RFID & Security: an overview of threats and possible ...lauren_m/WEB-ActionSSO/2014-SSO... RFID &...

www.centrenational-rfid.com

RFID & Security: an overview of threats and possible

countermeasures

Claude Tételin Directeur Technique

Président AFNOR CN31

Septembre 2014

• The French RFID National Centre

• Classification of RFID technologies

• Purpose of security: what do you want to protect?

– Applications of RFID

– Identifiers

– Data

• Attacks

• Possible countermeasures

• Conclusion

2

Agenda

Le CNRFID

Le CNRFID, Une Initiative Nationale• Initié par le Ministère de l’Industrie et des Finances

• Créé par le Pôle de compétitivité Solutions Communicantes Sécurisées et le

Pôle Traçabilité en juillet 2008

• Mis en place opérationnellement en janvier 2009

Association loi 1901, cofinancée par : • L’Etat (DGCIS)

• Ses adhérents

• Ses services

Une expertise reconnue : • Membre des comités de normalisation internationaux (CEN, ETSI, ISO)

• Présidences & vice présidences

• Mandat européen, « Privacy & Public Awarness », Présidence groupe norme

liées au processus PIA

Nos valeurs


• Indépendance

Association indépendante de tout organisme, secteur, profession,

marché ou région

• Transparence et neutralitéLe CNRFID a pour mission de promouvoir l’utilisation intelligente

des technologies RFID et NFC. Cette mission est menée dans la

plus grande transparence et avec toute la neutralité et

confidentialité qui s’impose à un Centre National de Référence.

Notre Mission


Accompagner le développement (financièrement et

techniquement) des solutions sans contact

Contribuer à la normalisation, aux évolutions légales et

règlementaires

Favoriser le développement d’une synergie stratégique et

opérationnelle de nos adhérents offreurs et utilisateurs au

niveau national, européen et international

Former et informer les utilisateurs/offreurs de solutions sans

contact

Répertorier les solutions technologiques

1

2

3

4

5

Des adhérents représentatifs

de la chaîne de valeur de la RFID

Puce électronique

Etiquette, Tag, carte

InterrogateurPackaging,Capteurs,Sécurité

Software,Réseau

Intégration Utilisateurfinal

Les actions du CNRFID


Implication au sein de l’univers académique

Evénements et rencontres business

Formations et Informations

Accompagnement Projet

Services

du CNRFID

Norme, règlementation et

standardisation

Le soutien aux PME

Veille technologique et stratégique





– Identifiers

– Data

• Attacks


• Conclusion

8

Agenda

RFID principle:

Technology for automatic identification that uses radiofrequency radiations or

magnetic fields for identifying objects carrying tags present in the readerinterrogation zone.

An electronic chip embedded in the tag contains unique identifiers and data.

www.centrenational-rfid.com 9

RFID Classification

Active / Passive / Battery Assisted Passive

Active: the RFID chip has its own RF emitterMore complex and more expensiveGreater reading distances (> 100 m)Tag needs an on-board power supply

Passive: the RFID has no emitter on boardSimple and cheapTag needs to backscatter reader’s RF signal to communicateReading distances from few centimetres up to 10 m maximumRFID chip supplied by reader’s RF signal

Battery Assisted: a passive tag that carries a batteryNo RF emitter on board (passive)Backscattering for communicationThe battery is generally used for supplying peripherals (sensors, I2C links,…)


RFID Classification

Frequency or reader/tag coupling

Inductive coupling: uses magnetic fields

LF (125kHz) or HF (13,56MHz) systems

Antennas = Coils or loops

Magnetic field rapidly decreases = interrogation zones are clearly defined

Propagative coupling: far field region

UHF (433 and 860-960MHz) and SHF (2,45GHz) systems

Antenna = Dipole based designs

Propagation = reflexions and diffractions = possible holes in the interrogation zone


RFID Classification

Memory types and sizesRead Only

End-users cannot change these data

TID: Tag Identifier (generally 32 or 64 bits)

Encoded by chip manufacturer

Write Once Read Multiple

End-user can encode data once

UII: Unique Item Identifier (32, 64, 96 or 128 bits)

Example: EPC Code (GS1)

Multi Time Programmable: User Memory

A few bits up to several kilobits

Access could be protected or restricted (login, password)

Protocoles TTF, RTF, ToTaL


RFID Classification





– Identifiers

– Data

• Attacks


• Conclusion

13

Agenda

Reading distance

From few mm to several meters for passive systems (>100 m for active RFID)

Think about reading volumes and not onlymaximum distances!

