Security Terminology

Chapter 1 Security Terminology

Ming Li Shandong University, China & State Grid Corporation, China

ABSTRACT The widespread use of RFID technology gives rise to security concerns. Cryptographic technology provides various valuable tools to enhance the security of RFID systems. In the literature, many cryptographic protocols have been proposed and designed for safeguarding RFID systems. In this chapter, the author describes some fundamental terminologies in information security and cryptology. More information on cryptography can be found in (Mao, 2003; Koblitz, 1994; Stinson, 2005; Stallings, 2006).

1.1 BACKGROUND the cashier of pharmacies to read the prices of different drugs. RFID has also been used for more RFID (Radio-Frequency IDentification) systems complex applications, such as passport verifica- are made up of readers and tags. The readers read tion, employee cards and payment for bus tickets. the tags with non-contact communication. In order As with other new technology (such as com- to complete this function, each tag comprises at puter networks), in the beginning, RFID systems least two parts. One is a microchip for storing and designers were mainly focused on creating an processing data, which is similar to that in a smart available system without adequate consideration card or USB key, while the other is an antenna for of security and privacy. Without access control, receiving and transmitting radio waves. Because RFID tags could leak information and erode us of its convenience and low cost, RFID technology of privacy. For example, an attacker could read has been widely used in industry to improve the the identifier in tags easily and track which items efficiency of tracking and managing goods and that an individual is using. If a RFID tags stores production. For example, we are using RFID at the Electronic Product Code (EPC) of an item,

DOI: 10.4018/978-1-4666-3685-9.ch001

we could identify the item by checking it on Ob- algorithms are either based on symmetric key ject Name Service (ONS), which is provided by cryptography or asymmetric key (public key) EPCglobal (Fabian et al. 2005). cryptography. In symmetric key cryptography, the Cryptography is the study of hiding information encryption methods require that the sender and and protecting communications. In order to keep receiver share the same key. The encryption key privacy in a RFID system, many cryptographic and the decryption key are different in asymmetric protocols have been designed to protect the sensi- cryptosystems. Whatever cryptographic algorithm tive information in tags, such as basic hash protocol Alice is using, she needs to share the right key or and hash chain protocol. Cryptographic protocols key pairs with Bob. We describe how to achieve hide tag ID by using cryptographic algorithms with key sharing in the next section. After that, some secret keys. We give a simple example to show fundamental concepts of security requirements are which aspects of security we need to consider explained. Lastly, we introduce the quantities that transmitting a message protected by cryptography. measure the security of an algorithm. Imagine that Alice is to send Bob a message “I am going to meet you at 19:00 tomorrow night.” We list what services we will need to keep this 1.2 KEY SHARING information secure. That is to say, which aspects we should consider to implement a secure com- Before two parties start an encrypted communica- munication. tion, they have to share the right cryptographic keys. In symmetric cryptography, two parties must • Confidentiality: This message must be se- share the same key that is secret to all others. But cret to others. in asymmetric key cryptography, the encryption • Authentication: Alice knows for sure that key and the decryption key are different. Each she is communicating with Bob, and so user possesses a pair of keys, namely the public does Bob. key and the private key. The public key (or a • Integrity: The receiver, Bob, can verify if certificate) can be accessed by anyone, and may this message has been modified, such as if be stored, for example, in public servers managed “tomorrow” has been changed to “today.” by the so-called Certificate Authority (CA). Thus • Non-repudiation: Alice cannot deny that anyone else can send a ciphertext that is encrypted she has sent the message if she did send it, using the public key, but only the user who owns and Bob cannot deny receiving of the mes- the private key can decrypt it. The foundation sage if he does receive it. of public key (or asymmetric key) cryptography • Availability: This message must be deliv- was a revolutionary change for key distribution. ered in time, which means the communica- We have asymmetric key exchange protocols that tion channel have to always be in working can establish a secure communication channel in order if needed. open networks. For symmetric cryptography, it is more difficult The security requirements above can all be to establish a shared cryptographic key. Two or satisfied by cryptographic methods. If Alice wants more communication parties have to establish the to send the message secretly, she encrypts this shared key by some other means. A direct method message into a ciphertext using a cryptographic is to establish the key using secure communica- key. Then she sends the ciphertext of the message tion, such as mail, email or face-to-face. to Bob. Bob decrypts the cipher, firstly using a One key establishment technique is key decryption algorithm with the right key, and reads distribution, which requires a trusted dealer to the message. In general, encryption/decryption delivers a key to two or more parties who want

2 Security Terminology

to build a secure communication channel. The response. The reader verifies the ID of a tag when disadvantages of this method are the bottleneck its hash value is found in the database. The key of the Trusted Third Party (TTP) and the inef- distribution here is similar to the first scenario ficiency of the system for a large group of many above. The hash function is a one-way function communication parties. that maps a message to a random string of bits. Many more key establishment techniques are For example, Secure Hash Algorithm (SHA-1) implemented using public key techniques. The (FIPS 2004), which is published by NIST as a Diffie-Hellman key exchange is a cryptographic Federal Information Processing Standard, pro- protocol that enables two parties to establish duces a 160-bit digit from a message that is 64 a secret key through an insecure communica- shorter than 2− 1 bits. tion channel. A practical secure mechanism is a In the third scenario, we make use of a trusted digital envelope technique combining symmetric third party to help us distribute the keys. KDC cryptography and public key cryptography, which (Stallings, 2006) is a trusted server that is respon- encrypts a secret symmetric key using a public key. sible for managing all the keys in a system, and verifies the identity of every user. The KDC shares 1.2.1 Symmetric Key different keys, called user keys, with each user. When Alice and Bob want to establish a secret In symmetric key cryptography, the encryption key to start a secure session, the KDC assigns a methods require that the sender and receiver share session key and sends it to Alice and Bob using the same key. Here are three possible means to their user keys separately. In general, a session achieve key distribution for symmetric key encryp- key expires quickly, and a new session key can be tion between two parties, Alice and Bob. created with the help of KDC before the expira- tion of the previous one. For reducing the burden 1. Alice selects a key and physically deliver it of the KDC server, the new session key can also to Bob. be established by the second method above. The 2. If Alice and Bob have already shared a Kerberos protocol is a successful commercial key, they can establish a new key under the authentication protocol based on symmetric protection of the old key. key cryptography. It realizes secure information 3. If Alice and Bob are sharing different keys exchange using a KDC. More information on with a Key Distribution Center (KDC) sepa- Kerberos protocol can be found in (Miller et al., rately, the KDC can deliver a key to Alice 1988) and (Kohl & Neuman, 1993). and Bob though secure channels. 1.2.2 Asymmetric Key In basic hash protocol (Weis et al., 2004), which is one of the first cryptographic protocol In a symmetric key cryptosystem, users who want proposed for protecting RFID privacy, the keys to build a protected communication channel must of each tag are distributed physically before the have the same secret key prior to starting this use of these tags. Every tag has a secret key that channel. Before the appearance of asymmetric is shared with the reader. When a tag is queried, key cryptography, distribution or exchange of it generates a random number n and sends keys was extremely troublesome, because we (,n H(,k n)) to the reader as a response, where needed a trusted channel to do the key exchange. In H(, k n) is a hash function. The reader maintains general, such a channel often had to be a physical a database that stores the keys of all tags. When channel. Thanks to the proposition of asymmetric the reader receives(,n H(,k n)), it tries all keys key (or public key) cryptography, we can now to hash n and checks which one matches the exchange keys over an insecure communication

3 Security Terminology

Table 1. Huffman coding channel. This feature encourages the development of electrical commerce. In asymmetric key cryp- a b c d e tography, every party has a pair of keys. One is 0.10 0.12 0.15 0.20 0.43 private and the other is public. We introduce the 0 1 Diffie-Hellman key exchange protocol (Diffie & 0.22 0.15 0.20 0.43 Hellman, 1976) to demonstrate how a public key 0 1 protocol works (see Box 1). 0.22 0.35 0.43 In the Diffie-Hellman key exchange protocol, ab ba 0 1 since k= g = g(mod p), Alice and Bob pos- 0.57 0.43 sess the same group element k, which can serve 0 1 as the shared secret key for symmetric cryptog- 1.0 raphy. Others who do not know the private keys a and b, cannot compute the right secret key k. This is a basic version of the Diffie-Hellman popular tool that provides cryptographic security, protocol, which is not resistant to man-in-the- the session keys for a symmetric key algorithm middle attack. That is to say, the basic Diffie- are encrypted and distributed by the public key Hellman protocol cannot ensure the identity of encryption. A cryptographic encryption of a mes- the communicating parties. The security of the sage can also be completed by both symmetric key Diffie-Hellman protocol is based on the hardness and asymmetric key encryption. Since public key of the discrete logarithm problem, which is be- encryption always consumes much more resources lieved to be intractable. This is called computa- in computation, we use a combined cryptosystem tional security that will be introduced in the next to improve efficiency without losing security when section. This protocol has been employed by a we encrypt a long message. The digital envelope number of commercial products, such as Secure technique is a combination of symmetric key and Sockets Layer (SSL) protocol (Rescorla et al., asymmetric key cryptosystems. A digital envelope 2010) and IPSec protocol, which provide secu- consists of a message encrypted by a symmetric key rity for network communications. algorithm and a secret key that is encrypted using We have other approaches to achieve key an asymmetric key algorithm with the receiver’s sharing without using a key exchange protocol. public key. If the receiver wants to decrypt the For example, in Pretty Good Privacy (PGP), a message, he first decrypts the secret symmetric

Box 1.

4 Security Terminology

key using his private key and the asymmetric key tags and readers are not protected. The existence algorithm. Then he decrypts the message using the of attackers in this kind of system has to be of secret symmetric key. This combination technique concern if we want to protect the privacy. Dolev has been accepted by a number of applications, and Yao (1981) suggested a model to describe such as SSL protocol. the ability of an “active” saboteur in this kind of Although public keys can be accessed by environment: anyone, the distribution of public keys also needs our attention in practice. We can publish it • He can obtain any message passing through through public announcement for convenience, the network. such as releasing the announcement on forums, • He is a legitimate user of the network, and newsgroups and by mailing list. But this approach thus, in particular, he can initiate a conver- has the weakness that anyone can forge a public sation with any other user. announcement. To avoid forged information, a • He will have the opportunity to be a receiv- trusted third party CA is created to maintain a er to any user. public key directory, which can be read by anyone • He will have the opportunity to masquer- but can only be modified by the CA. Public key ade as any sender to any user. infrastructure (PKI) (ITU-T 1993; Weise, 2001) is a perfect system that provide authentication We should consider these attackers when we and identification for each user, and distributes design a security protocol or construct a system. the public keys securely. In a PKI, public key They not only damage the systems by sniffing, certificates (Adams & Lloyd, 2002) are used to but also copy, forge, delete or modify sensitive verify that a public key belongs to a specific user. information without authentication. Imagine that A Public key certificate (or digital certificate) is an the users in a network want to send some messages electronic document signed by a CA (Certificate that they do not want to let anyone else see, includ- Authority) to bind a public key to the owner’s ing the administrator of the network. Although identity. The digital certificate includes the name the administrator has the right to access any data of a person or an organization, their address and package that is being transmitted in the network, other useful information. The CA is in charge of he cannot understand the data if the transmission verifying the truth of the user’s information, and is protected by cryptographic methods. Lot of confirms it by signing the certificate. If we believe research has been done on cryptology, which can the CA, we believe that the certificate signed by provide specific services to protect the informa- the CA is valid. PKI has been widely applied tion against interception or modification, and help in network communications and e-commerce. the systems work without interruption. Some of Several countries have passed legislation to give the main services that cryptography provides are legal effect to digital certificates. confidentiality, integrity, authentication, non- repudiation and availability.

1.3 SECURITY REQUIREMENTS 1.3.1 Confidentiality

Many network systems are typical open systems, Confidentiality means the information is intelli- such as computer internet, which means any termi- gible only to specified users. This is one of the nal can join the networks without authentication. basic services provided by cryptographic tech- Most RFID systems can also be treated as open niques. Imagine that Alice wants to send Bob a networks because the communications between secret message M that cannot be understand by

5 Security Terminology

others. She uses a key and encryption algorithm someone signs a file using his private key, anyone to encrypt this message to become a string which else can verify this signature using the related is referred to as a ciphertext, and sends it to Bob. public key. Most digital signature schemes are Bob has the right key to decrypt the ciphertext. based on public key cryptography. For example, Even if an attacker intercepts the ciphertext, he Digital Signature Standard (DSS) is suggested cannot decrypt it because he does not have the by National Institute of Standard and Technology encryption key used. Since Caesar’s cipher, there (NIST). RSA, Elgamal and Schnorr schemes are have been many techniques to encrypt a message. also popular public key signature algorithms. Nowadays, we use symmetric encryption and Authentication is also a service that most RFID asymmetric encryption to get confidentiality. AES, systems provide. There are many authentication DES, 3DES, IDEA and RC5 are standard sym- protocols for RFID to help a reader identifying a metric encryption algorithms. RSA, Elgamal, and tag without leaking any useful information to the NTRU are popular asymmetric encryption tech- attacker. Most of these protocols are based on hash niques. functions or hash chains. For more information the reader is referred to Chapter Seven of this book. 1.3.2 Authentication 1.3.3 Integrity When Bob ascertains that the message M was indeed sent by Alice using some techniques, he Integrity ensures that any illegitimate user’s authenticates the message. Authentication means modification to the message can be detected. that the receiver can verify the origin of a mes- Modification includes insertion, deletion, substitu- sage. We can realize authentication using sym- tion or changes to the status of a given message. metric or asymmetric cryptosystems. In a sym- For example, an attacker may change part of the metric system, each authenticated part keeps the ciphertext intended for Bob, and Bob may not same secret or cryptographic key. When one part detect these changes and accept the forged mes- shows that he/she possesses the secret or encrypts/ sage as genuine. There are many schemes and decrypts a message correctly, the other parts as- protocols in cryptology that help with maintaining sure that he/she is authenticated. Message Au- the integrity of messages or files. Hash functions thentication Code (MAC) is one such technique. are effective tools to help maintain integrity. A MAC can be produced by a keyed Hash func- Integrity is often concerned with authentication. tion or block cipher. A hash function is a math- In HMAC, DSS and Schnorr signature schemes, ematical function that accepts a message as an there are specific parts to ensure message integ- input and outputs an almost random string. In rity using hash functions. RSA-OAEP (Optimal other words, a good hash function ensures that it Asymmetric Encryption Padding) is one helpful is hard for us to construct two different input technique to ensure the integrity of a message messages that have the same output value. Hash without identifying the sender. RSA-OAEP was functions also play an important role in protecting accepted by PKCS#1, IEEE P1363 and SET as a message integrity. An example of a keyed Hash standard encryption scheme. function is HMAC Hash-based Message Authen- tication Code (HMAC) which is a secret key 1.3.4 Non-Repudiation authentication algorithm that appears in RFC2104, and examples of those using block ciphers are If a protocol makes sure that neither the sender OMAC and CBC-MAC. nor the receiver can deny the transmission, we Public key cryptography has made a profound say that it provides non-repudiation. This feature impact in designing authentication algorithms. If is necessary in many applications today such as

6 Security Terminology

e-banking and e-business transactions. Consider an service. Thus, the system will become unavailable internet transaction for which e-banking was used to its users. The DoS attack can also be against the to pay for goods and services received. Clearly, database, servers or communication lines in the there will be serious ramifications if the buyer system. Some DoS attacks are amendable auto- denies making the purchase or the seller denies matically after enhancing the authentication of the receiving the funds, despite doing so. PKI can system. For example, if we design communication be used to provide non-repudiation services by protocols between readers and tags carefully to using a Trusted Third Party (TTP). A TTP is an tell readers how to distinguish a normal legitimate organization that has the trust of communicating user, then the readers can deny the requests that parties. When a transmission occurs, the TTP signs are part of a DoS attack. As to the protection of the message with some useful information (time computer networks, we use firewalls, security stamp, sender, receiver ...) and passes it through protocols (IPSec and SSL), Intrusion Prevention the channel. Then no one can deny the message System (IPS) or Intrusion Detection System (IDS). that he sends and receives because he cannot For more information on DoS attacks, readers can forge a valid signature. Non-repudiation service read (Stallings, 2006). can therefore serve as an effective tool in dispute resolutions. Non-repudiation has not been widely considered in RFID systems yet, but it may be put 1.4 MEASURING SECURITY into practice in RFID systems in the future when RFID is used for more complex applications. In this section, we describe how to measure the security of a cryptography scheme or protocol. 1.3.5 Availability Information theory, which was founded by Shan- non in 1948, provides a theoretical measure of When we implement a system, we should ensure information security (Shannon, 1949). Informa- that the service is available to authorized users tion theory was born for modeling communication whenever needed. There are various ways to break between simple memoryless sources and channels, a system or make it unavailable or unusable. For and it has since been applied in many other fields. example, one can cut the communication line or It should be noted that this theoretical measure destroy one piece of hardware. Theses physical of security does not outline the details of possible issues are of concern in the management of the successful attacks against a given scheme or proto- systems, and solved by some sort of physical col. A more concrete, practical measure of security actions, such as setting up access controls to the it that of computational security. In computational hardware. There are also remote attacks that can security paradigm, one measures time and resource interrupt the system, such as Denial of Service complexities of attacks against a given scheme. If (DoS) attacks, Distributed DoS (DDoS) attacks the resource and the time complexities of attack and viruses (such as back door or trojan horses). algorithms are beyond the capacity of existing DoS attacks are often used by hackers in computer computers and users, then one cannot realize these networks by, for example, blocking a website or attacks in a “reasonable” time, and we consider a payment gateway. They are also very effective the scheme to be computationally secure. attacks against RFID systems, and can be implemented against any part of these systems. For 1.4.1 Information Theory example, in a RFID system, if one forges enough (legitimate) requests to the reader to execute a Information theory is based on probability theory, DoS attack, the reader will not be able to accept and has been widely applied in many areas (signal requests from any other tags requiring normal processing, data compressing, cryptography etc).

