1 / 19

Group 3 Rob Lee-Own Vincent Lin Max Sobell Scott Velivis

Group 3 Rob Lee-Own Vincent Lin Max Sobell Scott Velivis. Technical Advisor Bruce McNair December 7, 2010. Radio Frequency Identification. RFID Allows a small exchange of data wirelessly Operates on multiple frequency bands 125kHz, 13.56 MHz, 900 MHz Common Uses Credit Cards

vanig
Download Presentation

Group 3 Rob Lee-Own Vincent Lin Max Sobell Scott Velivis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Group 3 Rob Lee-Own Vincent Lin Max Sobell Scott Velivis Technical Advisor Bruce McNair December 7, 2010

  2. Radio Frequency Identification • RFID • Allows a small exchange of data wirelessly • Operates on multiple frequency bands • 125kHz, 13.56 MHz, 900 MHz • Common Uses • Credit Cards • EZ Pass • Passports • Zipcar

  3. Design Requirements • Any user of RFID should have: • the right to know when an RFID tag on his or her person is being interrogated • the option to block his or her tag’s response to the interrogation

  4. RFID Threat Model Threat Structure Vulnerabilities/Safeguards Additional Controls

  5. RFID Threat Model RFID/Proprietary protocol vs TCP/HTTP: Transport protocol No built in security; similar challenges Encryption (HTTP: SSL, NFC: PKI/secure channel) Validation (HTTP: CAs, NFC: hardware verification on reader) Just a channel on which to send data!

  6. Threat Structure Assets - Personal Information – CCs, passport - Authentication - office building access Perpetrators - Anyone with a laptop and reader Threats - Jamming, Tracking, Replay

  7. Vulnerabilities/Safeguards RFID stack in software Security by obscurity - Attacker learns frequency and protocol Unencrypted signal/content Malicious reader

  8. Additional Controls Encrypt data Physical safeguards Faraday cage Microwave tags Or

  9. Constant Blocking • Exploits the “Complete Reset” command of the 13.56 MHz protocol (Auto-ID Center).

  10. Smart Blocking • Exploits ‘ACK’ in slotted ALOHA (Slotted Terminating Adaptive Collection Protocol)

  11. Detection • Our device is battery constrained • Cannot block constantly • Blocking is power hungry • Reading an RFID does not take a lot of time • <1ms • How can you detect an RFID Interrogator? • Need to know how RFID works

  12. Inductive Coupling • Similar to how a transformer works • The change in current determines rate of change of magnetic flux • Replace a traditional antenna with coils of wire

  13. Modulation • Amplitude Shift Keying (ASK) • Vary the amplitude at discrete levels • Frequency Shift Keying (FSK) • Vary the Frequency by discrete amounts • Phase Jitter Modulation (PJM) • Vary phase by small amounts • 99% of energy is unmodulated carrier

  14. Detection Method • Look for an RFID interrogator in the frequency domain • Almost all activity on the 13.56MHz band is RFID communication • Once energy is detected above the noise floor of the frequency band the blocking routine will begin

  15. Development Tools • Proxmark 3 • Snoops on interrogator-tag communications • Performs detailed analysis • Emulates an interrogator • Emulates a tag

  16. Development Tools • Universal Software Radio Peripheral • 8 MHz instantaneous RF bandwidth • “Full duplex” with the right daughter boards • Open source GNU Radio

  17. Budget • Laptop Computer $1000 • USRP $700 • LFRX $75 • LFTX $75 • Antenna $30 • Proxmark 3 $400 • HF Antenna $60 • RFID Tag Bundle (x2) $24 • Shipping (est.) $100 • Total $2464

  18. Schedule / Goals • Proof of Concept • Interrogator-tag communications characterized • Constant Blocking • All interrogations detected and blocked • Smart Blocking • All interrogations blocked reactive to detection

  19. Special Thanks! • Bruce McNair • Eric Andersen • Dominick Lagana • Kevin Tiu • Joe Martin

More Related