Privacy and Security for Radio Frequency ...

PRIVACY AND SECURITY FOR RADIO FREQUENCY IDENTIFICATION (RFID) SYSTEMS

Dr. Ja’far Alqatawna (Supervisor), Malek A. Al-Zewairi

The Department of Computer Information Systems, The King Abdulla II School for Information Technology, The University of Jordan

[email protected], [email protected]

Thursday, August 11, 2011

Abstract Over time, Radio Frequency Identification (RFID) has become one of the most popular Automatic Identification and Data Capture (AIDC) technologies. The RFID itself is a complex technology that combines a number of different computing and communications technologies. However, it facilitates objects identification and information exchange over relatively small and widely separated entities. In this project, the main aim is to address some of the privacy and security challenges that RFID systems face, provide practical solutions, and hopefully, end up with functional implementation for each one of the solutions.

Table of Contents

1 Introduction ................................................................................ 1-1 1.1

Background .......................................................................................... 1-1

1.2

Problem Space ..................................................................................... 1-1

1.3

Aim and Objective ............................................................................... 1-2

1.3.1

Security Objectives .......................................................................... 1-2

1.3.2

Privacy Objectives ........................................................................... 1-2

1.4

Approach.............................................................................................. 1-3

1.5

Document Structure ............................................................................. 1-3

2 RFID Technology ....................................................................... 2-1 2.1

RFID Advantages ................................................................................ 2-1

2.2

RFID System Components .................................................................. 2-2

2.2.1

RF Subsystem .................................................................................. 2-3

2.2.2

Enterprise Subsystem ...................................................................... 2-3

2.2.3

Inter–Enterprise Subsystem ............................................................. 2-4

2.3

Operating Frequencies ......................................................................... 2-4

2.4

Tag’s Power Source ............................................................................. 2-5

2.5

Communication Initiation .................................................................... 2-6

2.6

RFID Attacks ....................................................................................... 2-6

2.6.1

Physical Attacks: Tag Cloning ........................................................ 2-7

2.6.2

DoS Attacks: Jamming .................................................................... 2-7

2.6.3

Eavesdropping ................................................................................. 2-8

2.6.4

Skimming ........................................................................................ 2-9

2.6.5

Virus Attacks ................................................................................... 2-9

2.7

Related Works: Multi–Tag RFID Systems .......................................... 2-9

2.7.1

Chaffing and Winnowing .............................................................. 2-10

2.7.2

Preventing Side-Channel Attacks .................................................. 2-10

2.7.3

Splitting ID Among Multi–Tags.................................................... 2-10

i

3 System Analysis .......................................................................... 3-1 3.1

Case Study: Access Control System for College/University Campus . 3-1

3.2

Risk Assessment .................................................................................. 3-1

3.2.1

Qualitative Risk Analysis ................................................................ 3-2

3.2.2

Quantitative Risk Analysis .............................................................. 3-5

3.3

System Requirements .......................................................................... 3-5

3.3.1

Functional Requirements ................................................................. 3-5

3.3.2

Non–Functional Requirements ........................................................ 3-6

4 System Design ............................................................................. 4-1 4.1

Prototype I ........................................................................................... 4-1

4.1.1

System Block Diagram .................................................................... 4-1

4.1.2

System Flowchart ............................................................................ 4-2

4.1.3

Data Flow Diagrams (DFDs) ........................................................... 4-3

4.2

Prototype II .......................................................................................... 4-5

4.2.1


4.2.2

Secure communications between the RF subsystem and the TTP ... 4-6

4.3

Prototype III ......................................................................................... 4-9

4.3.1


4.3.2

Data Structure Diagram (DSD) ..................................................... 4-10

4.3.3

System Flowchart .......................................................................... 4-11

5 System Implementation ............................................................. 5-1 5.1

Implementation of Prototype I ............................................................. 5-1

5.1.1

Schematic Diagram ......................................................................... 5-3

5.1.2

EM 4001 Output Data Format ......................................................... 5-4

5.1.3

Debugger Output Example .............................................................. 5-4

5.2

Implementation of Prototype III .......................................................... 5-5

5.2.1

RFID Readers Modules Comparison ............................................... 5-6

5.2.2

RFID Tags Comparison ................................................................... 5-7

ii

5.2.3

Mifare® 4K MF1 IC S70 Data Storage Format .............................. 5-8

5.2.4

Mifare® Access Conditions .......................................................... 5-11

5.2.5

Mifare® Transaction Sequence ..................................................... 5-13

5.2.6

Mifare® MF1 IC S70 Black Addressing ....................................... 5-15

5.3

Implemented Applications for our Case Study .................................. 5-16

6 Evaluation and Conclusion ....................................................... 6-1

iii

List of Figures

Figure 2-1. Global Market for RFID technologies, 2009-2015 ($ Millions). Source: BCC Research [6]. ............................................................................................... 2-2 Figure 2-2. RFID System Architecture. Source: NIST SP 800-98 [4]. ........... 2-3 Figure 2-3. Keymaster Pro 4RF. ..................................................................... 2-7 Figure 2-4. Eavesdropping Range Classification [7], [8]. ............................... 2-8 Figure 2-5. RFID Shielding Clips [9].............................................................. 2-9 Figure 3-1. Misuse Case Diagram. .................................................................. 3-3 Figure 4-1. System Block Diagram of Prototype I. ......................................... 4-1 Figure 4-2. System Flowchart of Prototype I. ................................................. 4-2 Figure 4-3. Context Diagram of Prototype I. .................................................. 4-3 Figure 4-4. Level 0 DFD of Prototype I. ......................................................... 4-3 Figure 4-5. System Block Diagram of Prototype II. ....................................... 4-5 Figure 4-6. Phase 01 of secure communications between the RF subsystem and the TTP. Sending TID from the RF subsystem to the TTP through SSL connection. ............................................................................................................................. 4-6 Figure 4-7. Phase 02 of secure communications between the RF subsystem and the TTP. Sending encrypted data from the RF subsystem to the TTP through SSL connection............................................................................................................ 4-7 Figure 4-8. System Block Diagram of Prototype III. ...................................... 4-9 Figure 4-9. DSD of Prototype III. ................................................................... 4-10 Figure 4-10. System Flowchart of Prototype III. ............................................ 4-11 Figure 5-1. Some of the hardware used in Prototype I. From right to left: Netduino plus, ID-20 RFID Reader, RFID Break-board, and EM 4001 ISO Card. ............ 5-1 Figure 5-2. Schematic diagram of prototype I. ............................................... 5-3 Figure 5-3. EM-4001 Output Data Format. .................................................... 5-4 Figure 5-4. Prototype I - Debugger Output Example. ..................................... 5-4 Figure 5-5. MF1 IC S70 EEPROM Organization [19].................................... 5-8 Figure 5-6. MF1 IC S70 - Manufacturer Data Block (Block #0 of Sector #0) [19]. ............................................................................................................................. 5-9 Figure 5-7. Prototype III - MF1 IC S70 EEPROM Organization. .................. 5-10 Figure 5-8. Prototype III – (Sector #0) of MF1 IC S70 EEPROM. ................ 5-10 Figure 5-9. Transaction Sequence and Typical Transaction Time [19]. ......... 5-13 Figure 5-10. Three–Pass Mutual Authentication between RFID Reader and Tag [3]. ....................................................................................................................... 5-15 Figure 5-11. Iterative Master/Slave Cipher. .................................................... 5-17 Figure 5-12. The First 13 bytes of the IMS Master Key Disassembled by MSIL. ............................................................................................................................. 5-18

iv

List of Tables

Table 2-1. Common RFID Operating Frequencies ............................................2-5 Table 3-1. Quantitative Risk Analysis. .............................................................. 3-4 Table 3-2. Possible Countermeasures. ............................................................... 3-4 Table 3-3. Quantitative Risk Analysis. .............................................................. 3-5 Table 3-4. Functional Requirements. .................................................................3-6 Table 3-5. Non-Functional Requirements. ......................................................... 3-6 Table 5-1. RFID Readers Modules Comparison. ...............................................5-6 Table 5-2. RFID Tags Comparison. ...................................................................5-7 Table 5-3. Access conditions bits. ......................................................................5-11 Table 5-4. Default Access Conditions................................................................ 5-11 Table 5-5. Access Conditions for the Sector Trailer [19]...................................5-12 Table 5-6. Access Conditions for data areas [19]...............................................5-12

v

SECTION 1: Introduction

1

Introduction

This section provides an introduction to this document. It is starts with a brief background about RFID technology then defines the problem space and lists the intended aims and objectives for solving these problems. Finally, it provides an over view of the used approach and the document structure for the following sections.

1.1

Background

Radio Frequency Identification (RFID) has been around for decades. Its roots go back to World War II (WWII) were the Germans discovered that if pilots rolled their planes as they returned to base, it would change the radio signal reflected back. Hence, the radar crew on the ground could distinguish between German planes and Allied aircraft. This is considered the first passive RFID system [1]. Over time, RFID has become one of the major Automatic Identification and Data Capture (AIDC) technologies. Unlike other AIDC technologies, RFID systems face the highest security and privacy risks since that: • RFID communications can occur anonymously over greater distance, and • The possibility of revealing sensitive information about the tagged objects. The possibility for abusing this fascinating technology and the fact that it is being implemented in many mission–critical systems at a very rapid pace should make the security and privacy considerations of RFID enabled systems a must.

