Upload
rafael-curry
View
29
Download
3
Embed Size (px)
DESCRIPTION
RFID: What’s in our pockets anyway?. Martin Hlaváč and Tomáš Rosa Department of Algebra, MFF UK in Prague PPF banka a.s. and eBanka, a.s. Agenda. Technology and platform overview LF and HF bands interface Security case studies Unique ID transponders MIFARE phenomenon e-Passport - PowerPoint PPT Presentation
Citation preview
May 28, 2008
Information Security Summit ’08Martinicky Palace, Prague
RFID: What’s in our pockets anyway?
Martin Hlaváč and Tomáš RosaDepartment of Algebra, MFF UK in PraguePPF banka a.s. and eBanka, a.s.
May 28, 2008, page 2
Agenda
Technology and platform overviewLF and HF bands interfaceSecurity case studies Unique ID transponders MIFARE phenomenon e-Passport
Payment cards
May 28, 2008, page 3
Passive RF Chips Overview
Contact-less chips radio-classification LF range chips (100 to 150 kHz) HF range vicinity cards (13.56 MHz) HF range proximity cards (13.56 MHz) UHF range chips (800 MHz and higher)
Huge variety of designs Cards, keychains, stickers, implants, …
RFID – Radio Frequency Identification Viewed as a specific application of RF chips
May 28, 2008, page 4
LF and HF Band Physical Layer
Employs the behavior of so-called near field of the transmitter Classical wave not fully formed, yet Magnetic component takes care of
the energy transport Arrangement „terminal antenna –
chip antenna“ can be seen as a high frequency transformer
May 28, 2008, page 5
Feeding the Transponder
Typical magnetic field antennas set-up
V = V0cos(t)
[7]
May 28, 2008, page 6
Talking with the Transponder
terminal RFID
transponder RFID
internal network
transponder field
terminal field
May 28, 2008, page 7
Ordinary Operational Distance
Frequency band
Sub-class
Typical sortTypical
deployment
OperationDistance(order)
LF(100 to 150 kHz)
- Memory card
Access system, immobilizer,
implant, loyalty card
cm
HF(13.56 MHz)
Vicinitycard
Memory cardAccess system,
skipass,loyalty card
cm to m
Proximity card
Contact-lesssmartcard
Access system, payment card,
e-passportcm
UHF(800 MHz –
1GHz)- Memory card Stock control cm to m
May 28, 2008, page 8
When the Distance Matters
Attacking techniques and ranges for HF band according to ISO 14443
Method DistanceActive communication with the
chipdozens of
cmPassive reception – chip and
terminalunits of m
Passive reception – terminal only dozens of mActive communication with the
terminaldozens of m
May 28, 2008, page 9
Active Attacks Reviewed
It is practically feasible to feed up a typical LF/HF chip at a distance of order of metersThe problem is, however, to hear the transponder’s response Increasing terminal’s field can
significantly decrease the SNR – Signal to Noise Ratio
Possible way for “write-only” attacks…
May 28, 2008, page 10
Terminal is Speaking (prox. HF)
May 28, 2008, page 11
Chip is Speaking (prox. HF)
May 28, 2008, page 12
Contactless Smartcard
Important sub-class of RFID transpondersFunction-wise and security-wise in par with classical (contact) smartcardsPlatform – proximity card (13.56 MHz)
May 28, 2008, page 13
ISO 14443
Standardizes proximity cards Usual operational distance 10 cm
Sub-groups A, B Differ in communication protocol
details (modulation, coding, frames, semantics)
Transport platform for contactless smartcards
May 28, 2008, page 14
ISO 7816
Describes contact card communication interface contact(-less) card application protocol
Effort to unify the view of a smartcard regardless the communication interface Combination of ISO 14443 (communication) and
ISO 7816 (application commands) From the point of view of ISO 7816 there is a new
communication protocol identified with T = CL (Contact-Less)
Aplication platform of contact(-less) smartcards
May 28, 2008, page 15
Contact or Contactless
Hierarchy of standards for contact and contact-less smartcards
