Jamming Targeting (Trigger device) Tracking RFID Security Risks Information Attacks (malicious virus introduction) AIT — Automatic Identification Technologies DITSCAP — Defence Information Technology Security Certification and Accreditation Program

7 High Level Security Vulnerabilities
Unauthorized Reading of Tag Data Unauthorized Writing of Tag Data Insertion of Rogue/Counterfeit Tags Tag Destruction/Disabling Degradation of Tag Data Collection Electromagnetic Interference from RFID Tags Tags Leak Electronic Information RFID Reader as a Platform for Attack RFID Tag used as a Trigger Device Destructive Electromagnetic Emission

8 RFID Security ‘The Dark Side’
The RFDump is an open-source product, which is sponsored by German based DN-Systems. German security expert Lukas Grunwald co-wrote the RFDump that let him access and alter price chips using a PDA (with an RFID reader) and a PC card antenna. With the store's permission, he and his colleagues strolled the aisles, downloading information from hundreds of sensors. They then showed how easily they could upload one chip's data onto another. "I could download the price of a cheap wine into RFDump," Grunwald says, "then cut and paste it onto the tag of an expensive bottle.“ Today, Grunwald continues to pull even more-elaborate pranks with chips from the Future Store. "I was at a hotel that used smartcards, so I copied one and put the data into my computer," Grunwald says. "Then I used RFDump to upload the room key card data to the price chip on a box of cream cheese from the Future Store. And I opened my hotel room with the cream cheese!" Grunwald has recently discovered another use for RFID chips: espionage. He programmed RFDump with the ability to place cookies on RFID tags the same way Web sites put cookies on browsers to track returning customers. With this, a stalker could, say, place a cookie on his target's E-ZPass, then return to it a few days later to see which toll plazas the car had crossed (and when). Private citizens and the government could likewise place cookies on library books to monitor who's checking them out. Reference [1]

9 The Dark Side RFDUMP — is a tool that allows you to not only read RFID tags within range, but more worryingly, you can actually change and alter the data stored in the RFID tag Spectrum Interference — not only degrades the read range between a reader and an object, but also corrupts data packets being sent back and forth RFID Washer — finds RFID tags and “electronically washes” it RFID Blocking System — is originally developed to protect user privacy. For example, RSA Blocker Tag is a specially designed RFID tag build into shopping bags that launches a denial-of-service attack to prevent RFID readers from reading any tags that might be attached to items in the bag Tag Hacking Systems — use different methods to defeat RFID based systems Example 1: RFDUMP has been demonstrated to change the book price, and even upload a hotel room key card data to the price chip on a box of cream cheese from the Future Store in Germany Example 2: The Johns Hopkins lab has successfully performed a “brute-force” attack on TI’s RFID cipher in only 30 minutes JHU — Johns Hopkins University RSA — stands for the first letter in each of its inventors' last names: Ronald Rivest, Adi Shamir, and Leonard Adleman

10 Attack Points Reverse engineering Power attack Transmission attack
Denial of service Transmission attack Reverse engineering Power attack Deliver virus to compromise middleware and backend systems

11 Type of Attacks on RFID Tags
Internal Attacks Direct physical attacks Reverse engineering Physical modification Direct data observation Information Leakage Power analysis Electromagnetic analysis Device Malfunction Operational range and sensor range Fault Injection Voltage manipulation Optical fault injection Software Attacks Viruses Trojan horses Eavesdropping Wireless transmission Monitoring of reader Device Destruction Physical destruction EM destruction Simple Power Analysis (SPA) and Differential Power Analysis (DPA) have been introduced by Paul Kocher [1]. While performing a ciphering operation, the power consumption of cryptographic devices is analyzed in order to extract the secret cipher keys. These attacks exploit the data power dependency of the cryptographic devices. In [2], the Electromagnetic Analysis (EMA) is presented as a more efficient attack than DPA. It exploits the electromagnetic fields emitted by the switching gates as side-channel information. [1] Paul C. Kocher, Joshua Ja_e, and Benjamin Jun: “Diferential power analysis, Advances in Cryptology”, CRYPTO '99 (M. Wiener, ed.), Lecture Notes in Computer Science, vol. 1666, Springer-Verlag, 1999, pp [2] Quisquater et al, ElectroMagnetic Analysis (EMA): Measures and Counter-measures for Smard Cards, Esmart‘01, LNCS 2140, p. 200.

