RFID Security: Getting Serious
Thursday, February 09, 2006 - AIM Global
 |
Bert Moore
Editor, RFID Connections
Concerns about RFID security issues abound. It appears that many of these concerns are, in fact, legitimate.
The most troubling of all the reports is a recent demonstration by a Dutch TV station and a Dutch security firm. In this demonstration, data from the prototype Dutch RFID-enabled passport was "skimmed" and the security cracked in about 2 hours -- allowing access to the character-based and biometric information stored on the tag. Credible sources claim that it might be possible to do this not just in proximity (from the design parameter of about 10 cm) but up to 10 meters away. However, there have been some rumors that it was also shown later that the final encrypted version of the chip could not be cracked in the same way.
As much as anything, the Dutch demonstration shows that care must be taken when developing prototype demonstrations.
These reports of attacks on RFID systems get a lot of publicity. What does not receive such great publicity is the fact that the RFID industry has been taking serious steps to develop best practices and technical solutions to combat hacking.
Admittedly, security protocols for any technology will never be 100 percent hacker-proof. Likewise, it is true that not all systems require the same level of security -- that is, a library card won't require the same level of security as a passport. But the apparent ease with which some of the existing systems have been assaulted shows that security considerations are now more important than with some early implementations.
Rudimentary RFID security was adequate in the past because RFID was, essentially, a niche technology. That's no longer the case. Today, creative and talented individuals have decided that cracking RFID systems is an interesting challenge -- and they're succeeding.
Background
Some of the most widely publicized concerns illustrate the lack of security in some early implementations and demonstrations -- issues that do already have solutions.
The Metro customer loyalty card that was rewritten in a supposed demonstration of the "insecurity" of RFID had the capability of "locking" the data but this feature was not utilized because it did not occur to Metro that anyone would want to change a customer loyalty card ID. (It's still unlikely anyone would want to.)
The original U.S. RFID-enabled passport had no encryption or data security features and was reportedly readable outside its design range. This lapse is being addressed.
The encryption used in the low level Texas Instruments (TI) tag that has been used as an automobile immobilizer was successfully cracked (albeit by a team of cryptographers using some sophisticated equipment). More stringent encryption chips were available to auto manufacturers but were deemed unnecessary at the time. Luxury automobiles now use these more sophisticated chips for keyless entry and immobilization.
Data from the Exxon/Mobile SpeedPass has also been "cloned" and could be used to purchase gas using a PC and a hand-held antenna (although, like most credit card systems, this system has background security measures in effect to spot fraudulent use and "lock out" the use of that ID code to prevent significant misuse of cloned tag data).
A recent report that an implanted Verichip was "cloned" -- not really a great trick -- isn't all that troubling since the "clone" isn't a similarly-implanted tag but is only the ID code transmitted by a handheld device.
What's problematic is not so much the success of these attacks on RFID security protocols and the purported ability to read proximity chips at far more than their design distance but the fact that the media -- and more importantly customer organizations -- do not recognize that the RFID industry can already offer a much greater level of security such as that required for personal identity documents.
Current Situation
Chip manufacturers already offer enhanced encryption capabilities, for example, in the TI automobile immobilizer and RFID-enabled ID cards. Customers, however, have not necessarily embraced these more secure and more expensive solutions.
Equally important, however, are best practices in encoding the data. While available encryption and other security features are being strengthened, they may not be implemented in the most rigorous manner as was shown in the Dutch demonstration.
What made it relatively simple for the security firm to crack the Dutch code was the sequential passport numbering scheme. This provided the basis for comparison which provided the "help" the crackers needed. However, the test also used sample tags which were sequentially encoded. A random collection of passports might not be as easy to sample.
Various encryption, authentication and validation schemes are being proposed. The perceived problem with some of these schemes -- from the perspective of many RFID customers -- is that encryption raises memory requirements and therefore tag costs.
It should be remembered, however, that without access to chips before their unique identification code is permanently burned into them, it will not be possible to actually clone a chip -- as long as the chip's code is part of the data that's validated.
Current Actions
RFID chip manufacturers had already addressed many of the issues raised by those who've publicized supposed security lapses. For example, the ability to "lock" data on current generation tags prevents data from being changed. Very strong encryption is already available in chips for applications where it's needed. And security technology is constantly being upgraded.
The AIM Global RFID Experts Group (REG) has in place a work group to provide guidance on enhanced RFID security with respect to tag-to-reader security and reader-to-host security.
The Associatoin is working to promote intelligent implementation of RFID technology through unbiased, honest reporting of RFID applications. If you want to be a part of this work contact the organization.
Immediate Actions
First, all systems should check the tag ID code. The unique codes are far more difficult to counterfeit and, more importantly, are impossible to "mask" when the tag is read.
While it's true that including checking the tag ID won't prevent interception and retransmission of valid data, it will require the criminal to have a portable device to transmit the code rather than using a chip with the data encoded.
Second, proximity chip and card manufacturers must address the potential of a read up to 10 meters -- or disprove that it's possible.
Third, the industry and other interested parties must come together to develop extremely rigorous, dynamic encryption and other security measures to prevent cracking of tag data as well as the retransmission of intercepted data.
Fourth, users of RFID-enabled documents and other security-sensitive items must accept the fact that convenience and security most go hand-in-hand -- and that this may have a monetary price tag. If this is not accepted, the price tag will be much higher in terms of public suspicion, fraud, and the failure of RFID-enabled "security" features.
Anyone interested in participating in the REG Security activity should contact the AIM office.
Related articles:
RFID Hacking Threat Overstated: Tuesday, February 15, 2005
http://www.aimglobal.org/members/news/templates/aiminsights.asp?articleid=292&zoneid=26
When is RFID Not RFID? [US passports]: Tuesday, April 05, 2005
http://www.aimglobal.org/members/news/anmviewer.asp?a=327&z=26
Analysis: Counterfeit Tags: Thursday, June 30, 2005
http://www.aimglobal.org/members/news/templates/rfidinsights.asp?articleid=393&zoneid=24
Share this Story
Digg 
del.icio.us 
Yahoo 
Reddit 
Facebook 
Google
Related Articles
:
No Related Content Found
or 