Reading w/o line of sight

Use of magnetic or EM fields

Take the environment into account (metal, water, etc.)

Simultaneous readings

Up to 100 tags/s (UHF protocols)

Adapt the protocol to the application (passNavigo vs. logistics)

If you don’t need any of these three characteristics, please don’t use RFID in your process


Different RFID applications


Identifiers and Data

MemoryRFID chips only use non volatile memory (because

RFID tags have to store information even when they

are not powered)

RFID chips mainly use EEPROM technology

because the size of the memory do not exceed tens

of kbytes and each bit of memory can be addressed

individually (no need to lose time and energy to write

complete blocks even if it is sometimes possible)

EEPROM is a stable technology (lower cost)

FeRAM are used for applications which require high

capacity memory (Fujitsu UHF tag with up to 64

kbytes user memory)

CID: Chip IdentifierNumber used to identify the chip. Usually encoded by the chip manufacturer in a ROM like memory. Cf. TID

TID: Tag IdentifierNumber used to identify a RFID Tag. Usually encoded by the tag manufacturer or chip manufacturer in a ROM like memory. Manufacturers may use the ISO 15963 encoding rules.

UII/UID: Unique Item Identifier/Unique IdentifierUII is a code that identifies the object to which a tag is affixed. For ISO applications, UII has to follow ISO 15962

EPC: Electronic Product CodeEPC is a special case of UII and is proposed by GS1. For EPCGlobalapplications, UII (EPC) has to follow EPCglobal Tag Data Standards.


AFI: Application Family IdentifierAFI represents the type of application targeted by the RFID readers and is used to extract from all the RFID tags present only the tags meeting the required application criteria. AFI is defined in ISO/IEC 15961-3

Reader

AFI is also used for contactless smartcards applications (banking, transport, access control, etc.). AFI codes are defined by ISO 14443 and ISO 15693AFI is a powerful tool to speed up anti-collision process

Courtesy of Paul Chartier, Praxis Consultants


http://www1.euro.dell.com/content/products/compare.aspx/dimen?c=uk&l=en&s=dfh

http://www1.euro.dell.com/content/products/compare.aspx/dimen?c=uk&l=en&s=dfh

• Basic UHF Protection features:• None: everyone can read/erase/write at the identifier memory location

• Lock: Once written by an authorized organization, the identifier is locked. Everyone can read it but need a password to change it. Questions:

• What is an authorized organization?• Who define the password and store it?• Is there a different password for each tag?

• PermaLock: Once written by an authorized organization, the identifier is permanently locked. Everyone can read it but identifier can never been changed again.

• Be careful when permalocking an encoded identifier• Un-permalocking of tag is sometimes possible but very difficult (recommissioning)


Available data protection features depend on where data is stored

DataCan be stored:

Directly in the RFID tag memoryIn an external data base

Data in the tagEveryone who reads a tag can access the data but…

Data could be protected (access password) or encipheredTag reading may require reader authentication

No need to have network connection

Data in the applicationNo data stored in the tag End user accesses data using the unique identifier as a pointer in a data baseThis may require authentication and data access/modification may depend on end-user’s privileges






– Identifiers

– Data

• Attacks


• Conclusion

20

Agenda

Security services: what is the targeted asset?

Data disponibility

Integrity that ensures that any modification of data is detected

Confidentiality that prevents unauthorized disclosure of data

Access control that prevents unauthorized use of resources

Authentication that ensures that the device (tag and/or reader) entity is the one claimed

What is the target?

