1. RFID Security and Privacy  Issues and Countermeasures
Dr. Qinghan Xiao
Defence R&D Canada – Ottawa
November 13, 2009

2. The agency is made up of seven research centres located across Canada
Deference R&D Canada
Defense R&D Canada is an agency of the Canadian Department of National Defense responding to the scientific and technological needs of the Canadian Forces
The agency is made up of seven research centres located across Canada
DRDC Centre for Security Science (DRDC CSS)
DRDC Centre for Operational Research and Analysis (DRDC CORA)

3. Network Information Operations Section
Attack Detection and Analysis
Situational awareness of the information technology infrastructure
Network traffic analysis
Secure Mobile Networking
Secure Ad-hoc Peer-to-Peer Networking
Secure Wireless LANs
Information Protection and Assurance
Secure access control capability
Biometrics
RFID
Security in a Net-Centric Environment

4. Overview of Security Risks with RFID RFID Vulnerabilities
Outline
Overview of Security Risks with RFID
Three areas of concern
RFID Vulnerabilities
Unauthorized reading/writing, trigger device, etc.
Type of Attacks
Reverse engineering, eavesdropping, etc.
Privacy Issues
Tracking and tracing, profile a person’s habits, etc.
Countermeasures
Authentication, encryption, etc.

5. Contactless Technologies
RFID Class
Description
Applications
Memory Types
Range
Proprietary (125kHz)
Basic RFID
Passive
Access, Inventory
ROM, EPROM
~ 1 meter
EPC Global/ISO18000
(900MHz – 2.45GHz)
Tolling, Inventory
~ 10 meters
ISO/IEC 15693
(13.56MHz)
Smart Label
Access, Inventory, Electronic Ticketing
ROM, RAM, EEPROM, FRAM
ISO/IEC14443 A/B (13.56MHz)
Microcontroller
Access, Payment
~ 10 cm
Active RFID
(303Mhz – 2400MHz)
Active
Inventory, Tolling
ROM, RAM, EEPROM
~ 100 meters +

6. Security Risks with RFID
Network-Based Risks are related to traditional network security risks need to be addressed by the IA community
Tag cloning risks become important as the government and companies increasingly take the advantage of automatic identification technologies
Attack risks introduced by adopting RFID technology
Networked Reader Attacks
RFID-Induced Network Risks
Monitoring the Air Interface
Data Integrity on the Tag
(encryption of data on tags)
Blocking Access to Tags
Permanently Disabling Tags (kill tags)
System Interface (Hospital)
RF Saturation and Jamming
Targeting (Trigger device)
Tracking
RFID Security Risks
Information Attacks
(malicious virus introduction)
AIT — Automatic Identification Technologies
DITSCAP — Defence Information Technology Security Certification and Accreditation Program

7. High Level Security Vulnerabilities
Unauthorized Reading of Tag Data
Unauthorized Writing of Tag Data
Insertion of Rogue/Counterfeit Tags
Tag Destruction/Disabling
Degradation of Tag Data Collection
Electromagnetic Interference from RFID Tags
Tags Leak Electronic Information
RFID Reader as a Platform for Attack
RFID Tag used as a Trigger Device
Destructive Electromagnetic Emission

8. RFID Security ‘The Dark Side’
The RFDump is an open-source product, which is sponsored by German based DN-Systems.
German security expert Lukas Grunwald co-wrote the RFDump that let him access and alter price chips using a PDA (with an RFID reader) and a PC card antenna.
With the store's permission, he and his colleagues strolled the aisles, downloading information from hundreds of sensors. They then showed how easily they could upload one chip's data onto another. "I could download the price of a cheap wine into RFDump," Grunwald says, "then cut and paste it onto the tag of an expensive bottle.“
Today, Grunwald continues to pull even more-elaborate pranks with chips from the Future Store. "I was at a hotel that used smartcards, so I copied one and put the data into my computer," Grunwald says. "Then I used RFDump to upload the room key card data to the price chip on a box of cream cheese from the Future Store. And I opened my hotel room with the cream cheese!"
Grunwald has recently discovered another use for RFID chips: espionage. He programmed RFDump with the ability to place cookies on RFID tags the same way Web sites put cookies on browsers to track returning customers. With this, a stalker could, say, place a cookie on his target's E-ZPass, then return to it a few days later to see which toll plazas the car had crossed (and when).
Private citizens and the government could likewise place cookies on library books to monitor who's checking them out.
Reference [1]

