Presentation on theme: "RFID Security and Privacy Issues and Countermeasures"— Presentation transcript:
1 RFID Security and Privacy Issues and Countermeasures Dr. Qinghan XiaoDefence R&D Canada – OttawaNovember 13, 2009
2 The agency is made up of seven research centres located across Canada Deference R&D CanadaDefense R&D Canada is an agency of the Canadian Department of National Defense responding to the scientific and technological needs of the Canadian ForcesThe agency is made up of seven research centres located across CanadaDRDC Centre for Security Science (DRDC CSS)DRDC Centre for Operational Research and Analysis (DRDC CORA)
3 Network Information Operations Section Attack Detection and AnalysisSituational awareness of the information technology infrastructureNetwork traffic analysisSecure Mobile NetworkingSecure Ad-hoc Peer-to-Peer NetworkingSecure Wireless LANsInformation Protection and AssuranceSecure access control capabilityBiometricsRFIDSecurity in a Net-Centric Environment
4 Overview of Security Risks with RFID RFID Vulnerabilities OutlineOverview of Security Risks with RFIDThree areas of concernRFID VulnerabilitiesUnauthorized reading/writing, trigger device, etc.Type of AttacksReverse engineering, eavesdropping, etc.Privacy IssuesTracking and tracing, profile a person’s habits, etc.CountermeasuresAuthentication, encryption, etc.
6 Security Risks with RFID Network-Based Risks are related to traditional network security risks need to be addressed by the IA communityTag cloning risks become important as the government and companies increasingly take the advantage of automatic identification technologiesAttack risks introduced by adopting RFID technologyNetworked Reader AttacksRFID-Induced Network RisksMonitoring the Air InterfaceData Integrity on the Tag(encryption of data on tags)Blocking Access to TagsPermanently Disabling Tags (kill tags)System Interface (Hospital)RF Saturation and JammingTargeting (Trigger device)TrackingRFID Security RisksInformation Attacks(malicious virus introduction)AIT — Automatic Identification TechnologiesDITSCAP — Defence Information Technology Security Certification and Accreditation Program
7 High Level Security Vulnerabilities Unauthorized Reading of Tag DataUnauthorized Writing of Tag DataInsertion of Rogue/Counterfeit TagsTag Destruction/DisablingDegradation of Tag Data CollectionElectromagnetic Interference from RFID TagsTags Leak Electronic InformationRFID Reader as a Platform for AttackRFID Tag used as a Trigger DeviceDestructive Electromagnetic Emission
8 RFID Security ‘The Dark Side’ The RFDump is an open-source product, which is sponsored by German based DN-Systems.German security expert Lukas Grunwald co-wrote the RFDump that let him access and alter price chips using a PDA (with an RFID reader) and a PC card antenna.With the store's permission, he and his colleagues strolled the aisles, downloading information from hundreds of sensors. They then showed how easily they could upload one chip's data onto another. "I could download the price of a cheap wine into RFDump," Grunwald says, "then cut and paste it onto the tag of an expensive bottle.“Today, Grunwald continues to pull even more-elaborate pranks with chips from the Future Store. "I was at a hotel that used smartcards, so I copied one and put the data into my computer," Grunwald says. "Then I used RFDump to upload the room key card data to the price chip on a box of cream cheese from the Future Store. And I opened my hotel room with the cream cheese!"Grunwald has recently discovered another use for RFID chips: espionage. He programmed RFDump with the ability to place cookies on RFID tags the same way Web sites put cookies on browsers to track returning customers. With this, a stalker could, say, place a cookie on his target's E-ZPass, then return to it a few days later to see which toll plazas the car had crossed (and when).Private citizens and the government could likewise place cookies on library books to monitor who's checking them out.Reference 
