RFID EPC Tags Subject to Phone Attacks

Posted: August 4, 2008 in 2006, Articles
Tags: ,

http://www.rfidjournal.com/article/articleview/2167/1/1/By Mary Catherine O’Connor

At last week’s RSA security conference, renowned cryptographer Adi Shamir said EPC RFID tags are very vulnerable to attack—one that could be deployed using a cellular phone.

Feb. 24, 2006—Each year, data security specialists attend RSA Security‘s annual conference to learn about the most recently discovered breaches in data security and encryption. When attendees gathered for the Cryptographers Panel during the RSA Conference 2006 last week in San Jose, Calif., they learned that one of these threats loom around RFID.

Adi Shamir, professor of computer science at the Weizmann Institute of Science, announced that he and a fellow Weizmann researcher, Yossi Oren, were able to kill an EPC Class 1 Gen 1 passive tag after hacking it to determine its kill password. While his experiment demonstrated only the ability to use a password to kill a tag, Shamir noted that in the future, passwords will likely be used to protect sensitive information encoded to EPC tags, and this same attack could be used to determine those passwords. In fact, according to Oren, the same method could be used to find the larger kill passwords required to kill Gen 2 tags and could potentially be used to crack the protections around data on other types of tags, such as the account information and other personal data on RFID tags embedded in some credit cards.

To determine the kill password, Shamir and Oren used what is referred to as a side-channel attack. Rather than confronting the data protection straight on, such as attempting a long list of passwords to deduce the correct one, Oren explains, a side-channel attack analyzes the behavior of the protected devices to “slowly insinuate” the correct password or key needed to access the protected data. Side-channel attacks are executed by watching the power consumption or variations in the timing of the energy output of the devices (in this case, an EPC Gen 1 Class 1 tag) as they attempt to process collections of bits of data. In a power-analysis attack, the amount of energy the device consumes spikes when it receives inaccurate bits, and falls when the bits are correct. Because they constantly learn which bits work and which don’t, hackers using side-channel attacks are guided more quickly to the correct data than hackers just trying to break the data protections without analyzing how the power consumption fluctuates with each bit of information.

Shamir and Oren pointed a directional antenna, attached to an oscilloscope, toward the tag—the manufacturer of which they would only describe as “one of the biggest”—as the tag was receiving bits of data sent to perform a kill command. As they sent each bit of data, they used the antenna to “see how thirsty the tag was,” says Oren. Completing the attack on the Gen 1 tag in the lab took the pair three hours, but most of that time was reportedly spent transferring the data from the oscilloscope to a PC. Oren predicts that since a cell phone would not need to perform this step, it could complete the attack in about a minute. An EPC Gen 1 tag requires only an 8-bit password, whereas the EPC Gen 2 protocol uses a 32-bit password, so figuring out a Gen 2 tag’s password would take more time.

Perhaps most troubling was Shamir’s prediction that a power analysis attack on an RFID tag could be performed using a very common device. “While we have not implemented it, we believe that the cellular telephone has all the ingredients needed to carry out such an attack [to decipher a tag’s password],” he said at the conference. Oren explains that this would require the creation of firmware written to alter the phone’s RF capability so that rather than communicating voice or data over a given phone network, it would instead search for EPC tags. The firmware running on the phone’s operating system would then execute the attack. Phones using Global System for Mobile Communications (GSM) technology commonly transmit at 900 or 1,800 MHz. Phones employing Code Division Multiple Access (CDMA) technology, used mainly in the United States and Canada, transmit at 850 or 1,900 MHz. Because both types of phones operate within the UHF band, says Oren, they could be used to communicate with UHF EPC tags.

“How easy or hard it would be to write this firmware, I can not say,” Oren allows. “What the firmware would do depends on what the tag maker is trying to hide [what data it is protecting].” The firmware could be written to use power analysis to determine a password, a technique Shamir and Oren proved possible. Oren says he does not know how close a phone would need to be to the tag, but a supplemental antenna could boost the phone’s range.

Ari Juels, principal research scientist at RSA Laboratories, says this type of power analysis could also be used to crack key cryptography, used to protect account data encoded to the tag embedded in some credit cards. Juels does not know the amount of time or distance from the tag an attack on an HF tag would require. He says, however, that if firmware were written to perform power analysis in order to determine the cryptographic key, thieves could use that key to make clones of the cards. This wouldn’t necessarily require the thief to make an exact clone of the tag or card, he says, adding, “You could rejigger your mobile phone to simulate the credit card, and then go into a store to use your phone to make a payment.” A growing number of merchants are enabling their POS systems to accept RFID payments. And while cellular phones operate in the UHF band, those enabled for the near field communication protocol contain an RFID module that operates in the HF range (13.56 MHz), which is what the RFID credit card payment systems use.

Still, Juels and Oren point out that power analysis is not a new type of data attack, and that the same type of protections contact-based smart cards use to protect those cards from hacking through power analysis could also be used to protect RFID tags. These protections mask the spikes in power consumption—but in so doing, they force the hardware to consume more energy overall. Tag makers, on the other hand, are always looking for ways to reduce the amount of energy passive tags must consume to make them more efficient.

“There are fairly well-studied mechanisms to find ways to withstand these attacks,” says Juels. “I don’t think [Shamir’s] results show an immediate threat to payment devices, but they do show that attacks that have been done on other technologies could also succeed on RFID devices.” He adds, “This is something that exploits some of the naivety that has gone into security designs for EPC tags. For EPCglobal, the cost to counteract these threats shouldn’t be too high, and might not require changing the [air-interface] standard.”

By next week, Oren says he hopes to publish details on the power analysis attack they performed. He says he sent all of this documentation to EPCglobal already, and assumes the technologists there are reviewing it. EPCglobal US says it is studying Shamir’s findings.