12 RFID Threat Categories
System security is compromised Make the tags not detectable by reader Denial of Service DoS Unauthorised killing of tag Jamming/shielding Gather Mimic Skimming Eavesdropping Data tampering Spoofing Cloning Malicious code ? ? ? ? Tag Reader Reference [2]

13 RFID Physical Elements
Logic Bonding Pads RF Front End Memory Reference [3]

14 Reverse Engineering Reverse engineering is the process of taking something apart to discover how it works Reverse engineering an integrated circuit can be rated as three different levels: Level I: A knowledgeable individual with low cost and easily available tools to analyze end user products such as phone cards, debit cards and set top boxes Level II: A highly knowledgeable individual (often with inside knowledge) with access to expensive lab equipment Level III: A government backed lab with unlimited resources The technical ability and equipment needed to reverse engineer an integrated circuit can be rated at three different levels: A knowledgeable individual using low cost and easily available tools A highly skilled team, using equipment not commonly available in the commercial market Unfortunately, the methods of attacking ASIC technology are not a secret and can be easily accessed (Blythe et al., 1993). Considering privacy issues related to the biometric e-passport, it may be possible for an attacker to extract the chip and read its memory contents optically to retrieve the PIN, biometric data, personal information, etc.

15 An Example of Reverse Engineering — Circuit Images
Reference [4]

16 Reverse Engineer Circuit
Reference [4]

17 Logic Gates Reference [3]

18 Countermeasures A FIPS standard refers to chip coatings as an anti-reverse engineering method to prevent attacks Various tamper proof techniques have been developed to defend against reverse engineering attacks For instance, by adding a tamper-release layer to RFID tags, operations personnel can be alerted if a tag has been tampered with

19 Information Leakage All electronic devices ‘leak’ information through side channels such as power consumption or Electromagnetic emissions Monitoring these side channels and performing differential analysis can reveal sensitive information Power analysis is a form of side-channel attack that is intended to retrieve information by analyzing changes in the power consumption of a device The information leakage problem emerges when the data sent by the tag or the back-end reveals information intrinsic to the marked object. Tagged books in libraries. Tagged pharmaceutical products, as advocated be the US. Food and Drug Administration. E-documents (passports, ID cards, etc.). Directories of identifiers (eg. EPC Code).

20 Power consumption signal
Power Analysis It has been proven that the power emission patterns are different when the card received correct and incorrect password bits or cryptographic keys Power consumption signal Hamming weight W1 = 7 W2 = 5 W3 = 4 W4 = 4 8 7 6 5 4 3 2 1

21 Fault Injection By introducing a fault, most likely a voltage pulse, it is possible to cause the device to malfunction in an undesirable way Faults can cause devices to dump memory contents or jump over security features Fault injection is a very powerful attack if correct fault parameters are discovered The method can be also used to exploit any number of vulnerabilities

22 Countermeasures The common methods used to defeat power analysis attacks are filtering or adding an element of randomness Filtering power signals or delaying the computation randomly can increase the difficulty for the attacker to identify the power consumption patterns Another method implemented in some smart card designs is adding an element that simply consumes a random amount of power Unfortunately, this approach may cause a problem for RFID systems where minimizing power consumption is a priority

23 Physical destruction or disabling of the device
Device Destruction Physical destruction or disabling of the device Cut antennae from chip, disable in microwave Passive RFID tags can be destroyed in a high electric field RFID-Zapper is an easy-to-build electronic device that can permanently deactivate passive RFID tags

24 Types of software attack include:
Software Attacks Types of software attack include: Virus: can steal data and damage RFID system Trojan Horse: can allow someone to take control of the RFID system Software attack is not very applicable to a basic RFID tag. but focuses more on systems or higher functioning mobile devices Virus: Segment of computer code that performs malicious actions by attaching to another computer program. A problem resulting from viruses is that they can steal data and damage your computer system. Trojan Horse: Software programs that hide in other computer programs and reveal their designed behaviour only when activated. A problem resulting form Trojan horses is that they allow someone to take control of your computer.

