1 / 33

An Embedded System for Practical Security Analysis of Contactless Smartcards

An Embedded System for Practical Security Analysis of Contactless Smartcards. Timo Kasper, Dario Carluccio and Christof Paar Communication Security Group Ruhr University Bochum, Germany http://www.crypto.rub.de. Outline. Background RFID Basics (ISO 14443) Security Weaknesses

zorana
Télécharger la présentation

An Embedded System for Practical Security Analysis of Contactless Smartcards

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Embedded System for Practical Security Analysis of Contactless Smartcards Timo Kasper, Dario Carluccio and Christof Paar Communication Security Group Ruhr University Bochum, Germany http://www.crypto.rub.de

  2. Outline • Background • RFID Basics (ISO 14443) • Security Weaknesses • Design and Development of an Embedded System • Selected Applications and Results • Conclusion

  3. Background RFID = Radio Frequency IDentification Many standards for RFID coexist, differing in - Frequency: kHz … GHz, - Data rate: 2400 bit/s … 1 Mbit/s, - Range: < 1 centimetre … several metres, - Coupling method: backscattering, inductive, …

  4. Background RFID = Radio Frequency IDentification • ISO 14443 is widely deployed in security sensitive applications: • - RFID augmented credit cards (Visa Wave, MasterCard PayPass), • - Ticketing (Philips Mifare, Smart Labels), • - Electronic passport, student identity cards, mobile phones (NFC) , … Many standards for RFID coexist, differing in - Frequency: kHz … GHz, - Data rate: 2400 bit/s … 1 Mbit/s, - Range: < 1 centimetre … several metres, - Coupling method: backscattering, inductive, …

  5. RFID Basics (ISO 14443) reader generates field with 13.56 MHz carrier frequency supplies tag with clock and energy via inductive coupling

  6. RFID Basics (ISO 14443) reader generates field with 13.56 MHz carrier frequency supplies tag with clock and energy via inductive coupling reader transmits data by creating short pauses in the field

  7. RFID Basics (ISO 14443) reader generates field with 13.56 MHz carrier frequency supplies tag with clock and energy via inductive coupling reader transmits data by creating short pauses in the field tag answers employing load modulation

  8. RFID Basics (ISO 14443) reader generates field with 13.56 MHz carrier frequency supplies tag with clock and energy via inductive coupling reader transmits data by creating short pauses in the field tag answers employing load modulation operating range: 8…15 cm, data rate 106…847 kBit/s

  9. RFID Basics (ISO 14443) reader generates field with 13.56 MHz carrier frequency supplies tag with clock and energy via inductive coupling reader transmits data by creating short pauses in the field tag answers employing load modulation operating range: 8…15 cm, data rate 106…847 kBit/s

  10. Security Weaknesses • contactless interface (e.g. ISO 14443) brings new opportunities for attackers • - read out a tag actively (range: up to 25 cm), maybe unnoticed • - replay attack, • - relay („man in the middle“) attack, • - eavesdropping of the communication from a distance of several meters

  11. Security Weaknesses • contactless interface (e.g. ISO 14443) brings new opportunities for attackers • - read out a tag actively (range: up to 25 cm), maybe unnoticed • - replay attack, • - relay („man in the middle“) attack, • - eavesdropping of the communication from a distance of several metres • maximum energy consumption of a contactless smartcard is limited, • reduce manufacturing costs  small chip area, •  measures for security / privacy may be not implemented or very lightweight !

  12. Our Contribution • Idea: Design a cost-effective embedded system which makes it possible to • communicate with a contactless smartcard on the physical layer, • emulate any ISO 14443(A) compliant RFID tag / smartcard. • perform replay-, man in the middle-, and other attacks, • analyse protocols, i.e., logging of the communication data, • implement and test new protocols and countermeasures, • assist side-channel attacks (DEMA, …), • test different antennas / power amplifiers.

  13. Embedded System – The Reader • RF interface: transparently operating EM4094 transceiver • Atmel ATMega32 microcontroller clocked at 13.56 MHz • specially designed circuits for signal conditioning / processing

  14. Embedded System – The Fake Tag appears like an authentic ISO 14443(A) compliant transponder perform load modulation with subcarrier, as specified acquire data from the field and reduce bandwidth designed to cooperate with the bit level reader

  15. Embedded System – Realization Fake Tag (Bit-Level) Reader

  16. Embedded System - Overview • RFID tool: provide ISO 14443 compliant interface and emulation of a tag • oscilloscope: measure / acquire information (e.g. electromagnetic emanation) • PC: control process sequence and evaluate / analyse the data • stand-alone operation modes implemented

  17. Application: Relay Attack

  18. Application: Relay Attack

  19. Application: Relay Attack

  20. Application: Relay Attack

  21. Application: Relay Attack

  22. Application: Relay Attack

  23. Application: Relay Attack

  24. Application: Relay Attack

  25. Application: Relay Attack

  26. Application: Relay Attack • DEMA = Differential ElectroMagnetic Analysis

  27. Application: Relay Attack • Relay attacks have been carried out successfully with • electronic passport (issued in Germany) • student identity card (used at the Ruhr University in Bochum) • Philips „Classic Mifare“ & „DESFire“ cryptographically enabled smartcards • Atmel AT88SC153 smartcard • tickets for the football world championship 2006

  28. Applications and Results Ticket for FIFA World Cup 2006 in Germany • successful relay attack (all data read out remotely via the Fake Tag) • embedded Mifare Ultralight chip  64 Byte data, providing NO encryption  with developed hardware: (simple) Replay Attack feasible!

  29. Applications and Results Timing Analysis of an „ACG Dual 2.1 Passport Reader Module“ reaction of the ACG reader to purposedly delayed answer of a transponder compliance with the „Frame Delay Time“, exactly defined in the ISO 14443, could not be observed  facilitates relay attack

  30. Applications and Results Investigations with regard to tuning and range • antennas made out of thin copper wire • antennas on PCBs

  31. Future Works • improved „Man in the Middle“ attack: • modify the relayed information in real time • increase reader operating range to 25 cm • implement and test new protocols / countermeasures • assist / perform other attacks: • remote power analysis • fault analysis • improve Differential Electro-Magnetic Analysis

  32. Conclusion • cost-effective design of a freely programmable RFID reader and • Fake Tag  emulation of any ISO 14443A complaint tag • Replay-attack(play-back of previously recorded data) • Relay-attack(real-time relaying of the data in both directions) • Timing Analysis of a commercial RFID reader • Different types of antennas were built and tested • promising applications & extensions: - Remote Power Analysis - DEMA - Fault Analysis • Recommendation: Shield RFID tags / contactless smartcards • to protect your privacy (e.g., one layer of aluminum foil) !

  33. Thanks for your attention! tkasper@crypto.rub.de

More Related