1.2

Problem Space

The RFID itself is a complex technology that combines a number of different computing and communications technologies. Also, low–cost passive RFID tags have very restrictive resources in terms of computing, storing, and power consumption. Unfortunately, both complexity and cost-resources restrictions increase the risks and threats for most RFID systems. On the other hand, RFID technology raises several important concerns regarding user and information privacy. Insecure RFID tags will broadcast their memory content without requiring authentication. While improper protection can leak personal information or enable sensitive data to be scanned and collected remotely. RFID greatly improves the speed and accuracy of AIDC processes and offers advantages that were not available in other AIDC systems. Nevertheless, it also

1-1

PRIVACY AND SECURITY FOR RFID SYSTEMS

introduced new security and privacy concerns that organizations need to properly handle to ensure a successful RFID system implementation. In addition, RFID systems typically are highly customized; no one-size-fits-all approach will work across implementations. To implement a secure RFID system, organizations should effectively manage the risk by understanding its sources and its potential capabilities. This leads, eventually, to eliminate or, at least, scale down these vulnerabilities to an acceptable level. A hypothetical case study about Access Control System for College/University Campus will be used and walked through the system analysis, risk analysis, security planning, design and implementation, and system evaluation to end up with a secure RFID system.

1.3

Aim and Objective

The main aim of this project is to address some of the privacy and security challenges that RFID systems face. Objectives were divided into two parts: (1) Security objectives, and (2) Privacy objectives.

1.3.1 Security Objectives Security objectives state the technical controls to protect the confidentiality, integrity, and availability (CIA) of data and system resources. Technical controls include controls to: • Protect the confidentiality of data that can be obtained using Tag Identifier (TID) whether the data is stored on the tag itself or on a back–end database. • Protect the confidentiality of RF communications between reader and tag. • Provide integrity assurance services for RFID components and transactions. • Provide mechanisms to protect system availability against intended attacks.

1.3.2 Privacy Objectives Privacy here means the people's right to the protection from intended and unintended collect and/or use of their personal information and preferences. Privacy objectives state the technical controls to protect both Personally Identifying Information (PII) [2] and non-personally identifying information. Technical controls include controls to: • Authenticate and restrict the use of tag to legitimate readers. • Protect the privacy of PII and non-PII from an illegitimate collection and/or use. • Protect the privacy of RF communications between reader and tag.

1-2

SECTION 1: Introduction

1.4

Approach

For the purposes of this document, I have started by presenting a hypothetical case study about RFID enabled access control system and conducting a risk assessment for that case study to identify the possible security threats and risks that the system might face. Then, I have started prototyping solutions for that case study, presenting each solution pros and cons, and ended up with the optimal solution for our case study that will rely solely on the RF subsystem to serve the security and privacy objectives of this project. However, the implementation part presents fully functional demo solutions but not real world applications.

1.5

Document Structure

The reminder of this document is structured into five major sections: • Section 2 provides an introduction to RFID technology and briefly acknowledges some of the related works in this field. • Section 3 starts by introducing a hypothetical case study about Access Control System for College/University Campus. Then discuses the system requirements and conducts a risk assessment. • Section 4 presents the design phase for the case study. In this section, the security and privacy objectives will be addressed in more detail. • Section 5 is the implementation section that illustrates how the hardware and software components of the system could work in real world scenario. It will also address the security and privacy objectives introduced earlier in the document but from coding perspective this time. • Section 6 presents final evaluation for the conducted case study and concludes this document. Readers that are already familiar with the RFID technology and primarily are interested in the privacy and security aspects may wish to skip Section 2 of this document and start with Section 3. The document also contains several appendices with supporting material: • • • •

Appendix A contains an overview of the tools used in this project. Appendix B contains a glossary. Appendix C contains an acronym list. Appendix D contains a references list.

1-3

SECTION 2: RFID Technology

2

RFID Technology

This section starts with a simple introduction to the RFID technology, and what makes it better than other AIDC technologies. Then presents an overview on RFID system components, operating frequencies, tag’s power source, and communication initiation. Some of the RFID common attacks are then discussed. Finally, briefly previews the security enhancements provided by multi-tag RFID systems.

2.1

RFID Advantages

In recent years, Radio Frequency Identification (RFID) technology has become one of the most popular Automatic Identification and Data Capture (AIDC) procedures used in many services, such as in animal identification, goods tracking, e-money transactions, public transportation ticketing, manufacture monitoring, and many other services that require fast and easy way to identify objects and exchange information [3]. Most people have direct experience with barcodes, the most common AIDC technology, which reads by optical laser scanning the tag. While barcodes greatly improved the speed and accuracy of the identification process, RFID technology offers advantages that are not available in other AIDC systems such as barcodes since it relies on Radio Frequencies (RF) to transmit information rather than light [4]. RFID technology offers great enhancement in terms of speed, accuracy, reading distance, and memory capacity over other AIDC technologies. In addition, RFID products often support other features such as rewritable memory, security features, and environmental sensors that enable the RFID technology to become more suitable for AIDC systems than the legacy AIDC technologies [4]. The RFID market is growing rapidly, more companies are involving in the development, and sale of RFID enabled systems. In fact, ABI Research forecasts a total market size of about $4.6 billion by the end of 2010 for RFID systems (hardware, software, and services). The total reaches $5.5 billion when hardware-only shipments to support automobile immobilization are included [5]. See (Figure 2-1).

2-1


Figure 2-1. Global Market for RFID technologies, 2009-2015 ($ Millions). Source: BCC Research [6].

2.2

RFID System Components

RFID systems vary greatly in complexity and implementation, due to the application type and working environment. Thus, every RFID system can be uniquely different in its components and subsystems. In this document, I will be referring to the RFID system components as defined in the NIST SP 800-98 [4]. An RFID system is composed of up to three subsystems (figure 2-2): • • •

RF subsystem, which performs identifications and related transactions using wireless communications. Enterprise subsystem, which consist of network infrastructure and computers running specialized software that process the data acquired from the RF subsystem transactions to make it useful to a supported business process. Inter-enterprise subsystem, which connect enterprise subsystems when information need to be shared across organizational boundaries.

Every RFID system must contain an RF subsystem, and most likely an enterprise subsystem. Inter-enterprise subsystems are more likely to be found in complex systems such as in supply chain management systems were tagged products need to be tracked throughout their entire life cycle.

2-2


Figure 2-2. RFID System Architecture. Source: NIST SP 800-98 [4].

2.2.1 RF Subsystem The simplest RF subsystem consists of a reader and a tag. RFID tags (sometimes referred to as transponders), which are Electrical Elements basically consist of coil, antenna, and IC, located on the object to be identified. Every tag has a Tag Identifier (TID) and may also have some other features such as memory to store additional data, security mechanisms, and environmental sensors. RFID readers (sometimes referred to as interrogators), which are devices that wirelessly communicate with RFID tags to identify or sense presence of the tagged object. They may be read only or Read/Write (R/W) devices.

2.2.2 Enterprise Subsystem The enterprise subsystem typically consists of middleware, analytical systems, and network infrastructure. RFID middleware, which is responsible for preparing and filtering the data acquired from the readers in the RF subsystem and transfer the filtered data to analytical systems. Middleware is also responsible for monitoring and managing readers, creating transaction logs, and printing RFID labels. Usually, middleware procedures are privileged by system administrators. Analytical systems, which are composed of database, data processing applications, and web–servers. Often, are enterprise applications that draw inputs from multiple

2-3


sources, many of which may not involve with the RF subsystem, and help processing the data so that it become useful to a supported business process. Network infrastructure, which enables communication among components of enterprise subsystem, as well as between the RF and enterprise subsystems. The analytical systems often consist of: • • •

Back–end database, which is often commercial database software that stores data about the tagged objects in the RF subsystem and other non-RFID business records. Data processing applications, which are often legacy applications designed to process data from different resources to create useful information to a supported business processes. Web–servers, which are network communications devices that pass the data sent from middleware to data processing applications and facilitates communication among other non-RFID enterprise subsystems.

2.2.3 Inter–Enterprise Subsystem The inter–enterprise subsystem connects enterprise subsystems together when there is a need to share information across geographic or organizational boundaries. The methods for creating inter–enterprise subsystems are out-of-scope of this document.

2.3

Operating Frequencies

RFID systems are operated at widely different frequencies, ranging from 30 kHz long–wave to 5.8 GHz in the microwave (μW) range [3]. The radio frequencies at which a tag transmits and receives signals have implications for: • • •

Tag operating range, speed of reads, and data transfer rate. The ability of the signal to penetrate materials. The likelihood of radio interference.

Table 2-1 presents common RFID frequencies, reading distances, and related common applications.

2-4


Table 2-1. Common RFID Operating Frequencies.

