EPC Tags Subject to Phone Attacks
At last week's RSA security conference, renowned cryptographer Adi Shamir said EPC RFID tags are very vulnerable to attack—one that could be deployed using a cellular phone.
Feb 24, 2006—Each year, data security specialists attend RSA Security's annual conference to learn about the most recently discovered breaches in data security and encryption. When attendees gathered for the Cryptographers Panel during the RSA Conference 2006 last week in San Jose, Calif., they learned that one of these threats loom around RFID.
Adi Shamir, professor of computer science at the Weizmann Institute of Science, announced that he and a fellow Weizmann researcher, Yossi Oren, were able to kill an EPC Class 1 Gen 1 passive tag after hacking it to determine its kill password. (For the detailed results of the tests, go to http://www.wisdom.weizmann.ac.il/~yossio/rfid/.) While his experiment demonstrated only the ability to use a password to kill a tag, Shamir noted that in the future, passwords will likely be used to protect sensitive information encoded to EPC tags, and this same attack could be used to determine those passwords. In fact, according to Oren, the same method could be used to find the larger kill passwords required to kill Gen 2 tags and could potentially be used to crack the protections around data on other types of tags, such as the account information and other personal data on RFID tags embedded in some credit cards.
To determine the kill password, Shamir and Oren used what is referred to as a side-channel attack. Rather than confronting the data protection straight on, such as attempting a long list of passwords to deduce the correct one, Oren explains, a side-channel attack analyzes the behavior of the protected devices to "slowly insinuate" the correct password or key needed to access the protected data. Side-channel attacks are executed by watching the power consumption or variations in the timing of the energy output of the devices (in this case, an EPC Gen 1 Class 1 tag) as they attempt to process collections of bits of data. In a power-analysis attack, the amount of energy the device consumes spikes when it receives inaccurate bits, and falls when the bits are correct. Because they constantly learn which bits work and which don't, hackers using side-channel attacks are guided more quickly to the correct data than hackers just trying to break the data protections without analyzing how the power consumption fluctuates with each bit of information.
Shamir and Oren pointed a directional antenna, attached to an oscilloscope, toward the tag—the manufacturer of which they would only describe as "one of the biggest"—as the tag was receiving bits of data sent to perform a kill command. As they sent each bit of data, they used the antenna to "see how thirsty the tag was," says Oren. Completing the attack on the Gen 1 tag in the lab took the pair three hours, but most of that time was reportedly spent transferring the data from the oscilloscope to a PC. Oren predicts that since a cell phone would not need to perform this step, it could complete the attack in about a minute. An EPC Gen 1 tag requires only an 8-bit password, whereas the EPC Gen 2 protocol uses a 32-bit password, so figuring out a Gen 2 tag's password would take more time.
Perhaps most troubling was Shamir's prediction that a power analysis attack on an RFID tag could be performed using a very common device. "While we have not implemented it, we believe that the cellular telephone has all the ingredients needed to carry out such an attack [to decipher a tag's password]," he said at the conference. Oren explains that this would require the creation of firmware written to alter the phone's RF capability so that rather than communicating voice or data over a given phone network, it would instead search for EPC tags. The firmware running on the phone's operating system would then execute the attack. Phones using Global System for Mobile Communications (GSM) technology commonly transmit at 900 or 1,800 MHz. Phones employing Code Division Multiple Access (CDMA) technology, used mainly in the United States and Canada, transmit at 850 or 1,900 MHz. Because both types of phones operate within the UHF band, says Oren, they could be used to communicate with UHF EPC tags.
Login and post your comment!
Not a member?
Signup for an account now to access all of the features of RFIDJournal.com!
SEND IT YOUR WAY
RFID JOURNAL EVENTS
ASK THE EXPERTS
Simply enter a question for our experts.