Security Issues in RFID systems. By Nikhil Nemade Krishna C Konda

Similar documents
Radio Frequency Identification (RFID)

Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, Developed by: Smart Card Alliance Identity Council

RFID Penetration Tests when the truth is stranger than fiction

RFID Security. April 10, Martin Dam Pedersen Department of Mathematics and Computer Science University Of Southern Denmark

CHAPTER 1 Introduction 1

RFID BASED VEHICLE TRACKING SYSTEM

RFID Security: Threats, solutions and open challenges

RFID Design Principles

RFID Security and Privacy. Simson L. Garfinkel, Ph.D. Center for Research on Computation and Society Harvard University October 5, 2005

Security Issues in RFID. Kai Wang Research Institute of Information Technology, Tsinghua University, Beijing, China

RFID Basics HEGRO Belgium nv - Assesteenweg Ternat Tel.: +32 (0)2/ Fax : +32 (0)2/ info@hegrobelgium.

RFID TECHNOLOGY: A PARADIGM SHIFT IN BUSINESS PROCESSES. Alp ÜSTÜNDAĞ. Istanbul Technical University Industrial Engineering Department

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 1. Network Security. Canada France Meeting on Security, Dec 06-08

RFID Design Principles

How To Understand The Power Of An Freddi Tag (Rfid) System

Enabling the secure use of RFID

RFID SECURITY. February The Government of the Hong Kong Special Administrative Region

Data Protection Technical Guidance Radio Frequency Identification

Strengthen RFID Tags Security Using New Data Structure

Various Attacks and their Countermeasure on all Layers of RFID System

Using RFID Techniques for a Universal Identification Device

Automated Identification Technologies

On the Security of RFID

WHITE PAPER. ABCs of RFID

Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars

RFID Technical Tutorial

RF Attendance System Framework for Faculties of Higher Education

Security in Near Field Communication (NFC)

Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars

RFID Technology, Security Vulnerabilities, and Countermeasures

Tackling Security and Privacy Issues in Radio Frequency Identification Devices

Security in RFID Networks and Protocols

How To Attack A Key Card With A Keycard With A Car Key (For A Car)

Radio Frequency Identification (RFID) An Overview

Security and Privacy of RFID Systems. Claude Castelluccia

Security and privacy in RFID

The Study on RFID Security Method for Entrance Guard System

Feature. Security and Privacy Trade-offs in RFID Use. Operational Zone RFID Tag. RFID Reader

Privacy and Security in library RFID Issues, Practices and Architecture

A Survey of RFID Deployment and Security Issues

RFID Tags. Prasanna Kulkarni Motorola. ILT Workshop Smart Labels USA February 21, 2008

Atmel Innovative Silicon RFID IDIC Solutions

An Overview of RFID Security and Privacy threats

tags Figure D-1 Components of a Passive RFID System

A Study on the Security of RFID with Enhancing Privacy Protection

Last update: February 23, 2004

Design And Implementation Of Bank Locker Security System Based On Fingerprint Sensing Circuit And RFID Reader

An Introduction to RFID Information Security and Privacy Concerns. Björn Johansson

ASSET TRACKING USING RFID SRAVANI.P(07241A12A7) DEEPTHI.B(07241A1262) SRUTHI.B(07241A12A3)

50 ways to break RFID privacy

RF ID Security and Privacy

If you are interested in Radio Frequency Identification technology, then this is the best investment that you can make today!

An Overview of Approaches to Privacy Protection in RFID

Gemalto Mifare 1K Datasheet

RFID Applications: An Introductory and Exploratory Study

Security Challenges for User-Oriented RFID Applications within the Internet of Things

WHAT IS RFID & HOW WILL IT IMPACT MY BUSINESS?

The Drug Quality & Security Act

a GAO GAO INFORMATON SECURITY Radio Frequency Identification Technology in the Federal Government Report to Congressional Requesters

Ambient Intelligence WS 08/09 V8: RFID. Prof. Dr.-Ing. José L. Encarnação

An Introductory and Elementary Study on RFID & Its Applications

What standards ISO/CEI ISO/CEI EPC class 1 gen 2. RFID standards. ISO14443,ISO15693 and EPCGlobal. Mate SoosINRIA.

Radio Frequency Identification (RFID) Vs Barcodes

Manufacturing Control Systems {SCADA} Vulnerability and RFID Technologies

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

SATO RFID White Paper

Programming an RFID reader for getting data from different semi-passive sensor tags

FINAL DoIT v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

Secure Web Application Coding Team Introductory Meeting December 1, :00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda

EL 25,1. Received 21 December 2005 Revised 31 March 2006 Accepted 7 April 2006

The Marriage of Passive and Active Technologies in Healthcare. Authors: Dr. Erick C. Jones, Angela Garza, Gowthaman Anatakrishnan, and Jaikrit Kandari

Using RFID for Supply Chain Management

Secure Active RFID Tag System

RESEARCH SURVEY ON MIFARE WITH RFID TECHNOLOGY

Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study

New Attacks against RFID-Systems. Lukas Grunwald DN-Systems GmbH Germany

EPCglobal RFID standards & regulations. Henri Barthel OECD Paris, 5 October 2005

The Place of Emerging RFID Technology in National Security and Development

WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

The Top Web Application Attacks: Are you vulnerable?