9. The Dark Side
RFDUMP — is a tool that allows you to not only read RFID tags within range, but more worryingly, you can actually change and alter the data stored in the RFID tag
Spectrum Interference — not only degrades the read range between a reader and an object, but also corrupts data packets being sent back and forth
RFID Washer — finds RFID tags and “electronically washes” it
RFID Blocking System — is originally developed to protect user privacy. For example, RSA Blocker Tag is a specially designed RFID tag build into shopping bags that launches a denial-of-service attack to prevent RFID readers from reading any tags that might be attached to items in the bag
Tag Hacking Systems — use different methods to defeat RFID based systems
Example 1: RFDUMP has been demonstrated to change the book price, and even upload a hotel room key card data to the price chip on a box of cream cheese from the Future Store in Germany
Example 2: The Johns Hopkins lab has successfully performed a “brute-force” attack on TI’s RFID cipher in only 30 minutes
JHU — Johns Hopkins University
RSA — stands for the first letter in each of its inventors' last names: Ronald Rivest, Adi Shamir, and Leonard Adleman

10. Attack Points Reverse engineering Power attack Transmission attack
Denial of service
Transmission attack
Reverse engineering
Power attack
Deliver virus to compromise middleware and backend systems

11. Type of Attacks on RFID Tags
Internal Attacks
Direct physical attacks
Reverse engineering
Physical modification
Direct data observation
Information Leakage
Power analysis
Electromagnetic analysis
Device Malfunction
Operational range and sensor range
Fault Injection
Voltage manipulation
Optical fault injection
Software Attacks
Viruses
Trojan horses
Eavesdropping
Wireless transmission
Monitoring of reader
Device Destruction
Physical destruction
EM destruction
Simple Power Analysis (SPA) and Differential Power Analysis (DPA) have been introduced by Paul Kocher [1]. While performing a ciphering operation, the power consumption of cryptographic devices is analyzed in order to extract the secret cipher
keys. These attacks exploit the data power dependency of the cryptographic devices.
In [2], the Electromagnetic Analysis (EMA) is presented as a more efficient attack than DPA. It exploits the electromagnetic fields emitted by the switching gates as side-channel information.
[1] Paul C. Kocher, Joshua Ja_e, and Benjamin Jun: “Diferential power analysis, Advances in Cryptology”, CRYPTO '99 (M. Wiener, ed.), Lecture Notes in Computer Science, vol. 1666, Springer-Verlag, 1999, pp
[2] Quisquater et al, ElectroMagnetic Analysis (EMA): Measures and Counter-measures for Smard Cards, Esmart‘01, LNCS 2140, p. 200.

12. RFID Threat Categories
System security is compromised
Make the tags not detectable by reader
Denial of Service
DoS
Unauthorised killing of tag
Jamming/shielding
Gather
Mimic
Skimming
Eavesdropping
Data tampering
Spoofing
Cloning
Malicious code
? ? ? ?
Tag
Reader
Reference [2]

13. RFID Physical Elements
Logic
Bonding Pads
RF Front End
Memory
Reference [3]

14. Reverse Engineering
Reverse engineering is the process of taking something apart to discover how it works
Reverse engineering an integrated circuit can be rated as three different levels:
Level I: A knowledgeable individual with low cost and easily available tools to analyze end user products such as phone cards, debit cards and set top boxes
Level II: A highly knowledgeable individual (often with inside knowledge) with access to expensive lab equipment
Level III: A government backed lab with unlimited resources
The technical ability and equipment needed to reverse engineer an integrated circuit can be rated at three different levels:
A knowledgeable individual using low cost and easily available tools
A highly skilled team, using equipment not commonly available in the commercial market
Unfortunately, the methods of attacking ASIC technology are not a secret and can be easily accessed (Blythe et al., 1993).
Considering privacy issues related to the biometric e-passport, it may be possible for an attacker to extract the chip and read its memory contents optically to retrieve the PIN, biometric data, personal information, etc.

