SlideShare a Scribd company logo

RFID Access Control Insecurity

Albert Hui
Albert Hui
TechnologyBusinessNews & Politics
1 of 27
RFID Access Control Insecurity Albert Hui, GCFA, CISA albert.hui@gmail.com
RFID is Everywhere Copyright © 2007 Albert Hui Image from Wikipedia
How RFID Works Copyright © 2007 Albert Hui Inductive Coupling Backscatter Coupling
RFID Tags / Cards / Transponders Copyright © 2007 Albert Hui Trossen Robotics EM4102 Tag Kit
Ampoule Implant Copyright © 2007 Albert Hui Image from VeriChip Image from New York Times story “High Tech, Under the Skin”
RFID Implant Application Copyright © 2007 Albert Hui No more forgetting your keys! Totally worth it. Image from AmalGraafstra’sflickr.
A Matter of Frequencies Tradeoffs among: cost (antenna length) read distance resilience to interference Copyright © 2007 Albert Hui
UHFID – Supply Chain Tracking Pros: very low cost tags (US$0.05 ea. in volumes of 100 mil) long range (typical 20’ between 2 antennas) anti-collision (for simultaneous tag reads) Cons: serious interference from liquids and human body Copyright © 2007 Albert Hui
2.4GHz – Toll Payment System Pros: very long range (typically 30’) Cons: transponders are battery powered, hence have a lifespan (typically 5 years) transponders are very expensive Copyright © 2007 Albert Hui
2.4GHz – Singapore ERP Image from Wikipedia Traffic demand management system from Mitsubishi. Copyright © 2007 Albert Hui
LowFID Pros: signal less prone to metal/liquid interference Cons: high tag cost (due to longer copper antenna coil) Copyright © 2007 Albert Hui
LowFID – Animal Tracking Myriad proprietary standards, a reader may not even recognize existence of an incompatible chip. If your lost pet end up in a shelter without reader that can read your chip, God bless you. Compatibility info here. Copyright © 2007 Albert Hui
LowFID – Access Control “EM cards” (EM4102 / Unique) HID ProxCard Hitag 1/2/S Q5 TI-RFID 64bit / 1088bit ... Copyright © 2007 Albert Hui
8.2MHz – EAS (Anti-Theft) 1-bit tag (absent / present) Detachable / deactivatable. Copyright © 2007 Albert Hui
HighFID Pros: low cost because antennas can be printed on labels / substrate Cons: serious interference from metals Copyright © 2007 Albert Hui
HighFID – Access Control ISO 14443A Mifare ICAO passport LEGIC ISO 14443B HID iCLASS Calypso ISO 15693 (“vicinity cards”) Copyright © 2007 Albert Hui
Compromising RFID-Based Security Systems Copyright © 2007 Albert Hui RFID Attacks
#1: Defeating EAS Jamming Shielding bag lined with 30 layers of aluminum foil (Faraday cage) Detaching most tags are detached with strong magnet Deactivating strong magnet Copyright © 2007 Albert Hui
#2: Skimming HF tags are proved skimmable from a distance up to 25cm [KIRS06]. Copyright © 2007 Albert Hui
Defense Against Skimming One word: Metal coating. Copyright © 2007 Albert Hui
How Simple RFID Door Lock Works Copyright © 2007 Albert Hui DooRFID from RFID Toys
“Unique ID”-Based Systems Security premise: tag has unique ID Copyright © 2007 Albert Hui
#3: Cloning Attack Custom-built RFID tag emulator. Better yet, Q5 tags has EM4102 emulation built-in! Copyright © 2007 Albert Hui IAIK DemoTag
Cloning Attack with Q5 Demo Copyright © 2007 Albert Hui
#4: Relay Attack G.P. Hancke, “Practical Attacks on Proximity Identification Systems”, Proc. IEEE Symposium on Security and Privacy, May 2006. Copyright © 2007 Albert Hui
#5: Cryptanalysis Exxon Mobile’s SpeedPass payment system has been compromised [BON05]. Weakness lies in TI’s flawed proprietary cipher. Mifare Classic has been compromised [KON08]. Weakness lies in NXP’s flawed proprietary cipher. Copyright © 2007 Albert Hui
A Few Take-Homes: Do not use an RFID access control that relies solely on the uniqueness of the card ID. Use RFID access control that use modern, mathematically proven crypto, e.g. MifareDESfire. Do not leave your access cards behind or lend them to other people. Copyright © 2007 Albert Hui