7 Security Terminology

Entropy, which was proposed by Shannon in 1948, p() a =0., 10p() b = 0.,12 is a basic tool to measure information. That is p() c =0., 15p() d = 0.,2p() e = 0..43 to say, entropy quantifies the uncertainty when We first choose the two symbols a,b with the we get a random variable. We now introduce the lowest probabilities. Then we set a = 0 and b = 1 notation and fundamental properties of entropy. and delete them from the set. After that, we insert Assume that L is a language which has n a new symbol with probability p() a +p() b = 0.. 22 different symbols X= {, x x,, x }. If a coding 1 2 n We repeat these steps until there is just one sym- S source produces these symbols independently, bol in the set with probability 1. Then we get the x,, x …,x and the probabilities that 1 2 n appear are code of each symbol. The whole process constructs p() x1,(p x 2 ),…,(p xn ) respectively, then the en- a tree, which is shown in Table 1. The last row, tropy of S is 1.0, is the root and the first row is the leaves. At last, we get the code of each symbol from the root n to each leaf. Thus, we get the codes HS() = − p() x log(( p x )). ∑ i 2 i i=1 f() a =000,(f b), = 001

f() c =010,(f d), = 011 f() e = 1. We define 0log2 0 = 0 in the formula above. Entropy defined as above shows the number of The average length of the codewords is bits that S outputs, which measures the amount (0.... 10+ 0 12 +0 15 + 0 20)× of information that S can encode. The base of the logarithm can be any number. If the base is 3+ 0..43 ×1= 2 14. the natural logarithm e, the unit of entropy is The entropy of variable X is called “nats.” When we use base 2, the unit is “bits.” We shall often use logarithms to base 2 for HX() =0.. 10 × 3 322 +0.. 12 × 3 059 +0. 15 × convenience here. If each xi appears with the 2..737 +0 20 × 2..322 +0 43 × 1.2188= 2.,10 same probability, that is to say p() x = 1 /,n we i which is close to the average length. In fact, we HS() = log n. have 2 One important application have the proposition of entropy is Huffman coding (Huffman, D.A. 1952), which is an entropy encoding algorithm HX() ≤l(( f XH)) ≤ ()X + 1 . for creating prefix codes.

Assume that we have an alphabet {,x1 x 2,, xn } As entropy measures the quantities of uncertainty, and we want an encrypted cipher to be as and a weight set p() x1,(p x 2 ),…,(p xn ). Huffman random as possible, the encryption algorithm coding finds codewords {(f x ), f() x ,, f() x } 1 2 n should output ciphers with high entropy. Shan- for every symbol which satisfies the following: n non proposed a perfect security scheme based l(( f X)) = p()x| f (x ) | the average length ∑ i i on entropy in his 1949 paper. But in that perfect i=1 secure encryption scheme, the key space is as large |f ( x ) | is the shortest, where i is the length of the as the message space, which makes the scheme codeword of xi . We give an example to show infeasible to implement practically. how Huffman coding works. Assume that the Entropy is also useful in cryptanalysis, which symbol set is {a,b,c,d,e}, and the probabilities is to guess messages or keys given some cipher- that each symbol appears are texts. The redundancy of language (Shannon,

8 Security Terminology

1949; Cover et al., 1978) is an application of The most important result thus far is the factoriza- entropy in cryptanalysis. In English, if every let- tion of RSA-155 (a number with 155 digits), which ter appears with the same probability, we have was completed in August 1999 after seven months. the entropy of this language HL = log2 26 = 4.. 7 A group consisting of, among several others, Arjen But in everyday life, some letters are used more K. Lenstra and Herman te Riele performed the than others, such as E, A and T. Moreover, we necessary computations on 300 workstations and often encounter some specific strings in English, PCs.... The result indicates that a well-organized such as “the,” “ing” and “ed.” These circum- group of users such as distributed.net might be stances diminish the entropy of English. The able to break a 512-bit key in just a couple of days. entropy of English is believed to be 1.. 0 ciphertexts. Although the unicity is widely believed to be hard (e.g. the integer distance is a useful measure in cryptanalysis, it factorization problem or discrete logarithm prob- does not mean that we can find the right key in lem), we say that this system is computationally practice. The unicity distance may be too large secure. The process that a problem is transformed for us to complete the analysis using existing into another problem is called “reduction” in computers. This is called computational security, complexity theory. A mathematical problem is which is introduced in the next section. More hard or intractable if there is no efficient algorithm information on cryptanalysis using entropy can for solving it, or if it can be reduced to another be found in (Hellman, M.E. 1977) and (Stinson, hard problem that has been proven to be hard. We D.R. 2005) for interested readers. first show how to measure the complexity of an algorithm. Complexity includes time, space com- 1.4.2 Computational Security plexity, the number of gates in a circuit, the amount of communication, etc. Assume that we have a In modern cryptographic schemes, security relies complexity function T() n , where n is the length on the assumption that adversaries have limited of input. We consider the bound on the growth computational capacity. This is in accordance rate of T() n . When we say T() n = O(( f n)), we with practical requirements. In such cases, secu- mean there are exist a constant c>0 and a natural rity cannot be guaranteed if the adversaries have number N satisfying T() n ≤ cf ()n for all n>N, enough (or unlimited) computational power, which where O(( f n)) is called big O notation. For is impossible in real-life. We take RSA (Rivest example, if the complexity function et al., 1978) for an example, which is a popular T() n =3n2 + 2 n + 1, T() n ≤ 4n 2 public key cryptographic algorithm that has been we get where N = 2 c = 4. T() n = O() n 2 widely used in business. RSA Laboratories gave and We say that the following description of the security of RSA in here. In fact, T() n = O(( f n)) indicates the upper the standard PKCS#6 (Public Key Cryptography bound on the growth rate of T() n . Because the Standards) (PKCS 2010). term in T() n with the highest growth rate is the

9 Security Terminology

one with the largest exponent, we omit the other • Output: A prime p that satisfies p|N. 2 terms except 3n when n → ∞. We omit the constant factor 3 for convenience because 3 does N can be factored if we calculate the private key 2 not depend on n. Thus, we get T() n = O() n in e successfully. That is to say, we could solve the this example. In general, big O notation make integer factorization problem if we totally broke use of the term in T() n that grows fastest. For the RSA algorithm. The details of the reduction example, from calculating e to integer factorization are shown in (Koblitz, N. 1994). We emphasize that 4 2 • If T() n =5n + n + 6, then the integer factorization problem is hard when we OT((n)) = O()5n4 = O()n 4 . choose appropriate variables. For example, for n 19 constructing secure RSA cryptosystems, we • If T() n =2 + 5n , then choose a composite number that is the product of OT((n)) = O()2n . 20 two large primes. These two primes must be • If T() n =n!, + n then randomly chosen and about the same size (but not OT((n)) = O(!n ). too close). It is widely believed that the integer factorization problem is a hard problem, which When f() n is a polynomial, we say that the means we have no polynomial algorithm to solve complexity is polynomial. If the order of f() n is it. The best published asymptotic running time exponential, we have an exponential algorithm. for the factorization problem is We also have a lower bound on the grow rate of T() n , which is written as T() n ∈ Ω()n . Like the 64 1 2 exp(( b)(3 logb))3 , definition of O(( f n)), T() n ∈ Ω()n means there 9 exists a constant c to make T() n ≥ cf ()n for all n greater than a number N. We always use which is the time complexity of the general num- n O(( f n)) to represent the complexity of an algo- ber field sieve (GNFS) algorithm, where is a composite number that is b −bits long. This is a rithm. sub-exponential time algorithm. In 2009, several How can we prove computational security? researchers factored a 232 digit number (768 bits) Let us inspect the security of RSA as an example, utilizing hundreds of machines by number field which is a popular public key algorithm nowadays sieves for two years. This makes us consider 1024 (Box 2). bit-RSA at least in commercial use. Shor (1994) The function φ()N in RSA algorithm is showed that a quantum computer could factor a Euler’s totient function, which is the number of composite number in polynomial time, which can positive integers that is less than N and rela- be used to break RSA. But fortunately, quantum tively prime to N. Because computers are not practical in the foreseeable d ed k()p−1() q − 1 +1 future. m= c = m= m = m(mod N ), The security of all public key cryptosystems rely on hard problems, such as Elgamal encryption we can decrypt the cipher successfully if we have and Diffie-Hellman key agreement (on discrete the private key d. The security of the RSA algo- logarithm problem), or the Rabin cryptosystem rithm relies on the integer factorization problem. (on integer factorization). The security of modern symmetric algorithms Integer Factorization Problem is also measured by computational security. For example, DES was shown to not be secure in 1998. • Input: An odd composite number N. A custom DES-cracker was built by the Electronic

10 Security Terminology

Table 2. Security bits for some cryptographic bit length, because an algorithm can always be algorithms (bits) cracked by brute force. If we execute exhaustive

symmetric key ECC keys RSA keys search to attack a symmetric encryption algorithm 2128 80 160 1024 with key size 128 bits, we must try at most 112 224 2048 keys to find the right key. Most symmetric key 128 256 3072 algorithms are designed to have security equal to their key length, which means that there is no faster attack on them than brute force. The security of public key algorithms is often Frontier Foundation (EFF) at the cost of approxi- compared with symmetric key algorithms that mately US $250,000, which cracked DES using a can only be cracked by brute force attacks. For brute-force attack in 2 days. COPACOBANA is example, the security of 1024-bit RSA is often another more efficient DES cracker built for ap- compared with 80-bit symmetric key algorithms proximately $10,000. This machine breaks DES in many standards documents, such as triple-DES in less than one day. The substitution for DES is (112-bit keys) and AES (128-bit keys). This com- AES, which is believed secure because all the parison helps us to select appropriate encryption known attack algorithms are not practical. algorithms and key sizes in applications. If a 1.4.3 Security Bits system requires security that 80-bit symmetric key cryptographic algorithm can provide, then AES (128-bit keys), 1024-bit RSA and 160-bit Since the computational security of a crypto- ECC (Elliptic Curve Cryptosystem) are all ap- graphic scheme is measured by the computa- propriate choices. The next security level is 112 tional complexity of the efficient attack algo- bit, which matches the security of triple-DES. rithms, we quantify security here using security We list the security that several common public bits, which is the binary length of the complexity. key cryptographic algorithms provide in Table 2. For example, triple-DES with a key size of 168 bits provides 112 bits of security, because the 112 complexity of the best brute force attack is 2 SUMMARY up to now. Note that the key length is distinct from the security bits of an algorithm, and the key This chapter gave a brief introduction to some length is definitely not smaller than the security fundamental terminology in information security

Box 2.

11 Security Terminology

and cryptology. Its purpose was to describe the Huffman, D. A. (1952). A method for the construc- basic aspects of security and tools for security. tion of minimum-redundancy codes. Institute of Specific techniques and algorithms were avoided Radio Engineers, 40(9), 1098–1101. doi:10.1109/ in this chapter. JRPROC.1952.273898 We first introduced symmetric key and asym- Koblitz, N. (1994). A course in number theory and metric key cryptography, which are important tools cryptography. Springer Verlag. doi:10.1007/978- for protecting communications. Then we described 1-4419-8592-7 the aspects of concern fin information security. Finally, we showed how to measure security using Kohl, J., & Neuman, C. (1993). The Kerberos net- entropy and computational complexity. work authentication service (v5). In The Internet Engineering Task Force Request For Comments (IETF RFC) 1510. Retrieved from http://www. REFERENCES ietf.org/rfc/rfc1510.txt. Modern cryptography: Theory Adams, C., & Lloyd, S. (2002). Understanding Mao, W. B. (2004). PKI: Concepts, standards, and deployment con- and practice. Prentice Hall. siderations (2nd ed.). Addison-Wesley. McClure, S., Scambray, S., & Kurtz, G. (1999). Hacking exposed: Network security secrets and Cover, T. M., & King, R. C. (1978). A convergent solutions gambling estimate of the entropy of English. . McGraw-Hill. IEEE Transactions on Information Theory, 24(4). Miller, S., Neuman, B., Schiller, J., & Saltzer, J. doi:10.1109/TIT.1978.1055912 (1988). Kerberos authentication and authorization Section E.2.1, Project Athena Tech- Diffie, W., & Hellman, M. E. (1976). New di- system. In nical Plan, M.I.T. Project Athena rections in cryptography. IEEE Transactions on . Cambridge, Information Theory, 22(6), 644–654. doi:10.1109/ MA: MIT. TIT.1976.1055638 Rec, I. T. U.-T. X.509 (revised). (1993). The directory-authentication framework Dolev, D., & Yao, A. C. (1981). On the security of . Geneva, public key protocols. In Proceedings of IEEE 22nd Switzerland: International Telecommunication Annual Symposium on Foundations of Computer Union. Science, (pp. 350-357). Rescorla, E., Ray, M., Dispensa, S., & Oskov, Fabian, B., Guenther, O., & Spiekermann, S. N. (2010). Transport layer security (TLS) rene- The Internet (2005). Security analysis of the object name gotiation indication extension. In Engineering Task Force Request For Comments service for RFID. In International Workshop on Security, Privacy and Trust in Pervasive and (IETF RFC) 5746. Retrieved from http://tools. Ubiquitous Computing, July 2005. ietf.org/html/rfc5746 Garfinkel, S., & Spafford, G. (1996). Practical Rivest, R. L., Shamir, A., & Adleman, L. (1978). A Unix & internet security. O’Reilly. Associates. method for obtaining digital signature and public- key cryptosystems. Communications of the ACM, Hellman, M. E. (1977). An extension of the 21(2), 120–126. doi:10.1145/359340.359342 Shannon theory approach to cryptography. IEEE Transactions on Information Theory, 23(3). doi:10.1109/TIT.1977.1055709

12 Security Terminology

Sawyer, S., & Tapia, A. (2005). The sociotechnical Stallings, W. (2006). Cryptography and network nature of mobile computing work: Evidence from security: Principles and practice (4th ed.). New a study of policing in the United States. Interna- Jersey: Prentice-Hall. tional Journal of Technology and Human Interac- Stinson, D. R. (2005). Cryptography: Theory and tion, 1(3), 1–14. doi:10.4018/jthi.2005070101 practice (3rd ed.). Chapman & Hall/CRC. Shannon, C. E. (1948). A mathematical theory Weis, S. A., Sarma, S. E., Rivest, R. L., & Engels, of communication. The Bell System Technical D. W. (2004). Security and privacy aspects of Journal, 27(3), 379–423. low-cost radio frequency identification systems. Shannon, C. E. (1949). Communications theory In Goos, G., Hartmanis, J., & van Leeuwen, J. of secrecy systems. The Bell System Technical (Eds.), Security in Pervasive Computing, LNCS Journal, 28, 656–715. (Vol. 2802, pp. 55–59). Berlin, Germany: Springer. doi:10.1007/978-3-540-39881-3_18 Shor, P. W. (1994). Algorithms for quantum computation: Discrete log and factoring. In S. Weise, J. (2001). Public key infrastructure over- Goldwasser (Ed.), Proceedings of the 35th An- view. In Global Security Practice, Sun BluePrintTM nual Symposium on the Foundations of Computer OnLine. Retrieved from http://www.sun.com/ Science, (pp. 124-134). blueprints/0801/publickey.pdf

13 14

Chapter 2 RFID Standards

Ilker Onat University of Ottawa, Canada

Ali Miri Ryerson University, Toronto, Canada

ABSTRACT There are many RFID standards defined by different standardization bodies and organizations. These evolving standards are often overlapping may be confusing to the practitioners. In this chapter, a summary of the RFID technology is given with the relevant standardization bodies and their RFID standards.

