More Related Content
More from Albert Hui (15)
RFID Access Control Insecurity
- 3. How RFID Works Copyright © 2007 Albert Hui Inductive Coupling Backscatter Coupling
- 4. RFID Tags / Cards / Transponders Copyright © 2007 Albert Hui Trossen Robotics EM4102 Tag Kit
- 5. Ampoule Implant Copyright © 2007 Albert Hui Image from VeriChip Image from New York Times story “High Tech, Under the Skin”
- 6. RFID Implant Application Copyright © 2007 Albert Hui No more forgetting your keys! Totally worth it. Image from AmalGraafstra’sflickr.
- 7. A Matter of Frequencies Tradeoffs among: cost (antenna length) read distance resilience to interference Copyright © 2007 Albert Hui
- 8. UHFID – Supply Chain Tracking Pros: very low cost tags (US$0.05 ea. in volumes of 100 mil) long range (typical 20’ between 2 antennas) anti-collision (for simultaneous tag reads) Cons: serious interference from liquids and human body Copyright © 2007 Albert Hui
- 9. 2.4GHz – Toll Payment System Pros: very long range (typically 30’) Cons: transponders are battery powered, hence have a lifespan (typically 5 years) transponders are very expensive Copyright © 2007 Albert Hui
- 10. 2.4GHz – Singapore ERP Image from Wikipedia Traffic demand management system from Mitsubishi. Copyright © 2007 Albert Hui
- 11. LowFID Pros: signal less prone to metal/liquid interference Cons: high tag cost (due to longer copper antenna coil) Copyright © 2007 Albert Hui
- 12. LowFID – Animal Tracking Myriad proprietary standards, a reader may not even recognize existence of an incompatible chip. If your lost pet end up in a shelter without reader that can read your chip, God bless you. Compatibility info here. Copyright © 2007 Albert Hui
- 13. LowFID – Access Control “EM cards” (EM4102 / Unique) HID ProxCard Hitag 1/2/S Q5 TI-RFID 64bit / 1088bit ... Copyright © 2007 Albert Hui
- 14. 8.2MHz – EAS (Anti-Theft) 1-bit tag (absent / present) Detachable / deactivatable. Copyright © 2007 Albert Hui
- 15. HighFID Pros: low cost because antennas can be printed on labels / substrate Cons: serious interference from metals Copyright © 2007 Albert Hui
- 16. HighFID – Access Control ISO 14443A Mifare ICAO passport LEGIC ISO 14443B HID iCLASS Calypso ISO 15693 (“vicinity cards”) Copyright © 2007 Albert Hui
- 18. #1: Defeating EAS Jamming Shielding bag lined with 30 layers of aluminum foil (Faraday cage) Detaching most tags are detached with strong magnet Deactivating strong magnet Copyright © 2007 Albert Hui
- 19. #2: Skimming HF tags are proved skimmable from a distance up to 25cm [KIRS06]. Copyright © 2007 Albert Hui
- 21. How Simple RFID Door Lock Works Copyright © 2007 Albert Hui DooRFID from RFID Toys
- 23. #3: Cloning Attack Custom-built RFID tag emulator. Better yet, Q5 tags has EM4102 emulation built-in! Copyright © 2007 Albert Hui IAIK DemoTag
- 25. #4: Relay Attack G.P. Hancke, “Practical Attacks on Proximity Identification Systems”, Proc. IEEE Symposium on Security and Privacy, May 2006. Copyright © 2007 Albert Hui
- 26. #5: Cryptanalysis Exxon Mobile’s SpeedPass payment system has been compromised [BON05]. Weakness lies in TI’s flawed proprietary cipher. Mifare Classic has been compromised [KON08]. Weakness lies in NXP’s flawed proprietary cipher. Copyright © 2007 Albert Hui
- 27. A Few Take-Homes: Do not use an RFID access control that relies solely on the uniqueness of the card ID. Use RFID access control that use modern, mathematically proven crypto, e.g. MifareDESfire. Do not leave your access cards behind or lend them to other people. Copyright © 2007 Albert Hui