RFID: THREATS, FAILURES, AND FIXES BY Rusty A.

Deaton

A Significant Paper submitted in partial fulfillment of the Requirements for the Degree of MASTERS OF Science in Business Information Technology

Troy, MI March, 2014

Revision History
Author Rusty Deaton Julie (Stanley) Skidmore Rusty Deaton Julie (Stanley) Skidmore Rusty Deaton Date: 3/4/2014 3/14/2014 3/16/2014 3/17/2014 3/17/2014 Reason For Changes Original Draft #001 Draft revisions for grammar Draft revisions for content Final revisions for grammar Final revisions for content

Table of Contents

II Literature Review ................................................................................................................... 2 LOGISTICS MANAGEMENT ................................................................................................ 2 PHYSICAL SECURITY ....................................................................................................... 4 INFORMATION STORAGE .................................................................................................. 8 TRANSACTIONAL USE ...................................................................................................... 8 POTENTIAL FIXES .......................................................................................................... 10 QUESTIONS AND TAKEAWAYS......................................................................................... 12 III Methodology and Approach ................................................................................................ 13 LOGISTICS MANAGEMENT WALMART AND RFID ROLLOUT ............................................. 13 INFORMATION STORAGE E-DOCUMENTS AND IDENTITY THEFT ....................................... 15 PHYSICAL SECURITY RFID IN TRANSIT ........................................................................ 17 TRANSACTIONAL SECURITY CREDIT WHERE IT IS DUE ................................................... 19 IV Results................................................................................................................................ 21 PROOF OF CONCEPT INTRODUCING THE ARDUINO ........................................................ 22 BUILDING, FLASHING, AND TESTING THE ARDUINO ............................................................ 23 SIMPLIFYING THE EQUATION 13.56MHZ APPLICATIONS ON SMARTPHONES ..................... 27 V Summary and Conclusions.................................................................................................. 33 SUGGESTIONS FOR FURTHER RESEARCH ....................................................................... 34 References ................................................................................................................................ 35

RFID: THREATS, FAILURES, AND FIXES

Introduction/Background

One of the greatest objectives of technology is to make daily life more convenient for the users of it. Much like ploughs used in lieu of hand tools to the eventual clustered computing to detect anomalies in DNA to determine the state of genetic diseases in humans; there is an undeniable drive to help make life easier and thus, more valuable. Radio Frequency Identification (RFID) Systems are a part of this technological cornucopia. In its modern implementation it may offer an unrivalled level of transparency into positions of items as they move through an area, an ease of entry (And subsequently access management) that makes keys a thing of the past, allows for rapid transactions to occur between customer and business, and several other uses. In its myriad implementations it no doubt meets the expectation that technology make life easier. There is, unfortunately, a darker side to making life easier. The same principles that RFID uses may be used against it; its data captured freely, and used against those systems where it is usable without an issue. If left unconsidered and its misappropriated use uncontested, it could be ultimately disastrous. This project seeks to outline cases where this unchecked diffusion of data, while typically infinitesimal and static in nature, can be exceedingly useful in a well-designed strategy to infiltrate an organization, commit fraud, or both.

RFID: THREATS, FAILURES, AND FIXES

II Literature Review
In the realm of RFID, there are a number of benefits that may be associated with it. It is commonly used as a means of logistics management, a layer of physical security, a token for transactional applications; a static reference to a point in a predefined database, and so forth. The information security discipline has wasted no time in taking these models used for RFID, exploding them, and discussing their findings. There is a wealth of knowledge that may be found for RFID that hails from sources that range from the purely scholastic and research-oriented to the bombastic and glory-minded. There is merit in discussing these findings, particularly as they relate to the realm of information security, and the salient fixes (or lack thereof) that come forward. Logistics Management There are a number of issues that make the logistics management angle of RFID ripe for attack from an information security standpoint. The most basic example in understanding the role of RFID in logistics management is to identify inventory in a given shipment. There are of course other uses from a logistics management standpoint, such as efficiency measurements e.g., determining when part A hit scan station 1, scan station 2, etc., or heuristics analysis e.g., determining how often an RFID-tagged ring is removed from its case and looked at, indicating potential interest. It is at these most basic uses of RFID where some of the most egregious abuses of the technology may occur.

RFID: THREATS, FAILURES, AND FIXES

The first and perhaps most simply executed of all threats associated with RFID are those associated with the physical RFID chip itself as discussed by Mitrokotsa, Rieback, and Tanenbaum (2010), wherein a suitably-informed threat agent may commit attacks that span across multiple layers of the chips architecture with very little committed resources. Chawla and Robins (2013) discuss how a threat agent looking to commit espionage might easily track an RFID chip or chips across locations, duplicate those chips to knowingly introduce faulty items into a rivals production base, or modify the RFID chips to redirect inventory flow. Another grim scenario would be disabling the tags- whether through physical destruction or through KILL commands- or sending mass amounts of false RFID requests through the attached monitoring systems to obfuscate traffic or attempt to break them (as discussed in Mitrokotsa, Rieback, Tanenbaum, 2010). There are some possible fixes to the presented vulnerabilities. Cryptography could be used with the RFID chip setup to help ensure that communications between the chip and its ultimate destination are authentic. Temporary restraint mechanisms could also be used, such as sleep/wake functions available on higher-end chips, faraday cage constructs over sensitive transport items, or RFID re-writing stations where all scanned items are re-written to meet a new set of criteria. Examples include a new cryptographic key or new metadata to throw off spoofing/cloning attempts (as discussed in Crispo, Rieback, Tanenbaum, 2006). Chawla and Robins (2013) posit other ideas, including authentication requirements to modify tag metadata such as passing a token or password (built into the EPC Gen2 RFID standard), pseudonym