2.1 INTRODUCTION ing a wider market share for higher quality and better priced products. Standards also define the Standards are important in regulating many parts practices and relevant metrics and assimilate new of our lives. By providing regulations for interoper- technologies to practical widespread use. General ability for almost all modern human activity, they industrial adoption plans of RFID technology are now an essential part of today’s businesses has increased interest in standardization. In this and governments. Standards also regulate product chapter, we describe the standardization bodies characteristics such as quality, reliability, and and summarize their RFID standards. We also safety for consumers. Standards are an essential emphasize some supply chain management con- part of today’s modern manufacturing methods siderations. RFID technology is poised to change and one of the major driving forces in technologi- the way many companies do business and will cal advancement. They provide interoperability allow businesses to share information effectively. among the same kinds of products from different Different businesses can use the same informa- manufacturers and increase competition by provid- tion only if they agree on the content and format.

DOI: 10.4018/978-1-4666-3685-9.ch002

We first categorize RFID systems and describe about 90% of today’s RFID systems (Finkenzeller their operating principles from the standards per- (2003)). Their range is less than 1m. Inductively spective. We then give an overview of the RFID coupled systems use load modulation to transfer standardization bodies and their standards. data from the transponder to the reader. A resonant transponder is a transponder with a self-resonant frequency that is the same as the transmission 2.2 AN OVERVIEW OF frequency of the reader (Finkenzeller (2003)). RFID SYSTEMS In load modulation, a resistor on a resonant transponder is switched on and off according to data An RFID system consists of two components: a which effects the voltage across the reader and transponder, or a tag and a reader, or an interroga- transmits data. tor. The transponder carries the actual data and Electromagnetic backscatter transponders re- is attached to the object to be identified. RFID flect back the electromagnetic waves created by the systems are categorized according to fundamental reader. The radiation power of the waves decreases operating principles, tag complexity, operating with the square of the distance from the source, frequency, range and powering methods. therefore a much weaker signal is returned to the As a major classification, according to the reader by the passive backscatter transponders. power source, tags are classified into three cat- Increasing frequency increases reflectivity hence egories: these transponders use the ultra high frequency (UHF) range at 900 MHz or 2.4 GHz. Short • Passive tags: Tags with no built-in power wavelengths at these frequencies enable the use source. of smaller antennae than with inductively coupled • Semi-passive tags: Tags that use batteries system coils. UHF backscatter systems are also for some of their operations. called long-range systems since they can transmit • Active tags: Tags that use batteries as their from up to 5 m away from the reader. sole source of energy. Close coupling systems are powered through the magnetic field generated on the transponder 2.2.1 Operating Principles coil when it is placed between the two windings of RFID Systems of the reader carrying a high frequency alternat- ing current. The transponder can be coupled up There are three main types of physical operation to 1cm away from the reader. The frequency used for RFID tags: inductive coupling, electromagnetic is usually less than 30 MHz. Close coupling is backscatter and close coupling. used in contactless smart cards common in secure Inductively coupled transponders receive en- identification systems. ergy from the reader generated strong electromag- Because of the very limited useful energy that netic field which passes through the transponder’s can be converted and used at the passive transpon- coil area. This electromagnetic field induces a ders, they can send information only very short current proportional to its strength (decreasing distances. Active transponders on the other hand, with distance), the coil area and the number of are very similar to other battery powered wireless windings, providing energy to the transponder. devices, differing only in their activation methods. The majority of inductively coupled systems use Active backscatter transponders have significantly either the 30-300 kHz low frequency or the 3-30 higher ranges but their use is limited because of MHz high frequency ranges. They constitute the maintenance and cost issues associated with

15 RFID Standards

battery use. The last transponder type is the semi- ID Center was set up in 1999 to develop new passive transponder which uses batteries to retain low-cost disposable RFID device standards memory contents or to process data; their radio for global supply chains. UHF was selected functions use power supplied through the reader as the operating frequency because of the as in passive readers. range and data rate requirements. The tasks of the Auto-ID Center were taken over in 2003 by EPCglobal, which administers and 2.3 RFID STANDARDS develops new RFID standards. With the ORGANIZATIONS establishment of EPCglobal, sponsored by many of the world’s leading corporations, 2.3.1 International Standards investment and research began to gain Organizations pace. The former Auto-ID Center still exists as seven academic research around the There are three standardization bodies at the in- globe engaged in research on RFID. ternational level: ISO/IEC, EPCglobal and ITU-T. • ITU-T (International Telecommu- nication Union): The ITU is the United • ISO (International Organization for Nations agency for information and Standardization): ISO is a network of the communication technologies and it pro- national standards institutes of more than vides global telecommunication stan- 150 countries. ISO develops standards dards. Its publications are called ITU-T for a broad range of products. It speci- Recommendations. fied RFID standards for various purposes at different frequencies and with different 2.3.2 European Standards operating principles. IEC (International Organizations Electrotechnical Commission) is the char- ter specializing in all electrotechnolo- • CEN (European Committee for gies including electronics, multimedia, Standardization): CEN works in a large and telecommunications. ISO/IEC JTC1 number of areas. Its members are 30 (Joint Technical Committee 1 of ISO and European countries. It produces European IEC) produces standards in the field of standards, technical specifications and re- Information Technology which includes ports. CENELEC (European Committee for capture, representation, processing, secu- Electrotechnical Standardization) develops rity and management of information. A electrotechnical standards. Only one orga- JTC1 standard starts with an “ISO/IEC” nization per country may be a member of before the number. The JTC1 standards are CENELEC. It delivers European Standards similar to those developed by ISO. (EN), harmonization documents, technical • EPCglobal Standards: EPCglobal is a reports and workshop agreements. joint venture of GS1 and GS1 US. Its aim • ETSI (European Telecommunications is to achieve worldwide adoption and stan- Standards Institute): ETSI produces dardization of Electronic Product Code standards for wireless mobile, wireline (EPC) technology. The main focus of this and internet communications technolo- body is to create a worldwide standard for gies. Membership of ETSI is open to any RFID. As an independent body, the Auto- company or organization interested in the

16 RFID Standards

creation of telecommunications standards based on this standard can be found as part of and standards in other electronic commu- access control systems. nications networks and related services. The ISO 18000 series of standards are impor- It delivers European Standard (EN), ETSI tant because of the area it targets. It was developed Standard and guidelines. to determine the use of the same air interface protocols for most of the widely used frequencies for a wide range of item management tasks. The 2.4 MAJOR RFID STANDARDS series includes the following:

Before the development of RFID standards, users • ISO/IEC 18000-1: Generic Parameters of RFID systems had to buy complete systems from for the Air Interface for Globally Accepted the same manufacturer as the manufacturers rarely Frequencies produced components compatible with each other. • ISO/IEC 18000-2: Parameters for Air Early RFID systems were hence proprietary sys- Interface Communications below 135 KHz tems. The lack of interoperability was an obstacle • ISO/IEC 18000-3: Parameters for Air to the proliferation of the technology. Incentives Interface Communications at 13.56 MHz for investment and research were few. The picture • ISO/IEC 18000-4: Parameters for Air began to change when the ISO started to develop Interface Communications at 2.45 GHz RFID standards. The following is a list of major • ISO/IEC 18000-6: Parameters for Air ISO RFID standards based on the frequency. Interface Communications from 860 to 960 MHz • ISO 11784/11785: Radio frequency iden- • ISO/IEC 18000-7: Parameters for Air tification of animals Interface Communications at 433 MHz • ISO/IEC 14443: Contactless integrated circuit cards, proximity cards Since each part operates at a different frequency • ISO/IEC 15693: Contactless integrated range, their operation principles and target ap- circuit cards, vicinity cards plications are different. This framework allows • ISO/IEC 18000: RFID for Item developers to select options suitable for their ap- Management plication requirements. Among those standards, • ISO/IEC 24730: Real Time Locating ISO/IEC 18000-6 is widely used for supply chain Systems management because of its capabilities which satisfy general supply chain requirements such Contact cards have replaced the ISO 10536 as a medium-range reading distance, multi-read based close coupling smart cards, hence devices capabilities, and the capacity for high-speed item based on this standard are not popular today. ISO identification. Supply chain operations cover the 14443 describes contactless proximity coupling life cycle of products from their raw material smart cards. This standard is for smart cards op- phase to disposal or recycling phases. It is widely erating at 13.56 MHz. It has two versions, A and predicted that supply chain operations will be one B. They are incompatible since they use different of the major applications of RFID technology. modulation and anti-collision schemes. ISO stan- EPCglobal standards are currently dealing with dard 15693 defines the standard for smart cards the UHF Class 1 Gen 2 air interface protocol. These with a maximum range of 1m. RFID systems conformance standards address the EPCglobal equivalent of ISO/IEC 18000-6C. EPCglobal

17 RFID Standards

also specifies interoperability test requirements. publishing it as an amendment to its 18000-6 EPCglobal operates a certification programme standard, as 18000-6C. RFID standards from ISO for UHF Class 1 Gen 2 devices. Products can and EPCglobal with their corresponding frequen- be certified as compliant with the conformance cies are also given in Table 1. standards. The devices are interoperable if they satisfy basic requirements and are tested against other system components that are compliance 2.5 CLASSIFICATION OF RFID certified. The collaboration of ISO and EPCglobal RELATED STANDARDS as two independent standardization bodies was complicated by the fact that EPCglobal has de- In order to describe RFID standards, it is impor- cided to create its own UHF air interface protocol. tant to classify the target areas of standards in EPCglobal accepted an incremental improvement RFID systems. The following are the main areas of classes of tags. The original EPCglobal classes of standardization (Chartier, Consultants & van are listed below. den Akker (2008)).

Class 1: A passive read-only backscatter tag with 1. Frequency one-time programmable memory. 2. Security and privacy Class 2: A passive backscatter tag with read-write 3. Middleware memory. 4. Data Class 3: A semi-passive backscatter tag with 5. Applications read-write memory. 6. Real-time locating Class 4: An active tag that uses a built-in battery to power the tag circuitry including 2.5.1 Frequency (Air the transmitter. Interface) Standards Class 5: An active networked RFID tag that can communicate with other peer tags and RFID frequency regulations govern the use of devices. the frequency spectrum for RFID devices. Since RFID systems operate with electromagnetic waves, EPCglobal submitted the UHF Gen 2 Class the interference to and from other devices should 1 air-interface protocol to ISO in 2005. ISO has be minimized. Because of the strong RF signals approved the EPC Gen 2 Class 1 UHF standard, required to power passive tags, available operating

Table 1. Major RFID standards as applied to frequency

Frequency Spectrum 2* LF HF UHF 125/134.2kHz 13.56 MHz, 433 MHz 900 MHz, 2.45 GHz ISO 18000-6A (900 MHz) ISO/IEC 14443 (13.56 MHz) ISO 11784 ISO 18000-6B (900 MHz) ISO/IEC 15693 (13.56 MHz) 5*ISO ISO.IEC 18000-2A ISO 18000-6C (900 MHz) ISO 18000-3 (13.56 MHz) ISO/IEC 18000-2B ISO 18000-4 (2.45 GHz) ISO 18000-7 (433 MHz) ISO/IEC 24730-2 (2.45 GHz) Class 0 3*EPCglobal Class 1 Class 1 Gen 2

18 RFID Standards

frequencies for RFID systems are significantly against any DoS (Denial of Service)-type attacks. restricted. For this reason, RFID devices, most Non-repudiation is the assurance that a reader or of the time, can only use industrial, scientific or tag cannot deny data alterations. This requires medical (ISM) application frequencies. authentication between RFID layers. The air interface standards specify the com- There are many proposals introducing pri- munication rules between the reader and the tag. vacy enhancing and security techniques to RFID The specification is done for all relevant network technology. Only a few of these techniques are layers. At the physical layer, modulation and bit included in RFID standards so far. There are four encoding rules are defined. At the MAC layer, the separate areas in an RFID system where security anti-collision algorithm is defined. Upper layer features can be applied: commands and responses, and physical memory architectures are also a part of the air interface • The RFID tag: Permanent encoding, pass- standards. word protection; The ISO/IEC 18000 series of air interface • The air interface protocol: Password pro- standards, currently published in seven parts, tection, but most RFID applications pro- detail diverse RFID technologies using different vide open access to the reading of data; frequency ranges. There are also other major • The RFID interrogator: Protection standards relating to livestock tracking systems against unauthorized emulation; (ISO 11785), proximity cards (ISO 14443) and • The network: Networks containing RFID vicinity cards (ISO 15693). devices must take into account the capabil- EPCglobal also introduced a separate air in- ities and characteristics of RFID devices. terface standard for UHF frequencies. EPCglobal has defined classes of tags with increasing sophis- Since passive RFID tags are resource con- tication levels. As originally developed, Class 0 strained, security proposals for RFID systems and Class 1 tags were not compatible with each should take into account this limitation. There other. They were not compatible with the ISO’s are various security proposals from academia air interface standard either. EPCglobal then de- (Juels (2004), Chae, Yeager, Smith & Fu (2007), veloped second generation protocols named Gen Peris-Lopez, Hernandez-Castro, Estevez-Tapiador 2, merging the old Class 0 and Class 1. ISO has & Ribagorda (2006a), Peris-Lopez, Hernandez- approved the EPC Gen 2 Class 1 UHF standard, Castro, Estevez-Tapiador & Ribagorda (2006b), publishing it as an amendment to its 18000-6 Benoit, Canard, Girault & Sibert (2006)). How- standard. ever, so far standardization bodies were only able to include a smaller and simpler subset of 2.5.2 Security and Privacy Standards those proposals into RFID standards. In (Phillips, Karygiannis & Kuhn (2005)), current EPC and Security and privacy standards for RFID systems ISO/IEC standards are analyzed from the security aim to achieve confidentiality, integrity, avail- perspective. Most of the protocols analyzed use ability and non-repudiation. Confidentiality is CRC error detection for integrity. The EPC Class the assurance that all the data in the system is 1 Gen 2 standard uses one-time pad stream cipher protected from unauthorized access. This includes reader-to-tag communications for confidential- the protection of communications channels as ity. The ISO/IEC 18000-3 protocol uses 48-bit well as devices. Integrity is the assurance that password protection on read commands. Smart data and system resources are protected against cards, on the other hand, have ample resources to modification. Availability provides protection implement strong security measures when com-

