1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06

2 Abstract The RF power reflected by an RFID tag is dependent on its internal power consumption This property allows power analysis attacks to be performed over a distance In the short term, it can be used to extract the kill password of EPC tags

3 Talk Structure Introduction to passive RFID Introduction to power analysis Our attack Countermeasures

4 A Taxonomy of RFID Tags An RFID tag is a very simple computer, usually associated with a physical object Tags communicate with a powerful reader over a wireless link Tags can be active or passive … can be inductively or radiatively coupled, and work in a variety of operating frequencies Have various levels of computing power EPC tags: passive tags, radiatively coupled, 900MHz, read/write memory

5 Components of the EPC RFID System Tag The reader has a powerful antenna and an external power supply The reader surrounds itself with an electromagnetic field The tag is illuminated by this field Reader

6 Reader  Tag Data Exchange Tag The reader sends commands to the tag via pulse amplitude modulation The tag sends responses to the reader via backscatter modulation Reader

7 Reader  Tag Data Exchange Tag The reader sends commands to the tag via pulse amplitude modulation The tag sends responses to the reader via backscatter modulation Reader

8 Do Tags Have Secrets? Most of the payload of today’s RFID tags is public – that’s what they’re for However, tags still have secrets! Today – EPC tags have secret access and kill passwords Tomorrow – cryptographic keys?

9 An Introduction to power analysis Toggle Flip-flop VCC A OUT Key observation – modern ICs consume more power when they switch between states Used by [Kocher et al. ‘99], others to attack cryptographic smart cards 5V

10 Cracking passwords with power analysis We send the password to a secure device bit by bit The first wrong bit is very “exciting” Allows password to be recoverable in linear time Was used in practice to crack PIN codes on smart cards

11 Previous work EM attacks ([van Eck ‘85], [Mangard ‘03]) Attacks on RFID –Zapping [“Minime” et al. ‘05] –Jamming [Juels et al. ‘03], [Bolan ‘06] –Skimming [Kirschenbaum et al. ‘06]

12 Our attack

13 A Closer Look at Backscatter Modulation Tag Reader The current flowing through the tag antenna results in an electromagnetic field Busy tag = More current = stronger field We call this effect parasitic backscatter

14 Lab setup – physical

15 Lab setup – logical

16 Overview of results Existence of parasitic backscatter Effect of power consumption on backscatter Full power analysis attack from backscatter

17 Existence of parasitic backscatter (1) Trace shows the signal reflected from a Generation 1 tag during a kill command Tag is supposed to be completely silent Is it? Let’s zoom in… Power Time

18 Existence of parasitic backscatter (2) The distinctive saw-tooth pattern is added by the tag to the clean reader signal Probably caused by tag’s power extraction circuit We can show that “thirsty” tags reflect more power Reflection from tagOriginal signal from reader Power Time

19 Full power analysis attack from parasitic backscatter Recap: The first bad password bit is “very exciting” Experiment was done with one tag at a fixed location Tag was programmed with kill password “ ”, then “ ” In both cases we tried to kill it with the wrong password “ ”

20 Extracting one password bit Here, the tag is expecting “ ” Here, it is expecting “ ” In both cases, tag gets “ ” Power Time

21 Power analysis countermeasures Two main approaches: –Mitigation: Lower the signal-to- noise ratio of the power trace –Prevention: Completely decorrelate power consumption from internal state

22 Mitigation countermeasures Common approach: add noise to power consumption Problematic to add to tag Problematic to add to reader

23 Prevention countermeasures Common approach: consume the same amount of power every clock cycle Problem: Power consumption is always worst case Increases tag cost, reduces its usable range

24 Double-buffering power supply Tag Logic Tag Logic Power Extraction Decouple power supply from consumers Compatible with current RF front ends Requires no modifications to tag’s control circuit Power Extraction

25 Closing Remarks Power analysis attacks come from the world of smart cards The rules of the market for RFID tags are not the same as the one for smart cards Power analysis threat should be understood and publicized, or nobody will do anything about it

26 The authors wish to thank Mickey Cohen, Ari Juels, Simon Krausz, Oded Smikt, Eran Tromer, Amir Yakoby, Oren Zarchin and the many other people who shared their knowledge, time and equipment and helped this research take shape.

27 It’s all scratch slides from here on You really want to exit the slide show…

28 TU Graz site, August 2005: Almost previous work?

29 Double-buffering power supply Decouple power supply from consumers Compatible with current RF front ends Requires no modifications to tag’s control circuit Power Extraction Tag Logic Tag Logic Power Extraction

30 Double-buffering power supply Decouples power supply from consumers Compatible with current RF front ends Requires no modifications to tag’s control circuit Tag Logic Power Extraction

31 Double-buffering power supply Decouple power supply from consumers Compatible with current RF front ends Requires no modifications to tag’s control circuit Power Extraction Tag Logic

32 Double-buffering power supply Decouple power supply from consumers Compatible with current RF front ends Requires no modifications to tag’s control circuit Power Extraction Tag Logic

33 Scratch Tag Reader

34 Scratch 2 Tag Reader

35 Scratch 3 Tag The reader has a powerful antenna and a power supply The reader surrounds itself with an electromagnetic field The tag is illuminated by the field, providing it with power Reader

36 Scratch 4