Recommended

Access control system_samsung
Access control system_samsungAccess control system_samsung
Access control system_samsung
GpsLazio
 
Rfid presentation
Rfid presentationRfid presentation
Rfid presentation
Kalpna Saharan
 
Rfid ppt
Rfid pptRfid ppt
Rfid ppt
Ronson Calvin Fernandes
 
RFID BASED ACCESS CONTROL SYSTEM
RFID BASED ACCESS CONTROL SYSTEMRFID BASED ACCESS CONTROL SYSTEM
RFID BASED ACCESS CONTROL SYSTEM
Suvendu Kumar Dash
 
Introduction to RFID
Introduction to RFIDIntroduction to RFID
Introduction to RFID
ILA SHARMA
 
Rfid for carton tracking v8
Rfid for carton tracking v8Rfid for carton tracking v8
Rfid for carton tracking v8
Sang Woo
 
RFID in Logistics
RFID in LogisticsRFID in Logistics
RFID in Logistics
Kaveen Gayathma
 
Software engineering rfid system
Software engineering rfid systemSoftware engineering rfid system
Software engineering rfid system
Ali Haider
 

Recommended

Access control system_samsung
Access control system_samsungAccess control system_samsung
Access control system_samsung
GpsLazio
 
Rfid presentation
Rfid presentationRfid presentation
Rfid presentation
Kalpna Saharan
 
Rfid ppt
Rfid pptRfid ppt
Rfid ppt
Ronson Calvin Fernandes
 
RFID BASED ACCESS CONTROL SYSTEM
RFID BASED ACCESS CONTROL SYSTEMRFID BASED ACCESS CONTROL SYSTEM
RFID BASED ACCESS CONTROL SYSTEM
Suvendu Kumar Dash
 
Introduction to RFID
Introduction to RFIDIntroduction to RFID
Introduction to RFID
ILA SHARMA
 
Rfid for carton tracking v8
Rfid for carton tracking v8Rfid for carton tracking v8
Rfid for carton tracking v8
Sang Woo
 
RFID in Logistics
RFID in LogisticsRFID in Logistics
RFID in Logistics
Kaveen Gayathma
 
Software engineering rfid system
Software engineering rfid systemSoftware engineering rfid system
Software engineering rfid system
Ali Haider
 
Information Security from Risk Management and Design
Information Security from Risk Management and DesignInformation Security from Risk Management and Design
Information Security from Risk Management and Design
Albert Hui
 
The Practice of Cyber Crime Investigations
The Practice of Cyber Crime InvestigationsThe Practice of Cyber Crime Investigations
The Practice of Cyber Crime Investigations
Albert Hui
 
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Albert Hui
 
Practical Defences Against A New Type of Professional Bank Fraudsters
Practical Defences Against A New Type of Professional Bank FraudstersPractical Defences Against A New Type of Professional Bank Fraudsters
Practical Defences Against A New Type of Professional Bank Fraudsters
Albert Hui
 
New Frontiers in Cyber Forensics
New Frontiers in Cyber ForensicsNew Frontiers in Cyber Forensics
New Frontiers in Cyber Forensics
Albert Hui
 
Laying the Corporate Groundwork for Effective Incident Investigation
Laying the Corporate Groundwork for Effective Incident InvestigationLaying the Corporate Groundwork for Effective Incident Investigation
Laying the Corporate Groundwork for Effective Incident Investigation
Albert Hui
 
Cyber Fraud - The New Frontiers
Cyber Fraud - The New FrontiersCyber Fraud - The New Frontiers
Cyber Fraud - The New Frontiers
Albert Hui
 
Detecting Threats - How to Think Like an Attacker
Detecting Threats - How to Think Like an AttackerDetecting Threats - How to Think Like an Attacker
Detecting Threats - How to Think Like an Attacker
Albert Hui
 
(Mis)trust in the cyber era
(Mis)trust in the cyber era(Mis)trust in the cyber era
(Mis)trust in the cyber era
Albert Hui
 
Universal DDoS Mitigation Bypass
Universal DDoS Mitigation BypassUniversal DDoS Mitigation Bypass
Universal DDoS Mitigation Bypass
Albert Hui
 
