Timo Kasper Crete, Greece May 10, 2007 An Embedded System for Practical Security Analysis of Contactless Smartcards Timo Kasper, Dario Carluccio and Christof.

Slides:



Advertisements
Similar presentations
PROF. MAULIK PATEL CED, GPERI Mobile Computing Gujarat Power Engineering and Research Institute 1 Prepared By: Prof. Maulik Patel Mobile Technologies.
Advertisements

NFC Security What is NFC? NFC Possible Security Attacks. NFC Security Attacks Countermeasures. Conclusion. References.
NFC Devices: Security and Privacy
Overview of new technologies Jørgen Bach Andersen, Aalborg University, Denmark Sven Kuhn, Rasmus Krigslund, Troels B. Sørensen.
Yossef Oren, Dvir Schirman, and Avishai Wool: Tel Aviv University ESORICS 2013.
Security for RFID Department of Information Management, ChaoYang University of Technology. Speaker : Che-Hao Chen ( 陳哲豪 ) Date:2006/01/18.
1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06.
Lesson Title: Threats to and by an RFID system Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.
1 Part II: Data Transmission The basics of media, signals, bits, carriers, and modems Fall 2005 Qutaibah Malluhi Computer Science and Engineering Qatar.
RFID Technology RFID stands for radio frequency identification. This technology allows transmission of data between a transponder and a reader on a contactless.
Contactless RF Payments Delivering Merchant and Consumer Benefits Trevor Pavey Texas Instruments.
RFID Technologies Master seminar : Tangible User Interfaces Bruno Dumas – DIVA Group University of Fribourg
RFID in Mobile Commerce and Security Concerns Chassica Braynen April 25, 2007.
Abstract Radio-frequency identification (RFID) is an emerging technology, which promises to advance the modern industrial practices in object identification.
How to Build a Low-Cost, Extended-Range RFID Skimmer Ilan Kirschenbaum & Avishai Wool 15 th Usenix Security Symposium,2006 Kishore Padma Raju.
Physical-layer Identification of RFID Devices Authors: Boris Danev, Thomas S. Heyde-Benjamin, and Srdjan Capkun Presented by Zhitao Yang 1.
Overview of RFID System Characteristics Operating Frequency Method of Coupling Transmission Range Data Storage Capacity Power Supply (Active, Passive)
RFID Radio frequency identification,or RFID,is an Auto-ID technology that uses radio waves to identify a physical object. Tags ReaderAntenna.
Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses Zac Chupka Jeff Signore.
Radio Frequency Identification (RFID) Features and Functionality of RFID Including application specific ISO specifications Presented by: Chris Lavin Sarah.
Chip tag A radio-frequency identification system uses tags readers send a signal to the tag and read its response RFID tags can be either passive active.
Smart Cards. ISO/IEC Basic Overview Clock Frequency: MHz Load Frequency: kHz Modulation Card:AM/NRZ Modulation Reader:BPSK Data Rate:106.
IWD2243 Wireless & Mobile Security
Regulations, Standards and Protocols. RFID systems are Radio Systems The function of other radio systems must not be disrupted Restriction on the range.
RFID and Wine Alfio Grasso Deputy Director Auto-ID Lab, ADELAIDE.
Presented by: Arpit Jain Guided by: Prof. D.B. Phatak.
Radio Frequency Identification By Bhagyesh Lodha Vinit Mahedia Vishnu Saran Mitesh Bhawsar.
Panagiotis Rizomiliotis and Stefanos Gritzalis Dept. of Information and Communication Systems Engineering University of the Aegean, Greece GHB#: A Provably.
NFC - Near Field Communication Technology
NEAR FIELD COMMUNICATION. WHAT IS NFC??? NFC or Near Field Communication is a short range high frequency wireless communication technology. A radio communication.
RFID Payment Terminal Presented by: Rohit Kale. Introduction RFID: an automatic identification method, relying on storing and remotely retrieving data.
Smart card security Nora Dabbous Security Technologies Department.
Radio-frequency identification (RFID) is an automatic identification method, relying on storing and remotely retrieving data using devices called RFID.
RF-ID Overview What is RFID? Components. Block diagram & Working. Frequency Ranges. EPC Code. Advantages & Disadvantages. Applications.
Near Field Communication Systems Patras, July 2006.
Week #6: Discussion results NFC technology and its components Group #33 Group member: Tianhao Han Ximeng Sun(Susie) Xing Cao(Star) Zhuoran Yang.
Ignite Presentation: Near Field Communication Harry Yang.
Submitted By: A.Anjaneyulu INTRODUCTION Near Field Communication (NFC) is based on a short-range wireless connectivity, designed for.
RFID: Radio Frequency Identification Amanda Di Maso Shreya Patel Tresit Tarko.
Modulation and Data Transfer February 21, References gy-Article.asp?ArtNum=2
How to Build a Low-Cost, Extended-Range RFID Skimmer Ilan Kirschenbaum & Avishai Wool 15 th Usenix Security Symposium, 2006 * Presented by Justin Miller.
PPT_HF_AFI ©Contrinex JDC PPT_HF_ISO15693 ISO/IEC standard J.-D. Chatelain.
Security in Near Field Communication Strengths and Weaknesses
Qinghan Xiao, Cam Boulet and Thomas Gibbons Second International Conference on Availability, Reliability and Security, 2007 Speaker : 黃韋綸 RFID Security.
Mobile Technology Last Mile Problem Solved 1. Mobile Web’s Potential Mobile Tech 2011 The Future is Now 2.
Wireless Networks Standards and Protocols & x Standards and x refers to a family of specifications developed by the IEEE for.
Radio Frequency Identification (RFID)
New Methods for Cost-Effective Side- Channel Attacks on Cryptographic RFIDs Chair for Embedded Security Ruhr University Bochum David Oswald Timo Kasper.
IDENTITY NUMBERS BY A.M.VILLAVAN M.TECH(COS). RFID Acronymn: Radio Frequency Identification Device RFID is a technology, whose origins are found in the.
Strategic Innovation Management Prof. Marc Gruber January 27, 2011.
Umm… What does this anagram mean ???. N EAR F IELD C OMMUNICATION (NFC)
I’m back ! Had a nice Holiday? I’m back ! Had a nice Holiday? Today we are talking PROXIMITY TECHNOLOGY Today we are talking PROXIMITY TECHNOLOGY.
COMPARISON I CODE SLI versus I CODE1. 2 Semiconductors Content  Overview, Block Diagram and System Configuration  Memory Organisation (Write Access.
ABSTRACT Near Field Communication (NFC) is based on a short- range wireless connectivity, designed for intuitive, simple and safe interaction between.
3506-D WEST LAKE CENTER DRIVE,
English for Advance Learners I
Mobile Computing CSE 40814/60814 Spring 2017.
Operating Mode 1 – Peer-Peer
SHORT DISTANCE WIRELESS COMMUNICATION
Radio Frequency Identification (RFID)
Radio Frequency Identification and Near Field Communication
Team 7 Technical Presentation
N-Guard: a Solution to Secure Access to NFC tags
Abstract Radio-frequency identification (RFID) is an emerging technology, which promises to advance the modern industrial practices in object identification.
NEW PRODUCT INTRODUCTION CONEKT™ Mobile Smartphone Access Control Identification Solution June 2018.
Bengt Oelmann Mitthögskolan, ITE
- Dylan Leintz - Dr. Davies
Mobile Computing Lecture Materials By Bintang Eka Putera.
RFID used for real-time tracking Physics 490 seminar 4/15/2019
Presentation transcript:

