1 / 37

Presented by Xian Wu

EPC RFID Tag Security Weaknesses and Defenses: Passport Cards, Enhanced Drivers Licenses, and Beyond. Presented by Xian Wu. UNIVERSITY OF SOUTH CAROLINA. Department of Computer Science and Engineering. Outline. RFID EPC RFID Tag Passport Cards & Enhanced Drivers Licenses

taylorp
Download Presentation

Presented by Xian Wu

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EPC RFID Tag Security Weaknesses and Defenses: Passport Cards, Enhanced Drivers Licenses, and Beyond Presented by Xian Wu UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

  2. Outline RFID EPC RFID Tag Passport Cards & Enhanced Drivers Licenses Vulnerability Analysis Experiment Defensive Techniques Conclusion Related Work UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

  3. RFID Radio-frequency identification Definition RFID system contains: tag, reader, back-end server Tag contains two parts: integrated circuit & antenna Use Variety of applications( track good, access management, track people/pet) UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

  4. EPC RFID Tag Electronic Product Tag A creation of the MIT Auto-ID Center Stored on a RFID(silicon chip & antenna) tag The EPC is a unique number that is used to identify a specific item in the supply chain Gen 1 tags and Gen 2 tags EPC Global Inc. Support the development and implementation of EPC Define Tag Data Standard UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

  5. Passport Card & EDLs Passport Card Alternative to the traditional passport Only valid for land and sea travel, not for air travel Design to meet the requirements of WHTI Enhanced Drivers License Have the features of conventional divers license As with the Passport Card, an EDL is valid for land and sea entry to the US UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

  6. Tag Identifier of EPC Definition A tag-specific serial number Maybe factory programmed and locked Provide anti-cloning Two classes of TIDs E0h: manufacture ID and a 48-bit serial number E2h: manufacture ID and model ID UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

  7. TID on Pass card & EDLs TID reported by Passport Card E2 00 34 11 FF B8 00 00 00 02 E2h-class Alien Higgs tag Alien-specific configuration value: FF B8 00 00 00 02 TID reported by Washington EDL E2 00 10 50 E2h-class Impinj Monza chip UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

  8. No confer anti-counterfeiting • Cloned both Pass card and EDL • Identical EPC & TID values on the clone tag • Inferred the lock state and duplicate it • Unavoidable: as DNS is public service for all Explanation: DHS learned the existence of tag-unique TIDs too late for incorporation into those cards Vulnerability UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

  9. Tag-specific TID • Only prevent simple copying of one EPC to another • Can’t prevent the emulation of an EPC to a radio device • Add new mechanism to the original structure Emulator for Gen-2 EPC • OpenPCD, RFID Guardian • Just a matter of time similar tools emerges in Gen-2 EPC • Inter WISP for Gen-2 EPC available Vulnerability UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

  10. Only read-protected pieces of memory on the card • KILL PIN on Pass card • ACCESS PIN on both • simplicity Verified: • Entire EPC memory bank & TID memory bank are readable • Impinj Monza chip doesn’t have a user memory bank • Alien Higgs-2 chip only use user memory bank when KILL & ACCESS PIN are not used. Memory Bank T. Deegan et. Al (2005) UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

  11. Unprogrammed & unlocked on Washington EDLs Can directly write this 32-bit KILL PIN Can kill a cloned EDL with a identical Gen-2 tag KILL-PIN Selection V. Pappas et. al. (2007) UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

  12. Cloning • Obtained one Pass card & 2 EDLs in 2008 • Publicly readable data can be copied directly after a single read • Cloning only apply to a tag’s publicly readable data Experiment UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

  13. Readability • No adversarial study of read capabilities • Read range is a major determinant of vulnerability US Department of State offers Radio-opaque sleeve as a protection, however it is uncertain the bearers will consistently use the sleeve. Experiment UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

  14. The range of Gen-2 tag is tens of feet Can vary as • Material to which tag is affixed • Configuration of the interrogating reader • Tag’s antenna • Physical characteristics of ambient environment Experiment UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

  15. Antenna inside a EDL UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

  16. Antenna inside a Pass card UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

  17. Physical Environment • Indoor, freestanding with object nearby • Indoor, in a corridor, no object nearby • Outdoor freespace, Experiment Environment UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

  18. Ways of Carrying the Card • Held away from body • Inside a purse, both inside a wallet and inside pocket • In a back pocket • In a wallet in a front shorts pocket • Adjacent to a wallet in a front shorts pocket Experiment Environment UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

  19. Sleeves Situation • New sleeve, held out by hand • Crumpled sleeve, held out by hand • New sleeve, in a wallet in a back trousers pocket • Crumpled sleeve, in a wallet back trousers pocket Used Secure Sleeves from Identity Stonghold. All shielded experiments were performed in the lab Experiment Environment UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