15. An Example of Reverse Engineering — Circuit Images
Reference [4]

16. Reverse Engineer Circuit
Reference [4]

17. Logic Gates
Reference [3]

18. Countermeasures
A FIPS standard refers to chip coatings as an anti-reverse engineering method to prevent attacks
Various tamper proof techniques have been developed to defend against reverse engineering attacks
For instance, by adding a tamper-release layer to RFID tags, operations personnel can be alerted if a tag has been tampered with

19. Information Leakage
All electronic devices ‘leak’ information through side channels such as power consumption or Electromagnetic emissions
Monitoring these side channels and performing differential analysis can reveal sensitive information
Power analysis is a form of side-channel attack that is intended to retrieve information by analyzing changes in the power consumption of a device
The information leakage problem emerges when the data sent by the tag or the back-end reveals information intrinsic to the
marked object.
Tagged books in libraries.
Tagged pharmaceutical products, as advocated be the US. Food and Drug Administration.
E-documents (passports, ID cards, etc.).
Directories of identifiers (eg. EPC Code).

20. Power consumption signal
Power Analysis
It has been proven that the power emission patterns are different when the card received correct and incorrect password bits or cryptographic keys
Power consumption signal
Hamming weight
W1 = 7
W2 = 5
W3 = 4
W4 = 4 … 8 7 6 5 4 3 2 1

21. Fault Injection
By introducing a fault, most likely a voltage pulse, it is possible to cause the device to malfunction in an undesirable way
Faults can cause devices to dump memory contents or jump over security features
Fault injection is a very powerful attack if correct fault parameters are discovered
The method can be also used to exploit any number of vulnerabilities

22. Countermeasures
The common methods used to defeat power analysis attacks are filtering or adding an element of randomness
Filtering power signals or delaying the computation randomly can increase the difficulty for the attacker to identify the power consumption patterns
Another method implemented in some smart card designs is adding an element that simply consumes a random amount of power
Unfortunately, this approach may cause a problem for RFID systems where minimizing power consumption is a priority

23. Physical destruction or disabling of the device
Device Destruction
Physical destruction or disabling of the device
Cut antennae from chip, disable in microwave
Passive RFID tags can be destroyed in a high electric field
RFID-Zapper is an easy-to-build electronic device that can permanently deactivate passive RFID tags

24. Types of software attack include:
Software Attacks
Types of software attack include:
Virus: can steal data and damage RFID system
Trojan Horse: can allow someone to take control of the RFID system
Software attack is not very applicable to a basic RFID tag. but focuses more on systems or higher functioning mobile devices
Virus: Segment of computer code that performs malicious actions by attaching to another computer program. A problem resulting from viruses is that they can steal data and damage your computer system.
Trojan Horse: Software programs that hide in other computer programs and reveal their designed behaviour only when activated. A problem resulting form Trojan horses is that they allow someone to take control of your computer.

25. The World's First Virally-Infected RFID Tag  Vrije Universiteit Amsterdam
Reference [5]

26. Eavesdropping
Forward range
Backward range
Reader
Eavesdropper

27. Passive Eavesdropping
Listen to communication between a tag and reader
Works when the tag is already being powered by a legitimate reader
Performed by a third party in either the operating range, backward channel eavesdropping range or the forward channel eaves dropping range

28. Active Eavesdropping (Scanning)
Power the tag and analyze the response
This can be performed at an extended read range

29. Eavesdropping is Simple but Efficient
Credit Cards
Reported cases of personal information sent in the clear
e-Passports
Some issues surrounding the entropy of the key
Travel/Ticketing
Mifare Classic Crypto-1 reverse engineered
Access Control
When using simple IDs or minimal crypto

30. Countermeasures
Countermeasures against eavesdropping include establishing a secure channel and/or encrypting the communication between tag and reader
Another approach is to only write the tag with enough information to identify the object
The identity is used to look up relevant information about the object in a back end database, thus requiring the attacker to have access to both the tag and the database to succeed in the attack

31. Man-in-the-Middle Attack
Message

32. Alice Sends Message to Bob
Eve
Reference [6]

33. Eve Eavesdropped the Message
Alice
Bob
Eve
Eavesdropping

34. Eve Interrupts the Communication Path and Manipulate the Information
Alice
Bob
Message
Eve
Eavesdropping
Disturb

35. Several technologies can be implemented to reduce MITM threats
Countermeasures
Several technologies can be implemented to reduce MITM threats
Encrypting communications
Sending information through a secure channel
Providing an authentication protocol