19 RFID Standards

pared to EPC tags. They receive energy from much to give energy to and read back data from passive smaller distances and they are built with higher tags can be obstructed by wireless transmission computational resources. They are mostly used in factors such as multipath fading, or absorption by payment systems and their security features are the nearby objects. False readings caused by col- addressed from the beginning. High-end smart- lisions or transmission errors must also be taken cards based on ISO 14443 and 15693 implement into account when designing RFID middleware. strong cryptographic algorithms with AES, triple- The EPCglobal middleware standards are the DES and SHA protocols (Phillips, Karygiannis & Low Level Reader Protocol (LLRP) and Applica- Kuhn (2005)). In general, RFID smartcards are tion Level Events (ALE). LLRP (Low Level Reader built with basic standard suites and expanded with Protocol (LLRP) Standard, EPCglobal Inc. (n.d.)) proprietary security algorithms by the vendors specifies an interface between RFID readers and according to their security requirements. clients. It provides the formats and procedures of EPCglobal has defined a secure reader protocol communications in terms of messages. The client between RFID readers and application software messages are to discover the readers, and to get called Reader Protocol v1.1 (Reader Protocol and set reader configurations. The client mes- (RP) Standard, EPCglobal Inc. (n.d.)). The sages serve also to access the inventory through protocol defines three layers: the reader layer, readers. Reader messages to the client reports the messaging layer and the transport layer. The the reader status, inventory or RF survey. Being reader layer deals with message content. At the an application layer protocol, LLRP does not messaging layer security rules related to framing provide retransmission, or reordering facilities. and connections are detailed. The network layer Client and reader consistency is provided with defines networking facilities. ISO/IEC published update messages. the report TR24729-4 as an implementation ALE (Application Layer Events (ALE) Stan- guideline for tag data security. Security advice dard, EPCglobal Inc. (n.d.)) provides methods for for backend systems is provided in the standard filtering and grouping captured RFID tag data. ISO/IEC 24791-5. This standard was previously known as Savant. It was developed to provide middleware between 2.5.3 Middleware Standards RFID readers and databases. It is located between readers and applications, and manages retrieved RFID middleware standards define the data encod- tag information. The protocol filters and stores ing and protocol rules between the RFID reader data in order not to overflow underlying com- and the application software. The widespread munication networks. adoption of RFID requires an efficient supporting The ISO protocols for RFID middleware are infrastructure that manages readers without deal- the ISO/IEC 15961, 15962, 15963 and 24791. ing with application details. In (Floerkemeier & The purpose of these standards is to provide a Lampe (2005)), authors describe the main features common data protocol that has no restrictions on an RFID middleware must provide to readers and frequencies used in applications and air interface applications. RFID systems use limited commu- protocols and to describe numbering systems for nication bandwidth. In order to manage a large tags. ISO/IEC 15961 provides the data protocol number of tags, multiple readers must coordinate application interface. It allows data and commands their reading process. Readers transmitting at close to be specified in a standardized way. ISO/IEC proximity might interfere with each other. High 15962 provides data encoding rules and logical power wireless transmissions by readers in order memory functions such as processing of the

20 RFID Standards

data and its presentation to the RF tag. ISO/IEC various triangulation and multilateration methods 15963 provides unique identification of tags and using radio link. RTLS in asset management tries a numbering system. ISO/IEC 24791-2 is written to establish interoperability of products for the for data management which provides operations growing RTLS market. ISO/IEC 24730 defines on tag data. two air interface protocols and a single application program interface (API) for RTLSs. 2.5.4 Data Standards

Data standards deal with the structure of RFID CONCLUSION data, data dictionaries and encoding methods. EPCglobal defined the EPC Tag Data Standard In this chapter we have given an overview of wire- (TDS) (EPC Tag Data Standard (TDS), EPCglobal less RFID standards. Practitioners and researchers Inc. (n.d.)). This standard defines the data encod- of RFID technology must pay attention to the works ing on the tags and on the information system. of the main standardization bodies as they continue ISO/IEC 15459 defines unique identifiers. ISO/ to evolve. An EPCglobal subscription might be IEC 15418 defines data dictionaries and ISO/IEC beneficial to supply chain operations. Ensuring 15434 defines a syntax for high-capacity automatic compliance with ISO and EPCglobal standards data capture media. must be the first step before selecting a vendor.

2.5.5 Application Standards REFERENCES Major standards cover sectors such as automo- tive, baggage handling, airline/defence items and Benoit, C., Canard, S., Girault, M., & Sibert, H. libraries. Application standards specify a set of (2006). Low-cost cryptography for privacy in requirements which result in a single air interface RFID systems. In The Proceedings of the Inter- protocol. Standards from ISO 17363 to ISO 17367 national Conference on Smart Card Research and define generic application standards for different Advanced Applications, CARDIS ‘06. industry sectors: Chae, H., Yeager, D., Smith, J., & Fu, K. (2007), Maximalist cryptography and computation on the • ISO/IEC 17363, Supply Chain Applications WISP UHF RFID tag. In The Proceedings of the of RFID, Freight containers Conference on RFID Security. • ISO/IEC 17364, Supply Chain Applications of RFID, Returnable Transport Items Chartier, P., Consultants, P., & van den Akker, G. • ISO/IEC 17365, Supply Chain Applications (2008). GRIFS, global RFID forum for standards, of RFID, Transport Units RFID standardisation state of the art report. • ISO/IEC 17366, Supply Chain Applications Technical report. CEN. of RFID, Product Packaging EPCglobal Inc. (n.d.). Application layer events • ISO/IEC 17367, Supply Chain Applications (ALE) standard. Retrieved from http://www.epc- of RFID, Product Tagging globalinc.org/standards/ale/ale_1_1_1-standard- core-20090313.pdf 2.5.6 Real Time Locating Standards EPCglobal Inc. (n.d.). EPC tag data standard Real-time locating systems (RTLS) are wire- (TDS). Retrieved from http://www.epcglobalinc. less systems helping to locate the position of an org/standards/tds/tds_1_6-RatifiedStd-20110922. item in a defined space. Position is derived with pdf

21 RFID Standards

EPCglobal Inc. (n.d.). Low level reader protocol Peris-Lopez, P., Hernandez-Castro, J. C., Estevez- (LLRP) standard. Retrieved from http://www. Tapiador, J., & Ribagorda, A. (2006b). M2AP: epcglobalinc.org/standards/llrp/llrp_1_1-stan- A minimalist mutual-authentication protocol for dard-20101013.pdf low-cost RFID tags. In The Proceedings of the International Conference on Ubiquitous Intel- EPCglobal Inc. (n.d.). Reader protocol (RP) ligence and Computing, UIC ‘06, Vol. 4159, (pp. standard. Retrieved from http://autoid.mit.edu/ 912–923). CS/files/11/download.aspx Peris-Lopez, P., Hernandez-Castro, J. C., Estevez- Finkenzeller, K. (2003). RFID handbook: Fun- Tapiador, J. M., & Ribagorda, A. (2006a). EMAP: damentals and applications in contactless smart An efficient mutual authentication protocol for cards and identification. John Wiley & Sons, Inc. low-cost RFID tags. In The Proceedings of the Floerkemeier, C., & Lampe, M. (2005). RFID OTM Federated Conferences and Workshop: IS middleware design: Addressing application Workshop, IS ‘06, Vol. 4277, (pp. 352–361). requirements and RFID constraints. In the Pro- Phillips, T., Karygiannis, T., & Kuhn, R. (2005). ceedings of the 2005 Joint Conference on Smart Security standards for the RFID market. IEEE Objects and Ambient Intelligence, sOc-EUSAI ‘05. Security Privacy, 3(6), 85–89. doi:10.1109/ Juels, A. (2004). Minimalist cryptography for MSP.2005.157 low-cost RFID tags. In The Proceedings of the International Conference on Security in Commu- nication Networks, SCN ‘04, Vol. 3352 of Lecture Notes in Computer Science, (pp. 149–164).

22 24

Chapter 3 RFID Wireless Link Threats

Ilker Onat University of Ottawa, Canada

Ali Miri Ryerson University, Toronto, Canada

ABSTRACT This chapter gives an overview of wireless link threats against RFID systems. A major portion of the RFID tags are passive devices without their own power source and they can be easily attacked. It is difficult to implement countermeasures in RFID tags due to major resource constraints. In this chapter, major attack types against RFID systems are described. The vulnerabilities of RFID systems are explained along with the proposed solutions and design methods against the attacks.

3.1 INTRODUCTION Tags can be passive or active. A passive tag obtains all of its energy for communications and RFID devices are used in logistics, consumer data processing from the electric or magnetic applications and different business specific ap- field of the reader. An active tag on the other plications. With the increasing number of RFID hand includes a battery. The general operation of devices used in daily life, security and user privacy a passive tag is given in Figure 1. In this chapter concerns are also becoming critical. Since RFID we will overview the possible wireless link based uses a wireless medium, all the threats associated attacks against RFID systems using passive tags with wireless media usage exist in RFID systems. and summarize the current protection algorithms RFID systems are further challenged by these against them. threats because of the tags’ limited hardware and According to hardware complexity, RFID tags energy capacity for implementing robust security can be low-end, mid-range and high-end systems. measures. Low-end systems are mostly low-cost, low-

DOI: 10.4018/978-1-4666-3685-9.ch003

Figure 1. Passive tag communications As long as the communication standard and the frequency is known, obtaining the bits from the wireless medium is an easy task for the passive attacker listening to the medium. The severity of the this attack against different RFID systems is mainly determined by the range of the wireless communications, i.e., the distance between the tags and the reader. This range is determined by the operating frequency of the reader, the physical coupling method and the transmit power of the active elements. The recovery of useful data by eavesdropping can be prevented by application layer encryption of the transmitted data. Many HF power one-bit transponders with no medium access RFID systems have components that can imple- control. Mid-range tags allow reading and writing ment application layer encryption however these on their memory. They can be addressed and they attacks are still important since many application can support cryptographic security primitives. layer algorithms are designed based on the as- High-end tags such as smartcards allow complex sumption that the HF RFID communication range authentication algorithms. Top-end smartcards was small. In (Hancke, 2011) the vulnerabilities carry cryptographic co-processors allowing com- of such systems are discussed. plex calculations. It is also important to make a distinction between channels in this attack. The reader-to-tag channel, also called the forward channel, carries 3.2 EAVESDROPPING ATTACKS a higher RF power signal since the power emitted will be used to power the tag and its RF logic. The Eavesdropping is the interception of the com- tag-to-reader channel, or the backward channel, munication between the reader and the tag or the has much lower RF power since the tag is passive unauthorized listening to and storing of informa- and using the reader transmitted signal. Depending tion in the open wireless medium. A similar attack on the distance, the attacker may only sense the is the skimming attack where the attacker actually communications but cannot recover the data, or provides power to the tag and acts as a false reader. can recover only the forward channel’s or both the In an eavesdropping attack, the attacker passively forward and backward channels’ data. listens and records to the bits over the air. Therefore he has to be in the vicinity of the reader and the 3.2.1 Near-Field RFID Systems tag in order to perform the attack. The attacker also has to have the right RF equipment before Systems with communication ranges of up to recovering and storing the wireless data. The at- 1m are labeled as near-field communications or tacker with better wireless equipment with higher remote-coupling systems. Almost all remotely sensitivity RF devices will be able to eavesdrop coupled systems are based upon an inductive correctly further away from the reader and the (magnetic) coupling (Finkenzeller, 2003). These tag than the attacker with simple RF equipment. systems are also called high-frequency (HF) sys-

25 RFID Wireless Link Threats

tems. There are three major standards for passive devise and implement strong application layer near-field devices operating at a frequency of 13.56 security measures. The most effective protective MHz: ISO 14443A, ISO 14443B and ISO 15693. measure against an attack involving eavesdrop- Because of their limited range these systems are ping is to not transfer any content but the ID of often deemed secure against eavesdropping at- the tag itself (EPCglobal Inc., n.d.). This way, all tacks. The advertised operational range of these the necessary information about the tag will be channels is less than 10 cm and therefore several securely stored at the secure backend servers and implemented systems assume that the commu- the ID itself will not reveal any useful information nication channel is limited and therefore secure. to the attackers. For applications where relevant However, there are practical attacks against these content has to be stored on the tags themselves, systems. Eavesdropping attacks are mentioned only strong encryption procedures can provide regularly in the literature. In (Hancke, 2011), it reliable protection against eavesdropping (Kim, is shown through experiments that for inductively Kim, Han, & Choi, 2006). coupled RFID systems, forward channel data can be recovered up to10m away whereas backward channel data can be recovered up to 1m away 3.3 TAMPERING with high quality RF equipment and data analysis tools. These results differ slightly when the RF A major threat to RFID based information systems propagation environment changes from open is the alteration of the data in the tag memory or spaces to corridors. while the information is being retrieved. In this section, we will give an overview of these data 3.2.2 Long-Range RFID Systems tampering attacks on RFID systems. The characteristics and the effects of data tampering attacks Long-range RFID systems operate at the UHF on RFID systems are summarized along with the or microwave frequency. Their range is between approaches proposed to defend against them. 1m and 15m. The majority of these systems use In all information systems, the malicious altera- backscattering as their physical operating principle tion of entities is called tampering. The wireless and operate at around 900 MHz. and mostly unattended nature of RFID systems exposes tags to physical and RF transmission ac- 3.2.3 Measures against cess. In the context of an RFID system, the part of Eavesdropping Attacks the system most vulnerable to tempering attacks is the tag. Tampering of the tag can happen in Eavesdropping attacks are mainly dependent two ways. Either the information transmitted or on the attacker’s monitoring equipment and the received over the air can be altered, or the data RF propagation environment. Even near-field inside the tag itself can be modified. In gen- communication systems are not immune to eral there are two major protection mechanisms eavesdropping attacks. An attacker can recover against tampering attacks. Using tamper-evidence data beyond the advertised operating range of measures provides quantifiable evidence for the the RFID system. From the attacker’s point of existence of tampering. Tamper-resistance mea- view, there are many technical improvements sures provide the system under attack the means available to better capture and analyze data like to protect themselves against tampering. As a the improved tuning techniques. The designer’s result of a successful tampering attack, the tag of RFID systems should make few assumptions under attack might become unusable, or it might on the technical capabilities of the attackers and become a malicious or false tag itself.

26 RFID Wireless Link Threats

The tampering problem in information tech- 2. Cryptography: Public or private key cryp- nology is generally studied in the context of tography can be used to authenticate tag software tampering. Various measures exist to IDs or tag data. Any tampering on the ID or detect and act upon once the software alterations. data will result in different decrypted data However, since the processing part of most RFID that will reveal the tampering. However, systems consists only of simple logic, software in order to implement cryptographic mea- tampering is not a serious threat for these systems sures, especially public-key cryptography, (Gandino, Montrucchio & Rebaudengo, 2010). tags need to have a large memory, which Hardware tampering is a more serious threat for most of the low-end tags do not possess. In RFID systems. If the RFID tag is accessed and (Bernardi, Gandino, Lamberti, Montrucchio, reprogrammed, insider attacks are possible over Rebaudengo & Sanchez, 2008), an RSA the tampered tag. Using tamper resistant hardware based authentication approach is developed. is the only prevention mechanism against such at- The ID of the tag is encrypted and written tacks. However, the high cost of tamper resistance to the user memory. The encrypted data is schemes make them infeasible to be implemented later decrypted and compared to the tag ID. on low-cost RFID tags. However, if the whole data from the tag is Data can be tampered with by impairing part copied into another tag, this false tag cannot of it, by inserting completely different data or by be detected with cryptographic schemes. swapping it with data from other locations. Another approach is to encrypt tag ID and data at the backend and use the encrypted 3.3.1 Measures against Tampering values in the tag. Any attacker trying to modify these values will create tags that do Tamper Detection Methods not decrypt meaningfully which will make the tampering evident. 1. Watermarking: In general, watermark- 3. Write Record Keeping: In (Yamamoto et ing consists of embedding information al., 2008), the authors propose a method to into original data. When the original data detect tag memory tampering. They use a changes, embedded data and original data private memory region in the tag, which is generated become incoherent. Watermarking only readable and not writable by the reader, is proposed for RFID tag tamper detection in but writable by the tag itself. Any write to the (Potdar & Chang, 2006). This system detects user memory automatically adds an entry into tampering on the memory of RFID tags com- the tag’s private memory region. The first pliant with the EPC96 standard. The authors part of the special memory area represents propose embedding a watermark into the the pointer to the area for the next insertion, serial number. The watermark is generated and the number of recorded writing opera- by performing 3 one-way functions on the tions. Tampering is detected when there is three fields set by the standard. This system an overlap in the written memory regions. allows detection and correction of tampering on three fields, of an affected tag. This Tamper Resistance Methods method can detect tampering by the weak attackers employing random modifications, 1. Protected Memory: There are two classes of however it is weak against more organized memory that provide this kind of protection: attackers that perform modifications that take read-only memory and permanently lockable into account this watermarking measure. memory are types do not allow any party to

27 RFID Wireless Link Threats

write data once the information is burned into response algorithm. In (Weis, Sarma, Rivest, & the memory. Permanently lockable memory Engels, 2004), frequency hopping by the reader is more flexible than read-only memory but is suggested as a measure against session hijack- requires stricter management. ing. Passive tags may be designed such that their 2. Passwords: A weak protection against tam- operating frequency is determined by the reader. pering is the use of passwords. Passwords do not provide strong security since the attacker who can eavesdrop on both way directions 3.5 REPLAY ATTACK of communication can recover the password from tag reader exchanges. In a replay attack, the attacker records valid creden- 3. Cryptography: Many challenge-response tials and data from authenticated users and replays protocols can be used for RFID authentica- them at a later time of his choosing. Therefore tion. In private key based approach, both the replay attack is an impersonation attack. The ends use a shared secret. In order to alter the main method against the replay attacks is to bind content of data that use such protocols, the information exchanged to its correct context (Aura encryption scheme itself has to be broken. (1997)). This way, once a message is replayed, it This requires that the attacker to obtain the will be determined that it is out of context. Prac- keys and the pseudo-random generation tical examples of relay attacks are shown by the logic. The only drawback of this strong tam- successful attacks on the Texas Instrument Digital per protection mechanism is the requirement Signature Transponder (Bono, Green, Stubble- that the tags have crypto-processors, which field, Juels, Rubin & Szydlo (2005)) and during do not exist in low-end RFID systems. credit card transactions (Hancke (2006)). This interception and retransmission of RFID queries can be used against contactless payment systems, 3.4 SESSION HIJACKING access control systems or passport readers.