Band

Frequency Range

LF

30 – 300 kHz

HF

3 – 30 MHz

UHF

300 MHz – 1 GHz

μW

> 1 GHz

2.4

Common RFID Operating Frequencies Common Distance RFID RFID Applications [4] Frequency Access control, animal tagging, 125 kHz 1 – 90 automobile immobilizers, EAS cm systems, inventory control, and 134 kHz track and traceability applications 1.95 – 8.2 EAS systems MHz 1 – 150 Access control, item -level cm 13.55 – 13.56 tagging, EAS systems, and smart MHz card applications 433.5 – 434.5 In–transit visibility and supply MHz chain applications Up to 9 m 902 – 928 Railcar, supply chain, and toll MHz road applications Real–Time Location Systems 2.40 – 2.50 2m (RTLS), and supply chain GHz applications

Tag’s Power Source

Tags are categorized into four types based on the power source for communication : • • • •

Passive, Active, Semi–Active, and Semi–Passive.

A passive tag uses the electromagnetic energy it receives from a reader’s transmission to power–up and reply to the reader. This limitation of power significantly restricts the operating range and data processing complexity of the tag. On the other hand, passive tags typically are cheaper, smaller, and lighter than other types of tags . An active tag uses an internal power supply such as a battery for power. The battery is used to communicate with the reader, to power on–board circuitry, and to perform other functions. Active tags can communicate over greater distance than other types of tags, but they have a finite battery life and are generally larger and more expensive.

2-5


A semi-active tag is an active tag that remains dormant until it receives a signal from the reader to wake up. The tag can then use its battery to communicate with the reader. Their main advantage relative to active tags is that they have a longer battery life. A semi-passive tag is a passive tag that uses an internal power supply such as a battery to power on–board circuitry, but not to communicate with the reader. When the battery is used to power a sensor, they are often called sensor tags. They typically are smaller and cheaper than active tags, but have greater functionality than passive tags.

2.5

Communication Initiation

Tags and readers can initiate RF transactions in two general ways: • •

Reader Talks First (RTF), and Tag Talks First (TTF).

In an RTF transaction, the reader broadcasts a signal that is received by tags in the reader’s vicinity. Those tags may then be commanded to respond to the reader and to continue transactions with the reader. In a TTF transaction, a tag communicates its presence to a reader when the tag is within the reader’s vicinity. If the tag is passive, then it transmits as soon as it gets power from the reader’s signal to do so. If the tag is active, then it transmits periodically as long as its power supply lasts. This type of transaction might be used when it is necessary to identify objects that pass by a reader, such as objects on a conveyer belt. Readers and tags in an RFID system typically operate using only RTF or only TTF transactions, not both types.

2.6

RFID Attacks

A great number of information systems focus solely on protecting the transmitted data. Since RFID systems rely on transferring the data on that external channel link, that is the air, it faces high security risks especially if they were implemented in an aggressive environment or if they hold extremely sensitive information such as in the e-passport, and e-money transactions. However, when designing RFID systems, additional objectives, such as tracking or data manipulation should be considered [7].

2-6


The attacks on RFID systems may take place on any part of the system. It might target the RF subsystem, the enterprise subsystem, and the inter–enterprise subsystem. In this document, the focus will be on the attacks that target the RF subsystem only.

2.6.1 Physical Attacks: Tag Cloning Tag cloning is a process that duplicates a legitimate tag to create an identical fake tag(s). The cloning process can clone only the TID or the whole memory map. In fact, there are many devices available online that can clone RFID tags. For example, a device called “Keymaster Pro 4RF” can clone RFID 125 kHz tags and costs under $180. (Figure 2-3).

Figure 2-3. Keymaster Pro 4RF.

2.6.2 DoS Attacks: Jamming Jamming is a type of Denial of Service (DoS) attacks that targets the RF subsystem to prevent it from working or degrades the system availability. Jamming attacks can take two forms: • •

Passive jamming, and Active jamming.

A Passive jamming is used to hide the presence of legitimate tags and prevent the reader from seeing tags within its vicinity. This may be done by a blocker tag. Each time a reader wants to interact with a single tag, the tag will have to be singulated from a population of tags. An anticollision protocol such as binary tree walking protocol may be used. To conceal the presence of legitimate tags, a blocker tag could simulate the full spectrum of possible tags in the singulation phase thereby hiding the presence of other tags.

2-7


An Active jamming is achieved by disturbing the radio channel of RF signals. This disturbance may be done using a device that actively broadcasts radio signals to completely disrupt the radio channel, thus preventing the normal operation of RFID readers.

2.6.3 Eavesdropping RFID technology operates through radio signals, so communication can be surreptitiously overheard. Figure 2-4, categorizes the possible distances at which an attacker can eavesdrop on the messages exchanged between a tag and a reader.

Figure 2-4. Eavesdropping Range Classification [7], [8]. • • •

Forward channel eavesdropping range: In the forward channel, the reader broadcasts a strong signal, allowing its monitoring from a long distance. Backward channel eavesdropping range: In the backward channel, the signal transmitted is relatively weak, and may only be monitored in close proximity to the tag. Malicious scanning range: An attacker may build his own reader with special antenna and eavesdrop from longer distance.

Eavesdropping is a serious threat for two reasons: • •

It can be accomplished from long distances. It is purely passive and does not imply power signal emission, thus it is difficult to be detected.

2-8


2.6.4 Skimming Skimming is an unauthorized interaction from an illegitimate reader with a legitimate tag to obtain the data stored on the tag without the owner's knowledge or consent. Skimming can occur over long and short distances, and can collect information from single or multiple tags. Some companies sell anti–skimming cards that act like a blocker tag. There are also shielding clips that prevent the tag from being read when the clip is closed, and only allow the tag to be read by pressing the top of the holder to release the spring mechanism, which temporarily moves the tag away from its protective shield. (Figure 2-5).

Figure 2-5. RFID Shielding Clips [9].

2.6.5 Virus Attacks The RFID tag contains additional memory that is rewritable. The information sent by the tags is implicitly trusted, which implies some security threats. An attacker might use the additional memory to inject malicious code into the enterprise subsystem if precautions are not taken [7], [10].

2.7

Related Works: Multi–Tag RFID Systems

The idea behind multi–tags is to use multiple tags per object to increase reliability of object detection and identification [11]. Multi–tags are also found to be a security enhancer using three different approaches:

2-9


2.7.1 Chaffing and Winnowing Chaffing creates messages with phony Message Authentication Codes (MACs), and winnowing filters fake messages by comparing the MAC received along with the message against the MAC computed by the recipient. This will hide the real number of tags in the reader’s vicinity [11].

2.7.2 Preventing Side-Channel Attacks Multi–tags can prevent certain side–channel attacks. For example, multi–tags help prevent a power analysis that an adversary can deploy against Electronic Product Code (EPC) tags in order to learn the kill password [11], [12]. In a multi–tag scenario, one tag can counter–balance the power budget of the other tag by operating in an “opposite” mode, thus preventing simple power analysis, and consequently preventing the discovery of a kill password by an adversary.

2.7.3 Splitting ID Among Multi–Tags In a set of multi–tags, the TID and/or data can be split among several individual tags, and the tags can transmit data at different frequencies using Code–Division Multiple Access (CDMA), making it difficult for an adversary to reconstruct the complete signal. This technique was used by the British during World War II to prevent the Germans from jamming Allied transmissions [11], [13].

2-10

SECTION 3: System Analysis

3

System Analysis

This section presents a hypothetical case study about RFID enabled access control system and studies the risks and threats that the system might encounter in a real world situation. A quantitative and qualitative risk analysis both conducted and a misuse case is presented in order to assess the threat level. Finally, the functional and non–functional system requirements are been identified.

3.1

Case Study: Access Control System for College/University Campus

A community college decides to use RFID access control system in the new Student Union Building (SUB). The SUB is located outside of the college campus; it has a single entry, and is open 24/7 for students with valid IDs. A guard is always present near the entrance and is responsible for monitoring the access. Suspicious activities on the system should be detected and instantly alert the guard. The new system should work with the same RFID cards students use to access the college campus, and it should also rely solely on RFID cards to verify student’s identity without referring neither to the college network infrastructure nor to a back– end database. In addition, mission–critical tasks should be protected by a secure passphrase, and the system may be locked–down physically to prevent or grant both entry and exit by either the guard or the system administrator in case of emergency. Only the system administrator should have the rights to: • • •

3.2

Change the duty cycle of readers, Modify middleware preferences, and Set encryption key.

Risk Assessment

In this section, both quantitative and qualitative risk analysis are conducted to provide more informative risk analysis. However, the quantitative risk analysis is based on estimated figures and not real values. A misuse case is presented to help identifying the security and privacy requirements.

3-1


3.2.1 Qualitative Risk Analysis Qualitative risk analysis is scenario–based process of evaluating risk and determining the impact that such an accident would have [14]. • • • •

If a legitimate ID card has been stolen, cloned, or used by a person other than its legitimate owner an intruder may gain access to the SUB. An attacker may launch DoS attack using active jamming or some kind of blocker tag (passive jamming) to prevent the normal operation of the system or scale down its availability. An attacker may collect massive information about the users by eavesdropping on the communications between the reader and tag or by skimming tags. An attacker can use the RFID tag memory to launch virus attack against the system.