The RFID tag (and the object it is attached to)

The RFID chip

The RFID air interface

The device interface and the application


RFID attacks

The only one reallyspecific to RFID

Attackers may use:

Fake Reader, Fake Tag, Real Reader, Real Tag


Configuration of RFID attacks

Fake Reader:

Interferences for Denial of Service

Eavesdropping

Tag Activation



Fake Tag:

Interferences / collisions for Denial of Service

Unauthorized access



Fake Tag and Fake Reader:

Tag cloning

Relay Attack



Threats associated with the data encoded on the RFID tag

Side Channel (power consumption, EM fields,… )

Tag Cloning (unique chip ID, data,…)

Physical data modification (to gain privileges…)

Tag switching (start communication with real tag and continue with fake one)

Tag destruction (physical, logical)

Threats associated with the air interface

Unauthorised Tag Reading (skimming)

Tracking (behavioural profiling, data linking, localisation ….)

Eavesdropping or traffic analysis

Relay attack

Man in the middle (data modification/insertion)

Replay attack


RFID attacks scenarios

Threats associated with the air interface …

Noise / Jamming (specific frequency)

Blocker tags (Anticollision process)

Let’s play your imagination…

Finally, all kind of threat is based on:

Tag Activation and/or Eveasdropping


RFID attacks scenarios

Examples of achievable distances

Tag activation

HF (15693): around 4 meters (1/d3 law for H field)

HF (14443): around 1 meter

UHF: around 25 meters (1/d2 law for EM field)

Eavesdropping

HF: around 40 meters

UHF: more than 100 meters

Remember that attackers don’t care about RF regulations


RFID attacks





– Identifiers

– Data

• Attacks


• Conclusion

29

Agenda

The recently published European Standard (EN 16571) enumerates more than 40 possible countermeasures to reduce different risks.

Some are part of standardized solutions other are proprietary

Protection of data using a password

Reader shall give the right password to access data on the tag

You can add security timeout and/or limit the number of unsuccessful attempts

Permanent or temporary read lock protection

Reader cannot access part of tag’s memory (protection of passwords or cryptographic keys)


RFID countermeasures

Permanent or temporary write lock protection

Reader cannot modify / erase part of tag’s memory

Data protection using the unique chip id

Reader has to know the unique chip ID to access data or communicate with the tag. This is even harder when TID is serialized.

Active Jamming

This protects the tags that one holds from a potential unauthorized activation issuing an EM field to jam the signal. This process could be illegal because it can damage the contactless systems that are close when using high power (denial of service)



Distance bounding protocols

Algorithm which defines a maximum response time. If tag’s answer to reader request is too long, the reader shall stop the communication suspecting a relay attack

Note that this is the only known way to mitigate relay attack

Use of a Faraday cage

Tags are placed in a Faraday cage that does not let external electromagnetic waves supply the tags. This protects the tags from skimming (unauthorized tag activation).

Note: this is possible for personal ID cards in a wallet but much more difficult to implement for UHF Item tags.



Switch

A switch is placed between the antenna and the chip. This prevent the tag to be skimmed.

Note: Think about the place it would take… This is possible for personal ID cards only. How can you know if the switch is on or off?

Use of a Faraday cage

Tags are placed in a Faraday cage that does not let external electromagnetic waves supply the tags. This protects the tags from skimming (unauthorized tag activation).

Note: this is possible for personal ID cards in a wallet but much more difficult to implement for UHF Item tags.



Blocker tag

This tag emulates and backscatters several different UID to the reader. This creates never ending collisions so that the reader is unable to inventory the population of surrounding tags. This prevents from accessing tag’s memory and ID.

Kill function

UHF tags can be killed by authorized readers. A kill password prevents unauthorized reader to kill every tags out there…

Once in the killed state, the tag does not answer to any request. It’s dead

Note: this is an alternative to physical tag removal.



The recently published EPC C1G2 V2 (ISO/IEC 18000-63) standards

propose new set of protection features !

Untraceability

This feature allows to hide portions of tag’s memory.

The serialized part of the EPC code could be hidden (not backscattered by the tag) but still remain in the memory so that authorized readers can access it.

Reduced read range

Using internal switch (remotely controlled by an authorized reader), the tag backscatters less signal. This prevents from long range tag activation and data access.