Cyber Security: Challenges and Solutions for the Corporate
Cyber Security: Challenges and Solutions for the CorporateCyber Security: Challenges and Solutions for the Corporate
Cyber Security: Challenges and Solutions for the Corporate
Albert Hui
 
The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?
Albert Hui
 
Incident Response Triage
Incident Response TriageIncident Response Triage
Incident Response Triage
Albert Hui
 
Insights into the Cybercrime Ecosystem
Insights into the Cybercrime EcosystemInsights into the Cybercrime Ecosystem
Insights into the Cybercrime Ecosystem
Albert Hui
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware Analysis
Albert Hui
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
apidays
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
apidays
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
The Digital Insurer
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Andrey Devyatkin
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
 

More Related Content

More from Albert Hui

Laying the Corporate Groundwork for Effective Incident Investigation
Laying the Corporate Groundwork for Effective Incident InvestigationLaying the Corporate Groundwork for Effective Incident Investigation
Laying the Corporate Groundwork for Effective Incident Investigation
Albert Hui
 
Cyber Fraud - The New Frontiers
Cyber Fraud - The New FrontiersCyber Fraud - The New Frontiers
Cyber Fraud - The New Frontiers
Albert Hui
 
(Mis)trust in the cyber era
(Mis)trust in the cyber era(Mis)trust in the cyber era
(Mis)trust in the cyber era
Albert Hui
 
The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?
Albert Hui
 
Incident Response Triage
Incident Response TriageIncident Response Triage
Incident Response Triage
Albert Hui
 
Insights into the Cybercrime Ecosystem
Insights into the Cybercrime EcosystemInsights into the Cybercrime Ecosystem
Insights into the Cybercrime Ecosystem
Albert Hui
 

More from Albert Hui (15)

Information Security from Risk Management and Design
Information Security from Risk Management and DesignInformation Security from Risk Management and Design
Information Security from Risk Management and Design
 
The Practice of Cyber Crime Investigations
The Practice of Cyber Crime InvestigationsThe Practice of Cyber Crime Investigations
The Practice of Cyber Crime Investigations
 
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
 
Practical Defences Against A New Type of Professional Bank Fraudsters
Practical Defences Against A New Type of Professional Bank FraudstersPractical Defences Against A New Type of Professional Bank Fraudsters
Practical Defences Against A New Type of Professional Bank Fraudsters
 
New Frontiers in Cyber Forensics
New Frontiers in Cyber ForensicsNew Frontiers in Cyber Forensics
New Frontiers in Cyber Forensics
 
Laying the Corporate Groundwork for Effective Incident Investigation
Laying the Corporate Groundwork for Effective Incident InvestigationLaying the Corporate Groundwork for Effective Incident Investigation
Laying the Corporate Groundwork for Effective Incident Investigation
 
Cyber Fraud - The New Frontiers
Cyber Fraud - The New FrontiersCyber Fraud - The New Frontiers
Cyber Fraud - The New Frontiers
 
Detecting Threats - How to Think Like an Attacker
Detecting Threats - How to Think Like an AttackerDetecting Threats - How to Think Like an Attacker
Detecting Threats - How to Think Like an Attacker
 
(Mis)trust in the cyber era
(Mis)trust in the cyber era(Mis)trust in the cyber era
(Mis)trust in the cyber era
 
Universal DDoS Mitigation Bypass
Universal DDoS Mitigation BypassUniversal DDoS Mitigation Bypass
Universal DDoS Mitigation Bypass
 
Cyber Security: Challenges and Solutions for the Corporate
Cyber Security: Challenges and Solutions for the CorporateCyber Security: Challenges and Solutions for the Corporate
Cyber Security: Challenges and Solutions for the Corporate
 
The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?The Aftermath: You Have Been Attacked! So what's next?
The Aftermath: You Have Been Attacked! So what's next?
 
