370 likes | 396 Views
EPC RFID Tag Security Weaknesses and Defenses: Passport Cards, Enhanced Drivers Licenses, and Beyond. Presented by Xian Wu. UNIVERSITY OF SOUTH CAROLINA. Department of Computer Science and Engineering. Outline. RFID EPC RFID Tag Passport Cards & Enhanced Drivers Licenses
E N D
EPC RFID Tag Security Weaknesses and Defenses: Passport Cards, Enhanced Drivers Licenses, and Beyond Presented by Xian Wu UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
Outline RFID EPC RFID Tag Passport Cards & Enhanced Drivers Licenses Vulnerability Analysis Experiment Defensive Techniques Conclusion Related Work UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
RFID Radio-frequency identification Definition RFID system contains: tag, reader, back-end server Tag contains two parts: integrated circuit & antenna Use Variety of applications( track good, access management, track people/pet) UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
EPC RFID Tag Electronic Product Tag A creation of the MIT Auto-ID Center Stored on a RFID(silicon chip & antenna) tag The EPC is a unique number that is used to identify a specific item in the supply chain Gen 1 tags and Gen 2 tags EPC Global Inc. Support the development and implementation of EPC Define Tag Data Standard UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
Passport Card & EDLs Passport Card Alternative to the traditional passport Only valid for land and sea travel, not for air travel Design to meet the requirements of WHTI Enhanced Drivers License Have the features of conventional divers license As with the Passport Card, an EDL is valid for land and sea entry to the US UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
Tag Identifier of EPC Definition A tag-specific serial number Maybe factory programmed and locked Provide anti-cloning Two classes of TIDs E0h: manufacture ID and a 48-bit serial number E2h: manufacture ID and model ID UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
TID on Pass card & EDLs TID reported by Passport Card E2 00 34 11 FF B8 00 00 00 02 E2h-class Alien Higgs tag Alien-specific configuration value: FF B8 00 00 00 02 TID reported by Washington EDL E2 00 10 50 E2h-class Impinj Monza chip UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
No confer anti-counterfeiting • Cloned both Pass card and EDL • Identical EPC & TID values on the clone tag • Inferred the lock state and duplicate it • Unavoidable: as DNS is public service for all Explanation: DHS learned the existence of tag-unique TIDs too late for incorporation into those cards Vulnerability UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
Tag-specific TID • Only prevent simple copying of one EPC to another • Can’t prevent the emulation of an EPC to a radio device • Add new mechanism to the original structure Emulator for Gen-2 EPC • OpenPCD, RFID Guardian • Just a matter of time similar tools emerges in Gen-2 EPC • Inter WISP for Gen-2 EPC available Vulnerability UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
Only read-protected pieces of memory on the card • KILL PIN on Pass card • ACCESS PIN on both • simplicity Verified: • Entire EPC memory bank & TID memory bank are readable • Impinj Monza chip doesn’t have a user memory bank • Alien Higgs-2 chip only use user memory bank when KILL & ACCESS PIN are not used. Memory Bank T. Deegan et. Al (2005) UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
Unprogrammed & unlocked on Washington EDLs Can directly write this 32-bit KILL PIN Can kill a cloned EDL with a identical Gen-2 tag KILL-PIN Selection V. Pappas et. al. (2007) UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
Cloning • Obtained one Pass card & 2 EDLs in 2008 • Publicly readable data can be copied directly after a single read • Cloning only apply to a tag’s publicly readable data Experiment UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
Readability • No adversarial study of read capabilities • Read range is a major determinant of vulnerability US Department of State offers Radio-opaque sleeve as a protection, however it is uncertain the bearers will consistently use the sleeve. Experiment UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
The range of Gen-2 tag is tens of feet Can vary as • Material to which tag is affixed • Configuration of the interrogating reader • Tag’s antenna • Physical characteristics of ambient environment Experiment UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
Antenna inside a EDL UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
Antenna inside a Pass card UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
Physical Environment • Indoor, freestanding with object nearby • Indoor, in a corridor, no object nearby • Outdoor freespace, Experiment Environment UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
Ways of Carrying the Card • Held away from body • Inside a purse, both inside a wallet and inside pocket • In a back pocket • In a wallet in a front shorts pocket • Adjacent to a wallet in a front shorts pocket Experiment Environment UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
Sleeves Situation • New sleeve, held out by hand • Crumpled sleeve, held out by hand • New sleeve, in a wallet in a back trousers pocket • Crumpled sleeve, in a wallet back trousers pocket Used Secure Sleeves from Identity Stonghold. All shielded experiments were performed in the lab Experiment Environment UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
