1 remote power analysis of rfid tags joint work with adi shamir yossi.oren[at]weizmann.ac.il...
TRANSCRIPT
![Page 1: 1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06](https://reader036.vdocument.in/reader036/viewer/2022062714/56649d145503460f949e80ae/html5/thumbnails/1.jpg)
1
Remote Power Analysis of RFID TagsJoint work with Adi Shamir
yossi.oren[at]weizmann.ac.il28/Aug/06
![Page 2: 1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06](https://reader036.vdocument.in/reader036/viewer/2022062714/56649d145503460f949e80ae/html5/thumbnails/2.jpg)
2
Abstract
• The RF power reflected by an RFID tag is dependent on its internal power consumption
• This property allows power analysis attacks to be performed over a distance
• In the short term, it can be used to extract the kill password of EPC tags
![Page 3: 1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06](https://reader036.vdocument.in/reader036/viewer/2022062714/56649d145503460f949e80ae/html5/thumbnails/3.jpg)
3
Talk Structure
• Introduction to passive RFID
• Introduction to power analysis
• Our attack
• Countermeasures
![Page 4: 1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06](https://reader036.vdocument.in/reader036/viewer/2022062714/56649d145503460f949e80ae/html5/thumbnails/4.jpg)
4
A Taxonomy of RFID Tags
• An RFID tag is a very simple computer, usually associated with a physical object
• Tags communicate with a powerful reader over a wireless link
• Tags can be active or passive• … can be inductively or radiatively coupled,
and work in a variety of operating frequencies• Have various levels of computing power• EPC tags: passive tags, radiatively
coupled, 900MHz, read/write memory
![Page 5: 1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06](https://reader036.vdocument.in/reader036/viewer/2022062714/56649d145503460f949e80ae/html5/thumbnails/5.jpg)
5
Components of the EPC RFID System
Tag
• The reader has a powerful antenna and an external power supply
• The reader surrounds itself with an electromagnetic field
• The tag is illuminated by this field
Reader
![Page 6: 1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06](https://reader036.vdocument.in/reader036/viewer/2022062714/56649d145503460f949e80ae/html5/thumbnails/6.jpg)
6
ReaderTag Data Exchange
Tag
• The reader sends commands to the tag via pulse amplitude modulation
• The tag sends responses to the reader via backscatter modulation
Reader
![Page 7: 1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06](https://reader036.vdocument.in/reader036/viewer/2022062714/56649d145503460f949e80ae/html5/thumbnails/7.jpg)
7
ReaderTag Data Exchange
Tag
• The reader sends commands to the tag via pulse amplitude modulation
• The tag sends responses to the reader via backscatter modulation
Reader
![Page 8: 1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06](https://reader036.vdocument.in/reader036/viewer/2022062714/56649d145503460f949e80ae/html5/thumbnails/8.jpg)
8
Do Tags Have Secrets?
• Most of the payload of today’s RFID tags is public – that’s what they’re for
• However, tags still have secrets!
• Today – EPC tags have secret access and kill passwords
• Tomorrow – cryptographic keys?