25 The World's First Virally-Infected RFID Tag  Vrije Universiteit Amsterdam
Reference [5]

26 Eavesdropping Forward range Backward range Reader Eavesdropper

27 Passive Eavesdropping
Listen to communication between a tag and reader Works when the tag is already being powered by a legitimate reader Performed by a third party in either the operating range, backward channel eavesdropping range or the forward channel eaves dropping range

28 Active Eavesdropping (Scanning)
Power the tag and analyze the response This can be performed at an extended read range

29 Eavesdropping is Simple but Efficient
Credit Cards Reported cases of personal information sent in the clear e-Passports Some issues surrounding the entropy of the key Travel/Ticketing Mifare Classic Crypto-1 reverse engineered Access Control When using simple IDs or minimal crypto

30 Countermeasures Countermeasures against eavesdropping include establishing a secure channel and/or encrypting the communication between tag and reader Another approach is to only write the tag with enough information to identify the object The identity is used to look up relevant information about the object in a back end database, thus requiring the attacker to have access to both the tag and the database to succeed in the attack

31 Man-in-the-Middle Attack

32 Alice Sends Message to Bob
Eve Reference [6]

33 Eve Eavesdropped the Message
Alice Bob Eve Eavesdropping

34 Eve Interrupts the Communication Path and Manipulate the Information
Alice Bob Message Eve Eavesdropping Disturb

35 Several technologies can be implemented to reduce MITM threats
Countermeasures Several technologies can be implemented to reduce MITM threats Encrypting communications Sending information through a secure channel Providing an authentication protocol

36 Relay Attack Reference [7] ? ! Wireless communication
No link between authenticating object (tag) and service receiver (tag holder)‏ Attacker A initiates service Attacker A relays queries to tag to attacker B Attacker B sends queries to victim’s tag Attacker B relays answers back to attacker A Attacker A answers queries Reference [7]

37 Replay Attack Intercept communication between a reader and a tag to capture a valid RFID signal At a later time, the recorded signal is re- played into the system when the attacker receives a query from the reader Since the data appears valid, it will be accepted by the system

38 Countermeasures The most popular solution is the use of a challenge and response mechanism to prevent replay attacks Time-based and counter-based schemes can also be used as countermeasures against replay attacks

39 Cloning Cloning is defined as duplicating the data of one tag to another tag Data acquired from a tag, by whatever means, is written to an equivalent tag Normally only digital properties (e.g. EPC, transponder ID number, PIN code, secret keys etc.) are considered This tag is then used to simulate the identity of the original tag

40 Countermeasures Cloning Resistance is the property of a tag that defines the amount of effort that has to be expended in order to clone the tag. It can consist of a combination of logical obstacles (e.g. breaking of an encrypted message) and physical obstacles (e.g. reading a certain part of the tag memory) Tags can be made hard to clone by using read protected memories or factory programmed unique transponder ID numbers

41 A Prox-card Cloner

42 Tracking the movement of the people
Tracking Attack Tracking the movement of the people Monitoring and profiling people’s belongings Used for identification Attacker can recognize people based on the RFID tags they are carrying Attacker could trace RFID enabled packages

43 Tracking People via Their Objects
Reference [8]

44 Countermeasures An easy method to disable tracking is to deactivate the RFID tags, which is known as “killing” the tag Blocker Tag Cover RFID tags with protective mesh or foil Clipper Tag Allow consumers to tear off the antenna of an RFID tag IBM clipped tag technology allows consumers to tear off the antenna of an RFID tag, thereby significantly reducing the tag's read range to just a few inches. The Clipped Tag lets consumers disable RFID tags after purchase by tearing off part of the antenna.

45 Cracking Crypto-enabled RFID
Reverse engineering: The encryption algorithm can be reverse engineered through flawed authentication attempts by sending RFID devices carefully chosen electronic queries and recording the responses of the devices Post-processing: Analyze the response information to get clues as to what is happening inside the microchip, and therefore makes it possible to reconstruct the encryption algorithm Key cracking: Once the algorithm is known, the keys can be figured out by brute force attack, i.e. simply trying all possible keys Simulation: After obtaining the key (and serial number), it is possible to create a clone tag Reverse engineering: The encryption algorithm can be reverse engineered through flawed authentication attempts. The method involves sending RFID devices carefully chosen electronic queries and recording the responses of the devices. The response information gives clues as to what is happening inside the microchip, and therefore makes it possible to reconstruct the encryption algorithm. Key cracking: Once the algorithm is known, the keys can be figured out by brute force attack, i.e. simply trying all possible keys. Since the DST-40 tag uses a proprietary 40-bit and Mifare Classic uses a 48-bit encryption algorithm, it will take 9 to 10 hours to try all possible keys for both devices on advanced equipment. Simulation: After obtaining the key (and serial number), it is possible to create a clone tag.