Application layer ISO 7816-4 and higher
Transport layer
ISO 7816-3
ISO 14443-4
Link layerISO
14443A-3ISO
14443B-3
Physical layerISO
14443A-2ISO
14443B-2
Electromechanicalproperties
ISO 7816-1, 2
ISO 14443-1
May 28, 2008, page 16
Unique ID Transponders
Popular in access protection to buildings, offices, garages, etc.Examples: EM4x02, HID Isoprox II, Indala, etc.LF Band Serial memory with several dozens bits Sends repeatedly its identifier when in
terminal’s field No cryptographic protection
Security almost non-existing in many cases
May 28, 2008, page 17
LF Band Skimmer – Terminal Mode
Digital part
Transmitter Receiver
May 28, 2008, page 18
LF Band Skimmer – Emulator Mode
Digital part
Load modulator
Carrier sensing
May 28, 2008, page 19
MIFARE
Memory cards with cryptographic authentication and protected radio communicationCapacity 1 KB or 4 KBMemory (1 KB) divided into 4-block sectors: 3 data blocks 1 sector trailer block Block length is 16 B
Compatible with ISO 14443-AUses proprietary commands set instead of ISO 7816, however
May 28, 2008, page 20
MIFARE - Authentication
Three-way authentication with key agreement (idea similar to e-passport)Two 48b access keys KA, KB can be defined independently for each sector Implicitly: Philips KA = A0 A1 A2 A3 A4 A5 Philips KB = B0 B1 B2 B3 B4 B4 Infineon KA = KB = FF FF … FF
May 28, 2008, page 21
MIFARE - Encryption
Stream cipher Crypto1 Proprietary design Available as special purpose circuit for
terminals (e.g. MF RC531) Closely related to authentication
Main key 48 b, ephemeral key length unpublished
Authentication parameters (via MF RC531 service): block address, card serial number, main key
May 28, 2008, page 22
MIFARE – What Can Go Wrong?
Property access control based solely on card’s serial number MIFARE degenerated to an ID card with
a simple LF type chip Cloning possible if serial number is
known Can be “heard” from dozens of meters away,
even if it is primarily sent by the card (see the anticollision routine of ISO 14443-A)
May 28, 2008, page 23
MIFARE UID Theft Illustrated
May 28, 2008, page 24
MIFARE UID Theft Illustrated
No card
Card inspection(many times)
May 28, 2008, page 25
Yet Another Situation of That Kind
May 28, 2008, page 26
MIFARE – Bad News
Chaos Communication Congress 2007Crypto1 reverse engineered. Brute force attack on authentication key
Possible in 50 minutes with 64 FPGAs (Xilinx Virtex-5 LX50)
Other weaknesses are being analyzed in detail
Public information is incomplete. Once fully published, MIFARE considered obsolete (broken).
May 28, 2008, page 27
MIFARE - DESFire
Successor of classic MIFAREEmploys 3DES instead of Crypto1 Recently, AES algorithm available, as well
Besides proprietary commands, ISO 7816 compatibleClosed application interface with overloaded cryptographic scheme Potential risk – weaknesses in API
May 28, 2008, page 28
Electronic Passport
Equipped with a contact-less smartcard chipCompatible with ISO 14443 and ISO 7816Application code: A0 00 00 02 47 10 01Data files DG1 to DG15: related to the travel document
(DG1 – copy of machine readable zone (MRZ), DG2 – photo of the face, DG15 public key for active authentication)
EF.COM, EF.SOD, EF.DIR: service data
May 28, 2008, page 29
P5CD072
May 28, 2008, page 30
Security Mechanisms
Required by ICAO Passive authentication – digital signature of all
data files DG1, …, DG15
Required in EU members BAC – basic access control to data files and
selected functions (e.g. active authentication)
Optional Active authentication – challenge-response
authentication of the chip (e.g. used in Czech Republic, not in Germany)
May 28, 2008, page 45
Apparent Weaknesses of ICAO e-Passport
Detectability of passport presence Markers: presence of application A0 00 00 02
47 10 01, BAC protocol support, etc.