In general, session hijacking refers to the exploita- 3.5.1 Measures against tion of a valid session to gain unauthorized access Replay Attacks to the system under attack. In RFID systems, session hijacking attacks are possible during authen- An extensive study of protection mechanisms tication sessions between the tags and the reader. against replay attacks for cryptographic protocols In these attacks, an attacker reads the tags after was done in (Aura, 1997). Strong cryptographic a user is authenticated. For example, the attacker measures defeat most of the other attacks; how- reads the protected data while the authenticated ever, they can be bypassed with elaborate replay user is reading the tags. In (Zhou & Huang, n.d.), attacks. In order protect against replay attacks a secure RFID access control mechanism is de- in RFID systems, session tokens, timestamps or scribed. To counter hijacking attacks this paper challenge-response authentication can be used. proposes an RFID activity watchdog that detects A session token in the RFID systems identi- the number of working readers. If the number is fies a reading round between the reader and the larger than the known authenticated reader count, tag. It can consist of single or multiple exchanged the RFID reading activity is suspended and an messages. In general, RFID reading sessions are alarm is raised. The authenticity of the reader is stateful and session state and history is kept at the also periodically checked through a challenge- reader. Session tokens are usually created with

28 RFID Wireless Link Threats

pseudo-random number generators. A session the attacker needs to build false tags and false number should be unique and non-predictable. readers both in hardware, firmware and radio When a session token is replayed by the attacker, it circuitry. The setup is rather simpler to build than will not be the same as the expected session token. other complex attacks such as power-analysis or Time-stamping is another way of prevent- hardware tampering and cryptanalysis. In addition, ing a replay attack. This method requires time current smartcard standards are delay tolerant and synchronization between the reader and the tag. they open the doors for attacks on the cards imple- Timestamps are appended to exchanged messages menting the protocol without additional security and parties accept the messages as valid only if measures against this attack. In Figure 2 we give the response is received within a given tolerance. the general scenario and the components of the In (Deursen & Radomirović, 2009), the authors relay attack. Next, we explain the relay attack and analyze the replay attacks targeting the challenge- describe prevention mechanisms. response mechanism in authentication protocols. A detailed analysis of RFID relay attacks is They choose the notion of recent aliveness as the given in (Lima, Miri, & Nevins, 2008). In a relay most appropriate authentication requirement for attack, the attacker acts as a middle-man between RFID protocols. the tag and the reader. In order pose as a legitimate reader to the actual tag, and a legitimate tag to the actual reader, the only constraint the attacker 3.6 RELAY ATTACKS has to consider is the increased delay occurring because of the increased signal propagation path High-end smartcards can perform public and and the processing delay at the relay. Once the private key calculations. They are also tamper tag-reader communication’s delay constraints of resistant and carry large-enough memory to the system under attack are tackled, information hold an operating system and perform crypto- can be relayed to distant fake nodes that use the graphic calculations (Anderson, Bond, Clulow, signals obtained from the relay attack. Smartcards & Skorobogatov, 2006). Relay attacks bypass the are used for authentication and user and account authentication step of the RFID communication verification. A smartcard’s secure non-volatile protocols. Since non-trivial authentication can memory holds all the necessary data for these only be applied in high-end tags, these attacks tasks. There are many successful relay attack generally target high-end contactless (ISO 14443) implementations in the literature. or contact (ISO 7816) smartcards. The acquired identity and credentials of the legitimate device 3.6.1 Relay Attacks against are relayed to a distant location to be used to gain Proximity Smartcards unauthorized access. Relay attacks pose a serious threat to the security of RFID systems. They Contactless smartcards (ISO 14443) are also called operate at the physical layer and application-layer proximity cards. They have a very short range (less encryption protocols are easily bypassed. They are than 10cm) which is sometimes falsely viewed as simple and can be mounted with simple low-cost a security feature. They use inductive coupling equipment. The relay attack is different from the with load modulation. ISO 14443 A and B only replay attack, since the attacker in the relay attack differ in their modulation, coding and initializa- does not store or replay the previous message. In tion schemes. This allows for interoperability of general, relay attacks can be implemented with contactless smartcard products. Readers in this different tools and techniques. In a relay attack, standard are called Proximity Coupling Device

29 RFID Wireless Link Threats

Figure 2. General description of a relay attack system

(PCD) and tags are called Proximity Integrated attacks such as man in the middle, eavesdropping Circuit Cards (PICCs). They serve in many security or replay against contact smartcards. Although sensitive payment applications, e-passports and they are more secure than contactless smartcards, cellular devices. They can support secure mes- invasive attacks such as side-channel attacks or saging, cryptographic tokens and authentication relay attacks are possible. Customers with smart- mechanisms. They can be built tamper resistant cards authorize transactions with the card and PIN with hardware memory firewalls and sensors. without guarantees of the amount charged and who Specific security algorithms are not specified and is to be paid. From the customer’s point of view, can be proprietary to manufacturers. Those using it is not possible to guarantee the authenticity of crypto co-processors can be used with complex the payment terminal. Measures at the smartcard cryptographic algorithms. In Hancke (2006) and cannot protect customers from the relaying of Kfir & Wool (2005), the authors describe suc- authentication information to false tags far away. cessful relay attack implementations against ISO In (Drimer & Murdoch, 2007), a practical relay 14443 A type proximity tags with practical details attack against contact smartcards is detailed. of false tag and false reader construction. 3.6.3 Measures against Relay Attacks 3.6.2 Relay Attacks against Contact Smartcards Cryptographic measures at the application layer can protect against skimming attacks but cannot Relay attacks can also be mounted without a protect against relay attacks. A relay attack is invis- wireless link. Contact smartcards (ISO 7816) ible to application layer security and therefore new embedded with a computer chip are widely protection measures should focus on the physical used in healthcare, banking, entertainment and layer. For contactless smartcards, shielding the transportation. The standard does not specify tag can prevent against relay attacks performed any particular on-chip security algorithm. It is without the user’s knowledge. Additional physical not possible to mount wireless link dependent controls at the reader side to help ensure that the

30 RFID Wireless Link Threats

reader is in fact reading the tag that is presented REFERENCES to it and not some remote victim tag can also be implemented. Anderson, R., Bond, M., Clulow, J., & Skorobo- An effective measure against relay attacks is gatov, S. (2006, February). Cryptographic proces- to measure the signal propagation time where it is sors - A survey. Proceedings of the IEEE, 94(2), ensured that the verifier is involved in the exchange. 357–369. doi:10.1109/JPROC.2005.862423 The first distance-bounding protocol based on Aura, T. (1997). Strategies against replay attacks. the single-bit roundtrip delay was introduced in In The Proceedings of the 10th IEEE Workshop (Brands & Chaum, 1993). The verifier transmits on Computer Security Foundations, CSFW ‘97, challenges and records the response timing. The (pp. 59-68). prover then transmits a message authentication code (MAC). Premature requests made from a Bernardi, P., Gandino, F., Lamberti, F., Montruc- false verifier to the prover can only succeed with a chio, B., Rebaudengo, M., & Sanchez, E. (2008). small probability without being detected with the An anti-counterfeit mechanism for the application guessed challenges. In (Hancke & Kuhn, 2005), layer in low-cost RFID devices. In The Proceed- the authors introduce a distance-bounding protocol ings of the 4th European Conference on Circuits for contactless smartcards. High-resolution tim- and Systems for Communications, ECCSC, (pp. ing information about the arrival of individual 227–231). data bits is used to measure the round-trip delay. Bono, S. C., Green, M., Stubblefield, A., Juels, With this method, an upper bound for the distance A., Rubin, A. D., & Szydlo, M. (2005). Security between the reader and tag is established and if analysis of a cryptographically-enabled RFID the message exchanges take more time than this device. In The Proceedings of the 14th Confer- bound, the existence of a relay attack is revealed. ence on USENIX Security Symposium, SSYM ‘05, The authors of (Drimer & Murdoch, 2007) also (pp. 1–15). describe a distance-bounding security scheme for contact smartcards with a similar round-trip delay Brands, S., & Chaum, D. (1993). Distance- measurement method. bounding protocols. In Advances in Cryptology EUROCRYPT ’93 (pp. 344–359). Berlin, Ger- many: Springer-Verlag. CONCLUSION Deursen, T., & Radomirović, S. (2009). Algebraic attacks on RFID protocols. In The Proceedings of In this chapter, we have given an overview of the 3rd IFIP WG 11.2 International Workshop on wireless link threats against RFID systems. Since Information Security Theory and Practice. Smart most of RFID tags are passive devices without Devices, Pervasive Systems, and Ubiquitous Net- their own power sources, attacks against RFID works, WISTP’09, (pp. 38–51). Berlin, Germany: systems are relatively easy to mount and imple- Springer-Verlag. menting countermeasures is more difficult. We have also summarized proposed solutions and Drimer, S., & Murdoch, S. J. (2007), Keep your design methods against these vulnerabilities. For enemies close: distance bounding against smart- further proliferation of RFID technology, efficient card relay attacks. In The Proceedings of 16th solutions must be adopted in RFID standards. USENIX Security Symposium on USENIX Security Symposium, SS ‘07, (pp. 1–16).

31 RFID Wireless Link Threats

EPCglobal Inc. (n.d.). Retrieved from http://www. Kim, H. S., Kim, I. G., Han, K. H., & Choi, J. Y. epcglobalinc.org (2006). Security and privacy analysis of RFID systems using model checking. High Performance RFID handbook: Fun- Finkenzeller, K. (2003). Computing and Communications, Vol. 4208 of damentals and applications in contactless smart Lecture Notes in Computer Science, (pp. 495–504). cards and identification. John Wiley & Sons, Inc. Berlin, Germany: Springer. Gandino, F., Montrucchio, B., & Rebaudengo, M. Lima, A., Miri, A., & Nevins, M. (2008). RFID (2010). Tampering in RFID: A survey on risks relay attacks: System analysis, modelling, and and defenses. Mobile Networks and Applications, implementation. In Security in RFID and sensor 15(4), 502–516. doi:10.1007/s11036-009-0209-y networks, (pp. 49–75). Auerbach Publications, Hancke, G. (2006). Practical attacks on proximity Taylor & Francis Group. identification systems. In The Proceedings of the Potdar, V., & Chang, E. (2006). Tamper detection IEEE Symposium on Security and Privacy. in RFID tags using fragile watermarking. IEEE Hancke, G. (2010). Practical eavesdropping and International Conference on Industrial Technol- skimming attacks on high-frequency RFID tokens. ogy, ICIT’06 (pp. 2846–2852). Journal of Computer Security - Special Issue on Weis, S. A., Sarma, S. E., Rivest, R. L., & Engels, RFID System Security, 19(2), 259–288. D. W. (2004). Security and privacy aspects of Hancke, G. P., & Kuhn, M. G. (2005). An RFID low-cost radio frequency identification systems. distance bounding protocol. In The Proceedings Security in Pervasive Computing, Vol. 2802 of of the First International Conference on Security Lecture Notes in Computer Science, (pp. 50–59). and Privacy for Emerging Areas in Communica- Berlin, Germany: Springer. tions Networks, SECURECOMM ‘05, (pp. 67–73). Yamamoto, A., Suzuki, S., Hada, H., Mitsugi, J., Kfir, Z., & Wool, A. (2005). Picking virtual pockets Teraoka, F., & Nakamura, O. (2008). A tamper using relay attacks on contactless smartcard. In detection method for RFID tag data. In The Pro- The Proceedings of the First International Confer- ceedings of the IEEE International Conference ence on Security and Privacy for Emerging Areas on RFID, (pp. 51–57). in Communications Networks, SECURECOMM Zhou, Z., & Huang, D. (n.d.). RFID keeper: An ‘05, (pp. 47–58). RFID data access control mechanism. In The Pro- ceedings of the IEEE Global Telecommunications Conference, GLOBECOM ‘07, (pp. 4570 –4574).

32 33

Chapter 4 Hardware Attacks

Fanyu Kong Institute of Network Security, Shandong University, China

Ming Li Shandong University, China & State Grid Corporation, China

ABSTRACT In a secure system, the algorithms, protocols, and digital data are finally implemented and stored on hardware, such as chips, DSP, and registers. Knowledge of the implementation may be used to carry out attacks against the system without attacking the algorithms and protocols directly. The hardware which implements the system deserves much attention and scrutiny. Several hardware attacks are shown in this chapter, which is helpful in designing a secure RFID system.

