Home Internet of Things Aerospace Apparel Energy Defense Health Care Logistics Manufacturing Retail

A Reality Double-Check

What mobile phones are telling us about RFID security.
By Ari Juels
Mar 06, 2006At last month's RSA Conference, Adi Shamir (the 'S' in RSA) discussed an attack he devised with graduate student Yossi Oren against an important type of RFID tag known as an Electronic Product Code (EPC) tag (see EPC Tags Subject to Phone Attacks). An EPC tag is essentially a wireless bar code designed to supplant the black-and-white printed bar codes in widespread use today. Because EPC tags may someday find their way onto individual consumer items, leading to a range of privacy concerns, the tags include what's known as a kill function. When a reader transmits a kill command to an EPC tag, the tag self-destructs. (Dead tags don't betray privacy.) To protect against malicious destruction of tags, the kill function works only when accompanied by a tag-specific personal identification number, or PIN.

What Oren and Shamir have shown is that certain EPC tags (Class 1 Generation 1) are vulnerable to remote power analysis. These tags produce power spikes that are measurable over the air and can be exploited to reveal the PINs used to kill tags. They speculate that mobile phones, many of which operate in the portion of the radio spectrum referred to as ultrahigh frequency, could be modified to execute this attack against a very important emerging generation of EPC tags known as Class 1 Generation 2.

Power analysis is not new. It is well studied in the context of smart-card security, for instance. Oren and Shamir, though, are the first to demonstrate its practical importance to RFID.

Oren and Shamir's work has naturally attracted strong media coverage. Some of this coverage tends toward the sensationalist. As RFID Journal editor Mark Roberti has recently noted, the risk of such sensationalism (among those not yet jaded by it) is undue worry over security risks in RFID (see RFID Security: A Reality Check). However, there is also risk of the opposite happening—that the RFID industry will regard this vulnerability as a one-off problem that time and faded memories will redress. Such complacency is probably the greater risk.

Roberti downplays the Oren-Shamir attack for several reasons. First, he notes that the tag Oren and Shamir attacked has only an 8-bit PIN, while Class 1 Gen 2 tags have 32-bit PINs. A misunderstanding leads him to conclude that the attack will be many times harder for the latter type of tag—as much as brute force and, thus, exponential in the key length. He concludes, therefore, that such an attack would require an inordinate time to mount against Gen 2 tags. This is incorrect, however. In fact, the attack would probably only be about four times harder—i.e., linear in the key length. Basically put, the length of the PIN is of little consequence in the face of the Oren-Shamir attack.

Roberti also suggests the risk of an attacker running amok through a warehouse with a mobile phone is small, and that the design of the kill function in EPC tags is proportional to the threat. This is probably quite true today, but the EPC standard will persist for years—possibly even decades—and what is true today may not be the case tomorrow. When retail items carry EPC tags and tag-killing leads to easier shoplifting, then the threat will grow. When consumers carry live tags—as they eventually will for the many benefits RFID can bring to day-to-day life—and when hospitals, businesses and critical supply chains come to rely on functioning tags, then the stakes will grow further.

Login and post your comment!

Not a member?

Signup for an account now to access all of the features of RFIDJournal.com!

Case Studies Features Best Practices How-Tos
Live Events Virtual Events Webinars
Simply enter a question for our experts.
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations