Practical Attacks on a Proximity Card Jonathan Westhues June 18 2005.

Slides:

Advertisements

Similar presentations

Lecture 6 User Authentication (cont)

Advertisements

TPS – UNIQUE HARDWARE ( Option 1: Transaction Processing Systems.

Serverless Search and Authentication Protocols for RFID Chiu C. Tan, Bo Sheng and Qun Li Department of Computer Science College of William and Mary.

Yossef Oren, Dvir Schirman, and Avishai Wool: Tel Aviv University ESORICS 2013.

Security for RFID Department of Information Management, ChaoYang University of Technology. Speaker : Che-Hao Chen ( 陳哲豪 ) Date:2006/01/18.

RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.

Security in RFID Presented By… NetSecurity-Spring07

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

Asmt. 10: ID chips in product Pro RFID chips in product Group 3. Team A Ivan Augustino Andres Crucitti.

#1 Privacy in pervasive computing What can technologists do? David Wagner U.C. Berkeley In collaboration with David Molnar, Andrea Soppera, Ari Juels.

RADIO FREQUENCY IDENTIFICATION By Basia Korel. Automatic Identification Technology for identifying items Three step process 1) Identify people/objects.

RFID in Mobile Commerce and Security Concerns Chassica Braynen April 25, 2007.

Real World Applications of RFID Mr. Mike Rogers Bryan Senior High School Omaha, NE.

RFID passports How does is work? Step by step By: Einav Mimram.

Physical-layer Identification of RFID Devices Authors: Boris Danev, Thomas S. Heyde-Benjamin, and Srdjan Capkun Presented by Zhitao Yang 1.

RFID Inventory System Shaun Duncan, Thomas Keaten, Auroop Roy.

 The Global Positioning System (GPS) is a navigational system involving satellites and computers that can determine the latitude and longitude of a receiver.

Energy Smart Room GROUP 9 PRESENTERS DEMO DATE SPECIAL THANKS TO ADVISOR PRESENTERS Thursday April 19, 2007 Department of Electrical and Systems Engineering.

上海交通大学自动化系 FROZEN FOOD Case : Cool-Chain of RFID.

Radio Frequency Identification (RFID) Features and Functionality of RFID Including application specific ISO specifications Presented by: Chris Lavin Sarah.

Chip tag A radio-frequency identification system uses tags readers send a signal to the tag and read its response RFID tags can be either passive active.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

OUTLINE  Motivation  Introduction  Problem Statement  Assumptions  Proposed Solution  Results  Conclusions  Future Work  References  Acknowledgements.

RFID – An Introduction Murari Raghavan UNC-Charlotte.

Presented by: Arpit Jain Guided by: Prof. D.B. Phatak.

Radio Frequency Identification By Bhagyesh Lodha Vinit Mahedia Vishnu Saran Mitesh Bhawsar.

ANTI THEFT PROTECTION SYSTEMS IMMOBILISER LECTURER NAME: MR

MINIATURE RFID READER 1.55 Square Inch UHF Generation 2 ISO C Combination RFID Reader/Writer Communicates with Active and Passive Tags

مدیریت تولید پیشرفته جلسه پنجم : Introduction: CIM, RFID

Using ISO tags for Authentication Eddie LaCost Embedded RF.

Radio Frequency Identification (RFID) Be Safe Security Solutions.

EPCglobal Training Suite

RFID Payment Terminal Presented by: Rohit Kale. Introduction RFID: an automatic identification method, relying on storing and remotely retrieving data.

Radio-frequency identification (RFID) is an automatic identification method, relying on storing and remotely retrieving data using devices called RFID.

RF-ID Overview What is RFID? Components. Block diagram & Working. Frequency Ranges. EPC Code. Advantages & Disadvantages. Applications.

Ignite Presentation: Near Field Communication Harry Yang.

R F I D Presented by Kerry Wong. What is RFID? Radio Frequency IDentification –Analogous to electronic barcode –Uses radio waves to send info Serial numbers.

Submitted By: A.Anjaneyulu INTRODUCTION Near Field Communication (NFC) is based on a short-range wireless connectivity, designed for.

RFID: Radio Frequency Identification Amanda Di Maso Shreya Patel Tresit Tarko.

Shanti Bramhacharya and Nick McCarty. This paper deals with the vulnerability of RFIDs A Radio Frequency Identifier or RFID is a small device used to.

29 November Solving Problems. Presentations News: Sarah Waugh The Matrix: Ryan Thorpe.

Securing Wireless Medical Implants Shyamnath Gollakota Haitham Hassanieh Benjamin Ransford Dina Katabi Kevin Fu.