A misuse case is the inverse of a use case, function that the system should not allow [15]. In more formal definition, a sequence of actions that can be performed by any person or entity in order to harm the system [16]. (Figure 3-1) shows a misuse case of our case study followed by the qualitative risk analysis in tabular format (Table 3-1).

3-2


Figure 3-1. Misuse Case Diagram.

3-3


Table 3-1. Qualitative Risk Analysis . # 1 2 3 4 5 6 7 8

Qualitative Risk Analysis Attack Probability Impact Cloning card Low High DoS attack: passive jamming Medium High DoS attack: active jamming Low High Eavesdropping High High Replay and relay Low Low Skimming High High Unauthorized use of card High High Virus Medium High

Countermeasures Cost High Medium Medium Medium Medium Low Low Low

(Table 3-2) shows some possible countermeasures that might be used to overcome each attack. Table 3-2. Possible Countermeasures . # 1 2 3 4 5 6 7 8

1

Possible Countermeasures Countermeasures Active authentication Cloning card Tamper-evident microprocessors Tamper-resistance microprocessors DoS attack: passive jamming Electromagnetic shielding Temporary deactivation of RFID reader DoS attack: active jamming Basic authentication Eavesdropping Cover coding Tag data protection Replay and relay Cryptographic protocol Anti–skimming cards Basic authentication Skimming Tag data protection Temporary deactivation of RFID tags Cryptographic protocol Unauthorized use of card Guards Antivirus and firewall software Virus Programming fences 1 Attack

Programming fences can be achieved by many means such as restrict the buffer size, and prevent the program from executing arbitrary code.

3-4


3.2.2 Quantitative Risk Analysis Risk is often described by a mathematical formula [14]: Risk = Threat * Vulnerability * Asset value Where: Risk is any event that could impact the system and prevent it from providing its services as intended. Threat is the possibility or likelihood that the system will be exposed to a risk that has an impact on its services. Vulnerability is the point of weakness that a threat can exploit. Asset is the system component that will be affected by the risk.

• • • •

(Table 3-3) presents the quantitative risk analysis. Table 3-3. Quantitative Risk Analysis. # 1 2 3 4 5 6 7 8

3.3

Quantitative Risk Analysis Attack Threat Vulnerability Cloned card 10% 100% DoS attack: blocker tag 50% 100% DoS attack: jamming 10% 100% Eavesdropping 80% 100% Replay and relay 05% 100% Skimming 95% 100% Unauthorized use of card 90% 100% Virus 66% 100%

Asset Value 100.00$ 50.00$ 50.00$ 25.00$ 10.00$ 05.00$ 100.00$ 150.00$

Risk 10.00$ 25.00$ 05.00$ 20.00$ 00.50$ 04.75$ 90.00$ 99.00$

System Requirements

This section specifies the system functional and non–functional requirements in tabular fashion starting with the functional requirements. 3.3.1 Functional Requirements (Table 3-4) presents the system functional requirements.

3-5


Table 3-4. Functional Requirements. # 1 2 3 4 5 6 7 8

Requirement Allow preferences file to be saved encrypted or plain text. Allow the system admin to change the encryption key. Allow the system to be locked–down. Keep track of users' login/logout activities. Allow the guard to grant access to visitors. Allow the guard to monitor the access. Restrict the use of card to legitimate readers. Work with the same ID cards used to access the college campus.

Stakeholders Admin Admin Admin/Guard Guard Guard Guard Student Student

3.3.2 Non–Functional Requirements (Table 3-5) presents the system non–functional requirements. Table 3-5. Non-Functional Requirements. # 1 2 3 4 5 6 7 8 9

2

Requirement

24/7 availability. Control the duty cycle of readers using presence detector 2. Protect the privileged tasks with a secure passphrase. Protect the confidentiality of both PII and non-PPII stored on the tag. Protect the confidentiality of RF communications between reader and tag. Protect the system availability against intended DoS attacks. Protect the user PII and non-PII from an illegitimate collection and/or use. Provide integrity assurance for data stored on the tag. Provide integrity assurance for RFID transactions.

A presence detector is a device that contains electronic motion sensor and is used to detect the presence of a moving object within its operating range. However, presence detectors and motion sensors are out-of-scope of this document.

3-6

SECTION 4: System Design

4

System Design

This section presents the design phase and provides three different solutions to our case study. For each solution, we list all the benefits and weaknesses supported by flowcharts, system block, data flow, and data structure diagrams.

4.1

Prototype I

Idea: A simulation for RFID Password–Based Access Control System. The system prompts the user for his/her ID card and a passcode. If the TID is accepted and the passcode is correct, then the access is granted. Otherwise, the access is denied.

4.1.1 System Block Diagram

Figure 4-1. System Block Diagram of Prototype I.

4-1


4.1.2 System Flowchart

Figure 4-2. System Flowchart of Prototype I.

4-2


4.1.3 Data Flow Diagrams (DFDs)

Figure 4-3. Context Diagram of Prototype I.

Figure 4-4. Level 0 DFD of Prototype I.

4-3


Benefits: The system achieves a high level of users' privacy protection, since that the RFID tag does not contain any PII or non-PII. Instead, the system uses TID to look-up the needed information from an embedded database. The embedded database serves the system availability by relying solely on the availability of the RF subsystem while preserving a simple system design. The system provides the authentication of system to user by protecting the access process with passcode. Thereby, if an intruder managed to steal or clone a legitimate tag, it could not be used to access the SUB without the correct passcode. Moreover, the confidentiality can be achieved by encrypting the embedded database. Weaknesses: • • • • • • •

Embedded database are hard to maintain especially if there is a need for constant synchronization between databases across geographically distributed devices. Embedded database may introduce unacceptable security threats. Passcode authentication requires a password management system, which can be complex to manage and operate. Passcode authentication may increase the time required to complete the access process. Passcode authentication adds a complexity on the user part. Data encryption requires a key management system, which can be complex to manage and operate. Data encryption may increase the time required to complete the transactions.

Applicability: The simplicity of design and the availability protection both make sense for a single entry access control system, as in our case study. However, the complexity of maintaining embedded database and the risk of leaking sensitive information, in case the access device got stolen, are simply unacceptable. Moreover, the passcode authentication may add more complexity and an unacceptable delay to the system. Conclusion: A revised design should be considered. Notes: Although the design is not considered optimal, a prototype of standalone RFID Access Control System has been implemented to demonstrate the pros and cons that this design has.

4-4


4.2

Prototype II

Idea: Is to use a Trusted Third Party (TTP) to perform data encryption/decryption processes and handling the key management system. The TTP can be a part of the enterprise subsystem or the inter–enterprise subsystem.


Figure 4-5. System Block Diagram of Prototype II.

4-5


4.2.2 Secure communications between the RF subsystem and the TTP The communications between the RF subsystem and the TTP is divided into two phases: (Figure 4-6, 4-7)

Figure 4-6. Phase 01 of secure communications between the RF subsystem and the TTP. Sending TID from the RF subsystem to the TTP through SSL connection.

4-6


Figure 4-7. Phase 02 of secure communications between the RF subsystem and the TTP. Sending encrypted data from the RF subsystem to the TTP through SSL connection.

4-7


Benefits: The system brings an extra-high level of confidentiality and data integrity protection, since that: • •

Both encryption and decryption processes are performed in the TTP side, which is a secure place, and The communications between the system components are secured through cryptographic protocols such as Secure Sockets Layer (SSL) and Transport Layer Security (TLS).

By performing data encryption in a TTP, non-lightweight cryptography functions can be used more effectively in terms of the required resources, cost, and process integrity assurance. Moreover, The TTP can reduce the complexity of managing and operating key management system that is required for data encryption. The system can meet the users' privacy needs through cryptographic means by encrypting the data saved on the tag's memory, both PII and non-PII can be protected against any unauthorized attempt to read, modify, or collect. Weakness: • • • •

The availability of the system depends not only on the availability of the RF subsystem but also on the availability of the TTP, which may be vulnerable to computer network attacks and routine maintenance. Constructing a TTP may introduce unnecessary complexity to the system. Communications between the RF subsystem and the TTP requires permanent high-speed network connection, which may be difficult to meet in some cases. Communications and data encryption may introduce an unacceptable delay.

Applicability: For a single entry access control system, this design will bring unnecessary complexity and an unacceptable delay to the system. Conclusion: A revised design should be considered.

4-8


4.3

Prototype III

Idea: Is to rely solely on the RF subsystem to verify user identity, preserve data confidentiality and integrity, and protect users' privacy without referring neither to an embedded nor to a back–end database 1.


Figure 4-8. System Block Diagram of Prototype III.

1

Although, the prototype proposes to rely solely on the RF subsystem, however, both the design and the implementation will make use of the analytical system to store the key and perform cryptography functions since we lack of the proper hardware for this purpose.