36. Relay Attack Reference [7] ? ! Wireless communication
No link between authenticating object (tag) and service receiver (tag holder)‏
Attacker A initiates service
Attacker A relays queries to tag to attacker B
Attacker B sends queries to victim’s tag
Attacker B relays answers back to attacker A
Attacker A answers queries
Reference [7]

37. Replay Attack
Intercept communication between a reader and a tag to capture a valid RFID signal
At a later time, the recorded signal is re- played into the system when the attacker receives a query from the reader
Since the data appears valid, it will be accepted by the system

38. Countermeasures
The most popular solution is the use of a challenge and response mechanism to prevent replay attacks
Time-based and counter-based schemes can also be used as countermeasures against replay attacks

39. Cloning
Cloning is defined as duplicating the data of one tag to another tag
Data acquired from a tag, by whatever means, is written to an equivalent tag
Normally only digital properties (e.g. EPC, transponder ID number, PIN code, secret keys etc.) are considered
This tag is then used to simulate the identity of the original tag

40. Countermeasures
Cloning Resistance is the property of a tag that defines the amount of effort that has to be expended in order to clone the tag. It can consist of a combination of logical obstacles (e.g. breaking of an encrypted message) and physical obstacles (e.g. reading a certain part of the tag memory)
Tags can be made hard to clone by using read protected memories or factory programmed unique transponder ID numbers

41. A Prox-card Cloner

42. Tracking the movement of the people
Tracking Attack
Tracking the movement of the people
Monitoring and profiling people’s belongings
Used for identification
Attacker can recognize people based on the RFID tags they are carrying
Attacker could trace RFID enabled packages

43. Tracking People via Their Objects
Reference [8]

44. Countermeasures
An easy method to disable tracking is to deactivate the RFID tags, which is known as “killing” the tag
Blocker Tag
Cover RFID tags with protective mesh or foil
Clipper Tag
Allow consumers to tear off the antenna of an RFID tag
IBM clipped tag technology allows consumers to tear off the antenna of an RFID tag, thereby significantly reducing the tag's read range to just a few inches.
The Clipped Tag lets consumers disable RFID tags after purchase by tearing off part of the antenna.

45. Cracking Crypto-enabled RFID
Reverse engineering: The encryption algorithm can be reverse engineered through flawed authentication attempts by sending RFID devices carefully chosen electronic queries and recording the responses of the devices
Post-processing: Analyze the response information to get clues as to what is happening inside the microchip, and therefore makes it possible to reconstruct the encryption algorithm
Key cracking: Once the algorithm is known, the keys can be figured out by brute force attack, i.e. simply trying all possible keys
Simulation: After obtaining the key (and serial number), it is possible to create a clone tag
Reverse engineering: The encryption algorithm can be reverse engineered through flawed authentication attempts. The method involves sending RFID devices carefully chosen electronic queries and recording the responses of the devices. The response information gives clues as to what is happening inside the microchip, and therefore makes it possible to reconstruct the encryption algorithm.
Key cracking: Once the algorithm is known, the keys can be figured out by brute force attack, i.e. simply trying all possible keys. Since the DST-40 tag uses a proprietary 40-bit and Mifare Classic uses a 48-bit encryption algorithm, it will take 9 to 10 hours to try all possible keys for both devices on advanced equipment.
Simulation: After obtaining the key (and serial number), it is possible to create a clone tag.

46. Supply Chain vs. Passport RFID
Supply Chain RFID
simple
cheap
no support for cryptography
single identifier (kill command-render tag inoperable)
range read ≥ 1 meter
Passport RFID
tamper resistance
Cryptography
shorter intended read range

47. UK ePassport The cover of the ePassport looks only slightly different
This chip will be put on the back of the personal information page
It will hold the scan of the holder’s facial features embedded in the chip
The cover of the ePassport looks only slightly different

48. Is Passport Card Secure?
The first video created by Chris Paget demonstrates how to use a low-cost mobile device to read and clone RFID tags embedded in United States passport cards and enhanced drivers' licenses
The second video is a story by David Reid for BBC World showing how to clone Europe's new “secure” e-passport