4.1 BACKGROUND system management issues (authorization, social engineering and so on). While IC chips and embed- Radio Frequency Identification (RFID) is one of ded systems have been widely applied, hardware the essential pervasive computing technologies attacks play a more important role in breaking the and widely used in the Internet of Things. A typical security and privacy of an information system. RFID system consists of three main components: a The electromagnetic emission attack, timing at- RFID tag, a RFID reader and a back-end database. tack, simple or differential power analysis attacks The RFID tag’s core component is an integrated and data tampering are several hardware attacks circuit microchip with a CPU, a memory and an that are often used. For RFID tags, besides these antenna. The RFID’s security and privacy have attacks, the cloning attack and data copying at- been important issues while the RFID’s applica- tack are important attacking methods via physical tions increase rapidly. access to the RFID devices. The RFID’s security is a complex problem con- In this chapter, we give a survey of various kinds cerning not only technological issues (mathemati- of hardware attacks and their countermeasures. cal, software and hardware) but also information Side channel attacks (timing attack, power analysis

DOI: 10.4018/978-1-4666-3685-9.ch004

attack and so on) are applicable for various imple- ing or reading. (Lehtonen et al., 2009) proposed mentations of cryptographic algorithms, including a novel method to protect the RFID applications software implementations, ASIC/FPGA, smart by detecting the different cloned RFID tags with card and RFID devices. (Oren, Yossi, & Shamir, the same ID number without the use of crypto- 2007) proposed a practical remote power analysis graphic methods. attack on passive RFID tags without the help of As there is a lack of security consideration physical access to the RFID device under attack. on existing RFID systems and standards, we The cloning attack and direct read attack are direct should design new schemes with or without physical attacks on the RFID devices. The tam- cryptographic techniques to protect RFID tags. pering attack is doing destruction to the integrity For example, a Gen2 tag will transmit its EPC to of the information stored in the RFID memory. any reader query, and an adversary can easily get In 2009, (Gandino et al., 2009) presented a good it by reading the tag remotely. Since some Gen2 survey on tampering attacks in RFID devices. tags are field-programmable, they are vulnerable to cloning attacks. Therefore, authenticity for tags is required to prevent cloning attacks. Providing 4.2 CLONING ATTACK the authentication of readers to tags is a common way to defeat cloning attacks. Many proposed The main function of RFID systems is to identify cryptographic protocols using a shared secret key different items. The identification is implemented to authenticate readers, such as in (Juels, 2005; by attaching a tag to each item. Each tag has a 2006; Abawajy, 2009). unique serial number (such as an EPC Code), and Electronic passports, an important applica- can be accepted by the legal reader by wireless tion of RFID technology, are susceptible to the communication. If we clone a tag, we copy the tag cloning attack. International Civil Aviation - identifier of the item. This is similar to forging (ICAO 2006) introduced RFID tags to passports, the signature of a file. The cloning attack is a se- visas and other travel documents, which have been vere challenge to many RFID applications, such endorsed by ISO as Standard 7501 1 & 2. Basic as access control, ticketing, payment, passport access control (BAC) is an optional function that verification and supply chains. There are also helps electronic passports - ePassports be secure many countermeasure techniques against the against skimming and eavesdropping attacks. cloning attack. But it has been shown by (Juels, A. 2005) that (Goodin, 2009) showed that Chris Paget had BAC keys have low entropy and are not secure in demonstrated how to clone the unique electronic practice. (Avoine, Kalach, & Quisquater, 2008) identifier used in US passport cards and next analyzed that the entropy of the worst BAC key generation drivers’ licenses using inexpensive in Belgian ePassports is only 23 bits. (Witteman, devices. Most of the existing RFID standards and 2005) proposed an attack against the BAC key of systems are vulnerable to cloning attacks. But with the ePassport. He found that the entropy of the the application of RFID tags in more sensitive BAC key on Dutch passports is around 35 bits, fields, such as access control, electronic passports which means that the ePassport can be broken in and payment, the security against cloning attack two hours on a personal computer. Active authen- becomes more and more significant. tication (AA) is often used to enhance the security Cloning of RFID tags is concealed because of ePassports. In tags with active authentication, of the wireless signal transmission between the a secret private key stored in the tag is used to tags and readers. Cryptographic algorithms can be help establish a secure communication between designed for some schemes to detect illegal clon- the tag and reader.

34 Hardware Attacks

4.3 DIRECT READ portion of the tag. Then this tag can only be read within a few centimeters. This prevents remote Because there is some secret information stored tracing and reading, while the tags may still be in RFID tags, we must prevent the illegal read- used later for goods returns or recalls. ing and tampering of the tags. Some examples of Active interference shields tag using special physical methods for protecting privacy include equipment that transmits noise. This method is kill commands, clipped tags, Faraday cages, active suitable in transport. One can block all the illegal interference and block tags. reading using equipment that actively transmits Kill commands are used to make the informa- signals. The disadvantage of this method is that tion stored in the tags unavailable. According the interference may influence normal wireless to EPCGlobal standards, when a tag is killed, communications or wireless devices. it is disabled permanently. It is a nonreversible Sometimes people wish to possess the live operation. One often uses this command to keep RFID tags after payment for goods returns. At the privacy of items after the payment of these the same time, they do not want the RFID tags products in stores (drug stores, for example). But to be scanned illegally. The RSA blocker tags, sometimes, consumers do not always want their which were proposed by (Juels, Rivest, & Szydlo, tags to be killed, such as for goods returns and 2003), help us protect live RFID tags against exchange. unauthorized reading. An RSA blocker tag is an A Faraday cage is a mesh made by conducting RFID tag that responds to all requests, but blocks material. An external static electrical field will illegal scanners. redistribute the electrical charges in the conducting material to cancel the field’s effects in the cage. Thus, external radio waves are also blocked by 4.4 SIDE CHANNEL ATTACK such a cage. As a result, passive tags are unable to receive signals to get power, and active tags cannot For a long time, the security of cryptographic transmit signals. Putting tags into a Faraday Cage algorithms has been viewed as a nearly pure Wallet is a good idea to block the illegal read and mathematical problem. While the security of tampering. But note that this technique can also symmetric cryptographic algorithms is based on be used to block the regular read and tracing of s-box construction, the security of public-key the tags for illegal purpose. The seller is unable cryptographic algorithms is related to hard/intrac- to detect one item that has been stolen if its tag table mathematical problems such as the Integer is torn or in a Faraday cage. Factoring Problem and the Discrete Log Problem. The concept of the clipped tag, which is seen in With a tighter formal definition, the concept of (Moskowitz & Karjoth, 2005; Moskowitz, Lauris, provable security, which originated in (Goldwasser & Morris, 2007), was first introduced by Paul & Micali, 1984) and became a practical paradigm Moskowitz and Guenter Karjoth in 2005. In their from (Bellare & Rogaway, 1993), means that the papers, the authors suggested that the read range security of cryptographic algorithms can be proved of the tag may be reduced from many meters to a or argued mathematically or reduced to a hard/ few centimeters by shortening the antenna. One intractable problem. way to achieve that is to allow the tearing off of a However, a cryptographic primitive with a portion of the antenna. Another proposed method mathematical security proof may suffer from so- is to scratch off the exposed conducting lines called side channel attacks, which can retrieve which are connected to the tag antenna. After the a part of the secret key by analyzing the leaked payment of products, a consumer may tear off a information in the concrete implementation of

35 Hardware Attacks

cryptographic algorithms such as timing informa- on various kinds of hardware devices such as the tion, power consumption and so on. The first kind CPU of a personal computer, the micro-controller of side channel attack, namely the Timing Attack, of an RFID card or smart card. The computational was proposed by (Kocher, 1996) at CRYPTO 1996. process of a cryptographic primitive can leak Other well-known powerful side channel attacks information about the secret key because dif- include the Fault Attack, which was proposed ferent operations consume different amount of by (Boneh, DeMillo, & Lipton, 1997) at EU- electric power and therefore have different power ROCRYPT 1997, and the Power Analysis attack consumption traces. (Simple Power Analysis-SPA and Differential In the simple power analysis (SPA) attack, the Power Analysis-DPA), which was proposed by attacker aims to retrieve useful information about (Kocher, Jaffe, & Jun, 1999) at CRYPTO 1999. the secret key by using a single power consump- Side channel attacks may not be able to obtain tion trace. For either symmetric algorithms (DES, all the bits of the whole secret key. However, for AES and so on) or public-key algorithms (RSA, many cryptographic algorithms, a part of the secret ECC and so on), the execution sequence of cryp- key is sufficient to break the whole cryptosystem. tographic operations, which produces a specific The so-called partial key exposure attacks aim to power trace, is related to the secret key. For ex- recover the whole secret cryptographic key by us- ample, in RSA or ECC, a basic implementation ing the critical part of the secret cryptographic key. algorithm is the square-and-multiply method (see d An important research problem is how to imple- Box 1) for y= x modn or double-and-add ment a practical and efficient attack method by method (see Box 2) for Q= kP, which can be combining side channel attack and mathematical seen in the excellent survey by (Gordon, 1998). algorithms including some computational number The ‘1’ bit or ‘0’ bit in the secret integer d or k theory and algebraic algorithms. means a different branch of the execution procedure, which can be seen in the power consumption 4.4.1 Power Analysis trace. Let d, k be m − bit integers and di , ki denote the i −th least significant bit. It is noted At CRYPTO 1999, (Kocher, Jaffe, & Jun, 1999) that there are some methods such as the window proposed the Simple Power Analysis and Differen- method, signed-digit recoding algorithms and so tial Power Analysis attacks on DES algorithm and on to improve the efficiency of exponentiation in RSA. Cryptographic primitives are implemented RSA and point multiplication on elliptic curves.

Box 1.

36 Hardware Attacks

They have a similar power analysis strategy as the substitution, permutation and so on. The s-box basic square-and-multiply and double-and-add is the most critical security component of DES. algorithms. The DPA attack proposed by (Kocher, Jaffe, Some power consumption measure errors or & Jun, 1999) is shown as follows. Let C be a physical noise may make it infeasible to imple- ciphertext and Ks be the 6 key bits. The function ment a successful Simple Power Analysis attack. DC(,b,) Ks computes the value of b which is the The Differential Power Analysis attack combines DES intermediate value. The attacker first per- the statistical differential analysis functions and forms m encryption operations and obtains power consumption analysis to mount a much power consumption traces T[1... k]. Let ∆ []j , more powerful attack. In the DPA attack, the at- 1...m D which was given by (Kocher, Jaffe, & Jun, 1999), tacker first executes m encryption operations and be defined in Box 3. measures many power consumption traces to K determine whether a guess of a part of the secret If the guessed s is incorrect, one has key is correct. lim∆ [j].≈ 0 At CRYPTO’ 1999, (Kocher, Jaffe, & Jun, m→∞ D 1999) gave a practical example on the Data Encryp- tion Standard-DES algorithm. The DES encryp- The high-order DPA attack uses a joint statisti- tion/decryption algorithm consists of 16 rounds cal analysis on the power consumption traces and of operations and each round performs an s-box is a generalization of the first-order DPA attack.

Box 2.

Box 3.

m m DC(,b,) K T[] j ((1 − DC ,,b K ))T [[]j ∑ i s i ∑ i s i ∆ []j = i=1 − i=1 D m m DC(,b,) K ((1 − DC ,,b K )) ∑ i s ∑ i s i=1 i=1  m m   DC(,b,) K T[] j T[] j  ∑ i s i ∑ i    ≈ 2 i=1 − i=1   m m   DC(,b, K )   ∑ i s   i=1 

37 Hardware Attacks

Elliptic curve cryptosystems, which were in- elliptic curve cryptosystems. In 2003, several new troduced independently by (Miller, 1985) and power analysis attacks such as the refined power (Koblitz, 1987), are the public key cryptographic analysis, the zero-value point attack and the dou- algorithms defined on the abelian group EF()q bling attack were proposed. (Goubin, 2003) of rational points over an elliptic curve. Typi- proposed the refined power analysis attack on elliptic curve cryptosystems, which improved the cally, the finite fields Fp , where p is a large differential power analysis by using special points prime, or F n are widely used. For example, an 2 (,x 0) or (,0 y). The Zero-value Point Attack, F elliptic curve over p is defined as the form which was proposed by (Akishita & Takagi, 2003), can work for more elliptic curves without zero- 2 3 y= x + ax +b value coordinates by using the zero-value registers which may appear in the computation process of scalar multiplication. (Fouque & Valette, 2003) with a,. b ∈ Fp The point P= (, x y), where x introduced the doubling attack, which can be ap- and y satisfy the above equation, is called a point plicable for the left-to-right binary double-and-add on the elliptic curve. Then the point addition algorithm for point multiplication on elliptic formula PQ+ and point doubling formula 2P curves. are given to construct an abelian group of points. For RFID devices, the attacker can measure The main operation of elliptic curve cryptosystems power traces in the communication period between Q= kPP = + … + P, is scalar multiplication the RFID tag and the reader when the RFID tag which is also called point multiplication. The implements cryptographic algorithm operations. basic scalar multiplication algorithms are the (Oren, Yossi, & Shamir, 2006) proposed the first double-and-add method and signed-digit binary power analysis attack on passive RFID tags in method, in which the point addition and point the thesis ‘Remote Password Extraction from doubling are computed alternately. RFID Tags’. The proposed power analysis attack The idea of the simple power analysis attack can work for passive UHF tags adhering to the on elliptic curve cryptosystems is to retrieve the EPCGlobal standard (Electronic Product Code), k useful information of the secret value by dis- when the ultra high frequency band ranges roughly tinguish point addition from point doubling by from 300MHz to 3GHz. The power analysis can measuring the power consumption trace of com- recover the kill passwords from both EPC Gen-1 Q= kP. puting the scalar multiplication Similar and EPC Gen-2 tags which operate in the 900 to the differential power analysis attack on sym- MHz frequency range. metric cryptographic algorithms, the DPA attack on elliptic curve cryptosystems uses the statistical 4.4.2 Timing Analysis differential analysis of many power consumption traces of ECC cryptographic operations to improve At CRYPTO 1996, (Kocher, 1996) introduced the ability to attack successfully. the Timing Attack on implementations of some Since point addition or doubling on elliptic public-key cryptographic algorithms such as the curves are not simple operations and consist of Diffie-Hellman key exchange protocol, the RSA finite field computations such as addition, multi- algorithm and the DSS signature algorithm. These plication and inversion of integers or polynomials, primitives consist of time-consuming exponen- there are a few special power analysis attacks on tiations of large integers and suffer from timing

38 Hardware Attacks

attacks more easily than symmetric algorithms. detected. A tamper-resistant method means that Kocher’s timing attack was also shown by experi- the device is protected from tampering attacks. mental results using the RSAREF toolkit. There are some software or hardware coun- x The integer exponentiation y= g mod p can termeasures to defeat tampering attacks on RFID be implemented by using the basic square-and- systems. In cryptography, it is important to provide multiply method or the more efficient window data integrity for detecting or preventing illegal method. Indeed, the computation time is related modifications of the data by malicious attackers. to the secret integer x. Therefore, one can guess Hash algorithms, Message Authentication Codes the bit values of x by measuring the computation (MAC), and other cryptographic algorithms are x time of exponentiation y= g modp . applicable to protect data integrity. Other kinds of At CARDIS 1998, (Dhem et al., 1998) proposed methods of protecting data integrity or transferring some improvements to show how to implement secret information is information hiding such as a practical timing attack, which is able to break digital watermarking. Therefore, cryptographic a 512-bit key RSA in a few minutes by collecting algorithms (HASH, MAC and so on) and informa- 300, 000 timing measurements. The timing attack tion hiding are important techniques for defeating can also be applied to elliptic curves and hyper- tampering attacks. (Gandino, Montrucchio, & elliptic curves, since the basic scalar multiplication Rebaudengo, 2009) presented an excellent survey operation Q= nP on elliptic curves is analogous on the tampering attack and countermeasures for x to the exponentiation y= g modp . RFID systems. At Usenixsec 2003, (Brumley & Boneh, 2003) proposed and implemented a practical timing at- 4.6 HARDWARE PROTECTION tack against OpenSSL servers. Their experiments showed that one can obtain the secret 1024-bit These hardware attacks, including the cloning RSA private key in several hours by using the attacks, direct reads, tampering attacks and side timing information of an SSL server. channel attacks, have be serious threats not only to RFID systems but also to other kinds of informa- 4.5 PHYSICAL TAMPERING tion systems. Therefore, many countermeasures have been proposed to defeat these hardware attacks. RFID tampering is a kind of physical attack method, which can modify the data, information 4.6.1 Tamper-Proof Hardware or programming codes stored in RFID devices or damage the RFID devices. Generally, the identifi- There have been some consideration and attempts cation code and other application data are stored to design hardware countermeasures against the in programmable memory (such as EEPROM, above hardware attacks. (Gennaro et al., 2004) Flash and so on) in the RFID tag. Therefore, if proposed the concept of tamper-proof hardware, the attacker has physical access to the RFID tag which prevents the data stored in the device being memory, it follows that he can modify the data in modified illegally. (Tiri, Akmal, & Verbauwhede, the RFID tag memory. A tampering attack maybe 2002) had proposed the idea for designing specific produce some dangers such as disabling the avail- hardware with constant power consumption, which ability of the RFID system. A tamper-evident can also protect a device from tampering attack. method means that the tampering attack can be

39 Hardware Attacks

However, as noted by (Gandino, Montrucchio, traction, which can be implemented by appropriate & Rebaudengo, 2009), the tamper-resistant hard- modification to the algorithm. ware is too expensive to be applied in RFID tags. At CHES 1999, (Coron, 1999) proposed several efficient countermeasure algorithms against 4.6.2 Algorithm Level simple and differential power analysis attacks for elliptic curve cryptosystems. The fundamental There are many algorithmic countermeasures for idea of preventing Simple Power Analysis attacks side channel attacks. At CARDIS 1998, (Dhem is to remove the data-dependent conditional et al., 1998) gave some countermeasures to protect branches and to avoid the SPA characteristics of RSA cryptosystem from the timing attack. A the secret cryptographic key. (Coron, 1999) pro- natural method, which was proposed by (Kocher, posed a direct method for preventing simple 1996) at CRYPTO 1996, is data blinding before power analysis attacks which implements a fixed the cryptographic operations. For example, in double-and-add-always computation sequence of RSA cryptosystem, the public exponent e and scalar multiplication. The drawback of this the private exponent d satisfy the equation method is the requirement of more computational cost. When the basic double-and-add algo- ed ≡ 1mod φ()n 3 rithm needs about m point additions or dou- 2 where φ()n=() p −1()q − 1 and n= pq is the blings, the SPA-resistant algorithm (see Box 4) product of two primes p and q. One can choose requires 2m point additions or doublings. Therefore, many novel algorithms have been a pair of integers (,v v ) randomly, which satisfies i f designed to improve the efficiency of SPA-resis- −1 e tant algorithms for elliptic curve cryptosystems. v= () v . f i Point addition and doubling consist of many basic finite field operations such as addition/subtraction, The RSA encryption/decryption operations multiplication and so on. In 2004, (Chevallier- e d are c= m modn and m= c modn respec- Mames, Ciet, & Joye, 2004) proposed the notion tively. The improved RSA operations against of side-channel atomicity and some practical and e timing analysis attack are c= () mvi mod n and efficient SPA-resistant methods for elliptic curve d cryptosystems which split point addition or dou- m= () cvf mod n respectively. The idea of this bling into small side-channel equivalent basic countermeasure method comes from the design operation blocks. Since the difference in power of RSA blind signatures proposed by (Chaum, consumption between point addition and doubling 1983). leads to the SPA attack, another method is to The Montgomery multiplication algorithm is design a united formula for point addition and one of the most efficient modular multiplication doubling to defeat SPA. algorithms and widely used in RSA, ElGamal, An interesting type of SPA-resistant methods is DSA and Elliptic Curve Cryptosystem. The ordi- the randomized signed-digit recoding algorithms nary Montgomery multiplication algorithm has a which have good computational efficiency. How- final subtraction which is executed conditionally. ever, most of them have been broken and proven Thus the countermeasure proposed by (Dhem et to be unable to resist the SPA attack. At CHES al., 1998) is to use the Montgomery multiplication 2003, (Karlof & Wagner, 2003) proposed the hid- algorithm with a fixed subtraction or without sub- den Markov model cryptanalysis which is used to

40 Hardware Attacks

Box 4.