Timo Kasper Crete, Greece May 10, 2007 An Embedded System for Practical Security Analysis of Contactless Smartcards Timo Kasper, Dario Carluccio and Christof Paar Communication Security Group Ruhr University Bochum, Germany

Timo Kasper May 10, Outline 1.Background 2.RFID Basics (ISO 14443) 3.Security Weaknesses 4.Design and Development of an Embedded System 5.Selected Applications and Results 6.Conclusion

Timo Kasper May 10, Background Many standards for RFID coexist, differing in - Frequency: kHz … GHz, - Data rate: 2400 bit/s … 1 Mbit/s, - Range: < 1 centimetre … several metres, - Coupling method: backscattering, inductive, … RFID = Radio Frequency IDentification

Timo Kasper May 10, Background ISO is widely deployed in security sensitive applications: - RFID augmented credit cards (Visa Wave, MasterCard PayPass), - Ticketing (Philips Mifare, Smart Labels), - Electronic passport, student identity cards, mobile phones (NFC), … Many standards for RFID coexist, differing in - Frequency: kHz … GHz, - Data rate: 2400 bit/s … 1 Mbit/s, - Range: < 1 centimetre … several metres, - Coupling method: backscattering, inductive, … RFID = Radio Frequency IDentification

Timo Kasper May 10, RFID Basics (ISO 14443) reader generates field with MHz carrier frequency supplies tag with clock and energy via inductive coupling

Timo Kasper May 10, RFID Basics (ISO 14443) reader generates field with MHz carrier frequency supplies tag with clock and energy via inductive coupling reader transmits data by creating short pauses in the field

Timo Kasper May 10, RFID Basics (ISO 14443) reader generates field with MHz carrier frequency supplies tag with clock and energy via inductive coupling reader transmits data by creating short pauses in the field tag answers employing load modulation

Timo Kasper May 10, RFID Basics (ISO 14443) reader generates field with MHz carrier frequency supplies tag with clock and energy via inductive coupling reader transmits data by creating short pauses in the field tag answers employing load modulation operating range: 8…15 cm, data rate 106…847 kBit/s