4-9


4.3.2 Data Structure Diagram (DSD)

Figure 4-9. DSD of Prototype III. Where: • • • • • • • •

E(X): Symmetric cipher function. H(X): Cryptographic hash function. IMG: User’s image. mk: Symmetric master key. RND: Randomly generated number. TID: Issued Tag ID. TID’: Current Tag ID. ||: concatenation operator.

4-10


4.3.3 System Flowchart

Figure 4-10. System Flowchart of Prototype III.

4-11


Benefits: The system offers a great protection to the system availability since that it is rely solely on the availability of the RF subsystem that is the core of any RFID system. In addition, the system provides the authentication of system to user by storing the user’s image on the tag itself. Hence, only a legitimate user can use the ID card to access the SUB. The system also provides data integrity and data source integrity by using cryptographic hash function that will detect any modification on the data or the ID card. The users’ privacy and the confidentiality of data and communications are both protected by cryptography function and a randomly generated number that is used to add extra complexity. Thereby, if an attacker managed to eavesdrop on the communications between tag and reader all what can be seen is the TID and encrypted stream of data which cannot be decrypted without knowing the master key. Weaknesses: • • •

Storing images on tags requires massive memory capacity and fast data transfer rate, in order to preserve instant response, which may require more expensive hardware. The use of a master key for encryption may be considered a security threat. Since, if the master key was weak, insecurely managed, or intercepted by an attacker, then the whole system is compromised. Data encryption may introduce an unacceptable delay.

Applicability: This design meets all our aims and objectives. Conclusion: The design is accepted.

4-12

SECTION 5: System Implementation

5

System Implementation

This section presents the implementation phase to our case study and provides the implementation of the first and the third prototype. It also provides detailed information about the hardware and the software being used in each implementation.

5.1

Implementation of Prototype I

Idea: A simulation for RFID Password–Based Access Control System. Hardware: • • • • • • •

Netduino plus (Atmel 32-bit microcontroller development platform). RFID reader ID-20 (125 kHz). EM 4001 ISO based RFID tag (125 kHz). Monochrome LCD display (16x2). Keypad (12–buttons). Buzzer (2.048 kHz). Red/Green LEDs.

See (Figure 5-1):

Figure 5-1. Some of the hardware used in Prototype I. From right to left: Netduino plus, ID-20 RFID Reader, RFID Break-board, and EM 4001 ISO Card.

5-1


Software: ─ Microsoft .NET Micro Framework v4.1. ─ Netduino Plus Firmware v4.1.1 BETA. Programming Languages: ─ C Sharp (C#). How it Works: 1. 2. 3. 4. 5. 6. 7. 8. 9.

Prompt the user to swap the ID card over the RFID reader. TID is transmitted to the microcontroller via TRX RS232 serial port. The microcontroller filters the received data and checks if the TID is trusted, by looking it up within an embedded database. If TID is NOT trusted, Access is denied. Go to step 01. If TID is trusted, prompt the user for the passcode. The microcontroller receives the passcode via General Input Output Ports (GIOPs). The microcontroller checks if the passcode is correct and belongs to the same user, by comparing it with a predefined passcode. If passcode did NOT match, Access is denied. Go to step 01. If passcode matched, Access is granted. Go to step 01.

Notes: • • •

Acceptable TIDs and passcodes are respectively: {"2800458A88-6F", "3472"}, {"3400C2DB20-0D", "12345"}. The keypad class original published by Stefan [17]. However, I am using a personally modified version. The LCD schema and class original published by Pavel Bánský [18].

5-2


5.1.1 Schematic Diagram

Figure 5-2. Schematic diagram of prototype I.

5-3


5.1.2 EM 4001 Output Data Format LSB 0 3 4 STX

TID

MSB 43 44 51 52 55 56 59 60 63 Checksum CR LF ETX

Figure 5-3. EM-4001 Output Data Format. Example: ─ Output data stream: 0x02 0x34 0x00 0xC2 0xDB 0x20 0x0D 0x0D 0x0A 0x03. ─ Checksum: 0x34 XOR 0x00 XOR 0xC2 XOR 0xDB XOR 0x20 = 0x0D.

5.1.3 Debugger Output Example Welcome to this Demo Access Control Demo App

RFID Tag: 3400C2DB20 Access Code: Key pressed: Key pressed: Key pressed: Key pressed:

RFID Tag: 3400C2DB20 Access Code: Key pressed: Key pressed: Key pressed: Key pressed: Key pressed: Key pressed:

1 2 3 4 5 #

6 2 3 #

Access Denied! ************************ 623 -error ************************ RFID Tag:

Access Granted ************************ 12345 +OK ************************ RFID Tag: 3400C33DCB Access Denied! Figure 5-4. Prototype I - Debugger Output Example.

5-4


5.2

Implementation of Prototype III

Idea: Is to rely solely on the RF subsystem to deliver the system services using a Master Key, stored on the reader, to perform the cryptographic functions. Hardware: • •

YHY638FU - 13.56 MHz Multi–Protocol Reader/Writer USB Interface. Mifare® 4K MF1 IC S70 (ISO/IEC 14443-A).

Software: ─ ─ ─ ─ ─ ─

Microsoft .NET Framework v3.5. Microsoft SQL Server v10.00.4000. Microsoft.VisualBasicPowerPacks.dll v9.0.0.0. MasterRd.dll v5.0. MasterCom.dll v5.0. MicroSecurityManager.dll v1.3.4230.13980.

Programming Languages: ─ C Sharp (C#). ─ Visual Basic .NET (VB.NET). Cryptographic Algorithms: ─ Advanced Encryption Standard (AES) with two 256-bit master keys, one for encrypting the data stored on the tag memory and the other one is for encrypting the first master key. ─ Triple Data Encryption Standard (TDES) with 192-bit key for encrypting the first master key. ─ Secure Hash Algorithm (SHA1) for data integrity assurance on the RF subsystem. ─ Message-Digest 5 (MD5), SHA256, SHA384, and SHA512 for storing the admin passphrase information. ─ Password-Based Key Derivation Function (PBKDF2) as defined in accordance with IETF RFC 2898, for generating the first AES master key. ─ Deterministic Random Bit Generator (CRT_DRBG) for generating random numbers as defined in accordance with NIST SP 800-90. Notes: • • •

MasterRd.dll is the YHY638FU Application Program Interface (API) library. MasterCom.dll is a serial port communication library, called by MasterRd .dll. MicroSecurityManager.dll is a VB security library.

5-5


5.2.1 RFID Readers Modules Comparison Table 5-1. RFID Readers Modules Comparison. Features

SMX1300-EK

YHY638F

ISO/IEC 14443 Type-A Protocols:

ISO/IEC 14443 Type-A

ISO/IEC 14443 Type-B ISO/IEC 15693

Supported cards:

ISO/IEC 14443-A: Mifare 1K, Mifare 4K, Mifare Ultra–Light, Mifare ProX, Mifare DESFire, SHC1102

Mifare® Classic 1K, Mifare® Classic 4K, Mifare® Ultra–light 512B

ISO/IEC 14443-B: AT88RF020, SR176, SRIX4K, SLE66CL160S, THR1064 ISO/IEC 15693: Tag it HF-1, I.CODE SLI, SRF55VXXP

RS232 Interface:

UART

USB (Virtual COM)

I2C LED:

√

√

Buzzer:

√

√

SDK:

ActiveX

Delphi

VB 6.0

VC

VB.NET

VB 6.0

C#.NET

VB.NET C#.NET

5-6


5.2.2 RFID Tags Comparison Table 5-2. RFID Tags Comparison. Features

ISO/IEC 14443-A

ISO/IEC 15693

Name:

Mifare®

I.Code SLI

Type:

Proximity Smart Card

Vicinity Smart Card

13.56 MHz

13.56 MHz

Data transfer rate:

Up to 106 kbps

Up to 53 kbps

Operating distance:

Up to 10 cm

Up to 1.5 m

1024 Byte, 4069 Byte

1024-bit

EAS:

–

1 Byte

AFI:

–

1 Byte

DSFID:

–

1 Byte

4 Byte

8 Byte

Data integrity:

16-bit CRC, parity, bit coding, bit counting

16-bit CRC, framing

Anticollision:

True anticollision

True anticollision, Fast anticollision

Authentication:

Three Pass Mutual Authentication (ISO/IEC DIS9798-2)

–

Data encryption:

On RF-channel with replay attack protection

–

Key management:

Two 48-bit keys per sector

–

Write protection:

Each block

Each block

RF Interface Operating frequency:

Memory EEPROM:

Security Features Unique ID:

5-7


5.2.3 Mifare® 4K MF1 IC S70 Data Storage Format The MF1 IC S70 chip consists of 4K bytes EEPROM is organized in 32 sectors with 4 blocks and 8 sectors with 16 blocks (one block consists of 16 bytes). The MF1 IC S70 4096 bytes of EEPROM divided into 2 main areas: ─ Zone A: An area of 32 Sectors of 64 bytes (4 blocks) each. ─ Zone B: An area of 8 Sectors of 256 bytes (16 blocks) each. Within zone A: ─ 16 bytes are reserved for manufacturer data (Block #0 of Sector #0). ─ 512 bytes are reserved for keys and access control settings (Block #3 of each sector). ─ 1520 bytes are available for general storage of user data. Within zone B: ─ 128 bytes are reserved for keys and access control settings (Block #15 of each sector). ─ 1920 bytes are available for general storage of user data.