  20. UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

  21. UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

  22. Impinj Speedway R1000 reader with a Cushcraft S9028PCL circularly polarized antenna • Effective radiated power of the antenna was 36dBm • Center of the antenna was 88 cm off the ground • Cards were placed directly in front of the antenna • Held up to 5 seconds Experiment UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

  23. Maximum Read Range unshielded UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

  24. Maximum read range shielded UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

  25. KILL command • The KILL command: an EPC feature designed to protect consumer privacy by allowing tags to be disable at the point of sale in retail environment. • KILL is implemented in all Gen-2 EPC tags. • When tag receives a KILL command with a 32-bit KILL PIN, the tag becomes permanently inoperative. • Low-power session: a reader transmits the KILL command with power sufficient for the tag to response but not to disable itself. Side-effect: Tag will indicate the correctness or incorrectness of the PIN. Defensive Techniques UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

  26. Co-opting KILL for tag authentication • Construct an invalid PIN P’kill and transmit the pair (P&P’) • A valid tag will recognize the valid one and reject the invalid • An invalid tag can response correctly at most 1/2 • By transmitting N-1 invalid P’kill and 1 valid Pkill, the probability to detect an invalid tag is 1-1/N Challenge of KBA • Too much power the tag will be killed • Too little the tag can’t response Defensive Techniques UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

  27. The ACCESS command • ACCESS command: Secret data can only be read use this command with a 32-bit PIN Paccess . • The KILL PIN is one of this kind of secret data Co-opting ACCESS for tag authentication • Authenticate the tag by checking D • One-time-challenge-response • ABA should not significantly impact read range Defensive Techniques UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

  28. Advantages and Limitations • ACCESS is an optional command, tags might not support it • It is possible to deploy the ABA and KBA independently. • An entity knows Pkill can authenticate the tag but can’t perform cloning, more privilege with knowing of Paccess • None of them resists eavesdropping • None of them need modification to existing EPC • Without carefully implementing, KBA may kill the cars. Defensive Techniques UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

  29. Simple power-ramping • A reader ramps up power until it receives a response • Ramps up the reader’s power from 15dBm to 30dBm (0.25dB increment) • Transmitting a KILL command at each power level • After receiving a reply, the power level fixed. • Then send N KILL commands, N-1 bogus PIN and 1 valid • Tested this algorithm with tag placed from 40cm-200cm, 10cm increment, and set N=10, repeated the algorithm 10 times at each distance. • All experiments were performed in the lab Extensions to KBA UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

  30. Extensions to KBA UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

  31. Five steps: • Determine min reader power level PW RR required to read tag • Determine min reader power level PW RW required to write tag • Verify the min margin PW Rw -PW RR >=μ (min parameter) • Scale the reader’s power level within the range PW RW +δ(PW Rw -PW RR ), for δ∈[0,1]5 • Ensure the power doesn’t allow to write itself. • Step 2 and 5 require writing to the tag, we can temporarily overwrite part of the tag’s value (not work on permalocked read-only) Scale KBA UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

  32. μ = 2dBm δ=1/4 • Increment reader power from 15dBm to 30dBm (increment 0.25dB) • N=10, distance from 10-200cm, in 10 cm • Executed the algorithm 100 times with each distance Scale KBA UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

  33. Scale KBA UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

  34. Conclusion Radio-layer cloning is a straight forward matter The authors’ work on cloning and anti-cloning can extend to other EPC deployment. Pharmaceutical Industry USFDA UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

  35. Related Work Attacks on EPC Class 1 Gen 2 standard - Privacy Concern - Replay Attack - DoS Attack - Impersonation Attack - Forward Secrecy Concern - DATA Integrity Concern UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

  36. Authentication Protocol Two Phases Protocol Initialization Phase Authentication Phase - Reader → Tag - Tag → Reader - Reader → Back-end server - Back-end server → Reader - Reader → Tag This protocol can resist against replay, impersonation, DATA forgery, DoS attacks and provides forward secrecy and untraceability. Analysis and Improvement of the securing RFID systems conforming to EPC Class 1 Generation 2 standard, Amin Mohammadali, Zahra Ahmadian, and Mohammad Reza Aref UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

  37. Authentication Protocol Two Phases Protocol Registration Phase 5 Steps Communication Phase This protocol is been proved insecure. - Impersonate both readers and tags - Untraceability is not guaranteed - Vulnerable to DoS attack Cryptanalysis of an EPC Class-1 Generation-2 Standard Compliant Authentication Protocol, Pedro Peris-Lopez, Julio C. Hernandez-Castro, Juan M. E. Tapiador, JanC.A. van der Lubbe UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering

More Related