49. Trigger Attack
Trigger attack can be carried out by sensing the presence of RFID device
It is not about the identity theft, but the possibility of using RFID as trigger of weapons/explosives
Reference [9]

50. Protest at Texas Wal-Mart
Photo by Bill Bryant

51. Privacy Diamond
Reference [10]

52. Tracking and Tracing
Reference [8]

53. Major Threats to Privacy through RFID
Unauthorized readout of one’s belongings by others
Tracking people via their objects over time
Retrieving social networks
Individual profiling

54. A Technical Perspective
RFID technology
Immediate response
Tag interpretation
Reference [11]

55. A Technical Perspective (cont.)
Database technology
Delayed response
Data accumulation
Tag interpretation

56. A Technical Perspective (cont.)
Shared databases
Data mining / data sharing
Response may be out of context
Data accumulation
Tag interpretation

57. A Data Protection Perspective
Doesn’t necessarily involve personal data…
… though it may trigger the creation of personal data…
… and there might be other privacy implications as well.
Tag interpretation

58. A Data Protection Perspective (cont.)
Personal data
Data accumulation
Identifier
Tag interpretation

59. A Data Protection Perspective (cont.)
Data mining / data sharing
Personal data
Data accumulation
Identifier
Tag interpretation

60. An “Application” Perspective
Tag interpretation

61. An “Application” Perspective (cont.)
Tag interpretation

62. An “Application” Perspective (cont.)
Profiling based on combination of tags…
… combination of tags may identify the individual…
… ‘gold’ credit card…
…expensive watch…
… and some tags might say the darndest things.
…works at animal testing lab…
…card-carrying communist…
Tag interpretation

63. Countermeasures: Faraday Cage
Tin Foil Cloth
RFID Shield
Reference [12]

64. Threat-Countermeasure Mapping
Reverse Engineering
Power Analysis
Eavesdropping
Man-in-the-Middle
Cloning
Unauthorized Reading
Unauthorized writing/modification
Jamming Transmitters
Spoofing
Reply
Virus
Tracking
Misuse Kill Command
Blocking tag
Bounds Checking & Parameter Binding
Detaching Tag from Tagged Item
Optical Tamper Sensor
Chip Coating
Randomization
Encryption
Authentication
Recognizing Duplicates
Install Field Detectors
Use Read-only Tags
Frequency Division/Hopping
Shift Data to the Backend
Challenge and Response
Kill Function
Alarm Function for Active Tags
Mechanical Connection
Can be detected, but no countermeasure method

65. Authentication/Authorization Using Secrets
Who are you?
ID=#
Prove it by encrypting r
Generate random
number r
Compute
x=EK(r) x
Check
Reference [4]

66. Encryption
E is an encryption function: algorithm for scrambling bits in a way that depends on K
K is a secret key shared between card and reader (backend database)
x = EK(r)

67. Encryption as A Solution
If all of the keys are different, how are they managed?
Reference [13]

68. Encryption as A Solution (cont.)
If all of the keys are the same, how is it protected?
Reference [13]

69. NIST Guidelines on RFID Security
NIST SP800-98: Guidelines for Securing Radio Frequency Identification Systems
Goals and Objectives:
Assist organizations in understanding RFID security risks and what security controls can help mitigate those risks
Provide real world guidance on how to initiate, design, implement, and operate RFID systems that mitigate risks
Provide security controls that are currently available on today’s market
The document does not address the advanced authentication and cryptographic features that are incorporated in many smart card RFID systems
Reference [14]

70. The goals of the project are to:
RFID Guardian
A mobile battery-powered device that offers personal RFID security and privacy management
The goals of the project are to:
Investigate the security and privacy threats faced by RFID systems
Design and implement real solutions against these threats
Investigate the associated technological and legal issues

71. Building Security into RFID
Consumer Device
Reader
RFID
Hash
Function
Shared secret
Last date stamp
Response: Hash (RK + SS + DT)
Date stamp as nonce : DT
One-time-pad shield: RK + Hash (DT + SS)
Validation: Hash (RK + SS)
Reference [9]