Box 5.

Box 6.

Box 7.

41 Hardware Attacks

analyze randomized countermeasure algorithms as RPA and so on, which uses a random initial with a probabilistic finite state machine. point (RIP). (Avanzi, 2005) presented an excellent The goal is to defeat the differential power survey of side channel attacks and the counter- analysis by blinding the intermediate data in the measures of elliptic curve cryptosystems. cryptographic operations. A simpler method is As noted by (Oren, Yossi, & Shamir, 2006; adding random physical noise to the device which Kasper, Oswald, & Paar, 2009), the power con- only increases the time and space costs of the sumption measuring method of RFID tags is attackers for differential power analysis attack. different from other devices since RFID tags For example, the S-box of the AES algorithm is obtain electric power from the antenna by receiv- a finite field computation and has a good alge- ing the electromagnetic signal generated by the braic property. Therefore, multiplicative masking reader. (Oren, Yossi, & Shamir, 2006) proposed method is an efficient countermeasure against a practical power analysis attack on RFID tags to differential power analysis attack. guess the Kill password successfully. (Coron, 1999) proposed three countermeasure algorithms against differential power analysis attacks for elliptic curve cryptosystems. The com- CONCLUSION mon technique of the three countermeasures is to blind or randomize of the secret scalar k or the In practice, malicious attackers often launch an point P for the point multiplication computation attack by combining various kinds of attack meth-

Q= k·.P Let #(EFq ) be the number of rational ods such as hardware attacks and mathematical points over an elliptic curve. Thus it follows that analysis tools. For example, an attacker tries to retrieve secret information by using the timing #(EFq )·PO= , where the point O is the point attack, simple power analysis and differential at infinity. Coron’s first method is to randomize power analysis on the device. It is possible that k #(EF ). the secret integer by using the order q the attacker only recover a part of the secret key, See Box 5 for the algorithm. not the whole cryptographic key. Then the attacker Coron’s second method is to randomize the can continue the attack further by adopting some point P by using a random point R, which is a mathematical analysis. similar method as Chaum’s RSA blind signature. Therefore, it is interesting to find the relations See Box 6 for the algorithm. and conjunctions of various hardware attacks or Coron’s third method is to randomize the point mathematical analysis algorithms. P with projective coordinates. The affine coordinates (,x y) of the point P correspond to the projective coordinates (,XY,)Z with the relation REFERENCES X Y x =,.y = See Box 7 for the algorithm. Z Z Abawajy, J. (2009). Enhancing RFID tag resistance The projective coordinates (,XY,)Z are against cloning attack. In Third International equivalent to (,λXY λ ,)λZ , where λ ≠ 0 is an Conference on Network and System Security, October 19-October 21, 2009, (pp. 18–23). IEEE element in the finite field Fq . Therefore, one can Computer Society. blinding the point P by using λ with projective coordinates. Akishita, T., & Takagi, T. (2003). Zero-value At CHES 2004, (Mamiya, Miyaji, & Morim- point attacks on elliptic curve cryptosystem. In oto, 2004) proposed a countermeasure (called Information Security Conference - ISC ’03, LNCS BRIP) against new power analysis attacks such 2851, (pp. 218-233). Springer-Verlag.

42 Hardware Attacks

Avanzi, R. M. (2005). Side channel attacks on Fouque, P.-A., & Valette, F. (2003). The doubling implementations of curve-based cryptographic attack - Why upwards is better than downwards. primitive. Retrieved from http://eprint.iacr. In Cryptographic Hardware and Embedded org/2005/017.pdf Systems - CHES ’03, LNCS 2779, (pp. 269-280). Springer-Verlag. Avoine, G., Kalach, K., & Quisquater, J.-J. (2008). ePassport: Securing international contacts with Gandino, F., Montrucchio, B., & Rebaudengo, M. contactless chips. In Financial Cryptography and (2009). Tampering in RFID: A survey on risks Data Security, FC 2008, (pp.141-155). Cozumel, and defenses. [Springer Netherlands.]. Mobile Mexico. Networks and Applications, 1–15. Bellare, M., & Rogaway, P. (1993). Random Gennaro, R., Lysyanskaya, A., Malkin, T., Micali, oracles are practical: A paradigm for designing S., & Rabin, T. (2004). Algorithmic tamper-proof efficient protocols. In First ACM Conference on (ATP) security: Theoretical foundations for secu- Computer and Communications Security, (pp. rity against hardware tampering. In TCC 2004, 62-73). ACM Press. (pp. 258-277). Boneh, D., DeMillo, R. A., & Lipton, R. J. (1997). Goldwasser, S., & Micali, S. (1984). Probabilistic On the importance of checking cryptographic encryption. Journal of Computer and System protocols for faults. In EUROCRYPT’ 1997, LNCS Sciences, 28, 270–299. 1233 (pp. 37–51). Berlin, Germany: Springer. Goodin, D. (2009, 2nd February). Passport RFIDs Brumley, D., & Boneh, D. (2003). Remote timing cloned wholesale by $250 eBay auction spree. The attacks are practical. In Proceedings of the 12th Register. Situation Publishing Limited. Retrieved conference on USENIX Security Symposium - from http://www.theregister.co.uk/2009/02/02/ Volume 12, (p. 1). low_cost_rfid_cloner/ Chaum, D. (1983). Blind signatures for untraceable Gordon, D. M. (1998). A survey of fast exponentia- payments. Advances in Cryptology- Proceedings tion methods. Journal of Algorithms, 27, 129–146. of Crypto 82, (pp. 199-203). Goubin, L. (2003). A refined power-analysis at- Chevallier-Mames, B., Ciet, M., & Joye, M. tack on elliptic curve cryptosystems. In Public (2004). Low-cost solutions for preventing simple Key Cryptography - PKC’03, LNCS 2567, (pp. side-channel analysis: Side-channel atomicity. 199-210). Springer-Verlag. IEEE Transactions on Computers, 53, 760–768. ICAO. (n.d.).Machine readable travel documents: Coron, J.-S. (1999). Resistance against differential ICAO Doc 9303. Retrieved from www.icao.int/ power analysis for elliptic curve cryptosystems. In mrtd/ CHES’ 1999, LNCS 1717 (pp. 292–302). Berlin, Juels, A. (2005). Strengthening EPC tags against Germany: Springer. cloning. In M. Jakobsson & R. Poovendran (Eds.), Dhem, J.-F., Koeune, F., Leroux, P.-A., Mestré, ACM Workshop on Wireless Security (WiSe) (pp. P., Quisquater, J.-J., & Willems, J.-L. (1998). A 67-76). practical implementation of the timing attack. In Third Smart Card Research and Advanced Appli- Juels, A. (2006). RFID security and privacy: A IEEE Journal on Selected Areas cation Conference - CARDIS 98, volume 1820 of research survey. in Communications, 24(2), 381–395. Lecture Notes in Computer Science, (pp. 167-182). Berlin, Germany: Springer-Verlag.

43 Hardware Attacks

Juels, A., Molnar, D., & Wagner, D. (2005). Mamiya, H., Miyaji, A., & Morimoto, H. (2004). Security and privacy issues in e-passports. In M. Efficient countermeasure against RPA, DPA, and Jakobsson & R. Poovendran (Eds.), Proceedings SPA. In CHES’ 2004, LNCS 3156 (pp. 343–356). of the First International Conference on Security Berlin, Germany: Springer. and Privacy for Emerging Areas in Communica- Miller, V. S. (1985). Use of elliptic curves in tions Networks (SECURECOMM) (pp. 74-88). cryptography. In Proceedings of Crypto 85, LNCS Washington, DC: IEEE Computer Society. 218, (pp. 417-426). Juels, A., Rivest, R. L., & Szydlo, M. (2003). The Moskowitz, P., & Karjoth, G. (2005, November blocker tag: Selective blocking of RFID tags for 7). IBM proposes privacy-protecting tag. RFID consumer privacy. In V. Atluri (Ed.), 8th ACM Journal Conference on Computer and Communications . Security, (pp. 103-111). ACM Press. Moskowitz, P., Lauris, A., & Morris, S. S. (2007). A privacy-enhancing radio frequency identifica- Karlof, C., & Wagner, D. (2003). Hidden MAR- tion tag: implementation of the clipped tag. In KOV model cryptanalysis. In Cryptographic Fifth IEEE International Conference on Pervasive Hardware and Embedded Systems - CHES 2003, Computing and Communications Workshops LNCS 2779, (pp. 17- 34). Springer-Verlag. (PerComW’07), March 19-March 23 2007,White Kasper, T., Oswald, D., & Paar, C. (2009). New Plains, New York. methods for cost-effective side-channel attacks on Oren, Y., & Shamir, A. (2006). Power analysis of cryptographic RFIDs. In RFIDSec’09, July 2009. RFID tags. Advances in Cryptology - CRYPTO Koblitz, N. (1987). Elliptic curve cryptosystems. 2006. Retrieved from http://www.wisdom.weiz- Mathematics of Computation, 48, 203–209. mann.ac.il/yossio/rfid/ Kocher, P. (1996). Timing attacks on implemen- Oren, Y., & Shamir, A. (2007). Remote password tations of Diffie-Hellman, RSA, DSS, and other extraction from RFID tags. IEEE Transactions systems. In CRYPTOЎÏ 1996, LNCS 1109 (pp. on Computers, 56(9), 1292–1296. 104–113). Berlin, Germany: Springer. Tiri, K., Akmal, M., & Verbauwhede, I. (2002). A Kocher, P., Jaffe, J., & Jun, B. (1999). Differential dynamic and differential CMOS logic with signal power analysis. In CRYPTO 1999, LNCS 1666 (pp. independent power consumption to withstand dif- 388–397). Berlin, Germany: Springer. ferential power analysis on smart cards. In 28th Eu- ropean Solid-State Circuits Conference(ESSCIRC Lehtonen, M., Michahelles, F., & Fleisch, E. 2002), (pp. 403-406). (2009). How to detect cloned tags in a reliable way from imcomplete RFID traces. In 2009 IEEE Witteman, M. (2005). Attacks on digital passports. International Conference on RFID (pp. 257-264). What the Hack. Retrieved from http://wiki.what- Piscataway, NJ: IEEE. thehack.org/index.php/Track:Attacks_on_Digi- tal_Passports

44 45

Chapter 5 Computer System Attacks

Zhang Ning XiDian University, People’s Republic of China

ABSTRACT The study of computer system attacks is an important part RFID security and privacy. This chapter provides a general overview of computer system attacks organized by target. Attacks on EPC entities - tags, readers, middleware, and back-end systems - are categorized and discussed, as well as wired link attacks. Countermeasures to the attacks are summarized and evaluated based on the discussion. The Denial of Services (DoS) attack is highlighted in the discussion.

5.1 INTRODUCTION for RFID and the use of the internet to share data via the EPC Global Network. Security and privacy in RFID systems is a topic According to the EPC Global framework, as that deserves careful consideration. In this chapter, in Figure 1, an RFID system consists of tags, attacks can be various, especially, since RFID sys- readers, middleware and back-end. Any of these tems have a computer-driven back-end. Different four entities or the communication paths between sorts of computer system attacks are presented them can be the target of an attacker. We will do within the scope of RFID. a comprehensive analysis of the computer system Throughout this chapter we will be consider- attacks on each entity and the wired link between ing the EPC Global network. EPC Global is an middleware and the back-end. EPC Global net- organization set up to achieve worldwide adoption work, by design, is also susceptible to DoS attacks. and standardization of Electronic Product Code Our objective is to provide a reference for readers (EPC) technology. The main focus of the group that acquaint them with computer system attacks is currently to create both a worldwide standard on RFID systems.