Impinj Speedway R1000 reader with a Cushcraft S9028PCL circularly polarized antenna • Effective radiated power of the antenna was 36dBm • Center of the antenna was 88 cm off the ground • Cards were placed directly in front of the antenna • Held up to 5 seconds Experiment UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
Maximum Read Range unshielded UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
Maximum read range shielded UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
KILL command • The KILL command: an EPC feature designed to protect consumer privacy by allowing tags to be disable at the point of sale in retail environment. • KILL is implemented in all Gen-2 EPC tags. • When tag receives a KILL command with a 32-bit KILL PIN, the tag becomes permanently inoperative. • Low-power session: a reader transmits the KILL command with power sufficient for the tag to response but not to disable itself. Side-effect: Tag will indicate the correctness or incorrectness of the PIN. Defensive Techniques UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
Co-opting KILL for tag authentication • Construct an invalid PIN P’kill and transmit the pair (P&P’) • A valid tag will recognize the valid one and reject the invalid • An invalid tag can response correctly at most 1/2 • By transmitting N-1 invalid P’kill and 1 valid Pkill, the probability to detect an invalid tag is 1-1/N Challenge of KBA • Too much power the tag will be killed • Too little the tag can’t response Defensive Techniques UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
The ACCESS command • ACCESS command: Secret data can only be read use this command with a 32-bit PIN Paccess . • The KILL PIN is one of this kind of secret data Co-opting ACCESS for tag authentication • Authenticate the tag by checking D • One-time-challenge-response • ABA should not significantly impact read range Defensive Techniques UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
Advantages and Limitations • ACCESS is an optional command, tags might not support it • It is possible to deploy the ABA and KBA independently. • An entity knows Pkill can authenticate the tag but can’t perform cloning, more privilege with knowing of Paccess • None of them resists eavesdropping • None of them need modification to existing EPC • Without carefully implementing, KBA may kill the cars. Defensive Techniques UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
Simple power-ramping • A reader ramps up power until it receives a response • Ramps up the reader’s power from 15dBm to 30dBm (0.25dB increment) • Transmitting a KILL command at each power level • After receiving a reply, the power level fixed. • Then send N KILL commands, N-1 bogus PIN and 1 valid • Tested this algorithm with tag placed from 40cm-200cm, 10cm increment, and set N=10, repeated the algorithm 10 times at each distance. • All experiments were performed in the lab Extensions to KBA UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
Extensions to KBA UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
Five steps: • Determine min reader power level PW RR required to read tag • Determine min reader power level PW RW required to write tag • Verify the min margin PW Rw -PW RR >=μ (min parameter) • Scale the reader’s power level within the range PW RW +δ(PW Rw -PW RR ), for δ∈[0,1]5 • Ensure the power doesn’t allow to write itself. • Step 2 and 5 require writing to the tag, we can temporarily overwrite part of the tag’s value (not work on permalocked read-only) Scale KBA UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
μ = 2dBm δ=1/4 • Increment reader power from 15dBm to 30dBm (increment 0.25dB) • N=10, distance from 10-200cm, in 10 cm • Executed the algorithm 100 times with each distance Scale KBA UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
Scale KBA UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
Conclusion Radio-layer cloning is a straight forward matter The authors’ work on cloning and anti-cloning can extend to other EPC deployment. Pharmaceutical Industry USFDA UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
Related Work Attacks on EPC Class 1 Gen 2 standard - Privacy Concern - Replay Attack - DoS Attack - Impersonation Attack - Forward Secrecy Concern - DATA Integrity Concern UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
Authentication Protocol Two Phases Protocol Initialization Phase Authentication Phase - Reader → Tag - Tag → Reader - Reader → Back-end server - Back-end server → Reader - Reader → Tag This protocol can resist against replay, impersonation, DATA forgery, DoS attacks and provides forward secrecy and untraceability. Analysis and Improvement of the securing RFID systems conforming to EPC Class 1 Generation 2 standard, Amin Mohammadali, Zahra Ahmadian, and Mohammad Reza Aref UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering
Authentication Protocol Two Phases Protocol Registration Phase 5 Steps Communication Phase This protocol is been proved insecure. - Impersonate both readers and tags - Untraceability is not guaranteed - Vulnerable to DoS attack Cryptanalysis of an EPC Class-1 Generation-2 Standard Compliant Authentication Protocol, Pedro Peris-Lopez, Julio C. Hernandez-Castro, Juan M. E. Tapiador, JanC.A. van der Lubbe UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering