Security and Privacy of RFID Systems. Claude Castelluccia

Security and Privacy of RFID Systems Claude Castelluccia

What is RFID? Radio-Frequency Identification Tag Antenna Chip Holds a small amount of unique data a serial number or other unique attribute of the item The data can be read from a distance no contact or even line of sight necessary 2

RFID Adhesive Labels 4 cm 3

How does RFID work? 02.3DFEX4.78AF51 EasyToll card #816 Radio signal (contactless) Range: from 3-5 inches to 3 yards Tags (transponders) Attached to objects, call out their (unique) name and/or static data on a special radio frequency Reader (transceiver) Reads data off the tags without direct contact Database Matches tag IDs to physical objects 4

Tag Power Source Passive: All power comes from a reader s interrogation signal. Tag s are inactive unless a reader activates them. Passive powering is the cheapest, but shortest range. Semi-Passive: Tags have an on-board power source (battery). Cannot initiate communications, but can be sensors. Longer read range, more cost for battery. Active: On-board power and can initiate communications. 5

Operating Frequencies NEAR Field FAR Field 6

Main commercial application Barcode RFID Fast, automated scanning (object doesn t have to leave pocket, shelf or container) Line-of-sight reading Reader must be looking at the barcode Static Data No cryptographic operations possible Specifies object type E.g., I am a pack of Juicy Fruit Reading by radio contact Reader can be anywhere within range Write Capabilities Products carry updated info as they move through the supply chain Specifies unique object id E.g., I am a pack of Juicy Fruit #86715-A Can look up this object in the database 7

Modern RFID Applications Supply-Chain Management Inventory Control Logistics Retail Check-Out Access Control: Access Cards. Payment Systems: Mobil SpeedPass. Medical Records: Pet tracking chips. 8

Other applications of RFID Automobile immobilizers Payment devices Currency? 9

Other applications of RFID Tracking cattle Not Really Mad Passports 10

Other applications of RFID Medical compliance RFID readers in mobile handsets Showtimes: 16.00, 19.00 11

RFID devices take many forms 12

RFID really denotes a spectrum of devices Basic smart label Toll payment token Automobile ignition key Mobile phone 13

RFID technologies vary widely Computation 3DES, RSA sym.-key crypto ISO 14443 E-passports, ID cards US$5 ISO 15693 Library books US$0.50 no crypto EPC WalMart US$0.20 10cm 1m Intended read range 3m 14

Read range? normal malicious reader reader (10cm / 3m) (50cm / 15m) eavesdrop on tag (???) eavesdrop on reader 15 (50m /???)

Functionality Classes 16

Security Risks: Espionage Corporate Espionage: Identify Valuable Items to Steal Monitor Changes in Inventory Personal Privacy Leaking of personal information (prescriptions, brand of underwear, etc.). Location privacy: Tracking the physical location of individuals by their RFID tags. 17

Espionage Case Study The US Food and Drug Administration (FDA) recently recommended tagging prescription drugs with RFID pedigrees. Problems: I m a barbiturate. Steal me. Privacy issues 18

Asymmetric Channels Reader Tag Eavesdropper Backward Channel Range (~5m) Forward Channel Range (~100m) 19

Security Risks: Forgery RFID casino chips, Mobil SpeedPass, EZ-Pass, FasTrak, prox cards, 500 banknotes, designer clothing. Skimming: Read your tag, make my own. Swapping: Replace real tags with decoys. Producing a basic RFID device is simple. 20

Security Risks: Sabotage If we can t eavesdrop or forge valid tags, can simply attack the RFID infrastructure. Wiping out inventory data. Vandalization. Interrupting supply chains. 21

Security Challenge Resources, resources, resources. EPC tags ~ 5 cents. 1000 gates ~ 1 cent. Main security challenges come from resource constraints. Gate count, memory, storage, power, time, bandwidth, performance, die space, and physical size are all tightly constrained. Pervasiveness also makes security hard. 22

A brief history: (d)evolution TIME 23

Capabilities of an average (passive) tag Little memory Static 64-to-128-bit identifier in current ultra-cheap generation Little computational power A few thousand gates Static keys for read/write permission Not enough resources to support public- or symmetrickey cryptography Cannot support modular arithmetic (RSA, DSS), elliptic curves, DES, AES; Hash functions barely feasible Recent progress on putting AES on RFID tag 24

Example Tag Specification 25

RFID ACCESS CONTROL MECHANISMS 26

RFID access control mechanism: Hash Locks Rivest, Weis, Sarma, Engels (2003). Access control mechanism: Authenticates readers to tags. Only requires OW hash function on tag. Lock tags with a one-way hash output. Unlock tags with the hash pre-image. Old idea, new application. 27

Hash Lock Access Control Reader metaid hash(key) Store (key,metaid) Who metaid are you? key metaid Tag Store metaid metaid = hash(key)? Hi, my name is.. Querying Unlocking Locking a locked a a tag tag tag 28

Hash Lock Analysis + Cheap to implement on tags: A hash function and storage for metaid. + Security based on hardness of hash. + Hash output has nice random properties. + Low key look-up overhead. - Tags respond predictably; allows tracking+replay. Motivates randomization. 29

Randomized Hash Lock Reader Knows tag ID 1,, ID n Search hash(r, ID i ) Query? R,hash(R, ID k ) Tag: ID k Select random R ID k Unlocking a tag 30

Randomized Hash Lock Analysis + Implementation requires hash and random number generator Low-cost PRNG. Physical randomness. + Randomized response prevents tracking. - Inefficient brute force key look-up. 31

Human-like authentication for extremely cheap RFID tags A. Juels and S. Weis, Crypto 05 RFID tags are a little like people Very limited memory for numbers Very limited ability for arithmetic computation 32

Hopper-Blum (HB) Identification Protocol Human 33

Hopper-Blum (HB) Identification Protocol Human Challenge A Response f(x,a) Secret X Secret X 34

Hopper-Blum (HB) Identification Protocol Human Challenge A R = (X A) + N η Secret X modular dot product Secret X Noise with constant probability η <1/2 35

HB Protocol Example, mod 10 (0, 4, 7) R = 5 7 X = (3,2,1) X = (3,2,1) 36

HB Protocol Example round, mod 2 (0, 1, 1) R = 1 0 X = (1,0,1) X = (1,0,1) 37

Learning Parity in the presence of Noise (LPN) Given multiple rounds of protocol, find X Given q challenge-response pairs (A 1,R 1 ) (A q,r q ),, find X such that R i = X A i on at most q instances, for constant > 0 Binary values Note that noise is critical else, Gaussian elimination can be used to compute X LPN is NP-hard even within approx. of 2 Theoretical and empirical evidence of average-case hardness Poly. adversarial advantage in HB protocol LPN 38

HB Protocol C R X X Problem: Not secure against active adversaries! Malicious reader can supply non-random C-s 39

HB + Protocol C X,Y D R = (D Y) + (C X) + Nη X,Y 40

HB + Protocol C X,Y R = (D Y) + (C X) + Nη X,Y Intuition: Looks just like HB protocol, except tag outputs C 41

HB + Protocol C X,Y D R = (D Y) + (C X) + Nη X,Y Intuition: Looks just like HB protocol, except tag outputs C Tag initiates passive HB protocol to conceal value (D Y) of active challenge-response protocol 42

See paper for details: Paper elaborates on security reduction from HB + to LPN Implementation of algorithm seems very practical just linear number of ANDs and XORs and a little noise! Looks like EPC might be amenable, but BUT: Not clear how C is generated? PRNG? Requires q protocol rounds Each round: 3 (or is it 4?) messages 43

The PRIVACY Problem 44

The privacy problem Mr. Jones in 2015 Bad readers, good tags Wig model #4456 (cheap polyester) Replacement hip medical part #459382 Das Kapital and Communistparty handbook 30 items of lingerie 1500 Euros in wallet Serial numbers: 597387,389473 45