9 The Dark SideRFDUMP — is a tool that allows you to not only read RFID tags within range, but more worryingly, you can actually change and alter the data stored in the RFID tagSpectrum Interference — not only degrades the read range between a reader and an object, but also corrupts data packets being sent back and forthRFID Washer — finds RFID tags and “electronically washes” itRFID Blocking System — is originally developed to protect user privacy. For example, RSA Blocker Tag is a specially designed RFID tag build into shopping bags that launches a denial-of-service attack to prevent RFID readers from reading any tags that might be attached to items in the bagTag Hacking Systems — use different methods to defeat RFID based systemsExample 1: RFDUMP has been demonstrated to change the book price, and even upload a hotel room key card data to the price chip on a box of cream cheese from the Future Store in GermanyExample 2: The Johns Hopkins lab has successfully performed a “brute-force” attack on TI’s RFID cipher in only 30 minutesJHU — Johns Hopkins UniversityRSA — stands for the first letter in each of its inventors' last names: Ronald Rivest, Adi Shamir, and Leonard Adleman
10 Attack Points Reverse engineering Power attack Transmission attack Denial of serviceTransmission attackReverse engineeringPower attackDeliver virus to compromise middleware and backend systems
11 Type of Attacks on RFID Tags Internal AttacksDirect physical attacksReverse engineeringPhysical modificationDirect data observationInformation LeakagePower analysisElectromagnetic analysisDevice MalfunctionOperational range and sensor rangeFault InjectionVoltage manipulationOptical fault injectionSoftware AttacksVirusesTrojan horsesEavesdroppingWireless transmissionMonitoring of readerDevice DestructionPhysical destructionEM destructionSimple Power Analysis (SPA) and Differential Power Analysis (DPA) have been introduced by Paul Kocher . While performing a ciphering operation, the power consumption of cryptographic devices is analyzed in order to extract the secret cipherkeys. These attacks exploit the data power dependency of the cryptographic devices.In , the Electromagnetic Analysis (EMA) is presented as a more efficient attack than DPA. It exploits the electromagnetic fields emitted by the switching gates as side-channel information. Paul C. Kocher, Joshua Ja_e, and Benjamin Jun: “Diferential power analysis, Advances in Cryptology”, CRYPTO '99 (M. Wiener, ed.), Lecture Notes in Computer Science, vol. 1666, Springer-Verlag, 1999, pp Quisquater et al, ElectroMagnetic Analysis (EMA): Measures and Counter-measures for Smard Cards, Esmart‘01, LNCS 2140, p. 200.
12 RFID Threat Categories System security is compromisedMake the tags not detectable by readerDenial of ServiceDoSUnauthorised killing of tagJamming/shieldingGatherMimicSkimmingEavesdroppingData tamperingSpoofingCloningMalicious code? ? ? ?TagReaderReference 
13 RFID Physical Elements LogicBonding PadsRF Front EndMemoryReference 
14 Reverse EngineeringReverse engineering is the process of taking something apart to discover how it worksReverse engineering an integrated circuit can be rated as three different levels:Level I: A knowledgeable individual with low cost and easily available tools to analyze end user products such as phone cards, debit cards and set top boxesLevel II: A highly knowledgeable individual (often with inside knowledge) with access to expensive lab equipmentLevel III: A government backed lab with unlimited resourcesThe technical ability and equipment needed to reverse engineer an integrated circuit can be rated at three different levels:A knowledgeable individual using low cost and easily available toolsA highly skilled team, using equipment not commonly available in the commercial marketUnfortunately, the methods of attacking ASIC technology are not a secret and can be easily accessed (Blythe et al., 1993).Considering privacy issues related to the biometric e-passport, it may be possible for an attacker to extract the chip and read its memory contents optically to retrieve the PIN, biometric data, personal information, etc.