RFID: THREATS, FAILURES, AND FIXES

generation to foil tracking, or the inclusion of RFID chips that possess Physically Unclonable Functions (PUF) to generate authentication responses. Without using sufficiently strong encryption models, the possibility of cracking the encryption on a tag rises significantly. This is most especially important within the scope of cryptographic key use or metadata reconstruction. Bono, Green, Juels, et al. (2008) shows how the 40-bit encryption used by Texas Instruments Digital Signature Transponder can, in the worst case, be cracked in an hour by reconstructing a key from two arbitrary challenges. Physical Security As a physical security device, RFID lends itself to having the capacity of a key in that it can act as a trigger to open doors while having the manageability attributed to a directory or entitlement system. Many vendors that offer RFID-based solutions are based off of Wiegand swipe card technology; that is to say a specific format in which data is to be placed on the RFID chip. ZHLab.com (2011) discusses how this is most commonly done with 26 bits, but may be up to 64 bits with some systems. For the purposes of the literature in this area of RFID study, it is not necessary to understand the exact specifications of the Wiegand format, nor the thousands of permutations of bit structures used with it. In fact, many attacks disregard these issues entirely. The attack surface for physical security devices are small, possibly out of the way and often directly related to the physical system. There is often no consideration for application proxies or mechanisms connected to these physical systems to root out potentially harmful data pushed through the interface, thus making them ripe for attack.

RFID: THREATS, FAILURES, AND FIXES

An example of a standard physical environment infrastructure used along-side RFID can be seen in Figure 1:

Figure 1: RFID use in Physical Environment Security There are three primary paths to attack RFID in the realm of physical defense. There are brute force techniques such as slamming as much Wiegand-appropriate data as possible at a system until the door unlocks. Another technique is cloning, which consists of creating a direct copy of the card for later use. The third method is attacking the system that runs the physical security system through its interfaces- often times, this is done by using a specifically designed RFID card. In a brute forcing scenario, the attacker sends values that are potentially valid as fast as possible until a correct value is found. However, brute force can take an

RFID: THREATS, FAILURES, AND FIXES

incredibly long time. For instance, a 26-bit Wiegand system would have over 67,000,000 different combinations. Antoniewicz (2011) demonstrated how under one attempt a second, which is what the Proxmark III (A noted RFID capture/store/replay tool) performs at, exhausting the 26-bit space would take over two years. In perfectly ideal circumstances, Byers, Lofton, Vangari-Balraj, et al. (2007) showed that the average time to brute force an EPCglobal UHF Class-1 Generation-2 RFID tag is 29 days, which means that this route of physical security mitigation is far too lengthy to be of genuine value. What emerges is that as with a password of suitable length, breaking into a building using RFID as physical security through brute force takes time. Cloning bypasses the problems that might be seen with brute-forcing a given system and gets to the root of the issue; copying keys, especially physical keys, will always be a valid path into a building. At its most basic, there are RFID cloning devices that may capture a single card and emulate it for future use, such as the open-source RFID tag developed by Ramiro Pareja (2011). At its most complex, there are devices that are designed to capture, store, and replay RFID tags from up to three feet away using a weaponized off-the-shelf RFID reader- Francis Brown (2013) described and provided a how-to for such a device. The problem with cloning as an attack vector is that it relies upon access to a valid card in order to create a duplicate of it; without access to the card, this method becomes worthless to a potential attacker. A final direction of research into bypassing RFID physical security mechanisms is to attack the backend systems controlling the RFID security device through the interface itself. Because of the intricate nature of systems and their interactions, RFID as a transmission medium can be extremely devious. For example, Rieback, Simpson,

RFID: THREATS, FAILURES, AND FIXES

Crispo, et al (2006) wrote an article on how an RFID tag could be coded to inject shutdown commands into a Structured Query Language (SQL) server. Figure 2 demonstrates an example of this.

Figure 2: RFID as an Attack Surface Additionally, RFID tags could be used to stage RFID-pathed malware if the backend server connects to the internet, such as using SQL Injection Attack-based methods to execute a Trivial File Transfer Protocol-based connection to a host server to download and execute malware (as additionally shown by Rieback, Crispo, Tanenbaum, 2006). In the event that an RFID backend server connected to the internet and allowed such an attack, it could be a gateway for a host of other, deeper attacks- not the least of which unlocking all doors.

RFID: THREATS, FAILURES, AND FIXES

Information Storage RFID tags can be used to store information presented upon activation, that being the basis for the majority of uses. A very high-profile use of RFID as an information storage device are passports. Nogueira and Greis (2009) outline how RFID chips may be embedded into passport documentation, and how those chips contain several data entries, including name, date of birth, a digital photograph of the person, and so forth. Research into the implementation of these documents shows that they fall victim to many of the issues that are endemic to the technology itself. Research done by Koscher, Juels, Brajkovic, and Kohno (2009) suggests that it is currently feasible to clone the data contained within these RFID tags. Further research suggests that even if sensitive e-documents applied the currently established standards presented by the International Civil Aviation Organization regarding encryption that it would not be of particular worth; it has such low entropy that a laptop could crack the key encrypting an e-document in a few hours (as presented by Juels, Molnar, Wagner, 2005). Transactional Use As evidenced previously by Bono, Green, Juels, et al. (2008), there are transactional systems that rely upon RFID. There may be a number of very steep problems with this given the sensitivity of data involved and the risks associated with leaked data related to financial transactions. There are a number of articles on issues associated with RFID as a transactional exchange medium, and the challenges associated. Garfinkel, Juels, Pappu (2005) outlined a number of threats that matter to all RFID systems- one example includes issues regarding the metadata of the token, such as the token being sensed in a given location at a given time. Another issue is

RFID: THREATS, FAILURES, AND FIXES

the consequence of association, such as having your identity tied to a token that may be removed from your presence and again of cloning the device. Kaspar, Silbermann, and Parr (2010) showed that one may create counterfeit cards that appear legitimate to a poorly-devised transactional system. In this, there is a capacity to set up cards to have no value associated with them or conversely, have the capability to set them to a high value. In those transactional systems that store the relative worth of the token on a backend server, the relative security of the token could be increased but research suggests there are still a number of issues that must be addressed. First generation contactless cards appeared to have many of the issues that a backend-less system had. Heydt-Benjamin, Bailey, Fu, et al. (2009) indicated how these issues included unmitigated replay attacks, the capacity to capture cards through a number of means such as skimming, eavesdropping, etc., as well as privacy invasion issues due to user data being stored within the card on the RFID chip. Kristina Paget (2012), during their Shmoocon presentation, expounded further on the flaws inherent within using RFID as a financial transaction medium. While each component such as the cards, the readers, and the transaction protocol, is relatively secure, the system is expected to talk to the point of sale system. Therefore, it has to effectively dumb itself down to communicate to these systems. Figure 3 demonstrates this graphically:

