A Reality Double-Check
What mobile phones are telling us about RFID security.
Mar 06, 2006—At last month's RSA Conference, Adi Shamir (the 'S' in RSA) discussed an attack he devised with graduate student Yossi Oren against an important type of RFID tag known as an Electronic Product Code (EPC) tag (see EPC Tags Subject to Phone Attacks). An EPC tag is essentially a wireless bar code designed to supplant the black-and-white printed bar codes in widespread use today. Because EPC tags may someday find their way onto individual consumer items, leading to a range of privacy concerns, the tags include what's known as a kill function. When a reader transmits a kill command to an EPC tag, the tag self-destructs. (Dead tags don't betray privacy.) To protect against malicious destruction of tags, the kill function works only when accompanied by a tag-specific personal identification number, or PIN.
What Oren and Shamir have shown is that certain EPC tags (Class 1 Generation 1) are vulnerable to remote power analysis. These tags produce power spikes that are measurable over the air and can be exploited to reveal the PINs used to kill tags. They speculate that mobile phones, many of which operate in the portion of the radio spectrum referred to as ultrahigh frequency, could be modified to execute this attack against a very important emerging generation of EPC tags known as Class 1 Generation 2.
Oren and Shamir's work has naturally attracted strong media coverage. Some of this coverage tends toward the sensationalist. As RFID Journal editor Mark Roberti has recently noted, the risk of such sensationalism (among those not yet jaded by it) is undue worry over security risks in RFID (see RFID Security: A Reality Check). However, there is also risk of the opposite happening—that the RFID industry will regard this vulnerability as a one-off problem that time and faded memories will redress. Such complacency is probably the greater risk.
Roberti downplays the Oren-Shamir attack for several reasons. First, he notes that the tag Oren and Shamir attacked has only an 8-bit PIN, while Class 1 Gen 2 tags have 32-bit PINs. A misunderstanding leads him to conclude that the attack will be many times harder for the latter type of tag—as much as brute force and, thus, exponential in the key length. He concludes, therefore, that such an attack would require an inordinate time to mount against Gen 2 tags. This is incorrect, however. In fact, the attack would probably only be about four times harder—i.e., linear in the key length. Basically put, the length of the PIN is of little consequence in the face of the Oren-Shamir attack.
Roberti also suggests the risk of an attacker running amok through a warehouse with a mobile phone is small, and that the design of the kill function in EPC tags is proportional to the threat. This is probably quite true today, but the EPC standard will persist for years—possibly even decades—and what is true today may not be the case tomorrow. When retail items carry EPC tags and tag-killing leads to easier shoplifting, then the threat will grow. When consumers carry live tags—as they eventually will for the many benefits RFID can bring to day-to-day life—and when hospitals, businesses and critical supply chains come to rely on functioning tags, then the stakes will grow further.
Login and post your comment!
Not a member?
Signup for an account now to access all of the features of RFIDJournal.com!
SEND IT YOUR WAY
RFID JOURNAL EVENTS
ASK THE EXPERTS
Simply enter a question for our experts.
TAKE THE POLL