15 An Example of Reverse Engineering — Circuit Images Reference 
18 CountermeasuresA FIPS standard refers to chip coatings as an anti-reverse engineering method to prevent attacksVarious tamper proof techniques have been developed to defend against reverse engineering attacksFor instance, by adding a tamper-release layer to RFID tags, operations personnel can be alerted if a tag has been tampered with
19 Information LeakageAll electronic devices ‘leak’ information through side channels such as power consumption or Electromagnetic emissionsMonitoring these side channels and performing differential analysis can reveal sensitive informationPower analysis is a form of side-channel attack that is intended to retrieve information by analyzing changes in the power consumption of a deviceThe information leakage problem emerges when the data sent by the tag or the back-end reveals information intrinsic to themarked object.Tagged books in libraries.Tagged pharmaceutical products, as advocated be the US. Food and Drug Administration.E-documents (passports, ID cards, etc.).Directories of identifiers (eg. EPC Code).
20 Power consumption signal Power AnalysisIt has been proven that the power emission patterns are different when the card received correct and incorrect password bits or cryptographic keysPower consumption signalHamming weightW1 = 7W2 = 5W3 = 4W4 = 4…87654321
21 Fault InjectionBy introducing a fault, most likely a voltage pulse, it is possible to cause the device to malfunction in an undesirable wayFaults can cause devices to dump memory contents or jump over security featuresFault injection is a very powerful attack if correct fault parameters are discoveredThe method can be also used to exploit any number of vulnerabilities
22 CountermeasuresThe common methods used to defeat power analysis attacks are filtering or adding an element of randomnessFiltering power signals or delaying the computation randomly can increase the difficulty for the attacker to identify the power consumption patternsAnother method implemented in some smart card designs is adding an element that simply consumes a random amount of powerUnfortunately, this approach may cause a problem for RFID systems where minimizing power consumption is a priority
23 Physical destruction or disabling of the device Device DestructionPhysical destruction or disabling of the deviceCut antennae from chip, disable in microwavePassive RFID tags can be destroyed in a high electric fieldRFID-Zapper is an easy-to-build electronic device that can permanently deactivate passive RFID tags
24 Types of software attack include: Software AttacksTypes of software attack include:Virus: can steal data and damage RFID systemTrojan Horse: can allow someone to take control of the RFID systemSoftware attack is not very applicable to a basic RFID tag. but focuses more on systems or higher functioning mobile devicesVirus: Segment of computer code that performs malicious actions by attaching to another computer program. A problem resulting from viruses is that they can steal data and damage your computer system.Trojan Horse: Software programs that hide in other computer programs and reveal their designed behaviour only when activated. A problem resulting form Trojan horses is that they allow someone to take control of your computer.
25 The World's First Virally-Infected RFID Tag Vrije Universiteit Amsterdam Reference 
27 Passive Eavesdropping Listen to communication between a tag and readerWorks when the tag is already being powered by a legitimate readerPerformed by a third party in either the operating range, backward channel eavesdropping range or the forward channel eaves dropping range
28 Active Eavesdropping (Scanning) Power the tag and analyze the responseThis can be performed at an extended read range
29 Eavesdropping is Simple but Efficient Credit CardsReported cases of personal information sent in the cleare-PassportsSome issues surrounding the entropy of the keyTravel/TicketingMifare Classic Crypto-1 reverse engineeredAccess ControlWhen using simple IDs or minimal crypto
30 CountermeasuresCountermeasures against eavesdropping include establishing a secure channel and/or encrypting the communication between tag and readerAnother approach is to only write the tag with enough information to identify the objectThe identity is used to look up relevant information about the object in a back end database, thus requiring the attacker to have access to both the tag and the database to succeed in the attack