“Security is very important to us, and we are taking a proactive role in addressing security at all levels of the EPCglobal Network,” explains Sue Hutchinson, director of industry adoption for EPCglobal US. “In fact, security has been a focus for both the hardware and software action groups and is currently the focus of our Architecture Review Committee, which is looking at security, not only on the tag but for all levels of information flow in the EPCglobal Network.”

A Reality Double Check

By Ari Juels
What mobile phones are telling us about RFID security.

March 6, 2006—At last month’s RSA Conference, Adi Shamir (the ‘S’ in RSA) discussed an attack he devised with graduate student Yossi Oren against an important type of RFID tag known as an Electronic Product Code (EPC) tag (see EPC Tags Subject to Phone Attacks). An EPC tag is essentially a wireless bar code designed to supplant the black-and-white printed bar codes in widespread use today. Because EPC tags may someday find their way onto individual consumer items, leading to a range of privacy concerns, the tags include what’s known as a kill function. When a reader transmits a kill command to an EPC tag, the tag self-destructs. (Dead tags don’t betray privacy.) To protect against malicious destruction of tags, the kill function works only when accompanied by a tag-specific personal identification number, or PIN.

What Oren and Shamir have shown is that certain EPC tags (Class 1 Generation 1) are vulnerable to remote power analysis. These tags produce power spikes that are measurable over the air and can be exploited to reveal the PINs used to kill tags. They speculate that mobile phones, many of which operate in the portion of the radio spectrum referred to as ultrahigh frequency, could be modified to execute this attack against a very important emerging generation of EPC tags known as Class 1 Generation 2.

Power analysis is not new. It is well studied in the context of smart-card security, for instance. Oren and Shamir, though, are the first to demonstrate its practical importance to RFID.

Oren and Shamir’s work has naturally attracted strong media coverage. Some of this coverage tends toward the sensationalist. As RFID Journal editor Mark Roberti has recently noted, the risk of such sensationalism (among those not yet jaded by it) is undue worry over security risks in RFID (see RFID Security: A Reality Check). However, there is also risk of the opposite happening—that the RFID industry will regard this vulnerability as a one-off problem that time and faded memories will redress. Such complacency is probably the greater risk.

Roberti downplays the Oren-Shamir attack for several reasons. First, he notes that the tag Oren and Shamir attacked has only an 8-bit PIN, while Class 1 Gen 2 tags have 32-bit PINs. A misunderstanding leads him to conclude that the attack will be many times harder for the latter type of tag—as much as brute force and, thus, exponential in the key length. He concludes, therefore, that such an attack would require an inordinate time to mount against Gen 2 tags. This is incorrect, however. In fact, the attack would probably only be about four times harder—i.e., linear in the key length. Basically put, the length of the PIN is of little consequence in the face of the Oren-Shamir attack.

Roberti also suggests the risk of an attacker running amok through a warehouse with a mobile phone is small, and that the design of the kill function in EPC tags is proportional to the threat. This is probably quite true today, but the EPC standard will persist for years—possibly even decades—and what is true today may not be the case tomorrow. When retail items carry EPC tags and tag-killing leads to easier shoplifting, then the threat will grow. When consumers carry live tags—as they eventually will for the many benefits RFID can bring to day-to-day life—and when hospitals, businesses and critical supply chains come to rely on functioning tags, then the stakes will grow further.

To carp about one flaw, however, is to miss the forest for the trees. The Oren-Shamir attack is important not because it reveals an implementation bug, but rather because it may point to a greater systemic problem. It seems an unshakable historical trend that serious attention to security in new technologies is deferred until problems become pressing and costly. Phishing and pharming tell this tale today on the Internet, and we’ve also seen it in cryptographic design flaws in 802.11 (Wi-Fi). We might ask ourselves now if this phenomenon is playing itself out in the world of RFID.

The kill function itself is an excellent example. EPCglobal, the standards body responsible for the design and promotion of EPC tags, deserves kudos for anticipating consumer-privacy concerns and designing a privacy-protection measure. The industry, however, would benefit from further forethought. On the one hand, there is talk of killing tags to protect consumers. On the other hand, there is speculation about how tags can bring to consumers a rainbow of benefits like smart appliances—tag-interrogating washing machines and refrigerators, tag-reading and tag-bearing phones, receiptless item returns and so forth. The two visions are contradictory. In fact, consumers will very probably want to carry live RFID tags. We need to think about privacy beyond the point of sale.

Proximity cards provide another example. As recently demonstrated by Jonathan Westhues, many of the contactless cards we use for building entry are themselves a kind of wireless bar code. Because they simply emit serial numbers, they are subject to cloning attacks. An attacker can easily skim a proximity card in your pocket and use a clone device in its place. Westhues has even been able to scan a proximity card through a wall.

As a team at The Johns Hopkins University and RSA Laboratories recently demonstrated, a popular antitheft RFID device present in tens of millions of automobiles contains only a 40-bit cryptographic key (see Attack on a Cryptographic RFID Device). The team built a special-purpose device able to crack such a key in about half an hour. (The manufacturer of the RFID device is, nonetheless, to be commended for including cryptographic protection at all.)

We must not overplay Oren and Shamir’s work, as the practical, short-term implications are most likely small. Still, the long-term implications are not to be ignored. Their attack is an early warning that deployers of RFID should welcome and assimilate. To realize the tremendous promises of RFID, it behooves the industry to think about security and privacy early, and to treat them as important enabling aspects. Including top academic data-security researchers in the deliberations of EPCglobal and other standards bodies might be an excellent step in this direction.

Ari Juels is the principal research scientist and manager of applied research at RSA Laboratories, the research center of RSA Security. His primary research area is data security, with emphases on authentication, biometrics, electronic voting and financial cryptography.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s