470 likes | 639 Views
RFID: What’s in our pockets anyway?. Martin Hlaváč and Tomáš Rosa Department of Algebra, MFF UK in Prague PPF banka a.s. and eBanka, a.s. Agenda. Technology and platform overview LF and HF bands interface Security case studies Unique ID transponders MIFARE phenomenon e-Passport
E N D
RFID: What’s in our pockets anyway? Martin Hlaváč and Tomáš Rosa Department of Algebra, MFF UK in Prague PPF banka a.s. and eBanka, a.s.
Agenda • Technology and platform overview • LF and HF bands interface • Security case studies • Unique ID transponders • MIFARE phenomenon • e-Passport • Payment cards
Passive RF Chips Overview • Contact-less chips radio-classification • LF range chips (100 to 150 kHz) • HF range vicinity cards (13.56 MHz) • HF range proximity cards (13.56 MHz) • UHF range chips (800 MHz and higher) • Huge variety of designs • Cards, keychains, stickers, implants, … • RFID – Radio Frequency Identification • Viewed as a specific application of RF chips
LF and HF Band Physical Layer • Employs the behavior of so-called near field of the transmitter • Classical wave not fully formed, yet • Magnetic component takes care of the energy transport • Arrangement „terminal antenna – chip antenna“ can be seen as a high frequency transformer
Feeding the Transponder • Typical magnetic field antennas set-up V = V0cos(t) [7]
Talking with the Transponder transponder RFID terminal RFID internal network transponder field terminal field
When the Distance Matters • Attacking techniques and ranges for HF band according to ISO 14443
Active Attacks Reviewed • It is practically feasible to feed up a typical LF/HF chip at a distance of order of meters • The problem is, however, to hear the transponder’s response • Increasing terminal’s field can significantly decrease the SNR – Signal to Noise Ratio • Possible way for “write-only” attacks…
Contactless Smartcard • Important sub-class of RFID transponders • Function-wise and security-wise in par with classical (contact) smartcards • Platform – proximity card (13.56 MHz)
ISO 14443 • Standardizes proximity cards • Usual operational distance 10 cm • Sub-groups A, B • Differ in communication protocol details (modulation, coding, frames, semantics) • Transport platform for contactless smartcards
ISO 7816 • Describes • contact card communication interface • contact(-less) card application protocol • Effort to unify the view of a smartcard regardless the communication interface • Combination of ISO 14443 (communication) and ISO 7816 (application commands) • From the point of view of ISO 7816 there is a new communication protocol identified with T = CL (Contact-Less) • Aplication platform of contact(-less) smartcards
Contact or Contactless • Hierarchy of standards for contact and contact-less smartcards
Unique ID Transponders • Popular in access protection to buildings, offices, garages, etc. • Examples: EM4x02, HID Isoprox II, Indala, etc. • LF Band • Serial memory with several dozens bits • Sends repeatedly its identifier when in terminal’s field • No cryptographic protection • Security almost non-existing in many cases
LF Band Skimmer – Terminal Mode Transmitter Receiver Digital part
LF Band Skimmer – Emulator Mode Load modulator Carrier sensing Digital part
MIFARE • Memory cards with cryptographic authentication and protected radio communication • Capacity 1 KB or 4 KB • Memory (1 KB) divided into 4-block sectors: • 3 data blocks • 1 sector trailer block • Block length is 16 B • Compatible with ISO 14443-A • Uses proprietary commands set instead of ISO 7816, however
MIFARE - Authentication • Three-way authentication with key agreement (idea similar to e-passport) • Two 48b access keys KA, KB can be defined independently for each sector • Implicitly: • Philips KA = A0 A1 A2 A3 A4 A5 • Philips KB = B0 B1 B2 B3 B4 B4 • Infineon KA = KB = FF FF … FF
MIFARE - Encryption • Stream cipher Crypto1 • Proprietary design • Available as special purpose circuit for terminals (e.g. MF RC531) • Closely related to authentication • Main key 48 b, ephemeral key length unpublished • Authentication parameters (via MF RC531 service): block address, card serial number, main key
MIFARE – What Can Go Wrong? • Property access control based solely on card’s serial number • MIFARE degenerated to an ID card with a simple LF type chip • Cloning possible if serial number is known • Can be “heard” from dozens of meters away, even if it is primarily sent by the card (see the anticollision routine of ISO 14443-A)
MIFARE UID Theft Illustrated No card Card inspection (many times)
MIFARE – Bad News • Chaos Communication Congress 2007 • Crypto1 reverse engineered. • Brute force attack on authentication key • Possible in 50 minutes with 64 FPGAs (Xilinx Virtex-5 LX50) • Other weaknesses are being analyzed in detail • Public information is incomplete. Once fully published, MIFARE considered obsolete (broken).