33 Eve Eavesdropped the Message AliceBobEveEavesdropping
34 Eve Interrupts the Communication Path and Manipulate the Information AliceBobMessageEveEavesdroppingDisturb
35 Several technologies can be implemented to reduce MITM threats CountermeasuresSeveral technologies can be implemented to reduce MITM threatsEncrypting communicationsSending information through a secure channelProviding an authentication protocol
36 Relay Attack Reference  ? ! Wireless communication No link between authenticating object (tag) and service receiver (tag holder)Attacker A initiates serviceAttacker A relays queries to tag to attacker BAttacker B sends queries to victim’s tagAttacker B relays answers back to attacker AAttacker A answers queriesReference 
37 Replay AttackIntercept communication between a reader and a tag to capture a valid RFID signalAt a later time, the recorded signal is re- played into the system when the attacker receives a query from the readerSince the data appears valid, it will be accepted by the system
38 CountermeasuresThe most popular solution is the use of a challenge and response mechanism to prevent replay attacksTime-based and counter-based schemes can also be used as countermeasures against replay attacks
39 CloningCloning is defined as duplicating the data of one tag to another tagData acquired from a tag, by whatever means, is written to an equivalent tagNormally only digital properties (e.g. EPC, transponder ID number, PIN code, secret keys etc.) are consideredThis tag is then used to simulate the identity of the original tag
40 CountermeasuresCloning Resistance is the property of a tag that defines the amount of effort that has to be expended in order to clone the tag. It can consist of a combination of logical obstacles (e.g. breaking of an encrypted message) and physical obstacles (e.g. reading a certain part of the tag memory)Tags can be made hard to clone by using read protected memories or factory programmed unique transponder ID numbers
42 Tracking the movement of the people Tracking AttackTracking the movement of the peopleMonitoring and profiling people’s belongingsUsed for identificationAttacker can recognize people based on the RFID tags they are carryingAttacker could trace RFID enabled packages
43 Tracking People via Their Objects Reference 
44 CountermeasuresAn easy method to disable tracking is to deactivate the RFID tags, which is known as “killing” the tagBlocker TagCover RFID tags with protective mesh or foilClipper TagAllow consumers to tear off the antenna of an RFID tagIBM clipped tag technology allows consumers to tear off the antenna of an RFID tag, thereby significantly reducing the tag's read range to just a few inches.The Clipped Tag lets consumers disable RFID tags after purchase by tearing off part of the antenna.
45 Cracking Crypto-enabled RFID Reverse engineering: The encryption algorithm can be reverse engineered through flawed authentication attempts by sending RFID devices carefully chosen electronic queries and recording the responses of the devicesPost-processing: Analyze the response information to get clues as to what is happening inside the microchip, and therefore makes it possible to reconstruct the encryption algorithmKey cracking: Once the algorithm is known, the keys can be figured out by brute force attack, i.e. simply trying all possible keysSimulation: After obtaining the key (and serial number), it is possible to create a clone tagReverse engineering: The encryption algorithm can be reverse engineered through flawed authentication attempts. The method involves sending RFID devices carefully chosen electronic queries and recording the responses of the devices. The response information gives clues as to what is happening inside the microchip, and therefore makes it possible to reconstruct the encryption algorithm.Key cracking: Once the algorithm is known, the keys can be figured out by brute force attack, i.e. simply trying all possible keys. Since the DST-40 tag uses a proprietary 40-bit and Mifare Classic uses a 48-bit encryption algorithm, it will take 9 to 10 hours to try all possible keys for both devices on advanced equipment.Simulation: After obtaining the key (and serial number), it is possible to create a clone tag.