RFID: THREATS, FAILURES, AND FIXES

10

Figure 3: Findings from Pagets 2012 Shmoocon Analysis Potential Fixes Given the current implementation of RFID chips and the constraints placed on them by the nature of their uses, traditional fixes might be taken to securitize fall flat. However, there is a lot of research dedicated to authentication protocols between readers and tags as well as encryption methods to prevent the simple eavesdropping of data between tag and reader. Indeed a good deal of the research texts out there acknowledge that one of the major failings of RFID is that anyone, with any reader, may read the data off of a given RFID chip and then use that data for whatever they need to. The authentication protocol research about RFID has to deal almost exclusively with mutual authentication schemes. This research primarily deals with using areas within the RFID tag to store a key. Changes are allowed at the tag level so long as the

RFID: THREATS, FAILURES, AND FIXES

11

expected response is entered (as shown by the work of Peris-Lopez, HernandezCastro, Tapiador, and Ribagorda, 2006). An example that sums up much of the research done at a conceptual level can be seen in a paper by Yijuan Luo et al. (2010), wherein pseudo-random numbers are used to facilitate secure updates between tag and backend. This in turn reduces the likelihood of bad actors performing tasks on the tags, e.g., editing data. When it comes to data, the tag will only allow editing by a reader that presents the proper key to decrypt based on the mutual authorization schema or tracking them by means of remembering the data they present since the data changes at each authorization step. A graphical representation of this workflow can be seen in figure 4:

Figure 4: Overview of WG-7 Cipher

RFID: THREATS, FAILURES, AND FIXES

12

There are, of course, issues within these proposed resolutions. In 2012, a rather compelling analysis was done of the stream cipher authentication process presented by Luo et al. in 2010. Determined by Orumiehchiha, Pieprzyk and Steinfeld (2012), the mutual authentication schema along with the encryption schema used by Luo et al. (2010) could be broken with relative ease due to flaws in the protocol itself. Additional analyses from other teams have shown similar findings with other protocols. A paper presented by Avoine and Carpent (2013) has shown that these ultralight protocols are lacking and with one proposed ultralight protocol, the LMAP protocol (as proposed by Peris-Lopez, Hernandez-Castro, Tapiador and Ribagorda, 2006), an attacker need only eavesdrop for around 18 sessions on average in order to recover enough of the secret key to mutually authenticate and begin effectively communicating with the back end server. Questions and Takeaways There are a few questions that must be asked from the standpoint of a security professional in regards to RFID. For starters, has a focus on cheap technology rendered a genuinely inferior product for any purpose? Can the issues outlined by researchers overcome short of re-engineering the product? Further, does its lack of security necessarily debase it as a tool, provided the understanding of its inherently insecure nature? Some very key points to take away from the research is how easy it is to copy RFID data. Every discussed use of RFID had the same issue, and indeed it could be argued that every physical system will have this flaw. Another point is that RFID is a viable attack surface. Several researchers in various fields have shown whether it is

RFID: THREATS, FAILURES, AND FIXES

13

corporate espionage or malware, without securitizing and streamlining business processes, misuse and abuse can occur to these systems.

III Methodology and Approach

Logistics Management Walmart and RFID rollout An article by Violino (2003) cited that Walmart made a bold declaration: to have its top 100 suppliers place RFID tags on pallets and cases by 2005, meaning roughly 1 billion cases a year would be tagged. Figure 5 shows an example of the style of RFID tags to be used- passively powered, built in antennas, made to be relatively small and inexpensive.

Figure 5: Flexible RFID Transponder, taken by Andre Nitsche (2009) This was a massive change in the process as it was and not only did suppliers have a tough time meeting this change; Walmart did, as well. An article by Matt Malone (2012) detailed the pains witnessed on both sides:

RFID: THREATS, FAILURES, AND FIXES

14

Not only hadn't adoption spread quickly to other retailers and suppliers, WalMart faced its own issues with implementation, including pushback from suppliers and technical problems. In the early days, the company's database wasn't big enough to handle the volume of data generated by the new system. By late 2005, its ambitions had already been scaled back. Wal-Mart announced that the "next 300" of its top suppliers would begin tagging by 2007-- a far cry from the full compliance the company spokesman had touted just two years earlier. The technical challenges presented by RFID implementation are very real. Walmart saw at the very beginning a key issue with RFID; it generates a lot of data very quickly that can be difficult to scale. A smart attacker could have used denial of service attacks on the newly-minted RFID infrastructure itself. As outlined by Mitrokotsa, Rieback, and Tanenbaums (2010) research on RFID attacks, the intent would be to wreak havoc. If the RFID application isnt segmented from the standard network, it could lead to a denial of service across the entirety of the organizations local infrastructure. Another problem at the time of Walmarts decision to roll out was that the standards behind RFID and systems to reliably work with the standard were still in a very formative state. As written in a retrospective piece on Walmarts RFID woes by Sharon Gaudin (2008), Part of the problem was that the plan was unveiled before the RFID industry was ready for it, users and analysts said. There were no standards, the technology was in its infancy, prices were high, and fly-by-night vendors and consultants littered the industry. With such a large gap in familiarity, it is easy to see potential issues that could arise in the implementation, such as leaving middleware

RFID: THREATS, FAILURES, AND FIXES

15

servers vulnerable to SQL injection attacks via RFID as outlined by Rieback, Crispo, and Tanenbaum (2006) in their work on the subject. Unfortunately, there are no quick alternatives in the arena of logistics management. A massive motivator in the use of RFID as a tracking tool continues to be cost. Palmer (2004) noted a 2004 case study done by the ARC Advisory Group that determined the average cost for a passive RFID tag was 57 cents, which is what Walmart wanted instituted. When one takes into consideration the average price for an RFID tag at that time may very well have been half of the profit from a given crate of goods, it is easy to see why the adoption of RFID stagnated amongst Walmarts suppliers. Even today, with prices for possible alternatives such as low-powered Bluetooth transponders coming down, they cannot meet the significant cost advantage provided by current RFID chip costs, which RFID Journal (2014) places anywhere between 7 and 15 cents, depending on volumes ordered. As for the baseline security of these older deployments of RFID technology, security researchers agree that the focus was not as much on security as it should have been. According to Craig Schmugar, a noted threat researcher regarding RFID rollouts around Walmarts time frame, In general, the impression the companies have is slightly skewed to things being more secure than they've been proven to be! The emphasis is first on getting the technology widely deployed, and then security is secondary" (As quoted by Zappone, 2007).