Cryptography

UHF tags may use different crypto suites (symmetric or asymmetric):

to encrypt communications

for tag, reader or mutual authentication

Cryptographic suites are under development in ISO SC31 committee.

Note: 10 different crypto suites will be available but only few of them will be implemented in RFID UHF chips.

Note: together with classical crypto commands, the CHALLENGE command will allow to authenticate a complete population of tags very quickly.



37Copyright CNRFID

Risk evaluation

Questions:

Identification of the threats and associated vulnerabilities

What would be the extent of the damage if the vulnerability was exploited

Is the attack easy to reproduce? (in lab, in real life)

How many users will be affected?

What are the skills required by the attacker?

How does it cost to implement the attack, what is the benefit for the attacker?

What are the possible countermeasures?

How does it cost to implement them?

Chose a metric and evaluate the risk

ISO 27005, Ebios,…

One word on Privacy

Privacy is closely linked to data security but is a broader question

European Recommendation May 2009« implementation of the principles of respect of privacy and data

protection in applications based on RFID »

Title « Data Protection »: not only Personal Data

Definitions & Scope All RFID technologies (NFC, contactless smart cards) All kind of applications … except govermental ones (Passport, ID) Focus on retail (direct link between companies and consumers)

One word on Privacy

40Copyright CNRFID

One word on Privacy

If you do not systematically deactivate the tags please undertake a Privacy Impact Assessment (PIA)

New European Standard (EN 16571) on

Identification of privacy asset and valuation

what kind of personal data

where is it stored (tag, application)

Identification of the threats and associated vulnerabilities

Identification of countermeasures

Evaluation of residual risk

Metric is based on ISO 27005

Conclusion

Distinction has to be made between HF ISO 14443 based RFID application and others (ISO 15693 and UHF protocols)

ISO 14443 based applications are proximity systems (few centimeters).

ISO 14443 product is not secured in itself but:

Can support high level secured commands

Complex OS with security features can be embedded in the chip

RFID for item identification is a weak technology but:

Data in the tag has low value

Important data could be stored in a secure data base only accessible after authentication

New features that protect both tag ID and data will be available in the near future

Thank you for your attention


http://www.centrenational-rfd.com/

[1] PARET Dominique – RFID en ultra et super hautes fréquences UHF-SHF, Théorie et mise en oeuvre. Dunod (2008).

[2] COMBES Paul – Micro-Ondes 2, circuits passifs, propagation, antennes. Dunod (1997).

[3] PARET Dominique – Identification radiofréquence et carte à puce sans contact, description. Dunod (2001).

[4] FINKENZELLER Klaus – RFID Handbook, Radio-Frequency Identification Fundamentals and Applications. Wiley (1999).

[5] BOWICK Chris – RF Circuit Design. Newnes (1982).

[6] de DIEULEVEULT François – Electronique appliqué aux hautes fréquences. Dunod (1999).

[7] VIZMULLER Peter – RF Design Guide, systems, circuits and equations. Artech House (1995).

[8] VENTRE Dominique – Communications analogiques. Ellipses (1998).

[9] ZHANG Yan, YANG Laurence, CHEN Jiming – RFID and Sensor Networks. CRC Press (2010)

[10] BELLANGER Maurice – Traitement numérique du signal - Théorie et pratique. Dunod (2006).

[11] GREEN R.B. – The general theory of antenna scattering. OSU report 1223-17 (1963)

[12] SCHNEIDER R.K. – A re-look at antenna in-band RCSR via load mismatching. IEEE Antennas and Propagation Society

International Symposium, vol.2, pp 1398-1401 (1996)

[13] DOBKIN Daniel – The RF in RFID, Passive UHF RFID in practice. Newnes (2008)

[14] TETELIN Claude - Systèmes et techniques RFID. Techniques de l’ingénieur E1470

Bibliography

RFID & Security: an overview of threats and possible ...lauren_m/WEB-ActionSSO/2014-SSO... RFID &...

Documents

Transcript of RFID & Security: an overview of threats and possible ...lauren_m/WEB-ActionSSO/2014-SSO... RFID &...