Timo Kasper May 10, RFID Basics (ISO 14443) reader generates field with MHz carrier frequency supplies tag with clock and energy via inductive coupling reader transmits data by creating short pauses in the field tag answers employing load modulation operating range: 8…15 cm, data rate 106…847 kBit/s

Timo Kasper May 10, Security Weaknesses contactless interface (e.g. ISO 14443) brings new opportunities for attackers - read out a tag actively (range: up to 25 cm), maybe unnoticed - replay attack, - relay („man in the middle“) attack, - eavesdropping of the communication from a distance of several meters

Timo Kasper May 10, Security Weaknesses contactless interface (e.g. ISO 14443) brings new opportunities for attackers - read out a tag actively (range: up to 25 cm), maybe unnoticed - replay attack, - relay („man in the middle“) attack, - eavesdropping of the communication from a distance of several metres maximum energy consumption of a contactless smartcard is limited, reduce manufacturing costs  small chip area,  measures for security / privacy may be not implemented or very lightweight !

Timo Kasper May 10, Our Contribution Idea: Design a cost-effective embedded system which makes it possible to communicate with a contactless smartcard on the physical layer, emulate any ISO 14443(A) compliant RFID tag / smartcard.  perform replay-, man in the middle-, and other attacks,  analyse protocols, i.e., logging of the communication data,  implement and test new protocols and countermeasures,  assist side-channel attacks (DEMA, …),  test different antennas / power amplifiers.

Timo Kasper May 10, Embedded System – The Reader RF interface: transparently operating EM4094 transceiver Atmel ATMega32 microcontroller clocked at MHz specially designed circuits for signal conditioning / processing

Timo Kasper May 10, Embedded System – The Fake Tag appears like an authentic ISO 14443(A) compliant transponder perform load modulation with subcarrier, as specified acquire data from the field and reduce bandwidth designed to cooperate with the bit level reader

Timo Kasper May 10, Embedded System – Realization (Bit-Level) Reader Fake Tag

Timo Kasper May 10, Embedded System - Overview RFID tool: provide ISO compliant interface and emulation of a tag oscilloscope: measure / acquire information (e.g. electromagnetic emanation) PC: control process sequence and evaluate / analyse the data stand-alone operation modes implemented

Timo Kasper May 10, Application: Relay Attack

Timo Kasper May 10, Application: Relay Attack

Timo Kasper May 10, Application: Relay Attack

Timo Kasper May 10, Application: Relay Attack

Timo Kasper May 10, Application: Relay Attack

Timo Kasper May 10, Application: Relay Attack

Timo Kasper May 10, Application: Relay Attack

Timo Kasper May 10, Application: Relay Attack

Timo Kasper May 10, Application: Relay Attack

Timo Kasper May 10, Application: Relay Attack DEMA = Differential ElectroMagnetic Analysis

Timo Kasper May 10, Application: Relay Attack Relay attacks have been carried out successfully with electronic passport (issued in Germany) student identity card (used at the Ruhr University in Bochum) Philips „Classic Mifare“ & „DESFire“ cryptographically enabled smartcards Atmel AT88SC153 smartcard tickets for the football world championship 2006

Timo Kasper May 10, Applications and Results Ticket for FIFA World Cup 2006 in Germany successful relay attack (all data read out remotely via the Fake Tag) embedded Mifare Ultralight chip  64 Byte data, providing NO encryption  with developed hardware: (simple) Replay Attack feasible!

Timo Kasper May 10, Applications and Results Timing Analysis of an „ACG Dual 2.1 Passport Reader Module“ reaction of the ACG reader to purposedly delayed answer of a transponder compliance with the „Frame Delay Time“, exactly defined in the ISO 14443, could not be observed  facilitates relay attack

Timo Kasper May 10, Applications and Results Investigations with regard to tuning and range antennas made out of thin copper wire antennas on PCBs

Timo Kasper May 10, Future Works improved „Man in the Middle“ attack: modify the relayed information in real time increase reader operating range to 25 cm implement and test new protocols / countermeasures assist / perform other attacks: remote power analysis fault analysis improve Differential Electro-Magnetic Analysis

Timo Kasper May 10, Conclusion cost-effective design of a freely programmable RFID reader and Fake Tag  emulation of any ISO 14443A complaint tag Replay-attack (play-back of previously recorded data) Relay-attack (real-time relaying of the data in both directions) Timing Analysis of a commercial RFID reader Different types of antennas were built and tested promising applications & extensions: - Remote Power Analysis - DEMA - Fault Analysis Recommendation: Shield RFID tags / contactless smartcards to protect your privacy (e.g., one layer of aluminum foil) !

Timo Kasper Crete, Greece May 10, 2007 Thanks for your attention!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.