Domain: rfidanalysis.org
Stories and comments across the archive that link to rfidanalysis.org.
Comments · 12
-
Mixed Bag
I wrote a short paper concerning RFID technology about a year ago, it mostly concerned the hardware and systems architecture. There was no shortage of reports and studies of RFID keys being cracked like the mobile speedpass http://www.jhu.edu/news_info/news/home05/jan05/rf
i d.html.
http://www.ti.com/rfid/shtml/news-releases-rel02-1 0-05.shtml. Some of these passive rfid tags have no access control whatsoever. Meaning one take a small RFID programmer into their favorite store and start changing prices, or worse, write a virus to the RFID tag so the next time it's polled it'll get injected into their SQL DB. Possibly compromising their entire POS system. Ironically, this sort of stunt if done well enough could result in a jackpot of creditcard numbers so it wouldn't matter if you used an RFID enabled card or not at that point :).
Some random RFID links.
http://www.schneier.com/blog/archives/2005/03/rfid _security_a.html
http://www.rfidgazette.org/2004/06/rfid_101.html
http://www.rfidjournal.com/article/articleview/133 9/2/129/
http://www.technovelgy.com/ct/Technology-Article.a sp?ArtNum=20
http://www.enigmatic-consulting.com/Communications _articles/RFID/Link_budgets.html
A nice article on RFID virus attack
http://www.cbronline.com/article_news.asp?guid=B96 0208D-9ECF-4F0B-B964-4DD779BFF905
http://www.computerworld.com/securitytopics/securi ty/story/0,10801,100459p2,00.html
From which comes a nice quote, this is from 2005.
"The TI technology is vulnerable to attack because it uses a decade-old, 40-bit cryptographic key to encrypt communications between the RFID DST tags and readers, the researchers found. TI also used an unknown and proprietary encryption algorithm on its DST devices. But Rubin's team reverse-engineered the secret algorithm by observing how DST tags responded to specially crafted challenges. Once they guessed the algorithm, researchers created a software program that could be used in so-called brute-force attacks on DST devices to recover the secret cryptographic keys, Rubin said."
The site, http://rfidanalysis.org/ that hosted these findings no longer exists but you could probably find it cached on the net somewhere, wayback machine maybe.
Remember that RFID represents a system and not one piece of technology. The implementation of the system is dependent on the deployment plan. I could make an "RFID system" with 2 933Mhz radios and a pair of 8-bit microcontrollers from digikey for around $150. Sure, you could pull my data out of the air, but technically speaking I'm using RFID. I could also build my own RFID key system with 2048-bit encryption to act as the keys to my car. It's not that difficult to develop, really just assembling existing technologies. RFID can be done "right" and it is a promising technology. I wouldn't shun it for alot of commercial applications but for personal applications, well ask yourself the question. Is this thing a necessary part of your life?
Peter -
RFIDAnalysis.org Watch them start the vehicle
There's some nice videos online of a couple guys starting a vehigle that uses RFID security system.. I think they were made over a YEAR ago..
SO apparently this Research that has been documented and filmed is meaningless to the insurance company ehh ? It looks like this research was done by some Johns Hopkins University students in cooperation with RSA in January of 2005.. I'd say the vehicle owner should present some more evidence to the inurance company and get his claims check..
http://rfidanalysis.org/
This site is worth taking a look at.. -
google... in 30 seconds.. in 30 seconds (if I actually typed that slow), I could find this website on google...
A DST contains a secret, 40-bit cryptographic key which is field-programmable via RF command. In its interaction with a reader, a DST emits a factory-set (24-bit) identifier, and then authenticates itself by engaging in a challenge-response protocol. The reader initiates the protocol by transmitting a 40-bit challenge. The DST encrypts this challenge under its key and returns a 24-bit response. It is thus the secrecy of the key that ultimately protects the DST against cloning and simulation.
I'm pretty sure, as this article indicates, they probably use better stuff on modern cars these days...TI has indicated to the authors that they have more secure RFID products available at present; in lieu of specifying these products, they refer to the site www.ti-rfid.com for information.
I thought people might just be interested...In fact, RFID chips with somewhat longer key-lengths are already available in the marketplace and used in a range of automobile immobilizers. Philips offers two cryptographically enabled RFID chips for immobilizers. The Philips HITAG 2, however, has a 48-bit secret key, and thus offers only marginally better resistance to a brute-force attack-- certainly not a comfortable level for long-term security. The Philips SECT, in contrast, has a 128-bit key. The HITAG 2 algorithm is proprietary, while Philips data sheets do not appear to offer information about the cryptographic algorithm underpinning their SECT device. It is difficult to say, therefore, whether these algorithms are well designed.
-
The demons of stupidity are loose
>While automakers and locksmiths are supposed to be the only groups that know where and how security information is stored in a car, the information eventually falls into the wrong hands.
If you replicate a "secret" a few million times, put it in places outside your control, and if you have no way of changing it in the field then you do not have a secret!
>"...There are weaknesses in any system," Tim Hart of the Auto Locksmith Association told the U.K.'s Auto Express magazine.
What, Mr. Hart, are the weaknesses in OpenSSH public key authentication? It sounds like the automakers are trying to roll their own crypto, with the usual results. Designing a crypto system is like playing chess with a grandmaster. You'll make a mistake somewhere, and your opponent will find that mistake and use it to break you.
As long as people make blunders like this we'll have fiascos like the TI chips with 40-bit encryption. -
Seems like.....
It'd be a lot easier to get into people's houses....
http://rfidanalysis.org/ -
RFID hacking
check this site out if you think RFID is secure.
http://www.rfidanalysis.org/
These guys access a car, pay at teh pump gass, and other RFID services.
While MasterCard and Texas Instruments state that the new credit cards use a new RFID security, i suspect it will not be long before it is also comprimised.
Imagine walking down the street and some guy bumps you. You check your wallet, and it is still there, but the theif stole your RFID data and is alrady on his way. Your sense of security is physical security. I still have my card in my pocket, therefore, it must be secure. Guess again. -
Re:More fraud?
For all those people who think this is a good idea, try this web site.
http://rfidanalysis.org/
Scary. -
Re:THIS IS NOT RFID
Even if encryption is used, that doesn't guarantee security (think of the folks who broke Mobil SpeedPass, which is RFID with encryption http://rfidanalysis.org/). Distance doesn't even provide that much security, because someone can bump into you in a subway station, etc.
To me, it seems we could have a VERY simple solution to avoid scanning attacks -- why not just have a button on the card/tag that you have to press to let it know this is an authorized transaction?
Steve -
Re:Few Details
There was a slashdot article on this before. The website with the papers (By RSA laboratory) is at http://rfidanalysis.org/
-
Re:Show me the security
There have been reports http://www.techworld.com/mobility/features/index.
c fm?featureid=1178of Exxon's Speedpass being exploited by John's Hopkins http://www.rfidanalysis.org/ . I'd have to agree that this sin't ready for prime time. -
Re:Quite so.
You have completely failed to grasp the significance of this research. Here is a more detailed explanation.
-
For real geeks
Those of us who ever tried to figure out what a certain poorly-documented register on an ASIC really does, and enjoyed it, please read on:
http://www.rfidanalysis.org/DSTbreak.pdf