72. Building Security into RFID (cont.)
Each RFID holds multiple digital keys (typically 3-5)
RFID have multiple modes determining response type to a request
Consumer control new OWNER key (used for Privacy Mode)
Manufacturer keep Authenticity Key for verifying originality etc.
Using group keys to narrow in on context – dynamically customised
Each key can be verified transparently without leaking identifiers

73. Full virtualisation of both verifier and RFID
Advantages
Full virtualisation of both verifier and RFID
RFID can operate without leaking information
Consumer get control at purchase
Strong anti-counterfeit even post-purchase
Can maintain business confidentiality
Solving “RFID as trigger” problem

74. Evaluating Security Risks
To assess the risk of security threats, the Open Web Application Security Project (OWASP) identifies other factors to security threat levels that include:
Damage Potential
Reproducibility
Exploitability
Affected users and
Discoverability (DREAD)
Although the DREAD model is targeted towards software security threats, it can be applicable for RFID security.
Reference [2]

75. The DREAD Model For instance, the definition of RFID DREAD model is:
Damage Potential: How much damage will be caused if a threat occurs?
Reproducibility: How easy is it to reproduce the threat exploit?
Exploitability: What is needed to exploit this threat?
Affected Users: How many users will be adversely affected?
Discoverability: How easy is it to discover this threat?

76. Risk Evaluation Algorithm
The risk evaluation algorithm of DREAD model is defined as:
RiskDREAD = (D + R + E + A + D) / 5
and is used to compute a risk value, which is an average of all five categories

77. A Few Concluding Points
RFID is a technology, not a specific device
Security and privacy are subtle and application dependent
Security challenge often a function not of on-board security features
Security and privacy are important issues in RFID applications :
About 35 papers
Mostly on privacy :
About 350 papers
Ad-hoc privacy, Tag-Reader communication, Lightweight authentication protocol, etc.

78. References
[1] Mark Norton, “RFID Security Issues”, Wireless/RFID Conference, Feb. 27-March 1, 2006.
[2] Jin Soon Tan, Tieyan Li, “RFID Security”, The Synthesis Journal 2008, Pages , published by Information Technology Standards Committee (ITSC), Singapore. Nov
[3] G. MacGillivray and C. Sheehan, “RFID security”, Semiconductor Insights, RFID Security Issues Briefing to CANOSCOM, July 27, 2006.
[4] David Evans, “What Every Computer Scientist Should Know About Security”, University of Virginia
[5] M.R. Rieback, B. Crispo, and A.S. Tanenbaum, “Is Your Cat Infected with a Computer Virus?,” Proc. 4th Ann. IEEE Int’l Conf. Pervasive Computing and Comm., IEEE CS Press, 2006, pp. 169–179.

79. References (cont.)
[6] Ernst Haselsteiner and Klemens Breitfuss, “Security in Near Field Communication: Strengths and Weaknesses”, RFIDSec 06, July 13, 2006.
[7] Peter van Rossum, “Mifare Classic Troubles”, Invited Talks at the RFIDSec09, June 30 - July 2, 2009, Leuven.
[8] Sarah Spiekermann, “A Privacy Impact Assement for RFID - A Proposal”, RFIDSec09, June 30 - July 2, 2009, Leuven.
[9] K. Mahaffey, “RFID Passport Shield Failure Demo – Flexilis”,
[10] Stephan J. Engberg, “The Changing Security Paradigm from Central Command & Control to Distributed Dependability & Empowerment”, at EU From RFID to the Internet of Things, Mar 6, 2006.

80. References (cont.)
[11] “RFID and Privacy”, Lorentz Center, March 2008.
[12] David Evans, “Feasible Privacy for Lightweight RFID Systems”, SPAR Seminar, Johns Hopkins University, 17 October 2007
[13] Simson Garfinkel, “RFID Security and Privacy”, October 5, 2005,
[14] Ajit Jillavenkatesa, “NIST, RFID Standards and Interoperability”, GRIFS Forum Meeting, June 30, 2009.

81. Thank you very much for your attention.
Mike Meranda, President of EPCglobal US: “You learn by doing, even though the technology is not perfect.”

82. Common RFID Attacks - Summary
No clock, weak randomness
replay attacks
Low computational capacity
cryptanalytic attacks
Attacker controls tag
side-channel attacks
Wireless
relay attacks
Used for identification
tracing attacks