Information Storage E-Documents and Identity Theft

RFID: THREATS, FAILURES, AND FIXES

16

It is no secret that the United States has become incredibly concerned with security since the events of September 11, 2001. One such aspect of security is ensuring that people are whom they say they are, particularly when entering and exiting the country. It was under this rationale that, in 2007, the United States began issuing epassports. In addition to the standard passport, it possesses a small RFID-enabled chip that stores various information about the individual as well as a digital copy of the individuals photograph so that it can be ran through facial recognition software at points of entry (per the U.S. Department of State, 2014). The United States is not the only country that has adopted the use of RFID-enabled passports. Clary (2012) outlines in an article that per the International Civil Aviation Organization, 93 of 193 U.N. member states in 2012 used e-passports with an additional 21 countries deploying the technology for RFID-enabled passports in the next four years. It seems at odds that a technology proven to be insecure would be implemented across the globe. Chris Paget (2009), at Shmoocon V, provided proof of the concept wherein he was able to pull data from a portion of these e-documents such as enhanced drivers licenses, at a range of 250 feet and readily clone them. Passports are a harder to access set of e-documents that often have additional security measures built into them. As previously shown, these security measures often have such low entropy that they may be defeated in a matter of hours by a laptop. Cem Paya (2012), a security researcher, noted how easily one could read the United States passport with an Android Smartphone. If one were to pay attention to the pages of another persons passport while they looked it over, for instance, the information contained therein could be retrieved without issue and the contents harvested. Of further interest is the

RFID: THREATS, FAILURES, AND FIXES

17

traceability of RFID technology. Chothia and Smirnovs (2010) study indicated that the data sent back from as well as the time taken to respond to a challenge for each countrys passport differs. This means that one can determine the nationality of an individual by passively reading the passport tag. Physical Security RFID in Transit Given the speed data is processed via RFID for logistics, which is what drove Walmart to implement RFID in the previous case, it only makes sense that organizations would seek to implement it for other mobile bodies, such as people. It stands to reason that by being able to track access; to know when to let a turnstile activate and let someone through that the costs of system monitoring could be reduced. The time needed to process individuals could likewise reduce. One would not need to look any further than city streets to see RFID in action. A particularly major rollout of RFID as physical access may be found in Europe. As of 2011, the Netherlands moved entirely to an RFID-based system for public transit called OV-Chipkaart (per Trans Link Systems, 2011). Per publically released documents cited by Martin (2008), the OV-Chipkaart system uses the MIFARE Classic chipset, which does have cryptographic features that protect it from out-and-out tampering. These cards are then used to check-in at gates by deducting a boarding fare. The cards then check-out either after completing the transit or after moving to another form of transportation. The cards then refund the boarding fare, minus the amount travelled on the service. The goal is to charge people a rate that is fair based on the use while offering incentive to users to disclose traffic data (Per Trans Link Systems, 2014).

RFID: THREATS, FAILURES, AND FIXES

18

The security community, for lack of a better description, has turned this system on its head. Before the system rolled out extensively across the Netherlands, Nohl and Pltz (2007) reported on the cryptographic failings of the MIFARE classic card during the 2007 Chaos Communication Conference. While Nohl and Pltz did not directly release the low-level elements of the MIFARE classic card, their work was foundational for the programmatic defeat of MIFARE classic security features. These failings on behalf of MIFAREs creator, NXP Semiconductors, allowed for what little security that the card had to be ripped apart. The Chipkaart-OV system relies on trusted components to perform authentication and authorization; therefore, an evil actor can wreak havoc by exploiting systemic weaknesses. As previously discussed, there are three real inroads on a physical security system; brute forcing the system, cloning valid access into the system, or attacking the infrastructure surrounding the RFID system. With the security compromised on the OVChipkaart system, these attacks became not only possible, but extremely welldocumented. Gans, Hoepman, and Garcia (2008) presented within their research that while brute-forcing is, traditionally, a poor method with regards to bypassing RFIDbased physical security, it was offline brute-forcing where thousands of attacks can be done per second- as opposed to a few per second- that enabled the attack and damned the chipset as a whole. As for cloning strategies, there are a number of applications reported by bloggers such as The Linkielist (2011) that allow for filling up anonymous Chipkaards once, generating a copy of it, and reverting back to the copy occasionally. Per the Linkielists (2011) anecdotal coverage of the issue, this is undetectable by the service. The worst case scenario behind the cloned RFID chip information being

RFID: THREATS, FAILURES, AND FIXES

19

blacklisted is loss of initial payment. If the system takes too long to catch on to the clone, it may be irrelevant and long since spent. Another impressive feat is the capacity to work around the system entirely using the compromised RFID card. Per an article by Brenno de Winter (2011), an application was made available to edit the data on the RFID card in order to check-in automatically for a specific time and date. With the use of this application, the attacker never has to deal with the back end of the infrastructure. With the information on the card appearing entirely valid, even to conductors who see the check in time when scanning the card, the fraud is entirely undetectable. Even more interesting is the escalation and abstraction of these attacks into devices outside of the OV-Chipkaard, by way of using RFID-capable phones and possibly pulling the data of legitimate users cards at range (Johnson, 2013). Transactional Security Credit Where it is Due With the number of flaws already pointed out in RFID as a technology, it is not surprising that as a transactional token that RFID makes a less than optimal choice. Consider the EasyCard system, implemented by the city of Taipei. The EasyCard acts as a payment card for public transit, which as previously demonstrated by the OVChipkaard system, is insecure. The differentiating factor between the OV-Chipkaard system and EasyCard is that EasyCard has become significantly more than a transit card. An article by Mo Yan-chih (2011) describes how the EasyCard may also be used as an electronic wallet and indeed, the article expresses its expansion from convenience stores and restaurants to fast food chains and gas stations. Harald Welte (2010), at the 27th Chaos Communication Congress, clearly demonstrated methods by which values on the card could be increased, decreased, or otherwise, altered by an