The authentication problem Mr. Jones in 2015 Counterfeit! Good readers, bad tags Replacement hip medical part #459382 Mad-cow hamburger lunch Counterfeit! 1500 Euros in wallet Serial numbers: 597387,389473 46

Blocking Unwanted Scanning FARADAY CAGE Container made of foil or metal mesh, impenetrable by radio signals of certain frequencies Invitation to Shoplifters Maybe works for a wallet, but huge hassle in general locomotion difficult 47

Blocking Unwanted Scanning (Contd.) KILL tag after purchase Special command permanently de-activates tag after the product is purchased RFID tags are much too useful in live state Disables many futuristic applications. 48

Blocker Tags Juels, Rivest, Szydlo (2003). Consumer Privacy Protecting Device: Hides your tag data from strangers. Users carry a blocker tag device. Blocker tag injects itself into the tag s anti-collision protocol. Effectively spoofs non-existent tags. 49

Blocking Unwanted Scanning (Contd.) The BLOCKER TAG Blocker simulates all (billions of) possible tag serial numbers!! 1,2,3,, 2023 pairs of sneakers and (reading fails) 50

How does blocker tag work? When the reader sends a signal, more than one RFID tag may respond: this is a collision Reader cannot accurately read information from more than one tag at a time Example: every tagged item in a supermarket cart responds to the cashier s RFID reader Tree-walking protocol for identifying tags recursively asks question: What is your next bit? It starts with the first bit and ask what is your next bit? If one tag replies 0 and the other replies 1 There is a collision! The reader then fixes a bit, let s say 0, and asks again what is your next bit.. and so on! 51

Tree Walking: Example prefix=0 prefix=1 1. Prefix= empty Collision! 1a. Prefix=0 1b. Prefix=1 No collision No collision prefix=00 prefix=01 2. Prefix=00 No collision 2. Prefix=11 Collision! prefix=10 prefix=11 3. ID=001 Talk to tag 001 3a. ID=110 Talk to tag 110 3b. ID=111 Talk to tag 111 000 001 010 011 100 101 110 111 Next=1 Next=1 Next=0 Next=1 Next=0 Next=0 Next=1 Next=1 Next=1 52

Blocker tag Blocker tag always says both 0 and 1! Guarantees collision no matter what tags are present To talk to a tag, reader must traverse every tree path With 128-bit IDs, reader must try 2 128 values infeasible! To prevent illegitimate blocking, make blocker tag selective (block only certain ID ranges) E.g., blocker tag blocks all IDs with first bit=1 Items on supermarket shelves have first bit=0 Can t block tags on unpurchased items (antishoplifting) After purchase, flip first bit on the tag from 0 to 1 53

Blocker Tag: Example prefix=0 prefix=1 1. Prefix= empty Collision! 1a. Prefix=0 1b. Prefix=1 collision! Collision! prefix=00 prefix=01 2. Prefix=00 Collision! 2. Prefix=11 Collision! prefix=10 prefix=11 3. ID=001 Talk to tag 001 3a. ID=110 Talk to tag 110 No collision 3b. ID=111 Talk to tag 111 000 001 010 011 100 101 110 111 Next=1 Next=1 Next=0 Next=1 Next=0 Next=0 Next=1 Next=1 Next=1 Next=0 Next=1 All tags ID are possible! Reader can t know which one are real! 54

Another idea: Pseudonym rotation Set of pseudonyms known only by trusted verifier Pseudonyms stored on tag Limited storage means at most, e.g., 10 pseudonyms Tag cycles through pseudonyms 74AB8 MMW91 =? 55

Protection against Eavesdropping Eavesdropping (passive attacks) can be prevented by encrypting the data between the tag and the reader But this requires establishing a key and current key exchange solutions are too expensive for current RFID tags Very little memory Static 96-bit+ identifier in current ultra-cheap tags Hundreds of bits soon Little computational power Several thousand gates (mostly for basic functionality) limited cryptographic functions possible (hash?) Pricing pressure may keep it this way for a while Our Contribution: We propose a key exchange protocol that does not require any computation 56