Development of a wireless home anti theft asset management system. Project Proposal. P.D. Ehlers Study leader: Mr. D.V.

RFID: Technology and Applications

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

Modern Multipurpose Security Management System

Transcription:

Security Issues in RFID systems By Nikhil Nemade Krishna C Konda

Agenda Introduction to an RFID System Possible Application Areas Need for Security Vulnerabilities of an RFID system Security Measures currently employed

Auto ID systems Broad classification of the Auto-ID systems OCR Fingerprint ID What is Automatic Identification Bar Code Auto ID Biometric ID A host of technologies that help machines identify objects Voice ID Coupled with automatic data capture Smart Cards RFID Increase efficiency, reduce data entry errors, and free up staff

Introduction to RFID Technology Acronym for Radio Frequency Identification Enables automatic identification (unique) of physical objects through radio interface

RFiD Systems Three main components: Tags, or transponders, carry identifying data. Readers, or transceivers, read or write tag data. Back-end databases associate records with tag data collected by readers.

RFiD Systems cont. Every object to be identified in an RFID system is physically labeled with a tag. Tags consist of a microchip attached to an antenna. Readers query tags via radio signals and the tags respond with identifying information.

RFiD Systems cont. Illustration of a passive RFiD System

RFiD Tags The RFiD Tags can be classified on the following basis Active / passive LF / HF / UHF / micro Read-only / read-write State-machine / CPU n-bit / 1-bit

RFiD Tags cont. They are classified as Passive Tags All power comes from a reader s signal Tags are inactive unless a reader activates them Cheaper and smaller, but shorter range Semi-passive tags These have battery power for the circuitry so can function in absence of a reader Communication is through the power that comes from the reader s signal Active tags On-board battery power Can record sensor readings or perform calculations in the absence of a reader Longer read range but costly

RFiD Tags cont. Characteristics Passive RFID tag Active RFID tag Power Source Provided by a reader Inbuilt Availability of power Within the field of reader Continuous Signal Strength (Reader to Tag) High Low Signal Strength (Tag to Reader) Low High Communication range < 3meters >100 meters Tag reads < 20 moving tags @ 3mph in few seconds >1000 moving tags @ 100mph in 1 sec Memory 128 bytes 128 Kbytes Applicability in supply chain Applicable where tagged items movement is constrained Applicable where tagged items movement is variable and unconstrained

RFiD Tags cont. RFiD tags can take various forms depending on the applications they are used for

RFiD Tags cont. Power classification of RFiD tags Range Class LF HF UHF Frequency Range 120-140 MHz 13.56 MHz 868-956 MHz Maximum Range? 3 meters 3 meters 10 meters Typical Range 10-20 centimeters 10-20 centimeters 3 meters

RFiD Readers Queries for tags by sending out radio waves Can be handheld or stationary They are composed of Transmitter Receiver Antenna Microprocessor Memory Controller or Firmware Communication channels Power

RFiD Readers cont. Readers are different for different frequencies Inductive Coupling Backscatter Coupling

RFiD Readers cont. Modulation The characteristics of radio waves are changed to encode data and transmit Techniques employed depend on power consumption, reliability and bandwidth ASK, PSK, FSK Encoding chosen from the many available techniques (NRZ, Manchester etc) based on the protocol employed by the reader to read the tags Anti-collision protocols Tag anti-collision Aloha/Slotted Aloha Deterministic binary tree walking Query tree walking Reader anti-collision TDM FDM

RFiD Readers cont. The shape and size of the readers again depend on the application they are used for

RFiD Frequency Range Frequency Band < 135 KHz 6.765 6.795 MHz 7.4 8.8 MHz 13.553 13.567 MHz 26.957 27. 283 MHz 433 MHz 868 870 MHz 902 928 MHz 2.4 2.483 GHz 5.725 5.875 GHz Description Low frequency HF HF HF HF UHF UHF UHF SHF SHF

RFiD Applications Healthcare Access control Logistics / Supply chain Shopping Travel passport Traffic Fast-lane and E-Z pass

RFiD Applications cont. Hypertag (advertisement) read info like movie that are playing, ads, info regarding an item on sale etc using mobile etc Payment systems Mobil Speedpass Animal tracking RFiD appliances refrigrator, closet etc Automobile immobilizers anti theft devices

Need for security Current RFID systems unsafe No authentication No friend/foe distinction No access control Rogue reader can link to tag Rogue tag can mess up reader No encryption Eavesdropping possible (esp. reader)

Need for security cont. So far none of the RFiD protocols have been standardized closely guarded secrets, but susceptible to reverse engineering The first attempt at standardization is the Electronic Product Code (EPC) by EPCGlobal public knowledge, so can easily broken into