RFID: THREATS, FAILURES, AND FIXES

20

attacker. Financial transactions have far more visibility; for instance, an article by Mo Yan-chih (2011) describes how an attacker was caught by monitoring transactions and tracking them down. This goes to show that while the processes by which people attempt to steal may change, their patterns may not. A more sophisticated attacker might elect to target credit cards. Given the research done by Kristina Paget (2012) presented during Shmoocon, a suitably motivated attacker could hop on a crowded subway with a weaponized card reader and copy several RFID-enabled credit cards without issue. Once captured, there is a myriad of things the attacker can do with the information. On the low-end of technical requirements, the card could be cloned for later use and applied to a single transaction requiring a CVV. On the technically intricate side of things, Eddie Lee (2012) during Defcon 20 was able to demonstrate how an attacker could use one smartphone to skim transactions, transmit that data to another smartphone directly, and use that smartphones NFC capabilities to activate a genuine card reader to execute a purchase. A graphical representation of this can be seen in Figure 6.

RFID: THREATS, FAILURES, AND FIXES

21

Figure 6: Workflow of NFCProxy Application

IV Results
As has been demonstrated in both academic research and reported cases throughout the world, RFID as a technology is insecure. It is assumed that individuals perpetrating these crimes are technically savvy. Solutions required to abuse such systems necessitate experience-building hardware, programming knowledge to make the hardware act as required, and systems data in order to act on the information gleaned by the attack. It has become incredibly easy to perpetrate these attacks, regardless of technical expertise. In an attempt to debunk the idea that it takes true technical brilliance to exploit these systems, two paths were taken to achieve the same result. The first path was the creation of a proof of concept device to scan passive RFID tags. The second was to see if off-the-shelf technology could present this same effect.

RFID: THREATS, FAILURES, AND FIXES

22

Proof of Concept Introducing the Arduino In order to present proof of concept for capturing RFID, an entire technological base needed to be determined. What voltage should be used? Should it be portable? How should the device interface for transmitting RFID data from the capturing component to a computer? How would the antenna for receiving and/or transmitting RFID data be designed? Fortunately, these questions are easily answered by a wide range of single-board microcontroller, breakout board, and attached component kits that have come out in recent years, in the hobbyist sphere. There are too many choices and configurations for the scope of this discussion, but it should be noted that many microcontrollers could do everything as required within the above questions. For the project, an Arduino Uno was selected as the microcontroller base. The Uno could be powered off of multiple sources such as a USB, a 9V battery, or a standard 120V wall plug. It could be portable if required and can connect via USB to a computer to offload data received from components attached to it. A few examples include breakout boards or stackable attached components commonly referred to as shields. As for the RFID component, the Adafruit PN532 RFID/NFC shield was chosen. Firstly, the Adafruit shield operates in the 13.56MHz frequency; this is the same frequency that all ISO/IEC 14443 compliant contactless cards operate under, which happens to be the same exact frequency that MIFARE classic and contactless credit cards operate. This frequency is commonly used for Near Field Communications (NFC). Secondly, the stackable nature of the shield means that it could be paired with other shields, such as when a GPS shield determines where a card was scanned or a Wifi card in a static installation clones cards when they pass a predetermined area and

RFID: THREATS, FAILURES, AND FIXES

23

pass that data forward. Thirdly, an integrated antenna allowed for testing without having to design, construct, and integrate an antenna into a proof of concept. An example of the workflow can be seen below in Figure 7.

Figure 7: POC Use Case Building, flashing, and testing the Arduino Courtesy the procurement source, the Arduino came pre-assembled. The shield, too, came pre-assembled. The real problem was getting the two components joined together. Fortunately, the components were easily soldered together using techniques and reading the instructions available on the Adafruit website (Courtesy Adafruit, 2013). For the sake of keeping the proof of concept on a surface that was non-conductive to ensure components were not damaged during the various moving, packing, and unpacking the device might see, it was mounted onto an acrylic base. The finished result of the soldering and mounting effort can be seen in Figure 8.

RFID: THREATS, FAILURES, AND FIXES

24

Figure 8: Completed soldiering of POC Now that the device was assembled, and all components powered on when plugged in, the next step was to program the microcontroller to do its intended purpose. One of the key reasons Arduino was chosen for this project was the incredibly robust Integrated Development Environment (IDE) that is available for it. The development environment allows the microcontroller on the Arduino to be properly programmed to our needs. The Adafruit team was even kind enough to provide a sample code for MIFARE classic card reading. Figure 9 displays an example of the IDE, and an example of the programming language used on the Arduino itself.

RFID: THREATS, FAILURES, AND FIXES

25

Figure 9: Arduino IDE Since the code was provided via the hobbyist community, the next thing to do was to upload it to the device. The Arduino has an onboard, flashable ROM that is used to operate the various components of the device. Properly written, it is then compiled into machine language and uploaded via USB onto the device. Once this is done, the device becomes usable. Figure 10 shows the expected output from a successful compile and upload to the device.

Figure 10: Compilation and Uploading to Arduino

RFID: THREATS, FAILURES, AND FIXES

26

Once the compilation and uploading of the project to the device are complete, now is the time to test it. The problem with testing is that there is a necessary process to interface with the Arduino, which turns out to be surprisingly easy. The information that comes over the Arduino is easily accessible. One option is through the IDEs builtin serial monitor; a dedicated serial port logging application in the event of using Windows as your development environment. Another is by using the Linux command TAIL in a terminal session to capture data from the relevant serial port. It is recommended to use something other than the built-in serial monitor, as it lacks the capacity to save results. Once a monitoring/logging method has been chosen, the device can be adequately tested. Figure 11 displays results from the Arduino running a Memory Dump application that seeks to pull all of the relevant data off of an MIFARE card for later cloning.