46 Supply Chain vs. Passport RFID Supply Chain RFIDsimplecheapno support for cryptographysingle identifier (kill command-render tag inoperable)range read ≥ 1 meterPassport RFIDtamper resistanceCryptographyshorter intended read range
47 UK ePassport The cover of the ePassport looks only slightly different This chip will be put on the back of the personal information pageIt will hold the scan of the holder’s facial features embedded in the chipThe cover of the ePassport looks only slightly different
48 Is Passport Card Secure? The first video created by Chris Paget demonstrates how to use a low-cost mobile device to read and clone RFID tags embedded in United States passport cards and enhanced drivers' licensesThe second video is a story by David Reid for BBC World showing how to clone Europe's new “secure” e-passport
49 Trigger AttackTrigger attack can be carried out by sensing the presence of RFID deviceIt is not about the identity theft, but the possibility of using RFID as trigger of weapons/explosivesReference 
53 Major Threats to Privacy through RFID Unauthorized readout of one’s belongings by othersTracking people via their objects over timeRetrieving social networksIndividual profiling
54 A Technical Perspective RFID technologyImmediate responseTag interpretationReference 
55 A Technical Perspective (cont.) Database technologyDelayed responseData accumulationTag interpretation
56 A Technical Perspective (cont.) Shared databasesData mining / data sharingResponse may be out of contextData accumulationTag interpretation
57 A Data Protection Perspective Doesn’t necessarily involve personal data…… though it may trigger the creation of personal data…… and there might be other privacy implications as well.Tag interpretation
58 A Data Protection Perspective (cont.) Personal dataData accumulationIdentifierTag interpretation
59 A Data Protection Perspective (cont.) Data mining / data sharingPersonal dataData accumulationIdentifierTag interpretation
60 An “Application” Perspective Tag interpretation
61 An “Application” Perspective (cont.) Tag interpretation
62 An “Application” Perspective (cont.) Profiling based on combination of tags…… combination of tags may identify the individual…… ‘gold’ credit card……expensive watch…… and some tags might say the darndest things.…works at animal testing lab……card-carrying communist…Tag interpretation
63 Countermeasures: Faraday Cage Tin Foil ClothRFID ShieldReference 
64 Threat-Countermeasure Mapping Reverse EngineeringPower AnalysisEavesdroppingMan-in-the-MiddleCloningUnauthorized ReadingUnauthorized writing/modificationJamming TransmittersSpoofingReplyVirusTrackingMisuse Kill CommandBlocking tagBounds Checking & Parameter BindingDetaching Tag from Tagged ItemOptical Tamper SensorChip CoatingRandomizationEncryptionAuthenticationRecognizing DuplicatesInstall Field DetectorsUse Read-only TagsFrequency Division/HoppingShift Data to the BackendChallenge and ResponseKill FunctionAlarm Function for Active TagsMechanical ConnectionCan be detected, but no countermeasure method
65 Authentication/Authorization Using Secrets Who are you?ID=#Prove it by encrypting rGenerate randomnumber rComputex=EK(r)xCheckReference 
66 EncryptionE is an encryption function: algorithm for scrambling bits in a way that depends on KK is a secret key shared between card and reader (backend database)x = EK(r)
67 Encryption as A Solution If all of the keys are different, how are they managed?Reference 
68 Encryption as A Solution (cont.) If all of the keys are the same, how is it protected?Reference 
69 NIST Guidelines on RFID Security NIST SP800-98: Guidelines for Securing Radio Frequency Identification SystemsGoals and Objectives:Assist organizations in understanding RFID security risks and what security controls can help mitigate those risksProvide real world guidance on how to initiate, design, implement, and operate RFID systems that mitigate risksProvide security controls that are currently available on today’s marketThe document does not address the advanced authentication and cryptographic features that are incorporated in many smart card RFID systemsReference 
70 The goals of the project are to: RFID GuardianA mobile battery-powered device that offers personal RFID security and privacy managementThe goals of the project are to:Investigate the security and privacy threats faced by RFID systemsDesign and implement real solutions against these threatsInvestigate the associated technological and legal issues
71 Building Security into RFID Consumer DeviceReaderRFIDHashFunctionShared secretLast date stampResponse: Hash (RK + SS + DT)Date stamp as nonce : DTOne-time-pad shield: RK + Hash (DT + SS)Validation: Hash (RK + SS)Reference 
72 Building Security into RFID (cont.) Each RFID holds multiple digital keys (typically 3-5)RFID have multiple modes determining response type to a requestConsumer control new OWNER key (used for Privacy Mode)Manufacturer keep Authenticity Key for verifying originality etc.Using group keys to narrow in on context – dynamically customisedEach key can be verified transparently without leaking identifiers
73 Full virtualisation of both verifier and RFID AdvantagesFull virtualisation of both verifier and RFIDRFID can operate without leaking informationConsumer get control at purchaseStrong anti-counterfeit even post-purchaseCan maintain business confidentialitySolving “RFID as trigger” problem
74 Evaluating Security Risks To assess the risk of security threats, the Open Web Application Security Project (OWASP) identifies other factors to security threat levels that include:Damage PotentialReproducibilityExploitabilityAffected users andDiscoverability (DREAD)Although the DREAD model is targeted towards software security threats, it can be applicable for RFID security.Reference 
75 The DREAD Model For instance, the definition of RFID DREAD model is: Damage Potential: How much damage will be caused if a threat occurs?Reproducibility: How easy is it to reproduce the threat exploit?Exploitability: What is needed to exploit this threat?Affected Users: How many users will be adversely affected?Discoverability: How easy is it to discover this threat?