MIFARE - DESFire • Successor of classic MIFARE • Employs 3DES instead of Crypto1 • Recently, AES algorithm available, as well • Besides proprietary commands, ISO 7816 compatible • Closed application interface with overloaded cryptographic scheme • Potential risk – weaknesses in API
Electronic Passport • Equipped with a contact-less smartcard chip • Compatible with ISO 14443 and ISO 7816 • Application code: A0 00 00 02 47 10 01 • Data files • DG1 to DG15: related to the travel document (DG1 – copy of machine readable zone (MRZ), DG2 – photo of the face, DG15 public key for active authentication) • EF.COM, EF.SOD, EF.DIR: service data
Security Mechanisms • Required by ICAO • Passiveauthentication – digital signature of all data files DG1, …, DG15 • Required in EU members • BAC – basic access control to data files and selected functions (e.g. active authentication) • Optional • Active authentication – challenge-response authentication of the chip (e.g. used in Czech Republic, not in Germany)
Apparent Weaknesses of ICAO e-Passport • Detectability of passport presence • Markers: presence of application A0 00 00 02 47 10 01, BAC protocol support, etc. • Brute force attack on BAC • Apparently low main password entropy • Listening to terminal is sufficient • Partial weaknesses of BAC and SM • Detectability of passport with known password (MRZ) • SM does not protect the command headers and status error answers
Relay Attack on Active Authentication • Passport asks to extend the answer time to 4949 ms. • If not acknowledged or if shorter time acknowledged, passport terminated the communication in our experiments • Presumably, terminals on country borders have to accept 5s delay • Passport responded within 1s during the experiments • Remaining 4 s can be used to relay the challenge from the counterfeit to real passport and send back the response
Attack Illustration terminal fakepassport faketerminal passport RF channel 1 channel 2 RF channel 3 initialization initialization file reading AA challenge challenge relay AA challenge S(WTX) S(WTX) AA response response relay AA response
Side Channels • SCH is any unwanted information exchange between the cryptographic module and its surroundings • Physical principles of passive RF chips greatly facilitate existence of many SCH • Electromagnetic field is a primary concern
RSA: Square-and-Multiply • Input: integersx, d, N • 0 x < N • 2k-1 d < 2k, for some integer k • d = dk-12k-1 + … + d12 + d0 • Output: xd mod N • Computation: • z x • for i = k – 2 to 0 • z z2 mod N • if di = 1 then z z*x mod N • return z Square Multiply
FAME-XE Exposure in the Field S M S M S M S M S M S Measurements by doc. Lórencz’s team, KP FEL ČVUT in Prague, april 2007
Lessons Learned for Payment Cards • Differences in the communication interface physical layer request revision of classical assumptions • Holder’s “conscious card presentation” is not as conscious any more • Unprotected data and functions are exposed to many more attackers • Paper envelope protects well against the visible light, not the HF range, however • Side channel attacks are a bigger concern • etc. …
Hypothetical Construction: RFID-EMV • Payment cards conquering USA employ non-public schemes • Compatibility with EMV chip card standard was not experimentally observed, yet • Research disclosed many weaknesses [5] • Hopefully, it’s only a transition state • To illustrate, let’s assume a hypothetical platform RFID-EMV as a migration of current contact card to contact-less
HypotheticalRisks RFID-EMV I • Relay attack on the whole transaction • Client might unconsciously pay attacker’s bill in a restaurant • Eavesdropping on sensitive data • Acquire PIN transmitted insecurely during VERIFY operation • Terminal signal readable at distance of tens of meters
HypotheticalRisks RFID-EMV II • Reading sensitive data • Unprotected data can be read without client’s knowledge (subway attack) • Blocking card • Entering wrong PIN too many times • ATC overflow • etc.
Conclusion • Contact-less chip technology reveals new possible services to clients • Can’t hide from this phenomenon • Meanwhile, new attack strategies emerges not taken into account with “contact” chips • Straightforward migration of “contact” applications to contact-less is not advisable
Thank you for your attention … Martin Hlaváč Department of Algebra MFF UK, PPF banka, a.s. hlavm1am@artax.karlin.mff.cuni.cz Tomáš Rosa eBanka, a.s. Department of Algebra MFF UK, trosa@ebanka.cz
References • ČSN ISO/IEC 14443-1..4 • ČSN ISO/IEC 7816-3, 4 • Development of a Logical Data Structure – LDS for Optional Capacity Expansion Technologies, ICAO, ver. 1.7, 2004 • Hancke, G.: A Practical Relay Attack on ISO 14443 Proximity Cards, IEEE Symposium on Security and Privacy 2006 • Heydt-Benjamin, T.-S., Bailey, D.-V., Fu, K., Juels, A., and O'Hare, T.: Vulnerabilities in First-Generation RFID-Enabled Credit Cards, In Proc. of Eleventh International Conference on Financial Cryptography and Data Security, Lowlands, Scarborough, Trinidad/Tobago, February 2007 • Kirschenbaum, I., Wool, A.: How to Build a Low-Cost, Extended-Range RFID Skimmer, USENIX 2006 • Lee, Y.: Antenna Circuit Design for RFID Applications, AN 710, Microchip Tech. Inc., 2003 • Lórencz, R., Buček, J. a Zahradnický, T.: osobní komunikace, 2007 • MIFARE DESFire MF3 IC D40, Preliminary Short Form Specification v. 2.0, Philips Semiconductors, September 2003 • MIFARE MF1 IC S50, Rev 5.1, Philips Semiconductors, May 2005 • Nohl, K, and Plötz, H.: MIFARE – Little Security, Despite Obscurity, 24th Chaos Communication Congress, 2007, http://events.ccc.de/congress/2007/Fahrplan/events/2378.en.html • PKI for Machine Readable Travel Documents offering ICC Read-Only Access, IACO, ver. 1.1, 2004 • Rašek, L.: Elektronické pasy – jak fungují, kopie internetových stránek z roku 2006 • SmartMX – P5CD072 Secure Dual Interface PKI Smart Card Controller, Short Form Specification v. 1.2, Philips Semiconductors, October 2004 • Šiková, M.: Biometrie v osobních dokladech – cestovní doklady s biometrickými údaji, Konference CARDS, Praha 13. září 2006