![Page 9: 1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06](https://reader036.vdocument.in/reader036/viewer/2022062714/56649d145503460f949e80ae/html5/thumbnails/9.jpg)
9
An Introduction to power analysis
Toggle Flip-flop
VCCA
OUT
OscilloscopeOscilloscope
• Key observation – modern ICs consume more power when they switch between states
• Used by [Kocher et al. ‘99], others to attack cryptographic smart cards
5V
![Page 10: 1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06](https://reader036.vdocument.in/reader036/viewer/2022062714/56649d145503460f949e80ae/html5/thumbnails/10.jpg)
10
Cracking passwords with power analysis
• We send the password to a secure device bit by bit
• The first wrong bit is very “exciting”
• Allows password to be recoverable in linear time
• Was used in practice to crack PIN codes on smart cards
![Page 11: 1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06](https://reader036.vdocument.in/reader036/viewer/2022062714/56649d145503460f949e80ae/html5/thumbnails/11.jpg)
11
Previous work
• EM attacks ([van Eck ‘85], [Mangard ‘03])
• Attacks on RFID– Zapping [“Minime” et al. ‘05]– Jamming [Juels et al. ‘03], [Bolan ‘06]– Skimming [Kirschenbaum et al. ‘06]
![Page 12: 1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06](https://reader036.vdocument.in/reader036/viewer/2022062714/56649d145503460f949e80ae/html5/thumbnails/12.jpg)
12
Our attack
![Page 13: 1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06](https://reader036.vdocument.in/reader036/viewer/2022062714/56649d145503460f949e80ae/html5/thumbnails/13.jpg)
13
A Closer Look at Backscatter Modulation
TagReader
• The current flowing through the tag antenna results in an electromagnetic field
• Busy tag = More current = stronger field• We call this effect parasitic backscatter
![Page 14: 1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06](https://reader036.vdocument.in/reader036/viewer/2022062714/56649d145503460f949e80ae/html5/thumbnails/14.jpg)
14
Lab setup – physical
![Page 15: 1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06](https://reader036.vdocument.in/reader036/viewer/2022062714/56649d145503460f949e80ae/html5/thumbnails/15.jpg)
15
Lab setup – logical
![Page 16: 1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06](https://reader036.vdocument.in/reader036/viewer/2022062714/56649d145503460f949e80ae/html5/thumbnails/16.jpg)
16
Overview of results
• Existence of parasitic backscatter
• Effect of power consumption on backscatter
• Full power analysis attack from backscatter
![Page 17: 1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06](https://reader036.vdocument.in/reader036/viewer/2022062714/56649d145503460f949e80ae/html5/thumbnails/17.jpg)
17
Existence of parasitic backscatter (1)
• Trace shows the signal reflected from a Generation 1 tag during a kill command
• Tag is supposed to be completely silent• Is it? Let’s zoom in…
Power Time
![Page 18: 1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06](https://reader036.vdocument.in/reader036/viewer/2022062714/56649d145503460f949e80ae/html5/thumbnails/18.jpg)
18
Existence of parasitic backscatter (2)
• The distinctive saw-tooth pattern is added by the tag to the clean reader signal
• Probably caused by tag’s power extraction circuit• We can show that “thirsty” tags reflect more power
Reflection from tag Original signal from readerPower Time
![Page 19: 1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06](https://reader036.vdocument.in/reader036/viewer/2022062714/56649d145503460f949e80ae/html5/thumbnails/19.jpg)
19
Full power analysis attack from parasitic backscatter
• Recap: The first bad password bit is “very exciting”
• Experiment was done with one tag at a fixed location
• Tag was programmed with kill password “1111 1111”, then “0000 0001”
• In both cases we tried to kill it with the wrong password “0000 0000”
![Page 20: 1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06](https://reader036.vdocument.in/reader036/viewer/2022062714/56649d145503460f949e80ae/html5/thumbnails/20.jpg)
20
Extracting one password bit
Here, the tag is expecting “1111 1111”
Here, it is expecting “0000 0001”
In both cases, tag gets “0000 0000”
Power Time
![Page 21: 1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06](https://reader036.vdocument.in/reader036/viewer/2022062714/56649d145503460f949e80ae/html5/thumbnails/21.jpg)
21
Power analysis countermeasures
OscilloscopeOscilloscope
• Two main approaches:
– Mitigation: Lower the signal-to-noise ratio of the power trace
– Prevention: Completely decorrelate power consumption from internal state
![Page 22: 1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06](https://reader036.vdocument.in/reader036/viewer/2022062714/56649d145503460f949e80ae/html5/thumbnails/22.jpg)
22
Mitigation countermeasures
• Common approach: add noise to power consumption