Brute force attack on BAC Apparently low main password entropy Listening to terminal is sufficient
Partial weaknesses of BAC and SM Detectability of passport with known
password (MRZ) SM does not protect the command headers
and status error answers
May 28, 2008, page 46
Relay Attack on Active Authentication
Passport asks to extend the answer time to 4949 ms. If not acknowledged or if shorter time
acknowledged, passport terminated the communication in our experiments Presumably, terminals on country borders have to
accept 5s delay Passport responded within 1s during the
experiments Remaining 4 s can be used to relay the
challenge from the counterfeit to real passport and send back the response
May 28, 2008, page 47
Attack Illustration
initialization
file reading
AA challenge
S(WTX)
AA response
challenge relay
response relay
initialization
AA challenge
S(WTX)
AA response
terminal fakepassport
faketerminal
passport
RF channel 1 channel 2 RF channel 3
May 28, 2008, page 48
Side Channels
SCH is any unwanted information exchange between the cryptographic module and its surroundings Physical principles of passive RF chips greatly facilitate existence of many SCH Electromagnetic field is a primary
concern
May 28, 2008, page 49
RSA: Square-and-Multiply
Input: integers x, d, N 0 x < N 2k-1 d < 2k, for some integer k d = dk-12k-1 + … + d12 + d0
Output: xd mod NComputation:
1. z x2. for i = k – 2 to 0
i. z z2 mod N ii. if di = 1 then z z*x mod N
3. return z
Square
Multiply
May 28, 2008, page 50
FAME-XE Exposure in the Field
Measurements by doc. Lórencz’s team,KP FEL ČVUT in Prague, april 2007
S M S S S S SM M M M
May 28, 2008, page 51
Lessons Learned for Payment Cards
Differences in the communication interface physical layer request revision of classical assumptions Holder’s “conscious card presentation” is
not as conscious any more Unprotected data and functions are exposed
to many more attackers Paper envelope protects well against the
visible light, not the HF range, however Side channel attacks are a bigger concern etc. …
May 28, 2008, page 52
Hypothetical Construction: RFID-EMV
Payment cards conquering USA employ non-public schemes Compatibility with EMV chip card standard
was not experimentally observed, yet Research disclosed many weaknesses [5] Hopefully, it’s only a transition state
To illustrate, let’s assume a hypothetical platform RFID-EMV as a migration of current contact card to contact-less
May 28, 2008, page 53
Hypothetical Risks RFID-EMV I
Relay attack on the whole transaction Client might unconsciously pay
attacker’s bill in a restaurant
Eavesdropping on sensitive data Acquire PIN transmitted insecurely
during VERIFY operation Terminal signal readable at distance of
tens of meters
May 28, 2008, page 54
Hypothetical Risks RFID-EMV II
Reading sensitive data Unprotected data can be read without
client’s knowledge (subway attack)
Blocking card Entering wrong PIN too many times ATC overflow etc.
May 28, 2008, page 55
Conclusion
Contact-less chip technology reveals new possible services to clients Can’t hide from this phenomenon
Meanwhile, new attack strategies emerges not taken into account with “contact” chips Straightforward migration of “contact”
applications to contact-less is not advisable
May 28, 2008, page 56
Thank you for your attention …
Tomáš RosaeBanka, a.s.Department of Algebra MFF UK,[email protected]
Martin HlaváčDepartment of Algebra MFF UK,PPF banka, [email protected]
ni.cz
May 28, 2008, page 57
References1. ČSN ISO/IEC 14443-1..42. ČSN ISO/IEC 7816-3, 43. Development of a Logical Data Structure – LDS for Optional Capacity Expansion
Technologies, ICAO, ver. 1.7, 20044. Hancke, G.: A Practical Relay Attack on ISO 14443 Proximity Cards, IEEE
Symposium on Security and Privacy 20065. Heydt-Benjamin, T.-S., Bailey, D.-V., Fu, K., Juels, A., and O'Hare, T.: Vulnerabilities
in First-Generation RFID-Enabled Credit Cards, In Proc. of Eleventh International Conference on Financial Cryptography and Data Security, Lowlands, Scarborough, Trinidad/Tobago, February 2007
6. Kirschenbaum, I., Wool, A.: How to Build a Low-Cost, Extended-Range RFID Skimmer, USENIX 2006
7. Lee, Y.: Antenna Circuit Design for RFID Applications, AN 710, Microchip Tech. Inc., 2003
8. Lórencz, R., Buček, J. a Zahradnický, T.: osobní komunikace, 20079. MIFARE DESFire MF3 IC D40, Preliminary Short Form Specification v. 2.0, Philips
Semiconductors, September 200310. MIFARE MF1 IC S50, Rev 5.1, Philips Semiconductors, May 200511. Nohl, K, and Plötz, H.: MIFARE – Little Security, Despite Obscurity, 24th Chaos
Communication Congress, 2007, http://events.ccc.de/congress/2007/Fahrplan/events/2378.en.html
12. PKI for Machine Readable Travel Documents offering ICC Read-Only Access, IACO, ver. 1.1, 2004
13. Rašek, L.: Elektronické pasy – jak fungují, kopie internetových stránek z roku 200614. SmartMX – P5CD072 Secure Dual Interface PKI Smart Card Controller, Short Form
Specification v. 1.2, Philips Semiconductors, October 200415. Šiková, M.: Biometrie v osobních dokladech – cestovní doklady s biometrickými
údaji, Konference CARDS, Praha 13. září 2006