Practical Attacks on a Proximity Card Jonathan Westhues [email protected] June 18 2005.
-
Upload
shon-scott -
Category
Documents
-
view
213 -
download
0
Transcript of Practical Attacks on a Proximity Card Jonathan Westhues [email protected] June 18 2005.
![Page 2: Practical Attacks on a Proximity Card Jonathan Westhues jwesthues@cq.cx June 18 2005.](https://reader030.fdocuments.us/reader030/viewer/2022032806/56649efe5503460f94c12677/html5/thumbnails/2.jpg)
Introduction
• How do RFID tags work?• Signals sent over the air• A naïve attack works perfectly• Better-than-naïve attacks work
even better• Security is possible if you are
willing to pay for it
![Page 3: Practical Attacks on a Proximity Card Jonathan Westhues jwesthues@cq.cx June 18 2005.](https://reader030.fdocuments.us/reader030/viewer/2022032806/56649efe5503460f94c12677/html5/thumbnails/3.jpg)
How the tags work
• The reader transmits a powerful carrier (a signal that carries no information)– Reader “excites” or “illuminates” tag
• This carrier powers the circuitry on the tag– So the tag does not need an internal
power source (battery)
![Page 4: Practical Attacks on a Proximity Card Jonathan Westhues jwesthues@cq.cx June 18 2005.](https://reader030.fdocuments.us/reader030/viewer/2022032806/56649efe5503460f94c12677/html5/thumbnails/4.jpg)
Information over the air
• Tag returns an information-bearing signal to the reader– Same frequency, same antenna
• Bi-directional communication also possible – e.g. to write information to a tag
instead of just reading
![Page 5: Practical Attacks on a Proximity Card Jonathan Westhues jwesthues@cq.cx June 18 2005.](https://reader030.fdocuments.us/reader030/viewer/2022032806/56649efe5503460f94c12677/html5/thumbnails/5.jpg)
Example: TI tag
antenna coil
capacitor(s)
(microchip on other side)
![Page 6: Practical Attacks on a Proximity Card Jonathan Westhues jwesthues@cq.cx June 18 2005.](https://reader030.fdocuments.us/reader030/viewer/2022032806/56649efe5503460f94c12677/html5/thumbnails/6.jpg)
Example: 13.56 MHz tag
antenna coilmicrochipcapacitor
![Page 7: Practical Attacks on a Proximity Card Jonathan Westhues jwesthues@cq.cx June 18 2005.](https://reader030.fdocuments.us/reader030/viewer/2022032806/56649efe5503460f94c12677/html5/thumbnails/7.jpg)
reader: powerful,no information
Signals over the air
tag: weak, carriesinformation
+
1 0 1 1 0
![Page 8: Practical Attacks on a Proximity Card Jonathan Westhues jwesthues@cq.cx June 18 2005.](https://reader030.fdocuments.us/reader030/viewer/2022032806/56649efe5503460f94c12677/html5/thumbnails/8.jpg)
Result: the signals add
(signal seen at the reader)
1 0 1 1 0
![Page 9: Practical Attacks on a Proximity Card Jonathan Westhues jwesthues@cq.cx June 18 2005.](https://reader030.fdocuments.us/reader030/viewer/2022032806/56649efe5503460f94c12677/html5/thumbnails/9.jpg)
Motorola/Indala Flexpass
• Card transmits its ID code to the reader
• Reader checks ID against its list to see if it should open the door
• That’s it; no attempt at security
![Page 10: Practical Attacks on a Proximity Card Jonathan Westhues jwesthues@cq.cx June 18 2005.](https://reader030.fdocuments.us/reader030/viewer/2022032806/56649efe5503460f94c12677/html5/thumbnails/10.jpg)
Basic replay attack
![Page 11: Practical Attacks on a Proximity Card Jonathan Westhues jwesthues@cq.cx June 18 2005.](https://reader030.fdocuments.us/reader030/viewer/2022032806/56649efe5503460f94c12677/html5/thumbnails/11.jpg)
Basic replay attack
• Read a legitimate card to get its ID code
• Store the ID in memory• Replay the ID to a legitimate
reader
![Page 12: Practical Attacks on a Proximity Card Jonathan Westhues jwesthues@cq.cx June 18 2005.](https://reader030.fdocuments.us/reader030/viewer/2022032806/56649efe5503460f94c12677/html5/thumbnails/12.jpg)
Basic replay attack
• Hardware design: nothing fast, no need for anything custom
• Easy• Other people have done this
![Page 13: Practical Attacks on a Proximity Card Jonathan Westhues jwesthues@cq.cx June 18 2005.](https://reader030.fdocuments.us/reader030/viewer/2022032806/56649efe5503460f94c12677/html5/thumbnails/13.jpg)
What kind of read range?
