The Cure For InSecure RFID Applications
Guidelines for the IT Professional
Michael McCartney
Chairman, RFID Security Alliance
your logo here
RFID Security Alliance• We are a resource for the RFID industry, driving
market education and discussion about security and
privacy issues surrounding the use of RFID
technologies, solutions and applications.
• 120 Companies Globally-200+ members Linkedin
• Sources For Slides Come from Members specifically,
Lukas Grunwald(NeoCatena Networks, Inc,
http://www.neocatena.com), Karsten Nohl
• www.RFIDSA.com
• http://rfidsa.blogspot.com/
your logo here
RFID-Security An Issue?
• 2009 August 6th at the same time as the annual
Defcon hacker convention-Twitter Falls Victim to
Hacker
• 2010 March 28th - Christopher Scott of Miami was
sentenced Monday to three years of supervised
release after pleading guilty in September 2008 to
conspiracy, unauthorized access to computer
systems, access device fraud and identity theft.
• Scott's expertise was hacking wireless networks
your logo here
The SoupNazi-$200M-4.3 Cards
• Authorities said Albert Gonzalez and two foreign co-defendants
would drive past retailers with a laptop computer, tapping into
those with vulnerable wireless Internet signals. They would
then install "sniffer programs" that picked off credit and debit
card numbers as they moved through a retailer's computers
before trying to sell the numbers overseas
• He became a Secret Service informant after he was first
arrested for hacking in 2003.
• Even as he helped the government nail other hackers,
prosecutors said, he kept breaking into retailers' computer
systems, amassing $2.8 million he used to buy a Miami condo,
a car, Rolex watches and a Tiffany ring for his girlfriend
your logo here
All RFID Systems Are Insecure• Why? It is not because the technology is poor rather
it is the way design decisions are made
• All proprietary systems lack public reviews (Mifare)
• Reliance on obscurity leads to major breaks (Legic)
• Time-to-market often trumps security concerns (EPC)
• Even when designing security, prepare for failure
• The weakest point of the most secure systems is the
storage of secret keys ”security by obscurity”
• New public-key cryptography can strengthen security
See http://www.instructables.com/id/Stupid-Simple-
Arduino-LF-RFID-Tag-Spoofer/
your logo here
In-Security Can Be Exploited1. Man in the Middle
2. Cloning
3. Data Manipulation
4. Scanning
5. Code Rejection
6. Denial of Service
7. RFID Malware
8. NFC Vulnerabilities
9. Physical Tag Security
your logo here
Man-in-the-Middle
• Sniffing of communication between
transponder and reader
– Faking the communication between peers
– Obtain UID, user data and meta data
– Basis for subsequent attacks
– Replay / relay attacks to fool access control
systems
your logo here
Cloning
• Duplication of tag data to create identical copies
of RFID tags that will be accepted by an RFID
application as valid
– Gain illegal access to restricted area
– Inject counterfeit products into digital supply
chain
– Change price tags at Point of Sale (Cyber
Shop Lifting)
your logo here
Scanning• Passive Scanning
– Attacker sniffs the communication with his own antenna
– Energy for the tag is provided by legitimate reader
– Obtain user-data and meta-data
• Active Scanning
– Emulating legitimate reader for unauthorized read/write operations
– Attacker uses own reader / antenna environment
– Energy for the tag is provided by attacker
your logo here
Code Injection
• Insertion of executable code fragments into tag data– SQL injection
– Shell-Code
– String format attack
– Buffer overrun
• Attack edge servers, middleware and back-ends via manipulated data structures
• Non-spreading attack (compare Malware Injection)
your logo here
Denial-of-Service (DoS)• Jamming of RFID frequencies
– Use “out-of-the-box” police jammer
(broadband jamming transmitter)
• Attack against anti-collision (RSA attack)
– Prevent reading of any tags
• Shut down
– Production
– Sales
– Access
your logo here
Basic Threat Model1. The infected RFID Tag first feeds the tag reader with
malicious data.
2, The malicious data are used to exploit the
vulnerabilities of RFID middleware or database
system.
3. If the middleware or database is successfully
compromised, the malware can be spread by
updating tag values with malicious data during
regular tag updating.
4. They can also infect other enterprise systems when
they retrieve the malicious data from the database.
your logo here
NFC-How Not to ProceedJonathan Main, Chair of NFC Technical, Committee:
“NFC Forum's role is not to define the [security] requirements
[because] a mandatory „one-size fits-all‟ approach…is not
viable.
Many applications use smart card security specified in other
consortia. On top of these many security measures, users [can]
set their own security parameters and preferences.”
• 14.443 and other RFID frequencies need to be secured from the
tag to the reader
Press for a standardized approach, secret codes and yesterday’s
security paradigms lead to proprietary systems i.e. Mifare, Legic
etc.
your logo here
The time to fix the roof is
before it rains
• What to do now?
– Assess where you are?
– Take immediate corrective actions
– Learn from others
• We need a minimum RFID Security
Standard
your logo here
Thank You
RFID Security Alliance
www.RFIDSA.com
http://rfidsa.blogspot.com/
http://www.linkedin.com/groups?gid=62849
Twitter: RFIDSecurity
your logo here
Michael McCartneyPrincipal
QLM Consulting
415 331 9292
www.qlmconsulting.com
Top Related