TITLE RFID FOR EDUCATIONAL INSTITUTIONS AND OFFICES.

Computer Science 1 Using Directional Antennas to Prevent Wormhole Attacks Presented by: Juan Du Nov 16, 2005.

Focus On Bluetooth Security Presented by Kanij Fatema Sharme.

THE INTERNET OF THINGS (IOT). THE INTERNET OF THINGS Objects can transmit and share information without any human intervention.

Describe direct data entry and associated devices, e. g

WIEGAND TECHNOLOGY Christmas is almost here ! Oupps! Sorry…Wrong topic… Christmas is almost here ! Oupps! Sorry…Wrong topic…

IDENTITY NUMBERS BY A.M.VILLAVAN M.TECH(COS). RFID Acronymn: Radio Frequency Identification Device RFID is a technology, whose origins are found in the.

Computer Science Using Directional Antennas to Prevent Wormhole Attacks Stephen Thomas Acknowledgement: Portions of this presentation have been donated.

Automated Data Capture Technologies O It is often necessary or convenient to capture data automatically, for example the delivery of a package by an Cable.

Sniffer for Detecting Lost Mobiles

I’m back ! Had a nice Holiday? I’m back ! Had a nice Holiday? Today we are talking PROXIMITY TECHNOLOGY Today we are talking PROXIMITY TECHNOLOGY.

RFID Mike Treon CPSC 310. What is RFID? Radio Frequency Identification Wireless link to transmit data and collect stored information. (EPC) Allows for.

WIRELESS CHARGING Presented by: K.MAHESH (08T81A1236)

1 Security problems on RFID tags (short introduction) Sakurai Lab., Kyushu Univ. Junichiro SAITO

RADIO FREQUENCY IDENTIFICATION TECHNOLOGY. By Twesige Richard.

Unit 2 Technology Systems

By: Tarun Sharma Chinta Rahul SCSE VIT University

Smart Attendance System

IL Marking Get out your CPU / Memory answers Swap with someone else

Radio Frequency Identification (RFID)

UNIT 19 Data Security 2.

NEW PRODUCT INTRODUCTION CONEKT™ Mobile Smartphone Access Control Identification Solution June 2018.

Radio Frequency Identification

- Dylan Leintz - Dr. Davies

Presentation transcript:

Practical Attacks on a Proximity Card Jonathan Westhues June

Introduction How do RFID tags work? Signals sent over the air A naïve attack works perfectly Better-than-naïve attacks work even better Security is possible if you are willing to pay for it

How the tags work The reader transmits a powerful carrier (a signal that carries no information) –Reader “excites” or “illuminates” tag This carrier powers the circuitry on the tag –So the tag does not need an internal power source (battery)

Information over the air Tag returns an information-bearing signal to the reader –Same frequency, same antenna Bi-directional communication also possible –e.g. to write information to a tag instead of just reading

Example: TI tag antenna coil capacitor(s) (microchip on other side)

Example: MHz tag antenna coil microchip capacitor

reader: powerful, no information Signals over the air tag: weak, carries information

Result: the signals add (signal seen at the reader)

Motorola/Indala Flexpass Card transmits its ID code to the reader Reader checks ID against its list to see if it should open the door That’s it; no attempt at security

Basic replay attack

Read a legitimate card to get its ID code Store the ID in memory Replay the ID to a legitimate reader

Basic replay attack Hardware design: nothing fast, no need for anything custom Easy Other people have done this

What kind of read range? Depends on the power of the carrier that the reader transmits Practical limits: –TX power Legalities (FCC, Industry Canada) Input power Technical limits (heat etc.) –Antenna size

Practical read range “A few feet”

Even better attacks The read range goes up when the card is already powered –Thus, even more vulnerable if the eavesdropper sets up near a legitimate reader The signal goes through sheetrock walls

DSP refinements FlexPass cards: repeat their ID over and over as long as they are powered Opportunity to use DSP techniques to “average together” multiple copies and improve sensitivity

Solution But surely we can do better…

FlexPass FlexSecur Encrypt ID before programming it onto card Replay attack: –Doesn’t help, eavesdropper unlikely to notice that is present Not useless though

Challenge/Response Fixes everything, and cards are available that use it Drawbacks: –Complexity: crypto circuitry on the card –Bi-directional communication with reader is now required

Alternative: Rolling codes Also fixes everything Used e.g. in auto keyless entry Advantage: –No bi-directional communication required Disadvantage: –Needs non-volatile storage

Conclusion ID-only cards are not in any mathematical sense secure Secure alternatives exist Depending on the application, they might not be better It would be nice if the vendors would tell you what you’re getting

Thank you