Figure 11: Results of MIFARE memdump program

RFID: THREATS, FAILURES, AND FIXES

27

Simplifying the equation 13.56MHz Applications on Smartphones The amazing thing about technology is a constant push for the integration of devices. As such, the smartphone has become such a platform for integration. The phone was once a means to communicate verbally. Now it is used for internet access, photography, basic computing tasks, video games, and fairly recently-the ability to read NFC. Googles Android platform was crucial for the implementation of NFC on smartphones. This was primarily due to the creation of Google Wallet, a digital wallet that securely store payment information and allows for NFC-based payments reminiscent of a standard credit card (Per Google, 2014). What this means to a dedicated attacker is that instead of having to carry around a laptop with attached antennas, or weaponized reading devices, an attacker need only use their phone to skim data from potential targets. With NFC technology integrated into the smartphone, it stands to reason that there would be a number of applications that would allow for at the very least, interaction with the medium and at the very most abuse of those real world systems that rely on NFC. As it turns out, this is true. Eddie Lees (2012) NFCProxy was developed on Android. For the sake of argument, however; the applications that will be targeted are those freely available on the Google Play store, meaning no special access is needed to software or hardware components to use them. While there are a rather large number of applications that are on the Google Play store that deal with NFC, there are a few that offer very strong capabilities given the topic at hand.

RFID: THREATS, FAILURES, AND FIXES

28

At a basic level, there are applications that allow for the creation, reading, updating, and deletion of data within a given RFID tag. Perhaps the most robust is NFC Tools by Wakdev (2014). The application quickly reads a given tag and determines some simple information about it. Figures 12 and 13 demonstrate the base read UI of NFC Tools, and what happens when the application encounters a tag.

Figures 12, 13: NFC Tools UI While NFC tag allows for a simple hobbyist to explore NFC and perform tasks, such as an RFID tag automatically opening a site, it does not give the depth required to capture and clone RFID. Enter the Mifare Classic Tool (MCT), developed by IKARUS Projects (2014). MCT is specifically built to capture anything that an interested party might want from an

RFID: THREATS, FAILURES, AND FIXES

29

MIFARE classic card, and effectively replaces the Arduino proof of concept for purposes of capturing, storing, and cloning those stored elements to other cards. The workflow for cloning cards is relatively simple, as evidenced in figures 14 and 15- choose the read option, and select the option to read the tag.

Figures 14, 15: MCT Card Mapping Workflow It is in this way that stealing MIFARE classic data (Such as that used in the previously mentioned OV-Chipkaard case) becomes a lot like pickpocketing as opposed to what is traditionally thought of as a technologically-enabled heist. Once the data has been successfully scanned, the scan results are displayed onscreen as raw hexadecimal. No decoding need occur, as a full clone of the data on the RFID chip has been taken- since there are no authentication mechanisms to stop this, it

RFID: THREATS, FAILURES, AND FIXES

30

is no different from copying a key to a lock. Figures 15 and 16 demonstrate what the raw hexadecimal output looks like in the application, as well as how the save interface should appear.

Figures 15, 16: MCT Data Saving It is through the ability to save the fully dumped MIFARE card that one of the true exploitive properties of RFID becomes apparent. When a system relies on the RFID token for subtracting value or to determine the initial status, and the user is able to create a copy of when the token was valid or had a high value, the entire system becomes broken and worthless. The final step of using MCT to clone an MIFARE card is to transfer the data copied onto another card, or the same card-but after the card has been used and the

RFID: THREATS, FAILURES, AND FIXES

31

resources tracked have been expended. In order to do this, the Write Tag function of the software is used; figures 17 and 18 outline this process, which is fairly similar to the reading process except the need to select the cloned data.

Figures 17, 18: MCT Data Writing It is with this final step that the flaw of RFID without a challenge and response system, or any authentication/authorization system becomes apparent. Data is data, and by its very nature can be copied as many times as desired. One need only a rudimentary grasp of the application, not even the technologies behind it, to be able to commit theft and fraud. These sorts of reading or cloning applications need not be restricted to public transportation cards. Squareless is an application that allows for the reading of the NFC

RFID: THREATS, FAILURES, AND FIXES

32

elements inside credit cards (Stephen, 2011). While the user may have needed some amount of expertise to navigate MCT, Squareless requires very little by comparison. The application has two real windows, as evidenced by figures 19 and 20, which come courtesy of the developer (Stephen, 2011), so as not to reveal any genuine card data.

Figures 19, 20: Squareless UI While the application itself does not have a direct saving feature, the Android OS allows for easy screenshots. Once a clean scan of the card is taken, the resulting data can be saved for later use. Whether it means abusing the one-time CVV from RFID-based transactions through creating a clone later, or using the data to create an amazon account and purchase goods, the application offers up everything on the card. The ability to change the distance one needs to be to steal from someone, is remarkable.

RFID: THREATS, FAILURES, AND FIXES

33

V Summary and Conclusions

There is an abundant amount of evidence that RFID, in its current implementations across a number of industries, is insecure. In logistics management, what it provides in convenience of tracking, it takes away in potential for espionage and operational failure. As a physical token, it has been revealed that RFID offers not only the ease of cloning, but also allows smart attackers to passively capture new physical tokens. This effectively allows them to remain anonymous and hard to trace within the system. As a transactional token, the counter-measures that are currently in place have substantial weak points that, with a few simple applications that are publically available, may be exploited. As a research and case study of RFID as a transactional token showed, the focus on cheap technology has not rendered a genuinely bad technology. The protocol transmitted by a given credit card to a card reader is secure; both the card and the reader are secure elements. As recalled, the failing is in the aforementioned legacy infrastructure conflicting with the newer technology. What needs to be understood is that in having to connect to legacy infrastructures, any hope of security is obliterated. Without removing or reinforcing the legacy infrastructure, which will be of significant cost to retailers, the loophole that enables credit card skimming will be available for the foreseeable future. Does RFID require re-engineering? In many implementations, that answer is yes due to the focus many institutions have placed on getting costs of individual tags down over implementing security measures between the tags and the server. That is not to

RFID: THREATS, FAILURES, AND FIXES

34

say that systems could not be designed with security in mind; using newer tags and technologies, such as those outlined by Chawla and Robins (2013). The issue comes down to risk, and the mitigation thereof. It may not be worth it to the business to spend money securing the entire RFID process. It is in this case that an organization would be wise to understand the potential failings of the system as-is so that if the system is compromised; there is a starting point for analysis and possible discovery.