46 Supply Chain vs. Passport RFID
Supply Chain RFID simple cheap no support for cryptography single identifier (kill command-render tag inoperable) range read ≥ 1 meter Passport RFID tamper resistance Cryptography shorter intended read range

47 UK ePassport The cover of the ePassport looks only slightly different
This chip will be put on the back of the personal information page It will hold the scan of the holder’s facial features embedded in the chip The cover of the ePassport looks only slightly different

48 Is Passport Card Secure?
The first video created by Chris Paget demonstrates how to use a low-cost mobile device to read and clone RFID tags embedded in United States passport cards and enhanced drivers' licenses The second video is a story by David Reid for BBC World showing how to clone Europe's new “secure” e-passport

49 Trigger Attack Trigger attack can be carried out by sensing the presence of RFID device It is not about the identity theft, but the possibility of using RFID as trigger of weapons/explosives Reference [9]

50 Protest at Texas Wal-Mart
Photo by Bill Bryant

51 Privacy Diamond Reference [10]

52 Tracking and Tracing Reference [8]

53 Major Threats to Privacy through RFID
Unauthorized readout of one’s belongings by others Tracking people via their objects over time Retrieving social networks Individual profiling

54 A Technical Perspective
RFID technology Immediate response Tag interpretation Reference [11]

55 A Technical Perspective (cont.)
Database technology Delayed response Data accumulation Tag interpretation

56 A Technical Perspective (cont.)
Shared databases Data mining / data sharing Response may be out of context Data accumulation Tag interpretation

57 A Data Protection Perspective
Doesn’t necessarily involve personal data… … though it may trigger the creation of personal data… … and there might be other privacy implications as well. Tag interpretation

58 A Data Protection Perspective (cont.)
Personal data Data accumulation Identifier Tag interpretation

59 A Data Protection Perspective (cont.)
Data mining / data sharing Personal data Data accumulation Identifier Tag interpretation

60 An “Application” Perspective
Tag interpretation

61 An “Application” Perspective (cont.)
Tag interpretation

62 An “Application” Perspective (cont.)
Profiling based on combination of tags… … combination of tags may identify the individual… … ‘gold’ credit card… …expensive watch… … and some tags might say the darndest things. …works at animal testing lab… …card-carrying communist… Tag interpretation

63 Countermeasures: Faraday Cage
Tin Foil Cloth RFID Shield Reference [12]

64 Threat-Countermeasure Mapping
Reverse Engineering Power Analysis Eavesdropping Man-in-the-Middle Cloning Unauthorized Reading Unauthorized writing/modification Jamming Transmitters Spoofing Reply Virus Tracking Misuse Kill Command Blocking tag Bounds Checking & Parameter Binding Detaching Tag from Tagged Item Optical Tamper Sensor Chip Coating Randomization Encryption Authentication Recognizing Duplicates Install Field Detectors Use Read-only Tags Frequency Division/Hopping Shift Data to the Backend Challenge and Response Kill Function Alarm Function for Active Tags Mechanical Connection Can be detected, but no countermeasure method

65 Authentication/Authorization Using Secrets
Who are you? ID=# Prove it by encrypting r Generate random number r Compute x=EK(r) x Check Reference [4]

66 Encryption E is an encryption function: algorithm for scrambling bits in a way that depends on K K is a secret key shared between card and reader (backend database) x = EK(r)

67 Encryption as A Solution
If all of the keys are different, how are they managed? Reference [13]

68 Encryption as A Solution (cont.)
If all of the keys are the same, how is it protected? Reference [13]

69 NIST Guidelines on RFID Security
NIST SP800-98: Guidelines for Securing Radio Frequency Identification Systems Goals and Objectives: Assist organizations in understanding RFID security risks and what security controls can help mitigate those risks Provide real world guidance on how to initiate, design, implement, and operate RFID systems that mitigate risks Provide security controls that are currently available on today’s market The document does not address the advanced authentication and cryptographic features that are incorporated in many smart card RFID systems Reference [14]

70 The goals of the project are to:
RFID Guardian A mobile battery-powered device that offers personal RFID security and privacy management The goals of the project are to: Investigate the security and privacy threats faced by RFID systems Design and implement real solutions against these threats Investigate the associated technological and legal issues

71 Building Security into RFID
Consumer Device Reader RFID Hash Function Shared secret Last date stamp Response: Hash (RK + SS + DT) Date stamp as nonce : DT One-time-pad shield: RK + Hash (DT + SS) Validation: Hash (RK + SS) Reference [9]