EPC Standard There is a 96-bit tag that is used to identify the tags. It consists of Header EPC manager (identifies the company) Product code (identifies the product) Serial (uniquely identifies the product) The 96-bit tag is to be extended to 128-bits, later to be extendable to 256-bits

EPC Standard cont. EPCglobal Network consists of five component Electronic Product Code (EPC) number ID system (tags and readers) EPC middleware Discovery Service (ONS) Information service

EPC Standard cont. EPC Class Class 0 Class 1 Class 2 Class 3 Class 4 Class 5 Definition Read-only tags Write-once, read-many passive tags Rewriteable passive tags Semi-passive tags Active tags Readers Programming Semiconductor manufacturing Personalization Many times (65 KB read-write) Many times (65 KB read-write) Many times Communicates with other class tags and devices

EPC Standard cont. The following protocols are available Generation 1 Class 0 and Class 1 protocol Read only Class 0, write-once Class 1 Both use different air protocols to communicate can not communicate with each other and different readers are required to talk to them Generation 1 Class 2 protocol Includes write-many can respond to both air protocols Generation 2 protocol Common air protocol across all classes of tags Orthogonal to Gen1 co-exists but not backward compatible

The privacy problem Malicious readers, good tags Wig model #4456 (cheap polyester) Replacement hip medical part #459382 Das Kapital and Communistparty handbook 30 items of clothing 1500 Euros in wallet Serial numbers: 597387,389473

The authentication problem Good readers, malicious tags Counterfeit! Replacement hip medical part #459382 Mad-cow hamburger lunch Counterfeit! 1500 Euros in wallet Serial numbers: 597387,389473

Threats in RFiD Systems Privacy Spoofing Data Integrity of Tags Denial of Service Corporate Espionage Physical attacks Weak Implementations

Threats cont. - Examples An attacker blackmails an individual for having certain merchandise in their possession A thief could create a duplicate tag with the same EPC number and return a forged item for an unauthorized refund An attacker blackmails an individual for having certain merchandise in their possession A bomb in a restaurant explodes when there are five or more individual of a particular nation with RFID-enabled passports detected

Threats cont. - Examples Falsely implicate someone in a crime by cloning that person s RFiD tags at a reader near to the crime location An attacker modifies a high-priced item s EPC number to be the EPC number of a lower cost item An attacker adds additional tags in a shipment that makes the shipment appear to contain more items than it actually does An attacker exchanges a high-priced item s tag with a lower-priced item s tag

Tree-walk protocol for scanning

Ubiquitous scanning Anti-collision scheme Reader Tag Eavesdropper Backward Channel Range (~5m) Forward Channel Range (~100m)

Tag privacy protection approaches Deactivation Public-key protocol User intervention Blocker tags Metal shielding Silent tree-walking One-time identifiers

Tag Authenticity - approaches Track and trace Challenge-response Static authentication Static authentication with public-key protocol Pseudonym tag with mutual authentication

Shared key authentication GET_CHALLENGE Random A Reader Key = K Token 1 Tag Key = K Token 2

Derived key authentication GET_ID ID Number ID number Reader Key = K M Key K X GET_CHALLENGE Random A Token 1 Token 2 Tag Key = K M Key K X

Data Encryption in RFiD systems Stream ciphers like the one below are used in RFiD

Reader and Database Security Standard security protocols Basically, good distributed database / Web services security

RFiD based exploits Buffer overflows Code Insertion SQL injection Based on the above, RFiD based worms and viruses can be developed by exploiting the middleware in various ways

RFiD based exploits cont. SQL Injection - if the middleware does not treat the data read from the tag correctly, it may be possible to trick the database into executing SQL code that is stored on the tag. Normally, the tag's data should not be interpreted as code, but programming errors in the middleware may make it possible. Many middleware systems use web-based components, for example to provide a user-interface, or to query databases in different parts of the world. These web-based components may also be vulnerable to attacks. The browser could be redirected to a malicious site. The code that ties the RFID reader interface to the middleware is likely to be written in a low-level language such as C or C++. Any code written in such a language may be vulnerable to buffer overflows

RFiD based exploits cont. Viruses / worms are written as SQL quines into the tags this helps replicate the viruses / worms These worms download the actual malicious code from the internet Web-based components may also be susceptible. Server-side includes may allow shell commands to be executed, which can be abused to download and execute the worm in the same way.

RFiD based exploits cont. Protection against the above outlined attacks is achieved by Client-side scripting can be prevented by properly escaping data inserted into HTML pages If the scripting language is not required, disabling it will avoid any chance of it being abused SSI injection can also by avoided using proper escaping Buffer overflows can be prevented by properly checking buffer bounds

References Simson Garfinkel, Beth Rosenberg, RFID Applications, Security and Privacy, Addison- Wesley Klaus Finkenzeller, RFID Handbook, Wiley, Second Edition www.rfidvirus.org www.epcglobal.org www.rsasecurity.com Gopher search

Thank You!

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information