• Problematic to add to tag
• Problematic to add to reader
![Page 23: 1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06](https://reader036.vdocument.in/reader036/viewer/2022062714/56649d145503460f949e80ae/html5/thumbnails/23.jpg)
23
Prevention countermeasures
• Common approach: consume the same amount of power every clock cycle
• Problem: Power consumption is always worst case
• Increases tag cost, reducesits usable range
![Page 24: 1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06](https://reader036.vdocument.in/reader036/viewer/2022062714/56649d145503460f949e80ae/html5/thumbnails/24.jpg)
24
Double-buffering power supply
Tag LogicTag Logic
Power Extraction
• Decouple power supply from consumers• Compatible with current RF front ends• Requires no modifications to tag’s control circuit
Power Extraction
![Page 25: 1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06](https://reader036.vdocument.in/reader036/viewer/2022062714/56649d145503460f949e80ae/html5/thumbnails/25.jpg)
25
Closing Remarks
• Power analysis attacks come from the world of smart cards
• The rules of the market for RFID tags are not the same as the one for smart cards
• Power analysis threat should be understood and publicized, or nobody will do anything about it
![Page 26: 1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06](https://reader036.vdocument.in/reader036/viewer/2022062714/56649d145503460f949e80ae/html5/thumbnails/26.jpg)
26The authors wish to thank Mickey Cohen, Ari Juels, Simon Krausz, Oded Smikt, Eran Tromer, Amir Yakoby, Oren Zarchin and the many other people who shared their knowledge, time and equipment and helped this research take shape.The authors wish to thank Mickey Cohen, Ari Juels, Simon Krausz, Oded Smikt, Eran Tromer, Amir Yakoby, Oren Zarchin and the many other people who shared their knowledge, time and equipment and helped this research take shape.
![Page 27: 1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06](https://reader036.vdocument.in/reader036/viewer/2022062714/56649d145503460f949e80ae/html5/thumbnails/27.jpg)
27
It’s all scratch slides from here on
• You really want to exit the slide show…
![Page 28: 1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06](https://reader036.vdocument.in/reader036/viewer/2022062714/56649d145503460f949e80ae/html5/thumbnails/28.jpg)
28
• TU Graz site, August 2005:
Almost previous work?
![Page 29: 1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06](https://reader036.vdocument.in/reader036/viewer/2022062714/56649d145503460f949e80ae/html5/thumbnails/29.jpg)
29
Double-buffering power supply
• Decouple power supply from consumers• Compatible with current RF front ends• Requires no modifications to tag’s control circuit
Power Extraction
Tag LogicTag Logic
Power Extraction
![Page 30: 1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06](https://reader036.vdocument.in/reader036/viewer/2022062714/56649d145503460f949e80ae/html5/thumbnails/30.jpg)
30
Double-buffering power supply
• Decouples power supply from consumers• Compatible with current RF front ends• Requires no modifications to tag’s control circuit
Tag Logic
Power Extraction
![Page 31: 1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06](https://reader036.vdocument.in/reader036/viewer/2022062714/56649d145503460f949e80ae/html5/thumbnails/31.jpg)
31
Double-buffering power supply
• Decouple power supply from consumers• Compatible with current RF front ends• Requires no modifications to tag’s control circuit
Power Extraction
Tag Logic
![Page 32: 1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06](https://reader036.vdocument.in/reader036/viewer/2022062714/56649d145503460f949e80ae/html5/thumbnails/32.jpg)
32
Double-buffering power supply
• Decouple power supply from consumers• Compatible with current RF front ends• Requires no modifications to tag’s control circuit
Power Extraction
Tag Logic
![Page 33: 1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06](https://reader036.vdocument.in/reader036/viewer/2022062714/56649d145503460f949e80ae/html5/thumbnails/33.jpg)
33
Scratch
TagReader
![Page 34: 1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06](https://reader036.vdocument.in/reader036/viewer/2022062714/56649d145503460f949e80ae/html5/thumbnails/34.jpg)
34
Scratch 2
TagReader
![Page 35: 1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06](https://reader036.vdocument.in/reader036/viewer/2022062714/56649d145503460f949e80ae/html5/thumbnails/35.jpg)
35
Scratch 3
Tag
• The reader has a powerful antenna and a power supply
• The reader surrounds itself with an electromagnetic field
• The tag is illuminated by the field, providing it with power
Reader
![Page 36: 1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06](https://reader036.vdocument.in/reader036/viewer/2022062714/56649d145503460f949e80ae/html5/thumbnails/36.jpg)
36
Scratch 4