Suggestions for Further Research RFID as a current platform severely lacks in a secure, low-overhead method by which authentication of individual tags can be made. Great inroads could be taken in devising a system that fixes the current challenges faced by modern stream cipher implementations such as WG-7, or more traditional, but ultra-lightweight authentication protocols such as LMAP. A particular challenge would be ensuring the standard works with the EPC Gen 2 standard, which is severely constrained on what it can do, particularly in terms of space for holding encrypted data of any substantial length. Further research into the current wave of NFC transactional tokens is another option. The limits of their protocols and encryption should be tested, and the results reviewed by the larger community. Kristina Paget (2012), during their Shmoocon talk on the relative ease of cloning credit cards using NFC as an attack surface due to the lack of encryption at the last mile. Should this hole be patched, Paget (2012) also identified the possibility of the protocol being a point of potential exploits in her report. It is through this analysis, this systemic approach and testing of each link in the chain, which allows for a protected environment.

RFID: THREATS, FAILURES, AND FIXES

35

References
Antoniewicz, B. (2011). Proxbrute: taking proxcard cloning to the next level. [e-book] McAfee. http://www.mcafee.com/us/resources/white-papers/foundstone/wpproxbrute.pdf [Accessed: 25 Feb 2014]. Avoine, G. & Carpent, X. (2013). Yet another ultralightweight authentication protocol that is broken. Springer, pp. 20--30. Bono, S., Green, M., Stubblefield, A., Juels, A., Rubin, A. & Szydlo, M. (2005). Security analysis of a cryptographically-enabled rfid device. 1 p. 16. Byers, M., Lofton, A., Vangari-Balraj, A. K. & Thompson, D. R. (2007). Brute force attack of epcglobal uhf class-1 generation-2 rfid tag. pp. 386--390. Chothia, T. & Smirnov, V. (2010). A traceability attack against e-passports. Springer, pp. 20--34. Clary, R. (2012). E-passports spread to half the globe - secureidnews. [online] Retrieved from: http://secureidnews.com/news-item/e-passports-spread-to-half-theglobe/ [Accessed: 10 Mar 2014]. De Koning Gans, G., Hoepman, J. & Garcia, F. D. (2008). A practical attack on the mifare classic. Springer, pp. 267--282. De Winter, B. (2011). Nieuwste ov-chipkraak maakt zwartrijder onzichtbaar. [online] Retrieved from: http://webwereld.nl/beveiliging/46076-nieuwste-ov-chipkraakmaakt-zwartrijder-onzichtbaar [Accessed: 10 Mar 2014]. Duc, D. N., Lee, H. & Kim, K. (2006). Enhancing security of epcglobal gen-2 rfid against traceability and cloning. Auto-ID Labs Information And Communication University, White Paper.

RFID: THREATS, FAILURES, AND FIXES

36

Gaudin, S. (2008). Some suppliers gain from failed wal-mart rfid edict. [online] Retrieved from: http://www.computerworld.com/s/article/317207/Some_suppliers_gain_from_failed _Wal_Mart_RFID_edict [Accessed: 15 Mar 2014]. Google.com. (n.p.). Faq google wallet. [online] Retrieved from: http://www.google.com/wallet/faq.html [Accessed: 10 Mar 2014]. Hern & Ribagorda (2006). "LMAP: A real lightweight mutual authentication protocol for low-cost RFID tags", p. 6. Heydt-Benjamin, T. S., Bailey, D. V., Fu, K., Juels, A. & OHare, T. (2007). Vulnerabilities in first-generation rfid-enabled credit cards. Springer, pp. 2--14. Johnston, C. (2013). Dutch public transportation may be hackable with an android smartphone. [online] Retrieved from: http://arstechnica.com/security/2013/06/dutchpublic-transportation-may-be-hackable-with-an-android-smartphone/ [Accessed: 10 Mar 2014]. Journal, R. (n.d.). Rfid frequently asked question - rfid journal. [online] Retrieved from: http://www.rfidjournal.com/faq/show?85 [Accessed: 10 Mar 2014]. Juels, A., Molnar, D. & Wagner, D. (2005). Security and privacy issues in e-passports. Security And Privacy For Emerging Areas In Communications Networks, pp. 74-88. Kasper, T., Silbermann, M. & Paar, C. (2010). All you can eat or breaking a real-world contactless payment system. Financial Cryptography And Data Security, pp. 343-350. Koscher, K., Juels, A., Brajkovic, V. & Kohno, T. (2009). Epc rfid tag security weaknesses and defenses: passport cards, enhanced drivers licenses, and beyond. pp. 33--42.

RFID: THREATS, FAILURES, AND FIXES

37

Learn.adafruit.com. (n.d.). Shield wiring | adafruit pn532 rfid/nfc breakout and shield | adafruit learning system. [online] Retrieved from: http://learn.adafruit.com/adafruitpn532-rfid-nfc/shield-wiring [Accessed: 10 Mar 2014]. Lee, E. (2014). Def con 20 - nfc hacking the easy way - eddie lee. [online] Retrieved from: https://www.youtube.com/watch?v=55vU9imDMZ4 [Accessed: 10 Mar 2014]. Luo, Y., Chai, Q., Gong, G. & Lai, X. (2010). A lightweight stream cipher wg-7 for rfid encryption and authentication. pp. 1--6. Malone, M. (2012). Did wal-mart love rfid to death?. [online] Retrieved from: http://www.smartplanet.com/blog/pure-genius/did-wal-mart-love-rfid-to-death/ [Accessed: 10 Mar 2014]. Martin, Z. (2008). Nohl: nxp making terrible decision' - secureidnews. [online] Retrieved from: http://secureidnews.com/news-item/nohl-nxp-making-terrible-decision/ [Accessed: 10 Mar 2014]. Miri, A., Kirti, C. & Robins, G. (2013). Advanced security and privacy for rfid technologies. Hershey, PA: Information Science Reference. Mitrokotsa, A., Rieback, M. R. & Tanenbaum, A. S. (2010). Classification of rfid attacks. Gen, 15693 p. 14443. Nitsche, A. (2009). Transponder flexible. [online] Retrieved from: http://www.123rf.com/photo_6868290_transponder-flexible.html [Accessed: 10 Mar 2014]. Nogueira, M. & Greis, N. (2009). Uses of rfid technology in u.s. identification documents. Institute For Homeland Security Solutions, Retrieved from: http://sites.duke.edu/ihss/files/2011/01/Greis_RFIDBrief1.pdf [Accessed: 25 Feb 2014]. Nohl, K. & Pltz, H. (2007). 24c3: mifare. [online] Retrieved from: http://events.ccc.de/congress/2007/Fahrplan/events/2378.en.html [Accessed: 10 Mar 2014].

