Security Analysis of a Cryptographically-Enabled RFID Device

Steve Bono, Matthew Green, Adam Stubblefield, Ari Juels, Avi Rubin,

Michael Szydlo

Usenix Security Symposium 2005

Presented ByHimanshu Pagey

(For CDA 6938 Class Presentation)

How realistic is this Scenario?• Realistic ( I own a TI vehicle immobilizer , I am

going to get it changed right after the class).• Sounds good for a paper but really no body

can steal my car! • Ohh well ! Can they?• The paper suggest that such threats are well

within the realm of practical execution and is applicable to wide variety of applications .

• We hope that none of the car thieves are reading this paper.

RFID Primer (Souce:Wiki)

• Automatic identification method. • Data is retrieved from RFID Tags ( tags as small as 0.15-

millimeter by 0.15-m illimeter have been manufactured by hitachi)

• Passive tags do not require power source• Active tags require power source• Heavy implementation in supply chain industry.• Well we don’t want to implement unsecure

systems.• Unsecured systems is as good as “No System”

Questions that the paper answers

• How to stage the Attack? (Details)• What resources are needed to stage such an

Attack? (Hardware/software/network)• How serious is this threat? ( Wide deployed?)• What are the counter measures ?• Why was the attack possible?• Is Texas Instruments Listening?

Attack Details( How?) • Step 1 : Reverse Engineer the Cipher

3 64 85 10

Black Box Or Oracle DST

Easy to reverse engineer the functionality of the black Box

Step 1 ….

3 423454 980035 100000

Black Box Or Oracle DST

Difficult to reverse engineer the functionality of the black Box

Step 1 …• TI has not published their algorithm or Block

Diagram, citing “ security by obscurity” .• Their aim is to figure out the cipher used by the

DST by reverse engineering under constraint of minimum resource requirement.( Software packages were not used due to copyright issues).

• The authors observed the logical output of the DST by specifying varying inputs. They compared the logical output to the predicted output to determine the behavior of the hardware circuit

• The Authors were lucky that the DST cipher (hardware implementation) was easy to decode.

Step 1…• Such reverse engineering efforts have been

successfully attempted in the past.• For e.g. Bunny Huang Reverse engineered a

XBOX to allow it to run Linux.• With the help of block DST block Diagram

published in the Dr Kaisers publication and after much trial and error effort the authors were able to extract all the required information.

• The required information will be used in later stages to simulate the digital transponder.

Step 1…• The authors were able to recover– The key schedule– The routing mechanism– The logical functions computed by the f g and h

boxes– The Feistel structure of the DST cipher

• Feistel structure of an cipher can be considered as steps of the algorithm ( Order in which various operations are performed)

Step 2 Key Cracking• The authors compiled a hardware circuit to

crack the key (40 Bit key).• A single circuit was able to crack the 40 bit key

in under 21 hours.• To speed up search (under 1 hour for realistic

scenarios) the authors assembled 16 such circuits in parallel(<3500$).

• The authors were able to find the keys of 5 TI provided tags in under 5 hours to verify the correctness of the algorithm. ( This was a challenge issued by TI)

Step 3 Putting it all together

Reader Powers up the DST and sends a command

Encrypts and sends the response

Looks up the secret key based on the serial id broadcast by the DST

sends a command

Sends a response

Strengths of the Paper

• Exploits a realistic weakness in a production system. ( Texas Instruments)

• They make their results available to TI.• They actually stage on attack on “SpeedPass”

System.• They reverse engineer a Hardware circuit by

probing the logical output of the circuit.

Weakness

• The authors probably had enough working knowledge of a cipher implementation to decipher the structure of the hardware circuits, by probing the logical outputs. ( Since RSA produces security hardware components)

• A Thief should have enough technical knowledge to register such an attack, hence current 40 bit key Immobilizers still act as deterrent.

Suggested Improvement

• At the time of publication, TI had plans to ship DST with 128 bit keys.

• Can we still register an successful attack with this change?

• Was the cipher structure one of the causes of vulnerability?

Questions ?