By Ari Juels
To carp about one flaw, however, is to miss the forest for the trees. The Oren-Shamir attack is important not because it reveals an implementation bug, but rather because it may point to a greater systemic problem. It seems an unshakable historical trend that serious attention to security in new technologies is deferred until problems become pressing and costly. Phishing and pharming tell this tale today on the Internet, and we've also seen it in cryptographic design flaws in 802.11 (
Wi-Fi). We might ask ourselves now if this phenomenon is playing itself out in the world of RFID.
The kill function itself is an excellent example.
EPCglobal, the standards body responsible for the design and promotion of EPC tags, deserves kudos for anticipating consumer-privacy concerns and designing a privacy-protection measure. The industry, however, would benefit from further forethought. On the one hand, there is talk of killing tags to protect consumers. On the other hand, there is speculation about how tags can bring to consumers a rainbow of benefits like smart appliances—tag-interrogating washing machines and refrigerators, tag-reading and tag-bearing phones, receiptless item returns and so forth. The two visions are contradictory. In fact, consumers will very probably want to carry live RFID tags. We need to think about privacy beyond the point of sale.
Proximity cards provide another example. As recently
demonstrated by Jonathan Westhues, many of the contactless cards we use for building entry are themselves a kind of wireless bar code. Because they simply emit serial numbers, they are subject to cloning attacks. An attacker can easily skim a proximity card in your pocket and use a clone device in its place. Westhues has even been able to scan a proximity card through a wall.
As a team at
The Johns Hopkins University and
RSA Laboratories recently demonstrated, a popular antitheft RFID device present in tens of millions of automobiles contains only a 40-bit cryptographic key (see
Attack on a Cryptographic RFID Device). The team built a special-purpose device able to crack such a key in about half an hour. (The manufacturer of the RFID device is, nonetheless, to be commended for including cryptographic protection at all.)
We must not overplay Oren and Shamir's work, as the practical, short-term implications are most likely small. Still, the long-term implications are not to be ignored. Their attack is an early warning that deployers of RFID should welcome and assimilate. To realize the tremendous promises of RFID, it behooves the industry to think about security and privacy early, and to treat them as important enabling aspects. Including top academic data-security researchers in the deliberations of
EPCglobal and other standards bodies might be an excellent step in this direction.
Ari Juels is the principal research scientist and manager of applied research at RSA Laboratories, the research center of RSA Security. His primary research area is data security, with emphases on authentication, biometrics, electronic voting and financial cryptography.
THE WORLD'S RFID AUTHORITY
PREMIUM = Requires Subscription. Learn More
