RFIDSecurity and Privacy

RFID Radio Frequency IDentification

Warning: "RFID tag" can mean a lot of things

Most basic use: replacement of barcode• wireless readout• no alignment required• passive tag

- reader provides power through EM field

• tag contains only ID, no processor• very cheap• database of tag IDs and their meaning

DB

T-shirt

##FEEBDAED

##

PeggyYorkshire

TerrierOwner: J. Smith

Peggy

Yorkshire Terrier

Owner: J. Smith

Phone: +31040…

What is needed for this?

• Small identifying tag– can be placed in an animal / object– very cheap– most basic form: almost no logic

• Contactless readout– reading device provides electromagnetic field– tag gets power from EM field– tag causes time-dependent impedance changes

At the other end of the spectrum:wireless smartcards

• processor• optional: battery• active transmitter, not just passive impedance• ROM memory

- keys- software

• RAM memory• flash / EEPROM

- sensitive data• supports read & write operations• password protection• crypto

RFID vs. Traditional smart cards

• Similar: data on an electronic device

• Different: power supply and data exchange without galvanic contacts

• Different: limited power on the card side

Active tags Passive tags

Power Battery Supplied by the reader

Availability of power

Continuous Only in field of reader

Range ~100m up to 3-5m, usually less

Price >10 euro less than 10 cents

Memory 1-2Mb 0.5-2Kb

Size > 2cm*2cm > 0.05mm*0.05mm (without antenna)

Active vs passive

Some examples

Shanghai public transportation card

Passports

Dutch library reader’s pass

Animal identification

Stockidentification

Carkeys

Toll payment

Key holder Clock Plastic card Nails

Small box Label Plastic pin Roll of smart labels

toys toys connected to PC

Is this an active or a passive tag?

Implications for security…• No money/power for

– public key crypto- tamper resistance / detection- tamper-resistant clock

• Multiple readers and millions of tags– tag collision, reader collision

• anti-collision protocols– synchronisation– lots of different keys

• Non-contact and non-line-of-sight– hard to physically impede the communication

Implications for privacy

Internet Of Things will make this even worse

Implanting RFID in humans?

• Advantageous for– cancer patients undergoing chemotherapy;– people with pacemakers or other medical

implants; – cognitive impairment due to epilepsy,

diabetes, or Alzheimer’s disease;– emergency (allergy)…

• Your favourite drink at the bar?!

• 2004: The attorney general of Mexico and 18 of his staff had chips implanted to allow them to gain access to certain high-security areas.

• 2006: President of Colombia agreed to require Colombian citizens to be implanted with RFID chips before they could gain entry into the US for seasonal work.

• 2008: UK jails considering RFID implants for prisoners.

• 2008 - ...:OV Chipkaart security issues in the Netherlands.

• Security of car locks, wireless payment, etc

Impact on society

Things that can go wrong (1)

Illicit tracking of RFID tags

Things that can go wrong (2)

Skimming (obtain secrets by eavesdropping)

Things that can go wrong (3)

Tag cloning

Things that can go wrong (4)

Cross contamination

Things that can go wrong (5)

Tag killing

Things that can go wrong (6)

Tags captured and secret info extracted (invasive and side channel attacks)

Things that can go wrong (7)

Jamming

Can also be selective

The Pandora's box of RFID

• Ethical issues• Privacy• Tracking• Skimming• Tag cloning• Cross-contamination• Tag killing• Invasive attacks• Jamming

Questions ?

Some sources…

• http://www.avoine.net/rfid/• http://www.emc.com/emc-plus/rsa-labs/research-

areas/rfid-privacy-and-security.htm• http://eprint.iacr.org/2008/310.pdf

• And the “usual suspects”:– http://www.Wikipedia.org/– http://scholar.google.com/

Suggested topics: choose three sub-topics• Applications:

• banknotes• e-Passports • anti-counterfeiting • public transport• car keys

• Protocols• HB+ • EC-RAC• EMAP• distance bounding• ... other protocols

• Various kinds of attacks & countermeasures• Mifare hack• RFID viruses / malware• Cloning• ... other attacks

• Privacy enhancement• (universal) re-encryption

• blocker tag

• formal privacy verification

• Crypto on RFID tags• PUFs

• elliptic curves

• random number generators

• ... other crypto