Figure 5-5. MF1 IC S70 EEPROM Organization [19].

5-8


Figure 5-6. MF1 IC S70 - Manufacturer Data Block (Block #0 of Sector #0) [19]. For the purpose of this project, the MF1 IC S70 4096 bytes of EEPROM divided into 3 main areas: ─ Zone A: An area of 1 Sector of 64 bytes (Sector #0). ─ Zone B: An area of 1 Sector of 64 bytes (Sector #1). ─ Zone C: An area of 30 Sectors of 64 bytes and 8 Sectors of 256 bytes (Sectors #02 – #39). Within zone A: ─ 16 bytes are reserved for manufacturer data (Block #0 of Sector #0). ─ 16 bytes are reserved for data storage format (Block #1 of Sector #0). ─ 16 bytes are Reserved for Future Use (RFU) (Block #2 of Sector #0). ─ 16 bytes are reserved for keys and access control settings (Block #3 of Sector #0). Within zone B: ─ 32 bytes are reserved for encrypted hash value, AES(SHA1(IMG||RND||TID)), (Block #0, #1 of Sector #1). ─ 16 bytes are Reserved for Future Use (RFU) (Block #2 of Sector #1). ─ 16 bytes are reserved for keys and access control settings (Block #3 of Sector #1). Within zone C: ─ 3360 bytes are reserved for encrypted data, AES(IMG||RND), (Blocks #0 – #2 of Sectors #02 – #31) and (Blocks #0 – #14 of Sectors #31 – #39). ─ 16 bytes are reserved for keys and access control settings (Block #3 of Sectors #02 – #31) and (Blocks #15 of Sectors #31 – #39). (See Figures 5-6, 5-7).

5-9


Note: A Microsoft Excel Sheet contains a color–coded full view of the MF1 IC S70 memory organization are available within the project disc.

Figure 5-7. Prototype III - MF1 IC S70 EEPROM Organization.

Figure 5-8. Prototype III – (Sector #0) of MF1 IC S70 EEPROM.

5-10


5.2.4 Mifare® Access Conditions The access conditions for the data area and the sector trailer are defined by 3 bits, which are stored non-inverted and inverted in the sector trailer of the specified sector. The MF1 IC S70 EEPROM stores the access conditions in bytes #6, #7, and #8 of each sector trailer. Table (5-3) presents the MF1 IC S70 memory organization for access conditions. The 3-bits access condition (C1, C2, and C3) are presented as CbXY, where: ─ ─ ─ ─ ─

C: Access control. b: Access control bit number (1, 2, or 3). X: Sector number (0-39). Y: Block number (0-3, or 0-15). _b: Complement bit number (access control bit inverted).

Table 5-3. Access conditions bits. b7 C2X3 _b

b6 C2X2 _b

b5 C2X1 _b

b4 C2X0 _b

Byte #7

C1X3

C1X2

C1X1

C1X0

Byte #8

C3X3

C3X2

C3X1

C3X0

Byte #6

b3 C1X3 _b C3X3 _b

b2 C1X2 _b C3X2 _b

b1 C1X1 _b C3X1 _b

b0 C1X0 _b C3X0 _b

C2X3

C2X2

C2X1

C2X0

The possible combinations of the 3-bits access conditions for the sector trailer are described in detail in (Table 5-5). While, the possible combinations of the 3-bits access conditions for data areas are described in detail in (Table 5-6). For the purpose of this project, the default access conditions (0xFFh, 0x07h, 0x80h) and the default authentication key (Key-A: 0xFFh, 0xFFh, 0xFFh, 0xFFh, 0xFFh, 0xFFh) will be used. Table 5-4. Default Access Conditions.

b7 b6 b5 b4 b3 b2 b1 b0 Hex R/W 1 1 1 1 1 1 1 0xFF Byte #6 1 0 0 0 0 1 1 1 0x07 Byte #7 0 0 0 0 0 0 0 0 0x80 Byte #8 1 Note: A Microsoft Excel Sheet contains a color–coded full view of the MF1 IC S70 Access Conditions are available within the project disc.

5-11


Table 5-5. Access Conditions for the Sector Trailer [19]. ACCESS CONDITIONS FOR THE SECTOR TRAILER Access bits

Access condition for KEY A

Remark

Access bits

C1

C2

C3

read

write

read

0

0

0

never

key A

0

1

0

never

never

1

0

0

never

key B

1

1

0

never

never

0

0

1

never

0

1

1

never

1

0

1

never

never

1

1

1

never

never

key A key A key A|B key A|B key A key A|B key A|B key A|B

key A key B

KEY B

write never never

read

write

key A key A

key A

Key B may be read

never

Key B may be read

never

never

key B

never

never

never

key A key B key B

key A never

key A key B

never

never

never

never

never

Key B may be read, transport configuration

Table 5-6. Access Conditions for data areas [19]. Access bits

ACCESS CONDITIONS FOR DATA AREAS Access condition for

Application

decrement, C1

C2

C3

Read

write

increment

Key A|B

key A|B

key A|B

Never

never

never

read/write block

Key B

never

never

read/write block

Key B

key B

key A|B

value block

Never

never

key A|B

value block

1

key A|B key A|B key A|B key A|B key A|B key B

transfer, restore

0

0

0

0

1

0

1

0

0

1

1

0

0

0

1

0

1

Key B

never

never

read/write block

1

0

1

key B

Never

never

never

read/write block

1

1

1

never

Never

never

never

read/write block

5-12

transport configuration


5.2.5 Mifare® Transaction Sequence The commands are initiated by the Proximity Coupling Device (PCD) in RTF fashion and controlled by the Digital Control Unit of the MF1 IC S70 according to the access conditions valid for the corresponding sector. (Figure 5-9) shows the transaction sequence with typical transaction time for the MF1 IC S70.

Figure 5-9. Transaction Sequence and Typical Transaction Time [19]. After the card performs Power On Reset (POR) it can answer to a request command sent by the PCD by sending the Answer To Request (ATQ) code according to ISO/IEC 14443-A (ATQA) back to the PCD.

5-13


The anticollision loop is used to allow the PCD to communicate with several cards in its operating range. The PCD can distinguish between cards by their UID. When a card is selected for further transactions by sending a SELECT command from the PCD, The unselected cards return to the standby mode and wait for a new request command. After the card receives a SELECT command from the PCD, it returns the Answer To Select (ATS) code (0x18h) which determines the type of the selected card. After selection of a card, the PCD specifies the memory location of the following memory access and uses the corresponding key for the three–pass mutual authentication procedure. After a successful authentication, all memory operations are encrypted on the RF channel. The three–pass mutual authentication procedure is defined in accordance with ISO/IEC DIS9798-2, in which both participants in the communication check the other party’s knowledge of a secret cryptographic key. In the Mifare® case, the key is chosen from a set of two 48-bit keys {Key A, or Key B} depending on the access conditions specified in the sector trailer. The three–pass mutual authentication procedure begins with the PCD sending a GET_CHALLENGE command to the card. The card then generates a random number (Random A) and sends it back to the PCD in which it generates a random number (Random B). Using the common secret key (K) and a common cryptographic algorithm (E), the PCD encrypts a block of data (Token 1), and sends it to the card. Token 1 = E (Random A||Random B||TID, K). When the card receives (Token 1), the card decrypts it and compares the received (Random A’) with the previously generated (Random A). If the two figures matches, then the card have confirmed that the two common keys correspond, Thus, the PCD has been authenticated to the card. The card then generates another random number (Random A2). Encrypts a block of data (Token 2) and sends it to the PCD. Token 2 = E (Random A2, Random B, K). The PCD decrypts (Token 2), and checks whether (Random B) matches (Random B’) which has been just received. If the two figures matches, then the PCD have confirmed that the two common keys correspond, Thus, the card has been authenticated to the PCD. The three–pass mutual authentication guarantees that the secret key is never transmitted over the air, and only encrypted random numbers are transmitted.

5-14


Figure 5-10. Three–Pass Mutual Authentication between RFID Reader and Tag [3].

5.2.6 Mifare® MF1 IC S70 Black Addressing The block absolute address is used as a parameter for the authentication procedure and any memory related operations (e.g. read, write, increment, decrement, etc). Two equations are used to calculate the block absolute address for MF1 IC S70: ─ If sector number < 32 Block Absolute Address = (Sector_Number * 4) + Block_Number. ─ If sector number >= 32 Block Absolute Address = 128 + ((Sector_Number – 32) * 16) + Block_Number. Example: The absolute address for: ─ Block #1 of Sector #7 equals (7 * 4) + 1 = 29. ─ Block #13 of Sector #36 equals 128 + ((36 – 32) * 16) + 13 = 205.