72 Building Security into RFID (cont.)
Each RFID holds multiple digital keys (typically 3-5) RFID have multiple modes determining response type to a request Consumer control new OWNER key (used for Privacy Mode) Manufacturer keep Authenticity Key for verifying originality etc. Using group keys to narrow in on context – dynamically customised Each key can be verified transparently without leaking identifiers

73 Full virtualisation of both verifier and RFID
Advantages Full virtualisation of both verifier and RFID RFID can operate without leaking information Consumer get control at purchase Strong anti-counterfeit even post-purchase Can maintain business confidentiality Solving “RFID as trigger” problem

74 Evaluating Security Risks
To assess the risk of security threats, the Open Web Application Security Project (OWASP) identifies other factors to security threat levels that include: Damage Potential Reproducibility Exploitability Affected users and Discoverability (DREAD) Although the DREAD model is targeted towards software security threats, it can be applicable for RFID security. Reference [2]

75 The DREAD Model For instance, the definition of RFID DREAD model is:
Damage Potential: How much damage will be caused if a threat occurs? Reproducibility: How easy is it to reproduce the threat exploit? Exploitability: What is needed to exploit this threat? Affected Users: How many users will be adversely affected? Discoverability: How easy is it to discover this threat?

76 Risk Evaluation Algorithm
The risk evaluation algorithm of DREAD model is defined as: RiskDREAD = (D + R + E + A + D) / 5 and is used to compute a risk value, which is an average of all five categories

77 A Few Concluding Points
RFID is a technology, not a specific device Security and privacy are subtle and application dependent Security challenge often a function not of on-board security features Security and privacy are important issues in RFID applications : About 35 papers Mostly on privacy : About 350 papers Ad-hoc privacy, Tag-Reader communication, Lightweight authentication protocol, etc.

78 References [1] Mark Norton, “RFID Security Issues”, Wireless/RFID Conference, Feb. 27-March 1, 2006. [2] Jin Soon Tan, Tieyan Li, “RFID Security”, The Synthesis Journal 2008, Pages , published by Information Technology Standards Committee (ITSC), Singapore. Nov [3] G. MacGillivray and C. Sheehan, “RFID security”, Semiconductor Insights, RFID Security Issues Briefing to CANOSCOM, July 27, 2006. [4] David Evans, “What Every Computer Scientist Should Know About Security”, University of Virginia [5] M.R. Rieback, B. Crispo, and A.S. Tanenbaum, “Is Your Cat Infected with a Computer Virus?,” Proc. 4th Ann. IEEE Int’l Conf. Pervasive Computing and Comm., IEEE CS Press, 2006, pp. 169–179.

79 References (cont.) [6] Ernst Haselsteiner and Klemens Breitfuss, “Security in Near Field Communication: Strengths and Weaknesses”, RFIDSec 06, July 13, 2006. [7] Peter van Rossum, “Mifare Classic Troubles”, Invited Talks at the RFIDSec09, June 30 - July 2, 2009, Leuven. [8] Sarah Spiekermann, “A Privacy Impact Assement for RFID - A Proposal”, RFIDSec09, June 30 - July 2, 2009, Leuven. [9] K. Mahaffey, “RFID Passport Shield Failure Demo – Flexilis”, [10] Stephan J. Engberg, “The Changing Security Paradigm from Central Command & Control to Distributed Dependability & Empowerment”, at EU From RFID to the Internet of Things, Mar 6, 2006.

80 References (cont.) [11] “RFID and Privacy”, Lorentz Center, March 2008. [12] David Evans, “Feasible Privacy for Lightweight RFID Systems”, SPAR Seminar, Johns Hopkins University, 17 October 2007 [13] Simson Garfinkel, “RFID Security and Privacy”, October 5, 2005, [14] Ajit Jillavenkatesa, “NIST, RFID Standards and Interoperability”, GRIFS Forum Meeting, June 30, 2009.

81 Thank you very much for your attention.
Mike Meranda, President of EPCglobal US: “You learn by doing, even though the technology is not perfect.”

82 Common RFID Attacks - Summary
No clock, weak randomness replay attacks Low computational capacity cryptanalytic attacks Attacker controls tag side-channel attacks Wireless relay attacks Used for identification tracing attacks

Download ppt "RFID Security and Privacy  Issues and Countermeasures"

Similar presentations

Ads by Google