rfid security cmpe 209, spring 2009 presented by:- snehal patel hitesh patel submitted to:- prof...
Post on 19-Dec-2015
214 Views
Preview:
TRANSCRIPT
RFID Security
CMPE 209, Spring 2009
Presented by:-Snehal PatelHitesh Patel
Submitted to:-Prof Richard Sinn
Agenda
• What is RFID?
• How RFID works?
• RFID Security Concerns.
• Possible attacks on RFID systems.
• Future enhancements.
• Conclusion.
What is RFID?
• RFID – Radio Frequency Identification.
• Used for identifying a product or an inventory.
• RFID has replaced the traditional barcodes.
• Wal-Mart has spent millions of $ on RFID research.
• RFID is all about providing a real-time information current location, planned destination and contents of the item that is being tracked.
How RFID works?
• RFID uses EPC (Electronic Product Code) that is similar to barcodes.
• It uses EPC protocol, that is a standard for all EPC systems.
• EPC decides two things, 1) How the separate and store information in the tags. 2) Decide how tags and readers communicate.
• RFID system consists of a reader, an antenna and tags.
How RFID works?
• Active Tags – It has its own battery and uses it own power to contact the reader.
• Passive Tags – Does not need a battery. Uses the EM field created by the signal from RFID reader.
• Class 0 tag – Read only.
• Class 1 tag – Once writeable.
• Amount of data – Can be 64, 96, 128, 256 or 512 bits.
• Security of data – Depending on class and the generation data on the tags can be encrypted.
How RFID works?
• RFID uses EPC (Electronic Product Code)
• Header – Tells the reader about the type of number that follows.
• EPC manager – Represents the company.
• Object Class – Represents the type of item.
• Serial Number – Represents the serial number of type of item.
Security concerns for RFID
• World readable tags can be read by unwanted entities.
• Important information like Credit Card details can be read by a simple gadget available on Amazon.com in a mere 8$.
• Some countries have implemented RFID passports. The encryption of chips in European passport was broken in 48 hours.
• RFID had limited memory hence less/no room for encryption.
• Readymade tools available that can read RFID tags e.g. RFDump.
• Man in middle attack.
• DoS attack (tag killing attack).
• Replay attack.
• Physical attack.
Possible Attack on RFID System
Hash Lock
• Steps to lock the tag:1. Reader select random key and calculate hash of key : MetaID
= HASH(key)
2. Reader write MetaID into tag
3. Now tag is in lock state
4. Reader store its key and tag key into backend database or locally
• RFID is widely used because it is cheap.
• Passive tags have limited power and limited computational resources.
• Sensitive information can easily be stolen or manipulated.
• No fixed standard at air interface e.g. The frequencies used for RFID in the USA are currently incompatible with those of Europe or Japan.
• RFID security related features/protocols are still in research phase.
Conclusion
top related