5-15


5.3

Implemented Applications for our Case Study

Chapter three of this document introduced a case study about access control system for a single entry SUB. This prototype implemented two applications, admin and guard application according to the design of prototype III, to satisfy this case study. The admin application is used by the system administrator to secure and write the user information form an enterprise subsystem backend–database to the RFID card memory. While, the guard application is used by the SUB gate guard to extract these information from the RFID card and show them to the guard. AES cipher is used to encrypt the user information as specified in the prototype III design. The AES provider properties are as following: ─ ─ ─ ─ ─

Key size: 256-bit. Cipher mode: Cipher Block Chaining (CBC). Padding mode: ISO10126. IV: randomly generated. Key: randomly generated, or using a PBKDF2.

Mission–critical tasks such as master key creation and deletion are restricted to the system administrator by requiring the knowledge of a passphrase set by the system administrator. The passphrase is created using a PBKDF2, and only the hash with salt value of the passphrase is stored and not the actual value. The master key and the IV bytes are encrypted using Iterative Master/Slave (IMS) cipher, which is, a double key iterative cryptographic procedure that uses two different symmetric ciphers, namely: AES with 256-bit key and TDES with 192-bit key, to encrypt the data. See (Figure 5-11).

5-16


Figure 5-11. Iterative Master/Slave Cipher. The IMS Master/Slave keys are stored within the MicroSecurityManager.dll assembly. However, this could lead to a major security threat since the fact that .Net assemblies are very fragile to reverse engineer, which will reveal the IMS master/slave keys. Hence, revealing the master key and IV bytes. Obfuscator software can be used to make the reverse engineering process difficult, but it cannot prevent it. Another possible solution is to store the Master/Slave keys on a smartcard, which might not be a very cost effective way, and it raises some question marks about what if the card got lost or stolen? Asymmetric cipher may be used also, but that will require a key management system, which is hard to manage and operate, and increases the processing time. (Figure 5-12) shows the first 13 bytes of the IMS master key being clearly disassembled using the Microsoft Intermediate Language (MSIL) Disassembler. Note: A full documentation for the MicroSecurityManager.dll library is available as .chm document within the project disc.

5-17


Figure 5-12. The First 13 bytes of the IMS Master Key Disassembled by MSIL.

5-18

SECTION 6: Evaluation and Conclusion

6

Evaluation and Conclusion

This is the last section of this document and it presents the final evaluation and conclusions for this project.

In the first chapter of this document, I set the main aim and objective of this project to address some of the common security and privacy challenges that RFID systems face. And I am pleased to say that I have been able to achieve this entire objective by the third prototype, which provides data confidentiality protection, data and source integrity assurance, secure communications over the RF channel, and information privacy protection while preserving a simple design. Two fully functional demo applications were implemented to support the concept of the solution design. However, the reading time was not acceptable for a real world application, since it took roughly 15 seconds to complete a full data transaction and processing due to the type of the tag being used (Mifare®) which requires a three– pass mutual authentication for each transaction. I believe that with better hardware and unmanaged code, the processing time can be significantly reduced to better suite real world applications, and as for the security and privacy objectives, they all were met.

6-1

APPENDIX A—Tools Used

A. Appendix A—Tools Used This appendix shows some of the tools used in this project.

A.1 Sandcastle - Documentation Compiler for Managed Class Libraries Sandcastle is a documentation compiler for Managed class library that generates Microsoft-style Help topics, both conceptual and API reference. It creates API reference topics by combining the XML documentation comments (/// in C# or ''' in VB) that are embedded in the source code with the syntax and structure of the types, which it acquires from reflecting against the associated .NET Framework assembly. [20] Skeletal topics are created by using reflection on the project assembly (.dll) file. Additional content, such as remarks and parameter descriptions, is derived from text in the /// comments in the c# source code or ''' comments in the VB source code. Conceptual topics are created by converting XML documents. [20]. Sandcastle is used in this project to generate the documentation of the MicroSecurityManager.dll library. A.2 Microsoft Intermediate Language Disassembler (ildasm.exe) The MSIL Disassembler is a companion tool to the MSIL Assembler (Ilasm.exe). Ildasm.exe takes a portable executable (PE) file that contains Microsoft intermediate language (MSIL) code and creates a text file suitable as input to Ilasm.exe. The MSIL Disassembler is used is this project to check the vulnerability of the MicroSecurityManager.dll assembly against reverse engineering attacks.

A-1

APPENDIX B—Glossary

B. Appendix B—Glossary Selected fundamental terminologies related to RFID technology are defined below. Active Tag: A tag that have internal power supply. Analytic Systems: IT systems that process the information outputs produced by middleware. Analytic systems may be comprised of databases, data processing software, and Web services. Anticollision: A general term used to cover methods of preventing radio waves from one device from interfering with radio waves from another. Anti-collision algorithms are also used to read more than one tag in the same reader's field. Application Family Identifier (AFI): is used to identify the type of application of targeted item. AFI is coded on one byte, which constitutes two nibbles of 4-bits each. Authentication: The verification of the identity of a person, object, or process. In RFID, the term is used in two ways. For contactless smart cards and other payments systems, the reader must make sure the transponder is a valid device within the system. That is, someone is not using an unauthorized device to commit fraud. There is also some talk of using EPC technology to authenticate products as a way of reducing counterfeiting. Automatic Identification and Data Capture (AIDC): A broad term that covers methods of identifying objects, capturing information about them, and entering it directly into computer systems without human involvement. Technologies normally considered part of auto-ID include bar codes, biometrics, RFID, and voice recognition. Back Channel: The channel on which a tag transmits its signals (tag-to-reader channel). Backscatter Channel: The type of back channel used by passive tags. Checksum: A method of checking whether the data has been corrupted or lost during storage or transition. Cloned Tag: A tag that is made to be a duplicate of a legitimate tag. A cloned tag can be created by reading data such as an identifier from a legitimate tag and writing that data to a different tag. Cover Coding: A technique to reduce the risks of eavesdropping by obscuring the information that is transmitted on the forward channel. Cyclic Redundancy Check: See Checksum. Data Storage Format Identifier (DSFID): indicates how the data is structured in the Vicinity Integrated Circuit Card (VICC) memory.

B-1

SECURITY AND PRIVACY FOR RFID-ENABLED SYSTEMS

Duty Cycle: The percentage of time that a device is operating over a specified period. For example, a reader that is emitting energy to communicate with tags for 15 seconds every minute has a duty cycle of 25%. Eavesdropping: An attack that surreptitiously overheard communications between two (or more) legitimate parties. Electronic Article Surveillance (EAS): is a technological method for preventing shoplifting. EAS is coded on one byte. The LSB holds the EAS value; one (1) represents active tag, while zero (0) represents inactive tag. Electronic Product Code (EPC) Identifier: One of the available formats for encoding identifiers on RFID tags. The EPC is a globally unique number that identifies a specific item in the supply chain. The EPC has digits to identify the manufacturer, product category and the individual item. Enterprise Subsystem: The portion of the RFID system that analyzes, processes, and stores information collected by the RF subsystem. The primary role of the enterprise subsystem is to make the data collected by the RF subsystem useful for a supporting business process. An enterprise subsystem is made up of middleware, analytic systems, and network infrastructure. Forward Channel: The channel on which a reader transmits its signals (reader-to-tag channel). Inter-Enterprise Subsystem: The portion of the RFID system that connects multiple enterprise subsystems together. The inter-enterprise subsystem consists of network infrastructure, a naming service, and possibly a discovery service. Inter-enterprise subsystems are most commonly associated with supply chain applications. Interrogator: See Reader. Jamming: A deliberate communications disruption meant to degrade the operational performance of the RF subsystem. Jamming is achieved by interjecting electromagnetic waves on the same frequency that the reader-to-tag uses for communication. Kill Command: A command that readers can send to tags that uses electronic disabling mechanisms to prevent tags from responding to any additional commands. Lightweight Cryptography: Cryptography that can be implemented on devices with very limited memory and computing capabilities, such as RFID tags. Lock Command: A command that readers can send to a tag to block access to certain information on the tag. Middleware: Software that is responsible for preparing and filtering data collected by RFID readers and possibly passes the information to an enterprise subsystem database. Middleware may also responsible for monitoring and managing readers. Passive Tag: A tag that does not have its own power supply; the power is supplied by backscattering RF energy received from the reader.

B-2

APPENDIX B—Glossary

Permalock: A security feature that makes the lock status of an area of memory permanent. Read Range: The distance from which a reader can communicate with a tag. Reader Spoofing: Impersonating a legitimate reader of an RFID system to read tags. Reader: A device that can wirelessly communicate with tags. Readers can detect the presence of tags as well as send and receive data and commands from the tags. It may be read only or R/W device. Replay and Relay Attacks: An attack on a security protocol using replay of messages from a different context into the intended context, thereby fooling the honest participant(s) into thinking they have successfully completed the protocol. RF Subsystem: The portion of the RFID system that uses radio frequencies to perform identification and related transactions. The RF subsystem consists of two components: a reader and a tag. Semi-Active Tag: A tag that uses an internal power source for broadcasting but remains dormant until a reader sends an energizing signal. Semi-Passive Tag: A passive tag that uses an internal power source to power its circuits and relies on the reader to supply the power for broadcasting. Singulation: is a method by which an RFID reader identifies a tag with a specific serial number from a number of tags in its vicinity. Skimming: The unauthorized use of a reader to read tags without the authorization or knowledge of tag’s owner or the individual in possession of the tag. Tag: An electronic device that consists of coil, antenna, and microchip. Can be applied to an object. Every tag has a unique identifier and may also have some other features such as memory to store additional data, environmental sensors, and security mechanisms. Transponders: See Tag.