76 Risk Evaluation Algorithm The risk evaluation algorithm of DREAD model is defined as:RiskDREAD = (D + R + E + A + D) / 5and is used to compute a risk value, which is an average of all five categories
77 A Few Concluding Points RFID is a technology, not a specific deviceSecurity and privacy are subtle and application dependentSecurity challenge often a function not of on-board security featuresSecurity and privacy are important issues in RFID applications:About 35 papersMostly on privacy:About 350 papersAd-hoc privacy, Tag-Reader communication, Lightweight authentication protocol, etc.
78 References Mark Norton, “RFID Security Issues”, Wireless/RFID Conference, Feb. 27-March 1, 2006. Jin Soon Tan, Tieyan Li, “RFID Security”, The Synthesis Journal 2008, Pages , published by Information Technology Standards Committee (ITSC), Singapore. Nov G. MacGillivray and C. Sheehan, “RFID security”, Semiconductor Insights, RFID Security Issues Briefing to CANOSCOM, July 27, 2006. David Evans, “What Every Computer Scientist Should Know About Security”, University of Virginia M.R. Rieback, B. Crispo, and A.S. Tanenbaum, “Is Your Cat Infected with a Computer Virus?,” Proc. 4th Ann. IEEE Int’l Conf. Pervasive Computing and Comm., IEEE CS Press, 2006, pp. 169–179.
79 References (cont.) Ernst Haselsteiner and Klemens Breitfuss, “Security in Near Field Communication: Strengths and Weaknesses”, RFIDSec 06, July 13, 2006. Peter van Rossum, “Mifare Classic Troubles”, Invited Talks at the RFIDSec09, June 30 - July 2, 2009, Leuven. Sarah Spiekermann, “A Privacy Impact Assement for RFID - A Proposal”, RFIDSec09, June 30 - July 2, 2009, Leuven. K. Mahaffey, “RFID Passport Shield Failure Demo – Flexilis”, Stephan J. Engberg, “The Changing Security Paradigm from Central Command & Control to Distributed Dependability & Empowerment”, at EU From RFID to the Internet of Things, Mar 6, 2006.
80 References (cont.) “RFID and Privacy”, Lorentz Center, March 2008. David Evans, “Feasible Privacy for Lightweight RFID Systems”, SPAR Seminar, Johns Hopkins University, 17 October 2007 Simson Garfinkel, “RFID Security and Privacy”, October 5, 2005, Ajit Jillavenkatesa, “NIST, RFID Standards and Interoperability”, GRIFS Forum Meeting, June 30, 2009.
81 Thank you very much for your attention. Mike Meranda, President of EPCglobal US: “You learn by doing, even though the technology is not perfect.”
82 Common RFID Attacks - Summary No clock, weak randomnessreplay attacksLow computational capacitycryptanalytic attacksAttacker controls tagside-channel attacksWirelessrelay attacksUsed for identificationtracing attacks