RFID%20Security

1
CMPE 209, Spring 2009
RFID Security
Presented by- Snehal Patel Hitesh Patel
Submitted to- Prof Richard Sinn
2
Agenda

• What is RFID?
• How RFID works?
• RFID Security Concerns.
• Possible attacks on RFID systems.
• Future enhancements.
• Conclusion.

3
What is RFID?
4
What is RFID?

• RFID Radio Frequency Identification.
• Used for identifying a product or an inventory.
• RFID has replaced the traditional barcodes.
• Wal-Mart has spent millions of on RFID
  research.
• RFID is all about providing a real-time
  information
• current location, planned destination and
  contents of
• the item that is being tracked.

5
How RFID works?
6
How RFID works?

• RFID uses EPC (Electronic Product Code) that is
  similar to
• barcodes.
• It uses EPC protocol, that is a standard for all
  EPC systems.
• EPC decides two things, 1) How the separate and
  store
• information in the tags. 2) Decide how tags and
  readers
• communicate.
• RFID system consists of a reader, an antenna and
  tags.

7
How RFID works?
8
How RFID works?

• Active Tags It has its own battery and uses it
  own power
• to contact the reader.

• Passive Tags Does not need a battery. Uses the
  EM field
• created by the signal from RFID reader.

• Class 0 tag Read only.

• Class 1 tag Once writeable.

• Amount of data Can be 64, 96, 128, 256 or 512
  bits.

• Security of data Depending on class and the
  generation
• data on the tags can be encrypted.

9
How RFID works?

• Bar codes uses UPC (Universal Product Codes)

10
How RFID works?

• RFID uses EPC (Electronic Product Code)

• Header Tells the reader about the type of
  number that follows.

• EPC manager Represents the company.

• Object Class Represents the type of item.

• Serial Number Represents the serial number of
  type of item.

11
Security concerns for RFID
12
Security concerns for RFID

• World readable tags can be read by unwanted
  entities.

• RFID had limited memory hence less/no room for
  encryption.

• Important information like Credit Card details
  can be read
• by a simple gadget available on Amazon.com in a
  mere 8.

• Some countries have implemented RFID passports.
  The
• encryption of chips in European passport was
  broken in
• 48 hours.

• Readymade tools available that can read RFID
  tags
• e.g. RFDump.

13
Security concerns for RFID
Screenshot of RFDump
14
Possible Attack on RFID System

• Man in middle attack.
• DoS attack (tag killing attack).
• Replay attack.
• Physical attack.

15
Future Enhancement
16
Hash Lock

• Steps to lock the tag
• Reader select random key and calculate hash of
  key MetaID HASH(key)
• Reader write MetaID into tag
• Now tag is in lock state
• Reader store its key and tag key into backend
  database or locally

17
Unlocking Hash Lock
18
Randomized Hash Lock
19
Conclusion

• RFID is widely used because it is cheap.
• Passive tags have limited power and limited
  computational resources.
• Sensitive information can easily be stolen or
  manipulated.
• No fixed standard at air interface e.g. The
  frequencies used for RFID in the USA are
  currently incompatible with those of Europe or
  Japan.
• RFID security related features/protocols are
  still in research phase.

20
How to Hack RFID based credit card
21
Questions???