An Embedded System for Practical Security Analysis of Contactless Smartcards

May 10, 2007

Timo Kasper

Crete, Greece

An Embedded System for Practical Security Analysis of Contactless Smartcards

Timo Kasper, Dario Carluccio and Christof Paar

Communication Security Group

Ruhr University Bochum, Germany

http://www.crypto.rub.de

Timo Kasper May 10, 2007 2

Outline

1. Background

2. RFID Basics (ISO 14443)

3. Security Weaknesses

4. Design and Development of an Embedded System

5. Selected Applications and Results

6. Conclusion


Background

Many standards for RFID coexist, differing in

- Frequency: kHz … GHz,

- Data rate: 2400 bit/s … 1 Mbit/s,

- Range: < 1 centimetre … several metres,

- Coupling method: backscattering, inductive, …

RFID = Radio Frequency IDentification


Background

ISO 14443 is widely deployed in security sensitive applications:

- RFID augmented credit cards (Visa Wave, MasterCard PayPass),

- Ticketing (Philips Mifare, Smart Labels),

- Electronic passport, student identity cards, mobile phones (NFC) , …

Many standards for RFID coexist, differing in

- Frequency: kHz … GHz,

- Data rate: 2400 bit/s … 1 Mbit/s,

- Range: < 1 centimetre … several metres,

- Coupling method: backscattering, inductive, …

RFID = Radio Frequency IDentification


RFID Basics (ISO 14443)

• reader generates field with 13.56 MHz carrier frequency

• supplies tag with clock and energy via inductive coupling





• reader transmits data by creating short pauses in the field






• tag answers employing load modulation







• operating range: 8…15 cm, data rate 106…847 kBit/s







• operating range: 8…15 cm, data rate 106…847 kBit/s


Security Weaknesses

• contactless interface (e.g. ISO 14443) brings new opportunities for attackers

- read out a tag actively (range: up to 25 cm), maybe unnoticed

- replay attack,

- relay („man in the middle“) attack,

- eavesdropping of the communication from a distance of several meters


Security Weaknesses

• contactless interface (e.g. ISO 14443) brings new opportunities for attackers

- read out a tag actively (range: up to 25 cm), maybe unnoticed

- replay attack,

- relay („man in the middle“) attack,

- eavesdropping of the communication from a distance of several metres

• maximum energy consumption of a contactless smartcard is limited,

• reduce manufacturing costs small chip area,

measures for security / privacy may be not implemented or very lightweight !


Our Contribution

Idea: Design a cost-effective embedded system which makes it possible to

• communicate with a contactless smartcard on the physical layer,

• emulate any ISO 14443(A) compliant RFID tag / smartcard.

perform replay-, man in the middle-, and other attacks,

analyse protocols, i.e., logging of the communication data,

implement and test new protocols and countermeasures,

assist side-channel attacks (DEMA, …),

test different antennas / power amplifiers.


Embedded System – The Reader

• RF interface: transparently operating EM4094 transceiver

• Atmel ATMega32 microcontroller clocked at 13.56 MHz

• specially designed circuits for signal conditioning / processing


Embedded System – The Fake Tag

• appears like an authentic ISO 14443(A) compliant transponder

• perform load modulation with subcarrier, as specified

• acquire data from the field and reduce bandwidth

• designed to cooperate with the bit level reader


Embedded System – Realization

(Bit-Level) Reader Fake Tag


Embedded System - Overview

• RFID tool: provide ISO 14443 compliant interface and emulation of a tag

• oscilloscope: measure / acquire information (e.g. electromagnetic emanation)

• PC: control process sequence and evaluate / analyse the data

• stand-alone operation modes implemented


Application: Relay Attack



















• DEMA = Differential ElectroMagnetic Analysis



Relay attacks have been carried out successfully with

• electronic passport (issued in Germany)

• student identity card (used at the Ruhr University in Bochum)

• Philips „Classic Mifare“ & „DESFire“ cryptographically enabled smartcards

• Atmel AT88SC153 smartcard

• tickets for the football world championship 2006


Applications and Results

Ticket for FIFA World Cup 2006 in Germany

• successful relay attack (all data read out remotely via the Fake Tag)

• embedded Mifare Ultralight chip 64 Byte data, providing NO encryption

with developed hardware: (simple) Replay Attack feasible!



Timing Analysis of an „ACG Dual 2.1 Passport Reader Module“

• reaction of the ACG reader to purposedly delayed answer of a transponder

• compliance with the „Frame Delay Time“, exactly defined in the ISO 14443, could not be observed facilitates relay attack



Investigations with regard to tuning and range

• antennas made out of thin copper wire

• antennas on PCBs


Future Works

• improved „Man in the Middle“ attack:

modify the relayed information in real time

• increase reader operating range to 25 cm

• implement and test new protocols / countermeasures

• assist / perform other attacks:

• remote power analysis

• fault analysis

• improve Differential Electro-Magnetic Analysis


Conclusion

• cost-effective design of a freely programmable RFID reader and

• Fake Tag emulation of any ISO 14443A complaint tag

• Replay-attack (play-back of previously recorded data)

• Relay-attack (real-time relaying of the data in both directions)

• Timing Analysis of a commercial RFID reader

• Different types of antennas were built and tested

• promising applications & extensions:- Remote Power Analysis- DEMA- Fault Analysis

• Recommendation: Shield RFID tags / contactless smartcards

to protect your privacy (e.g., one layer of aluminum foil) !

May 10, 2007

Timo Kasper

Crete, Greece

Thanks for your attention!

[email protected]

Documents

An Embedded System for Practical Security Analysis of Contactless Smartcards