• Depends on the power of the carrier that the reader transmits
• Practical limits:– TX power
• Legalities (FCC, Industry Canada)• Input power• Technical limits (heat etc.)
– Antenna size
![Page 14: Practical Attacks on a Proximity Card Jonathan Westhues jwesthues@cq.cx June 18 2005.](https://reader030.fdocuments.us/reader030/viewer/2022032806/56649efe5503460f94c12677/html5/thumbnails/14.jpg)
Practical read range
• “A few feet”
![Page 15: Practical Attacks on a Proximity Card Jonathan Westhues jwesthues@cq.cx June 18 2005.](https://reader030.fdocuments.us/reader030/viewer/2022032806/56649efe5503460f94c12677/html5/thumbnails/15.jpg)
Even better attacks
• The read range goes up when the card is already powered– Thus, even more vulnerable if the
eavesdropper sets up near a legitimate reader
• The signal goes through sheetrock walls
![Page 16: Practical Attacks on a Proximity Card Jonathan Westhues jwesthues@cq.cx June 18 2005.](https://reader030.fdocuments.us/reader030/viewer/2022032806/56649efe5503460f94c12677/html5/thumbnails/16.jpg)
DSP refinements
• FlexPass cards: repeat their ID over and over as long as they are powered
• Opportunity to use DSP techniques to “average together” multiple copies and improve sensitivity
![Page 17: Practical Attacks on a Proximity Card Jonathan Westhues jwesthues@cq.cx June 18 2005.](https://reader030.fdocuments.us/reader030/viewer/2022032806/56649efe5503460f94c12677/html5/thumbnails/17.jpg)
Solution
• But surely we can do better…
http://members.core.com/~jeffp/
![Page 18: Practical Attacks on a Proximity Card Jonathan Westhues jwesthues@cq.cx June 18 2005.](https://reader030.fdocuments.us/reader030/viewer/2022032806/56649efe5503460f94c12677/html5/thumbnails/18.jpg)
FlexPass FlexSecur
• Encrypt ID before programming it onto card
• Replay attack:– Doesn’t help, eavesdropper unlikely
to notice that is present
• Not useless though
![Page 19: Practical Attacks on a Proximity Card Jonathan Westhues jwesthues@cq.cx June 18 2005.](https://reader030.fdocuments.us/reader030/viewer/2022032806/56649efe5503460f94c12677/html5/thumbnails/19.jpg)
Challenge/Response
• Fixes everything, and cards are available that use it
• Drawbacks:– Complexity: crypto circuitry on the
card– Bi-directional communication with
reader is now required
![Page 20: Practical Attacks on a Proximity Card Jonathan Westhues jwesthues@cq.cx June 18 2005.](https://reader030.fdocuments.us/reader030/viewer/2022032806/56649efe5503460f94c12677/html5/thumbnails/20.jpg)
Alternative: Rolling codes
• Also fixes everything• Used e.g. in auto keyless entry• Advantage:
– No bi-directional communication required
• Disadvantage:– Needs non-volatile storage
![Page 21: Practical Attacks on a Proximity Card Jonathan Westhues jwesthues@cq.cx June 18 2005.](https://reader030.fdocuments.us/reader030/viewer/2022032806/56649efe5503460f94c12677/html5/thumbnails/21.jpg)
Conclusion
• ID-only cards are not in any mathematical sense secure
• Secure alternatives exist• Depending on the application, they
might not be better• It would be nice if the vendors
would tell you what you’re getting
![Page 22: Practical Attacks on a Proximity Card Jonathan Westhues jwesthues@cq.cx June 18 2005.](https://reader030.fdocuments.us/reader030/viewer/2022032806/56649efe5503460f94c12677/html5/thumbnails/22.jpg)
Thank you