Basic Idea: How to send a secret without computing Based on an idea proposed by Bell Labs few decades ago A and B want to share a secret key A sends some random signal on the channel B sends simultaneously the secret on the channel A removes the noise and retrieve the secret An eavesdropper, Eve, only sees noise and cannot retrieve the key 57

Assuming random access to the channel (CSMA) A B Eve s view A susbtracts His signal And retrieve key 58

Application to RFID We define the concept of noisy tag: a regular tag that is in the reader environment and generates noise The noisy tag is fixed and shares a key with the reader The noisy tag reply is generated from the key and can be computed by the reader i.e. reply = hash(key, nonce) When the reader queries the tag it get 2 bits back: One from the noisy tag that it can compute and cancels out One from the tag that is the secret bit Eve sees 2 bits and does not know which bit was sent by the tag!!! This only works if the 2 bits are different If the bits are the same, the round must be ignored An n-bit long key can be exchange be executing, on average, 2.n rounds. 59

Bit-based Scheme key Reader Noisy Tag Tag 60

Nonce Reader Noisy Tag Tag 61

hash(key,nonce)=xxxx1 Reader Noisy Tag Tag 62

1 Reader Noisy Tag hash(key,nonce)=xxxx1 The noisy tag replies 1 The secret bit is 0! 0 Tag Did Tag send 1 or 0?? 63

Some Remarks This solution assumes that Eve cannot differentiate frames sent by the tag from the frames sent by the noisy tag By talking with RFID hardware experts, this looks like a reasonable assumption The popular RSA tag blocker uses the same assumption. The confusion can be increased by using several noisy tags instead of a single one! The noisy tags reply with a code (k-bits), generated from its secret key, instead of one bit to increase robustness The tag replies with a random k-bits code The reader computes all the codes it expects from each of the noisy tags and retrieves the tag code The secret bit is derived from the tag code (the last bit for example) 64

Security Assuming that: The bits sent by noisy tags are uniformly distributed The bits sent by tags are uniformly distributed The adversary is not able to determine (with a prob. Larger than ½) the source of a signal => Our scheme is perfectly secure Multiple noisy tags can be used for assumption #3 65

Security (2) In our scheme, the key is established opportunistically The reader is not authenticated Protection only against eavesdroppers This is still ok for many applications (e.g. e-passport) - Active adversaries have to be pretty close - Active adversaries can easily be detected by the environment since they emit signals (the tag environment can be physically secured) - In contrast, Eavesdroppers can be pretty far.and are by nature more difficult to detect 66

Relay Attacks. 67

Relay Attack Door access control- Does authentication help? Who are you? generates a signature with its private_key Claude Hi, I am C.Castelluccia prove it, N B sign A {N B, B} INRIA verifies A s signature using A s public_key and open the door! M INRIA Claude verifies A s signature using A s public_key and open the door! Authentication does not help! 68

Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars Aurélien Francillon, Boris Danev, Srdjan Čapkun Department of Computer Science ETH Zurich August, 2010

Car Keys Active keys Need to be close (<100m) and press a button to open the car. Physical key to start the car. Passive Keyless Entry and Go Need to be close (<2m) and the car opens. Need to be in the car to start the car. No need for human action! Passive Keyless Entry and Go System: The key is in the pocket and when the user is near, the car opens When the key is in the car, the car can be started by pressing an ignition button) Implemented by all major car manufacturers

Example Key 433 MHz Antenna? TI TMS 37126* 130 khz passive RFID 433MHz radio + MCU 130KHz antenna/coil 71

Passive Keyless Entry and Start Sketch of the Protocol: short range (<2m), active tag Challenge (LF, 120-135 KHz) If the correct key is authenticated, open the door. Reply (UHF, 315-433 MHz) long range (<100m)

Passive Keyless Entry and Start Sketch of the Protocol: short range (<2m), active tag Challenge (LF, 120-135 KHz) If the correct key is authenticated, open the door. Reply (UHF, 315-433 MHz) long range (<100m) Main ideas behind this solution: Key authentication by cryptographic means (c-r protocol) LF Communication implies physical proximity => The system is vulnerable to relay attacks!