Incident Response Triage
Incident Response TriageIncident Response Triage
Incident Response Triage
 
Insights into the Cybercrime Ecosystem
Insights into the Cybercrime EcosystemInsights into the Cybercrime Ecosystem
Insights into the Cybercrime Ecosystem
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware Analysis
 

Recently uploaded

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Recently uploaded (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 

RFID Access Control Insecurity

  • 1. RFID Access Control Insecurity Albert Hui, GCFA, CISA albert.hui@gmail.com
  • 2. RFID is Everywhere Copyright © 2007 Albert Hui Image from Wikipedia
  • 3. How RFID Works Copyright © 2007 Albert Hui Inductive Coupling Backscatter Coupling
  • 4. RFID Tags / Cards / Transponders Copyright © 2007 Albert Hui Trossen Robotics EM4102 Tag Kit
  • 5. Ampoule Implant Copyright © 2007 Albert Hui Image from VeriChip Image from New York Times story “High Tech, Under the Skin”
  • 6. RFID Implant Application Copyright © 2007 Albert Hui No more forgetting your keys! Totally worth it. Image from AmalGraafstra’sflickr.
  • 7. A Matter of Frequencies Tradeoffs among: cost (antenna length) read distance resilience to interference Copyright © 2007 Albert Hui
  • 8. UHFID – Supply Chain Tracking Pros: very low cost tags (US$0.05 ea. in volumes of 100 mil) long range (typical 20’ between 2 antennas) anti-collision (for simultaneous tag reads) Cons: serious interference from liquids and human body Copyright © 2007 Albert Hui
  • 9. 2.4GHz – Toll Payment System Pros: very long range (typically 30’) Cons: transponders are battery powered, hence have a lifespan (typically 5 years) transponders are very expensive Copyright © 2007 Albert Hui
  • 10. 2.4GHz – Singapore ERP Image from Wikipedia Traffic demand management system from Mitsubishi. Copyright © 2007 Albert Hui
  • 11. LowFID Pros: signal less prone to metal/liquid interference Cons: high tag cost (due to longer copper antenna coil) Copyright © 2007 Albert Hui
  • 12. LowFID – Animal Tracking Myriad proprietary standards, a reader may not even recognize existence of an incompatible chip. If your lost pet end up in a shelter without reader that can read your chip, God bless you. Compatibility info here. Copyright © 2007 Albert Hui
  • 13. LowFID – Access Control “EM cards” (EM4102 / Unique) HID ProxCard Hitag 1/2/S Q5 TI-RFID 64bit / 1088bit ... Copyright © 2007 Albert Hui
  • 14. 8.2MHz – EAS (Anti-Theft) 1-bit tag (absent / present) Detachable / deactivatable. Copyright © 2007 Albert Hui
  • 15. HighFID Pros: low cost because antennas can be printed on labels / substrate Cons: serious interference from metals Copyright © 2007 Albert Hui
  • 16. HighFID – Access Control ISO 14443A Mifare ICAO passport LEGIC ISO 14443B HID iCLASS Calypso ISO 15693 (“vicinity cards”) Copyright © 2007 Albert Hui
  • 17. Compromising RFID-Based Security Systems Copyright © 2007 Albert Hui RFID Attacks
  • 18. #1: Defeating EAS Jamming Shielding bag lined with 30 layers of aluminum foil (Faraday cage) Detaching most tags are detached with strong magnet Deactivating strong magnet Copyright © 2007 Albert Hui
  • 19. #2: Skimming HF tags are proved skimmable from a distance up to 25cm [KIRS06]. Copyright © 2007 Albert Hui
  • 20. Defense Against Skimming One word: Metal coating. Copyright © 2007 Albert Hui
  • 21. How Simple RFID Door Lock Works Copyright © 2007 Albert Hui DooRFID from RFID Toys
  • 22. “Unique ID”-Based Systems Security premise: tag has unique ID Copyright © 2007 Albert Hui
  • 23. #3: Cloning Attack Custom-built RFID tag emulator. Better yet, Q5 tags has EM4102 emulation built-in! Copyright © 2007 Albert Hui IAIK DemoTag
  • 24. Cloning Attack with Q5 Demo Copyright © 2007 Albert Hui
  • 25. #4: Relay Attack G.P. Hancke, “Practical Attacks on Proximity Identification Systems”, Proc. IEEE Symposium on Security and Privacy, May 2006. Copyright © 2007 Albert Hui
  • 26. #5: Cryptanalysis Exxon Mobile’s SpeedPass payment system has been compromised [BON05]. Weakness lies in TI’s flawed proprietary cipher. Mifare Classic has been compromised [KON08]. Weakness lies in NXP’s flawed proprietary cipher. Copyright © 2007 Albert Hui
  • 27. A Few Take-Homes: Do not use an RFID access control that relies solely on the uniqueness of the card ID. Use RFID access control that use modern, mathematically proven crypto, e.g. MifareDESfire. Do not leave your access cards behind or lend them to other people. Copyright © 2007 Albert Hui