RFID: THREATS, FAILURES, AND FIXES

38

Orumiehchiha, M. A., Pieprzyk, J. & Steinfeld, R. (2011). Cryptanalysis of wg-7 (a lightweight stream cipher for rfid encryption). IACR Cryptology Eprint Archive, 2011 p. 687. Ov-chipkaart.nl. (n.p.). Ov-chipkaart - strippenkaart weg. [online] Retrieved from: https://www.ov-chipkaart.nl/nieuws/nieuwsoverzicht/strippenkaart_weg?pagina=5 [Accessed: 10 Mar 2014]. Ov-chipkaart.nl. (n.p.). Ov-chipcard - how does travelling work?. [online] Retrieved from: https://www.ov-chipkaart.nl/reizen/gebruikovchipkaart/?taal=en [Accessed: 10 Mar 2014]. Paget, C. (2009). Shmoocon 2009 - edl-paget.m4v. [online] Retrieved from: https://www.youtube.com/watch?v=6xQ-iVvf91w [Accessed: 10 Mar 2014]. Paget, K. (2012). Shmoocon 2012: credit card fraud: the contactless generation. [video online] Available at: https://www.youtube.com/watch?v=HRXb-FZ6WFM [Accessed: 25 Feb 2014]. Palmer, W. (2004). Understanding the impact of rfid on retail. Loss Prevention, pp. 4248. Pareja, R. (2009). Schematics and firmwares. [online] Retrieved from: http://www.t4f.org/projects/open-rfid-tag/schematics-and-firmwares/ [Accessed: 25 Feb 2014]. Peris-Lopez, P., Hern, Ez-Castro, J. C., Est'Evez-Tapiador, J. M. & Ribagorda, A. (2006). Lmap: a real lightweight mutual authentication protocol for low-cost rfid tags. p. 6. Play.google.com. (2014). Nfc tools. [online] Retrieved from: https://play.google.com/store/apps/details?id=com.wakdev.wdnfc [Accessed: 10 Mar 2014].

RFID: THREATS, FAILURES, AND FIXES

39

Play.google.com. (2014). Mifare classic tool - mct. [online] Retrieved from: https://play.google.com/store/apps/details?id=de.syss.MifareClassicTool [Accessed: 10 Mar 2014]. Play.google.com. (2011). Squareless. [online] Retrieved from: https://play.google.com/store/apps/details?id=com.noSquare [Accessed: 10 Mar 2014]. Rieback, M. R., Crispo, B. & Tanenbaum, A. S. (2006). Rfid malware: truth vs. myth. Security & Privacy, IEEE, 4 (4), pp. 70--72. Rieback, M. R., Crispo, B., Tanenbaum, A. S. & Others (2006). The evolution of rfid security. IEEE Pervasive Computing, 5 (1), pp. 62--69. Rieback, M. R., Simpson, P. N., Crispo, B. & Tanenbaum, A. S. (2006). Rfid malware: design principles and examples. Pervasive And Mobile Computing, 2 (4), pp. 405-426. Robin.tripany.com. (2011). Ov chipkaart hacked, software available @ the linkielist. [online] Retrieved from: http://robin.tripany.com/blog/hacks/ov-chipkaart-hackedsoftware-available/ [Accessed: 10 Mar 2014]. Sachgau, O. (2013). Protect new passport from hackers: expert. [online] Retrieved from: http://www.winnipegfreepress.com/local/protect-new-passport-from-hackers-expert222921521.html [Accessed: 03 Mar 2014]. SIMSON, L., Juels, A. & Pappu, R. (2005). Rfid privacy: an overview of problems and proposed solutions. IEEE Security & Privacy, 3 (3), pp. 34-43. Travel.state.gov. (2014). Frequently asked questions. [online] Retrieved from: http://travel.state.gov/content/passports/english/passports/FAQs.html#ePassport [Accessed: 10 Mar 2014]. Violino, B. (2003). Wal-mart expands rfid mandate - rfid journal. [online] Retrieved from: http://www.rfidjournal.com/articles/view?539 [Accessed: 15 Mar 2014].

RFID: THREATS, FAILURES, AND FIXES

40

Welte, H. (2010). Reverse engineering a real-world rfid payment system. [online] Retrieved from: http://www.madchat.fr/bricolo/RFID/easycard.pdf [Accessed: 10 Mar 2014]. Yan-Chih, M. (2011). Taipei easycard corporation to expand use of cards - taipei times. [online] Retrieved from: http://www.taipeitimes.com/News/taiwan/archives/2011/04/08/2003500219 [Accessed: 10 Mar 2014]. Yan-Chih, M. (2011). Young engineer hacked into easycard, police say - taipei times. [online] Retrieved from: http://www.taipeitimes.com/News/taiwan/archives/2011/09/28/2003514388 [Accessed: 10 Mar 2014]. Zappone, C. (2007). Rfid backlash gains momentum, from states up - may. 21, 2007. [online] Retrieved from: http://money.cnn.com/2007/05/21/technology/rfid/index.htm [Accessed: 10 Mar 2014]. Zhu hun Technlogy Laboratory. (n.d.). Pyramid series wiegand data format. [online] Retrieved from: http://www.zhlab.cn/technique/T0000006.htm [Accessed: 25 Feb 2014].