Our Attack: Relay Attack on PKES Wired Relay Attacker 1 Attacker 2 Tested up to 60 M, amplifier optional

Our Attack: Relay Attack on PKES Physical Layer Wireless Relay Cost: 100-1500$ 30 cm Attacker 1 Attacker 2 2-8 m

Our Attack: Relay Attack on PKES Physical Layer Wireless Relay

Protocols We tested 10 models, 10 different protocols, We did not dig the details there Some weak cryptography has been already extensively studied (keeloq, TI DST ) Some appear to use longer messages? Strong crypto? Unsurprisingly none are resistant to relay attacks

Snapshot of Results

Measuring maximum delay? How much delay is accepted by the car? Gives the maximum distance achievable on a physical relay Is it possible to do a relay at a higher level? No straight forward solution to relay signals with a configurable delay Default Gnu Radio min delay => 15 ms We modified the original Gnu Radio FPGA Configure delay from 5µs to 10ms by buffering samples on the device itself Samples not sent to the computer

Measuring maximum delay? Results: 35 µs is still 10 Km

Implications Relay attack in a parking lot One antenna near the elevator While the car owner waits the elevator the attacker opens the car Keys left in kitchen while car parked close to home put an antenna close to the kitchen window Tested in practice

Additional insights When started the car can be driven away without maintaining relay No trace of entry/start Can be combined with other attacks [see Oakland 2010] Legal/insurance issues

Countermeasures Protection mechanisms: Shield the key (immediate) Remove the battery key (immediate) Build a new system (e.g., based on distance bounding) see e.g. Realization of RF Distance Bounding (UsenixSecurity10) db More info: Aurelien Francillon, Boris Danev, Srdjan Capkun Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars NDSS 2011

Conclusions RFID tags will be everywhere (passport, clothes, cars, papers, pens, people ) This will create severe privacy issues Very active research area! 84

Some papers/technology reviews January-March 2006 (Vol. 5, No. 1) issue of Two papers to read : An Introduction to RFID Technology by R. Want, Intel research RFID Security and Privacy: A Research Survey by Ari Juels, RSA Laboratories 85

To learn more: Limited Bibliography: crypto.csail.mit.edu/~sweis/rfid Primers and current RFID news: www.rfidjournal.com RSA Labs RFID Web site: www.rsasecurity.com/go/rfid www.rfid-security.com JHU/RSA RFID Web site: www.rfidanalysis.org David Wagner s Web site: www.cs.berkeley.edu/~daw/papers 86

The Digital Signature Transponder (DST) A. Juels, S. Bono, M. Green, A. Stubblefield, A. Rubin, and M. Szydlo USENIX Security 05 I m tag #123 f 40-bit challenge C 24-bit response R = f K (C) Car #123 (simplified) Helps secure tens of millions of automobiles Philips claims more than 90% reduction in car theft thanks to RFID! (TI did at one point.) 87 Also used in millions of payment transponders

The Digital Signature Transponder (DST) I m tag #123 f 40-bit challenge C 24-bit response R = f K (C) Car #123 (simplified) The key K is only 40 bits in length! 88

The Digital Signature Transponder (DST) I m tag #123 f 40-bit challenge C 24-bit response R = f K (C) Car #123 (simplified) Goal: Demonstrate security vulnerability by cloning real DST keys 89

The Digital Signature Transponder (DST) I m tag #123 f 40-bit challenge C 24-bit response R = f K (C) f Car #123 (simplified) The key K is only 40 bits in length! But what is the cryptographic function f? 90

Black-box cryptanalysis key K C f? R = f K (C) Programmable DST 91

The full cloning process 1. Skimming 2. Key cracking 3. Simulation 92

The full cloning process Step 1: Skimming Obtain responses r 1,r 2 to two challenges, c 1, c 2 ( 1/4 93 second)

The full cloning process Step 2: Key cracking C Find secret key k such that r 1 =f k (c 1 ) and r 2 = f k (c 2 ) (30 mins. on 16-way parallel cracker) 94

The full cloning process Step 3: Simulation Simulate radio protocols with computation of f k 95