Friday, February 24, 2006

RFID: EPC Tags Subject to Phone Attacks

Excerpted from an article posted on RFID Journal Feb. 24, 2006
Each year, data security specialists attend RSA Security's annual conference to learn about the most recently discovered breaches in data security and encryption. When attendees gathered for the Cryptographers Panel during the RSA Conference 2006 last week in San Jose, Calif., they learned that one of these threats loom around RFID.

Adi Shamir, professor of computer science at the Weizmann Institute of Science, announced that he and a fellow Weizmann researcher, Yossi Oren, were able to kill an EPC Class 1 Gen 1 passive tag after hacking the tag to determine the kill password. While his experiment demonstrated only the ability to use a password to kill a tag, Shamir noted at the conference that in the future, passwords will likely be used to protect sensitive information encoded to EPC tags, and this same attack could be used to determine those passwords. In fact, according to Oren, the same method could be used find the larger kill passwords required to kill Gen 2 tags and could also be used to crack the protections around data on other types of tags, such as the account information and other personal data on RFID tags embedded in some credit cards.

Perhaps most troubling was Shamir's prediction that a power analysis attack on an RFID tag could be performed using a very common device. "While we have not implemented it, we believe that the cellular telephone has all the ingredients needed to carry out such an attack [to decipher a tag's password]," he said at the conference.

Oren explains that this would require the creation of firmware written to alter the phone's RF capability so that rather than communicating voice or data over a given phone network, it would instead search for EPC tags. The firmware running on the phone's operating system would then execute the attack. Phones using Global System for Mobile Communications (GSM) technology commonly transmit at 900 or 1,800 MHz. Phones employing Code Division Multiple Access (CDMA) technology, used mainly in the United States and Canada, transmit at 850 or 1,900 MHz. Because all both types of phones operate within the UHF band, says Oren, they could be used to communicate with UHF EPC tags.

Ari Juels, principal research scientist at RSA Laboratories, says this type of power analysis could also be used to crack key cryptography. This is what is used to protect account data encoded to the tag embedded in some credit cards. Although Juels does not know the amount of time or distance from the tag an attack on a HF tag would require, he says that if firmware were written to perform power analysis in order to determine the cryptographic key, thieves could use the key to make clones of the cards.

This wouldn't necessarily require the thief to make an exact clone of the tag or card, he says. "You could rejigger your mobile phone to simulate the credit card, and then go into a store to and use your phone to make a payment," he says. A growing number of merchants are enabling their POS systems to accept RFID payments. And while cellular phones operate in the UHF band, cell phones enabled for the near field communication protocol contain an RFID module that operates in the HF range (13.56 MHz), which is what the RFID credit card payment systems use.

Oren says that he hopes to publish, by next week, details on the power analysis attack they performed. He says he sent all of this documentation to EPCglobal already, and assumes that the technologists there are reviewing it.

EPCglobal, however, says the experiment applies mainly to Gen 1 tags, not Gen 2, which is the organization's main concern, and wouldn't provide further comment.



Thursday, February 09, 2006

RFID: Motorola M-Wallet

Excerpted from The Wall Street Journal, February 8, 2006, Using Your Cellphone as a Credit Card
"Motorola Inc. is planning to launch a system that will allow people to purchase products simply by waving a cellphone with an embedded chip over scanners at the cash register. Motorola is the first telecom-equipment maker to launch a large-scale mobile-wallet service in the U.S.

Before the service can be launched here, though, Motorola has to overcome several significant obstacles. First, it must cut a deal with a wireless carrier. Motorola... says it is in 'advanced discussion' with several cellphone companies and expects a deal later this year. ... Motorola also will have to get retailers to participate and in some cases to invest in upgrading their checkout scanners to communicate with phones equipped with embedded chips.

Initially, M-Wallet will be limited to banking transactions... as well as purchases from participating retailers such as airlines and movie houses. But Motorola says that in six to nine months, when a special chip for the phones is available, consumers will be able to pay for groceries and other things using the scanners at the cash register."

In the article and on Motorola's website the M-Wallet is described only as an "embedded chip", "encrypted chip", and "special chip". RFID is not specifically mentioned, nor is any other technology. Why not?