B-3

APPENDIX C—ACRONYMS AND ABBREVIATIONS

C. Appendix C—Acronyms and Abbreviations For the purposes of this document, the following abbreviations are used: μW

Microwave

AES

Advanced Encryption Standard

AFI

Application Family Identifier

AIDC

Automatic Identification and Data Capture

API

Application Programming Interface.

ASCII

American Standard Code for Information Interchange

ATQ

Answer To Request

ATQA

Answer To Request according to ISO/IEC 14443A

ATS

Answer To Select

Bd

Baud rate, transmission speed in bit per second

C#

C Sharp

CBC

Cipher Block Chaining

CDMA

Code–Division Multiple Access

CIA

Confidentiality, Integrity, and Availability

cm

Centimeter

CR

Carriage Return (ASCII 0x0Dh)

CRC

Cyclic Redundancy Check

DFD

Data Flow Diagram

DoS

Denial of Service

DRBG

Deterministic Random Bit Generator

DSF

Data Structure Diagram

DSFID

Data Storage Format Identifier

EAS

Electronic Article Surveillance

EEPROM

Electrically Erasable Programmable Read-Only Memory

EOF

End Of Frame

EPC

Electronic Product Code

ETX

End of Text

GHz

Gigahertz

C-1


GIOP

General Input Output Port

GSM

Global System for Mobile Communications

HF

High Frequency (3–30 MHz)

HMAC

Hash-based Message Authentication Code

I2C

Inter–Integrated Circuit

IC

Integrated Circuit

ID

Identifications number

IEC

International Electrotechnical Commission

IEEE

Institute of Electrical and Electronics Engineers

IEFT

Internet Engineering Task Force

IMS

Iterative Master–Slave

IP

Internet Protocol

ISM

Industrial, Scientific, and Medical (frequency range)

ISO

International Organization for Standardization

IT

Information Technology

IV

Initialization Vector

KDF

Key Derivation Function

kHz LF LF

Kilohertz Line Feed (ASCII 0x0Ah) Low Frequency (30–300 kHz)

LSB

Least Significant Bit

LSByte

Least Significant Byte

m

Meter

MAC

Message Authentication Code

MD5

Message Digest 5

MHz

Megahertz

MSB

Most Significant Bit

MSByte

Most Significant Byte

MSIL

Microsoft Intermediate Language

NIST

National Institute of Standards and Technology

NUL

Null value

PBKDF

Password-Based Key Derivation Function

C-2

APPENDIX C—ACRONYMS AND ABBREVIATIONS

PCD

Proximity Coupling Device

PICC

Proximity Card

PII

Personally Identifiable Information

POR

Power On Reset

PRF

Pseudorandom Function

R/W

Read/Write

RF

Radio Frequency

RFC

Request For Comments

RFID

Radio Frequency Identification

RFU

Reserved for Future Use

RS232

Recommended Standard 232

RTF

Reader Talks First

RTLS

Real–Time Location Systems

SHA

Secure Hash Algorithm

SHA

Secure Hash Algorithm

SNMP

Simple Network Management Protocol

SOF

Start Of Frame

SP

Special Publication

SSL

Secure Sockets Layer

STX

Start Of Text

TDES

Triple Data Encryption Standard

TID

Tag Identifier

TLS

Transport Layer Security

TTF

Tag Talks First

TTP

Trusted Third Party

UART

Universal Asynchronous Receiver/Transmitter

UHF

Ultra High Frequency (300 MHz to 3 GHz)

UID

Unique Identifier

UML

Unified Modeling Language

UPU

Universal Postal Union

URI

Uniform Resource Identifier

URL

Universal Resource Locator

C-3


USB

Universal Serial Bus

VB

Visual Basic

VCD

Vicinity Coupling Device

VICC

Vicinity Integrated Circuit Card

WORM

Write Once, Read Many

XOR

Exclusive-OR

C-4

APPENDIX D— References

D. Appendix D—References

[1] [2]

[3] [4] [5] [6] [7] [8] [9] [10] [11]

[12] [13] [14]

Mark Roberti, “The History of RFID Technology”, RFID Journal, Article 1338. http://www.rfidjournal.com/article/view/6394. PII is defined in the E-Government Act of 2002, Pub. L. No. 107-347, 116 Stat. 2923, as “any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means”. Klaus Finkenzeller, “RFID Handbook: Fundamentals and Applications in Contactless Smart Cards, Radio Frequency Identification and Near-Field Communication”, Third Edition, John Wiley & Sons, Ltd, 2010. Tom Karygiannis et al, The National Institute of Standards and Technology (NIST), “Guidelines for Securing Radio Frequency Identification (RFID) Systems”, Special Publication 800-98, 2007. ABI research, “Massive Retail Deployment Helps Spur 2011 RFID Systems Revenue Growth of More than 16%”, New York, November 19, 2010. http://www.abiresearch.com/press/3557. CC Research LLC, “RFID: Technology, Applications, and Global Markets (IAS020B)”, October 2010. http://www.bccresearch.com/pressroom/report/code/IAS020B. Pedro Peris-Lopez et al, In Security in RFID and Sensor Networks (Wireless Networks and Mobile Communications), chapter “Attacking RFID Systems”, CRC Press, 2009, pp. 29-49. Ranasinghe, D.C. and Cole, P.H., Confronting security and privacy threats in modern RFID systems. In Proceedings of ACSSC 06, 2006, pp. 2058–2064. 13.56 MHz RFID enabled ID card holder, RFID Protect, http://www.rfidprotect.co.uk/products.htm. B. Jamali, P.H. Cole, and D. Engels. In Networked RFID Systems and Lightweight Cryptography, chapter “RFID Tag Vulnerabilities in RFID Systems”, pp. 147–155. Springer, 2007. L. Bolotnyy and G. Robins, “Multi-Tag RFID Systems”, In International Journal of Internet Protocol Technology (IJIPT), special issue on “RFID: Technologies, Applications, and Trends”, eds. M. Sheng, S. Zeadally, Z. Maamar, and M. Cameron, 2007. Y. Oren and A. Shamir, “Power Analysis of RFID Tags”, [2006]. D. Nolan. Internet technologies in a converged network environment, 2004. NCS Technical Information Bulletin 04-2. Harold F. Tipton, In Information Security Management Handbook, Section 1.4 “Risk Management”, pp. 321–331, Sixth Edition, 2007.

D-1


[15] [16] [17] [18]

[19] [20]

Guttorm Sindre1 and Andreas L. Opdahl, “Templates for Misuse Case Description”, 2001. Wikipedia, “Misuse case”, May 2011, http://en.wikipedia.org/wiki/Misuse_case. Stefan, “Matrix Keypad Class”, 2011, https://stefan.co/netduino/matrix-keypad-driver/. Pavel Bánský, "Interfacing LCD with 3 wires from .NET Micro Framework", 2008, http://bansky.net/blog/2008/10/interfacing-lcd-with-3-wires-from-net-microframework/. Mifare® Standard 4 kByte Card, IC MF1 IC S70 Functional Specification, Philips Semiconductors, Product Specification, Rev. 3.1, October 2002. Sandcastle Code Plex website, http://sandcastle.codeplex.com/.

D-2

Privacy and Security for Radio Frequency ...

Privacy and Security for Radio Frequency ...

Suggest Documents

Tackling Security and Privacy Issues in Radio Frequency ... - CiteSeerX

Security and Privacy Aspects of Low-Cost Radio Frequency ...

Security and Privacy in Radio-Frequency ... - Weis, Stephen

Authentication Security in Radio Frequency

Radio Frequency Identification and the Ethics of Privacy - CiteSeerX

radio frequency identification based smart security ...

radio frequency identification based smart security ... - Technoarete

Cyber Security with Radio Frequency Interferences ...

radio frequency identification based smart security ...

radio frequency identification based smart security ...

radio frequency identification based smart security ... - Technoarete

radio frequency identification based smart security ...

radio frequency identification based smart security ...

radio frequency identification based smart security

Cyber security with radio frequency interferences ...

radio frequency identification based smart security ...

radio frequency identification based smart security system for ...

radio frequency identification based smart security system for ...

radio frequency identification based smart security system for ...

radio frequency based radio frequency based water level monitor and ...

Network security and privacy

Computer Security and Privacy - Cryptography, Security, and ...

Nationwide Privacy and Security Framework for ... - HealthIT.gov

Airavat: Security and Privacy for MapReduce - Usenix