RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn

Agenda What is RFID? How RFID works? RFID Security Concerns. Possible attacks on RFID systems. Future enhancements. Conclusion.

What is RFID?

RFID – Radio Frequency Identification. Used for identifying a product or an inventory. RFID has replaced the traditional barcodes. Wal-Mart has spent millions of $ on RFID research. RFID is all about providing a real-time information current location, planned destination and contents of the item that is being tracked.

How RFID works?

RFID uses EPC (Electronic Product Code) that is similar to barcodes. It uses EPC protocol, that is a standard for all EPC systems. EPC decides two things, 1) How the separate and store information in the tags. 2) Decide how tags and readers communicate. RFID system consists of a reader, an antenna and tags.

How RFID works?

Active Tags – It has its own battery and uses it own power to contact the reader. Passive Tags – Does not need a battery. Uses the EM field created by the signal from RFID reader. Class 0 tag – Read only. Class 1 tag – Once writeable. Amount of data – Can be 64, 96, 128, 256 or 512 bits. Security of data – Depending on class and the generation data on the tags can be encrypted.

How RFID works? Bar codes uses UPC (Universal Product Codes)

How RFID works? RFID uses EPC (Electronic Product Code) Header – Tells the reader about the type of number that follows. EPC manager – Represents the company. Object Class – Represents the type of item. Serial Number – Represents the serial number of type of item.

Security concerns for RFID

World readable tags can be read by unwanted entities. Important information like Credit Card details can be read by a simple gadget available on Amazon.com in a mere 8$. Some countries have implemented RFID passports. The encryption of chips in European passport was broken in 48 hours. RFID had limited memory hence less/no room for encryption. Readymade tools available that can read RFID tags e.g. RFDump.

Security concerns for RFID Screenshot of RFDump

Man in middle attack. DoS attack (tag killing attack). Replay attack. Physical attack. Possible Attack on RFID System

Future Enhancement

Hash Lock Steps to lock the tag: 1.Reader select random key and calculate hash of key : MetaID = HASH(key) 2.Reader write MetaID into tag 3.Now tag is in lock state 4.Reader store its key and tag key into backend database or locally

Unlocking Hash Lock

Randomized Hash Lock

RFID is widely used because it is cheap. Passive tags have limited power and limited computational resources. Sensitive information can easily be stolen or manipulated. No fixed standard at air interface e.g. The frequencies used for RFID in the USA are currently incompatible with those of Europe or Japan. RFID security related features/protocols are still in research phase. Conclusion

How to Hack RFID based credit card

Questions???