Power Analysis of RFID Tags

This is great work by Yossi Oren and Adi Shamir:

Abstract (Summary)

We show the first power analysis attack on passive RFID tags. Compared to standard power analysis attacks, this attack is unique in that it requires no physical contact with the device under attack. While the specific attack described here requires the attacker to actually transmit data to the tag under attack, the power analysis part itself requires only a receive antenna. This means that a variant of this attack can be devised such that the attacker is completely passive while it is acquiring the data, making the attack very hard to detect. As a proof of concept, we describe a password extraction attack on Class 1 Generation 1 EPC tags operating in the UHF frequency range. The attack presented below lets an adversary discover the kill password of such a tag and, then, disable it. The attack can be readily adapted to finding the access and kill passwords of Gen 2 tags. The main significance of our attack is in its implications ­ any cryptographic functionality built into tags needs to be designed to be resistant to power analysis, and achieving this resistance is an undertaking which has an effect both on the price and on the read range of tags.

My guess of the industry's response: downplay the results and pretend it's not a problem.

Posted on March 17, 2006 at 12:22 PM • 8 Comments

Comments

Davi OttenheimerMarch 17, 2006 1:37 PM

You're right. Since the RSA conference, when Adi brought this up on the Cryptographer's Panel, I really haven't seen much discussion about it...

http://searchsecurity.techtarget.com/...

"Shamir, professor at the Weizmann Institute of Science and the "S" in RSA, told a packed auditorium during the get-together of crypto hall-of-famers about how he and a student applied side-channel attacks against RFID tags. [...] "Everyone expects RFID tags to be huge; they're everywhere," Shamir said. "They're going to protect our identities in our passwords. They're going to protect items in stores. The fact is, the first generation is very weak.""

Davi OttenheimerMarch 17, 2006 2:30 PM

Aha, here's some evidence of the downplay syndrome:

http://www.rfidjournal.com/article/articleprint/...

"Gen 1 EPC tags were not designed to be used in situations where security was a real concern. [...] The amount of security required for anything depends on the value of the thing being protected and the application involved. While my son Thomas’s drawings are precious to me, protecting them doesn’t require the same level of security as protecting a Van Gogh. The Gen 1 tag was designed for use in the supply chain, simply to track goods moving from point to point. The original idea was that there was no need for any security on the tags because they would have only a serial number and all the data about the product would be secured in a database."

Yeah, no need for security here. This is commonly referred to as the "assets have no value" approach to diverting attention from vulnerabilities.

Although it may be valid at one point in time, unfortunately we all know that systems with the easiest path of adoption always end up being used even in situations they were "never meant for". This is another way of saying the quickest path to "success" comes simply by lowering expectations. The next issue is who was at fault for not knowing that the technology was not secure, especially if it is legal to sell the tag system without a disclaimer?

I'll never forget when an early WiFi company had WEP keys hard-coded into their access points. They said "well, we figured users would know never to transfer anything sensitive over wireless so we just use the same key on all our devices for ease of use". Ooops.

This article goes on to say...

"The possibility that someone would gain access to a Target distribution center or the back of a Wal-Mart store and start killing tags willy-nilly was remote, so the designers of the original Gen 1 tags decided that an 8-bit security code [256 possible kill codes, which takes about a minute today] was sufficient."

Remote indeed. Perhaps even "obscure"? So now he's going after the threats. But threats are just one factor in calculating risk. Vulnerability is the more significant factor in this case and should not be underestimated since threats are not a constant (emerging field of inquiry). Underestimating vulnerabilities, perhaps even to save cost, could seriously backfire when the cost to retrofit comes into play.

The article seems to boil down to a questionable prediction of future asset/threat factors in order to downplay/sidestep the vulnerabilities:
1) the assets that use this technology are not going to be worth protecting
2) threats have not been detected yet, therefore they will never materialize (perhaps because of the *assumed* low value of assets)

I would argue these could be true, but highly unlikely to stay that way. A vulnerability (lack of quality and/or long-term value) does matter. RFID users beware.

NoamMarch 18, 2006 11:16 AM

Let's say a modern supermarket uses RFID tags instead of barcodes. Moreover, it uses these tags to scan my shopping cart. If I could "kill" all tags prior to check out... I wouldn't have to pay for the goods. How is security not required here? Or did I miss anything?

--Noam.

jamesMarch 19, 2006 12:01 AM

And what about the inevitable 'mission creap'? These insecure tags will be used in new and different ways that have nothing to do with their currently intended market.

Arturo QuirantesMarch 20, 2006 2:35 AM

@ Mitchell,

Bruce is probably right. If the industry's reaction is the same as that of the GSM telephony when their algorithms were found to be weak, then you can expect the same kind of response:

a) Negation. ("oh, no, this is a hoax, our system is secure, we've got a paper at the CryptoSnakeOil Conference")

b) Uncertainty ("er, well, maybe there's a theoretical way in, I'm not acknowledging it anyway, but it would require physical contact, half of the NSA's computers, Bill Gates working on it 24/7 and a pint of beer, of course)

c) Fear ("Bruce who? Come on, I'm telling you, our system is 100% provable secure. Honest. Would you believe me, or your eyes")

d) Doubt ("of course, the algorithm you think is broken is not broken, ours has never left the drawer, so that one running wild on the Internet is a non-official one, even if it's bit by bit the same as ours, trust us")

e) Look elsewhere ("phew, thank goodness all folks are now too busy reading about the new Google-vs-UncleSam stuff, hopefully they won't pest about our product for a while" - whispered on the company's conference table)

f) Mission Accomplished ("Wow, do we innovate or not? Here's our brand-new 2.0 version, one which is totally resistant to the attack we never acknowledged to be true")

And, a few months later, back to step a)

Clive RobinsonMarch 21, 2006 9:42 AM

As an attack it's not realy new, just the fact that it has been writen up by a respected security/crypto researcher.

No doubt you will see a paper in a few month that involves active power injection attacks where you modulate the vector onto the "power" carrier be it at the correct or some other frequency (yes RFIDs do respond to a whole range of frequencies not just the designed one).

Or another that talks about using a low power microwave or other signal source to pick up similar signals from the chip either by transmision or reflection (this is an atack by the way that some smart cards are still vulnerable to).

The only suprise as normal is that people have not done it earlier or more likley have not bragged about it...

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..