DOI: 10.4018/978-1-4666-3685-9.ch005

5.2 ATTACKS ON TAGS tions (i.e. in health care applications, tags are used that may contain critical information about With wider usage of RFID, for instance, in many a patient’s health or a medicine’s recommended countries, new passports contain an RFID tag dosage). Hence the reader can be fooled into think- with an encrypted form of the data that is writing that it is communicating with an unmodified ten in clear text on the passport, tag data security tag, while critical information might have been becomes our first consideration for security pur- falsified. poses. Generally, low-cost RFID tags (such as There are several open-source libraries for EPC Class-1 Generation-2 tags) have very limited reading/manipulating data on RFID tags. resources, and may, therefore, not be able to sup- RFIDIOt is an open-source Python library for port sophisticated security procedures based on exploring RFID devices written by Adam Laurie. encryption. This problem is exacerbated by the RFIDIOt caused a huge furor in the market with constant pressure from industry to develop ever its release. Attackers can use it to manipulate cheaper tags. Surprisingly, these limitations may RFID devices. It provides support like READ, actually be an advantage to the security architect. WRITE, DEBIT, LOGIN, etc. while working with Thus in RFID deployment, the most effective at- external readers. It supports ISO standards such as tacks are those on the tags and the ones resulting 14443A and 14443B in a variety of 13.56 MHz and from the communications channel between tags 125/135 KHz RFID bands. RFIDIOt facilitates the and readers (wireless link attacks, which was scripting of malicious RFID queries. For example, discussed in Chapter 4). We will discuss attacks Rieback (2008) stated that, using RFIDIOt API, on tag data in this section. Pieter Siekermann and Maurits van der Schee from the University of Amsterdam successfully 5.2.1 Data Integrity attacked the Dutch RFID public transportation (OV Chipkaart) system, manipulating the data on A powerful attacker that is able to modify data single-use MIFARE Ultra light cards to exploit a on an RFID tag can be very dangerous, possibly hole in the back-end RFID middleware, allowing compromising the integrity of tag data. Here, free travel. For more information about RFIDOt, modification means deletion, change or insertion; the reader is refereed to http://www.rfidiot.org/. it can corrupt the data integrity. RFDump is a similar open-source software Consider the following example - a known toolkit created by Lukas Grunwald and Christian terrorist modifies the biographic data (name, ad- Bottger for the purpose of security auditing of dress, etc.) on his passport tag and is able to cross RFID tags. It is periodically updated to emerging borders into any country since his modified data RFID standards such as e-passport and Mifare does not appear on any existing watch list. The encryption currently found on many pay as you amount of impact that this attack may have will, go systems. RFDump is a back-end GPL tool to of course, depend on the application in which directly inter-operate with any RFID ISO-reader the tags are used, as well as the degree to which to make the contents stored on RFID tags acces- tag data are modified. Data might be modified in sible. RFDump can be used to detect RFID tags such a way that the ID of the tag and any security and show their data information: tag ID, tag type, related information (i.e. keys, credentials) remain manufacturer, etc. The user data of a tag can be unaltered. Thus the inconsistency between data displayed and modified using either a Hex or an stored on the RFID tag and the corresponding ASCII editor. In addition, the integrated cookie tagged object/human may have serious implica- feature demonstrates how easy it is for a company

46 Computer System Attacks

Figure 1. The EPC global framework (Traub et al (2010))

to abuse RFID technology to spy on their custom- 5121/5321. It directly drives the readers and so ers. For more information, please see http://www. does not use PCSCD which must be stopped. For rfdump.org/. more information, please see http://openmrtd.org/ LibRFID is an open-source library written by projects/librfid/. Harald Welte. It implements the PCD (reader) TagEventor is a Linux open-source client side protocol stack of ISO 14443 A, ISO 14443 for Touchatag (Tikitag). It uses the PCSC-Lite B, ISO 15693, Mifare Ultralight and Mifare daemon and can be run in foreground or daemon Classic. It is designed to support iCODE*1 and mode to make tag events available to user-space other 13.56MHz based transponders. It works applications. The software is currently a daemon mainly with OpenPCD and Omnikey Cardman that monitors the presence of one or more RFID

47 Computer System Attacks

tags on a connected reader and generates “system 1, this is very efficient. However, it is easy events” when tags are placed on it or removed to see that this approach has obvious dis- from it. For more information, please see http:// advantages - it makes tag data corrections, code.google.com/p/tageventor/. updates, and appends impossible. However, we have to note here that the ease Countermeasure 3: The third way is to employ with which such an attack can be performed is a READ/WRITE protection system. While highly dependent on the RFID standard used and the READ command can be execute under the READ/WRITE protection employed. The any circumstances by anyone, the WRITE more sophisticated the protection employed, the command can only be executed using special more difficult it is for the attacker to modify the circumstances by dedicated equipment. This tag, and the greater the cost of the RFID system. approach can be realized either in a physical After modifying the tag data by injecting way or through software. In the physical malicious code into the RFID tag, the tags can be way, WRITE can only be executed over a used to propagate hostile code that could subse- special frequency using special equipment. quently infect other entities in the RFID network In software, group signature and proxy group (readers, middleware, back-end and connecting signature schemes can be used. networks) according to Rieback, Crispo and Tanenbaum (2006). In this scenario, an attacker 5.2.2 Illegitimate Reading uses the memory space of RFID tags in order to store the infecting viruses or other RFID malware Illegitimate reading has other names such as and spread them through the back-end system. skimming or sniffing, they all mean unauthorized Although this type of attack is not widespread, reading of tags. In Chapter 4, we saw that RFID laboratory experiments have proven that they are tag data could also be collected by eavesdropping feasible. on the wireless RFID channels, and that eavesdropping is also a kind of illegitimate reading. Countermeasure 1: A simple way to prevent such In contrast to most electronic products, RFID attacks is to sign all data on the tag with the tags are not equipped with an on/off switch. More- private key of the tag issuer (for example, the over, not all the RFID tags support protocols for passport office that supplied the ePassport). authenticated read operations. In general, if a tag This means that we would employ digital lacks proper security measures, it answers to any signature schemes to guarantee the data reader. Thus attackers may easily read the contents integrity of each tag. However, with such an of RFID tags without leaving a trace. approach, it is critical that all verifiers, by Even the small amount of data stored on an which we mean reader and back-end system RFID tag, like manufacturer or product type, are aware of every tag issuer’s public key (for can lead to privacy violations. It is convenient to signature verification purposes), and the data thieves that an attacker can read tags and, with can only be modified by the tag issuer (the the data on them, identify items that are worth only one who has the private key to sign the stealing. If additional data is stored on tags, as data on the tag) when it needs to be updated. in the electronic passport scenario, the problems Countermeasure 2: An alternate approach is for become even more severe. tags to have read only registers which make The scope of such attacks remains small, it impossible to write over any data. For low however, since the attacker requires close prox- cost EPC systems, such as EPC Generation imity to the RFID tag. Ten meters is the upper

48 Computer System Attacks

limit for inductively coupled systems, while the By sending two different UIDs to the reader, the construction of special readers with longer than blocker tag simulates a collision. If this is done normal radio ranges requires additional expense. every time a reader broadcasts a Select command, Illegitimate reading of data must be prevented in the reader is tricked into believing that all possible RFID systems because the data must be treated tags are in its interrogation zone. Blocker tags confidentially since it may be privacy sensitive. may thus be used to establish a safe zone around A “good” RFID system must be able to cope with the tag, preventing the reading of tags within the the threats of illegitimate reading of data. There zone. However, this approach gives individuals are two categories of countermeasures to prevent a lot of control. In addition, a blocker tag may illegitimate reading of data. be used maliciously to circumvent RFID reader protocols by simulating multiple tag identifiers. Countermeasure 1: Physical measures are dedi- An RFID tag may be shielded from scrutiny cated to deactivating RFID tags or blocking using what is known as a Faraday Cage-a con- the communication around tags to avoid tainer made of metal mesh or foil that is impen- illegitimate reading. There are several physi- etrable by radio signals (of certain frequencies). cal countermeasures to illegitimate reading. At best, Faraday cages represent a very partial countermeasure to consumer privacy attacks. In RFID standards and product specifications some sensitive applications such as passports or generally indicate the read ranges at which they pharmaceutical pedigrees, the Faraday Cage can intend tags to operate. These ranges, called the block illegitimate reading efficiently. One practical Nominal read range, represent the maximum proposal was the use of aluminum lined wallets distances at which a normally operating reader to protect RFID payment cards and passports with an ordinary antenna and power output can against unauthorized reading. Many companies reliably scan tag data. ISO 14443, for example, embraced this countermeasure and sell these specifies a nominal range of 10cm for contactless types of products. However, since the sniffing of smartcards. confidential data can nevertheless be performed The “Kill” approach is promoted by EPC to at the time of actual use, the approach does not protect the privacy of consumers. In practice, each seem to be very effective. Still, the shape and the tag contains a 16 bit (in other literature 24 bit is cost of the Faraday cage are the main problems stated) kill password. If a kill message with this to using this approach. password is sent to the tag, it can no longer be Active jamming of RF signals is another, re- queried. The Kill command deactivates the tag lated physical means of shielding tags from view. permanently. As an alternative approach with Active jamming of RF signals refers to the use of the same result, there are tags where the antenna a device that actively broadcasts radio signals in can be removed manually so that the tags can no order to disrupt the operation of any nearby RFID longer be queried. readers. The consumer could carry a device that A blocker tag, which was proposed by Juels, actively broadcasts radio signals so as to block Rivest and Szydlo (2003), is a passive RFID device and/or disrupt the operation of any nearby RFID that uses a sophisticated algorithm to simulate readers. However, this physical means of shield- many ordinary RFID tags simultaneously. The ing may disrupt nearby RFID systems and may blocker tag is very similar to a regular RFID tag, be illegal - at least if the broadcast power is too except that it has the ability to block the singula- high - and is a crude, sledgehammer approach. It tion algorithm used by the reader to singulate tags. could cause severe disruption of all nearby RFID

49 Computer System Attacks

systems, even those in legitimate applications vulnerabilities such as possible power inter- where privacy is not a concern. ruptions or the disruption of wireless and wired channels. Moreover, we have to keep Countermeasure 2: Rieback, Crispo and in mind that employing all these encryption Tanenbaum (2005) and Juels, Rivest and techniques even in non-critical applications Bailey (2005) propose very similar devices, such as RFID on underwear or chewing gum respectively called an “RFID Guardian” is definitely not worthwhile. This topic will and an “RFID Enhancer Proxy” (REP). A be further discussed in Chapter 7 and 8. Guardian acts as a personal RFID firewall. It intermediates reader requests to tags, se- 5.2.3 Spoofing, Counterfeiting, lectively simulating tags under its control. and Mimicking As a high-powered device with substantive computing power, a Guardian can implement Attackers can create authentic RFID tags, by writ- sophisticated privacy policies, and can use ing appropriately formatted data on blank RFID channels other than RFID (e.g., GPS or In- tags. For example, thieves could re-tag items in ternet connections) to supplement ambient a supermarket identifying them as similar, but data. For example, a Guardian might imple- cheaper, products. This is known as a cloning ment a policy like: “My tags should only be attack. While tag cloning is a kind of physical subject to scanning within 30m of my home attack, spoofing is a variant of cloning that does (as determined by GPS), or in shops that not physically replicate an RFID tag. compensate consumer tag-scanning with Spoofing attacks supply false information that coupons for a 10% discount.” The logistical looks valid and that the system accepts. In this questions of how a Guardian should acquire type of attacks, an adversary impersonates a valid and release control of tags and their associ- RFID tag to gain its privileges. Typically, spoofing ated PINs or keys are challenging problems attacks involve a fake domain name, Internet Pro- that merit further research. tocol (IP) address, or Media Access Code (MAC). Countermeasure 3: The software option counter- In order to achieve spoofing, the attackers employ measure is mainly a cryptographic measure special devices with increased functionality that to prevent illegitimate reading. Cryptogra- are able to emulate RFID tags given some data phers have created a lot of new low-power content. This impersonation requires full access to algorithms for RFID tags, including stream the same communication channels as the original and block ciphers, and public-key crypto- tag, which includes knowledge of the protocols graphic primitives or even no cryptographic and secrets used in any authentication that is go- primitive such as pseudonyms and error ing to take place. An example of such an attack correction codes. Tags and readers may was performed by researchers from John Hopkins mutually authenticate each other with keys, University and RSA Laboratories who succeeded using well understood protocols. Tags may in unlocking a vehicle immobilizer system by even encrypt their contents using random reverse engineering and cracking the system and nonce to prevent tracking. Unfortunately, subsequently spoofing the reader using the data supporting strong public key cryptography obtained (New York Times, “Graduate Cryptog- is beyond the resources of low cost tags, raphers Unlock Code of ‘Thiefproof’ Car Key” although countermeasures do exist for more by John Schwartz. 29 January 2005). expensive ones. However, an important limitation on employing these schemes in Countermeasure 1: Spoofing attacks are gener- RFID systems is that the latter have inherent ally prevented by restricting access to the

50 Computer System Attacks

“correct” information. Without this infor- of tags is also a problem when they are used to mation, the attack cannot be performed. A combat product counterfeiting, e.g. for pharma- secret key, needed as part of an authentication ceutical items. procedure, may be introduced as part of the Mimicking of tags is equivalent to counterfeit- “correct” information. This key is then stored ing: The attacker becomes able to pretend that in a restricted area of memory that cannot be a tag is there when it no longer is. This way, an read and is never transmitted by the tag as attacker could remove a high valued item with an plaintext. This way, adversaries cannot hold RFID tag affixed by replacing the item (including the complete “correct” information, and will the original tag) with a cheaper mimicking device. never pass as an authentic tag. Mimicking is easier than counterfeiting a tag. Only a subset of the tag’s complete functionality However, many systems rely on the secrecy of is required to mimic it. Hence mimicking can be the algorithms and protocols to enhance the secu- done with less information and hardware equip- rity provided by cryptography, and hence settle for ment than required for counterfeiting a tag. short key lengths. This was the case with the im- Countermeasures to counterfeiting and mim- mobilizer system spoofed by the researchers from icking: For low cost tags, the current proposal John Hopkins University and RSA Laboratories. promoted by GS1 for combating counterfeiting is This violates Kerchoff’s law which states that a “track and trace”. The idea is to maintain an item’s system should be secure even if everything except history. This means that read-outs by readers are the key is known. Thus, spoofing attacks are best centrally recorded. Based on this, one assumes prevented by proper cryptographic protocols with that an item is genuine if it can produce a valid, sufficiently long keys. i.e. complete and reproducible, item history. Thus, “track and trace” can be regarded as a plausibility Countermeasure 2: Spoofing could be combated check. Counterfeiting is combated with the “track by using authentication protocols or a second and trace” approach for supply chain applications, form of authentication such as one-time but counterfeiting cannot be effectively prevented passwords, PINs or biometrics. In 2007, by this means. As counterfeited tags cannot be engineering researchers at the University of operatively distinguished, the back-end database Arkansas developed a unique, robust method should detect rare conditions. An example of to prevent counterfeiting of passive RFID a rare condition is the following: a tag cannot tags by ‘Fingerprinting’ RFID tags’ keys. be in the toll gate on one motor way and fifteen For details, please refer to Chinnappa (2007). minutes later in the toll gate of another 500 miles away. The design of back-end databases should be Tag counterfeiting is a similar problem to that considered case by case. If RFID tags only emit of credit card fraud where a card is duplicated and unique numbers for identification, they can be possibly used in multiple places at the same time. copied or mimicked easily. But with RFID tags Since the incorporation of RFID technology in that can prove their authenticity, counterfeiting sensitive applications such as passports or phar- can be prevented much more effectively. maceutical pedigrees, the possibility of creating counterfeiting tags has created some concerns. If RFID tags are used for access control systems, for 5.3 ATTACKS ON READERS example, in the form of an ID card, counterfeiting is also a severe problem: If it is possible to Known system attacks on readers are mainly copy tags, tags no longer provide protection and impersonation and counterfeiting attacks. There become a bad security device. Unwanted copying are four scenarios.

51 Computer System Attacks

Scenario 1: In some cases, RFID readers are in- Countermeasures: stalled in locations without adequate physical Reject abnormal tag information: Readers protection. Unauthorized intruders may set can reject tag replies with anomalies in response up hidden readers of a similar nature nearby times, signal power levels or data format which to gain access to the information being trans- do not match the physical properties of the tags. mitted by the readers, thus threatening the If passive tags are used, this can be a way of pre- privacy of the RFID system. venting spoofing attempts. Scenario 2: Attackers can even compromise Random transmit frequency: Readers can also the readers themselves, thus affecting their use random frequencies with tags designed to fol- integrity, then counterfeiting the identity low a frequency dictated by the reader. Readers can of the reader and performing unauthorized change frequencies randomly so that unauthorized writing to the tag. Unauthorized readers may users cannot easily detect and eavesdrop on traffic. also compromise privacy by accessing tags Reader detectors: RFID environments can be without adequate access controls. equipped with special devices to detect unauthor- Scenario 3: In some sensitive deployments of ized read attempts or transmissions on tag frequen- RFID systems such as passports and ePay cies. These read detectors may be used to detect cards, illegitimate readers may elicit the unauthorized read/update attempts on tags if they confidential information stored in tags. are used together with specially designed tags that However, if things are more complicated, can transmit signals over a reserved frequency, the reader needs to access the back-end to indicating any attempts to kill or modify tags. retrieve the necessary credentials. Using authentication protocol: In addition, Scenario 4: Information collected by counterfeited data transmitted between the reader and middle- readers and passed to the RFID applica- ware could require verification of the reader’s tion may have already been tampered with, identity. Authentication mechanisms can be changed or stolen by an adversary. Malicious implemented between the reader and the back-end code can be injected into the middleware and application to ensure that information is passed other back-end systems. to a valid processor.

The feasibility of these attacks depends on the security measures employed for authenticating 5.5 ATTACKS ON MIDDLEWARE the RFID reader and varies from “very easy” to “practically impossible”. Middleware in RFID systems refers to the software An RFID reader can also be a target for viruses. technology designed to manage and transfer infor- Viruses can be spread by counterfeited tags with mation to avoid overloading public and corporate malicious code, and then sent by the readers to networks. EPC middleware uses a distributed the middleware and back-end systems. In 2006, architecture that works on different computers researchers demonstrated that an RFID virus throughout an organization. The middleware and was possible. We will cover this topic in the next back-end systems are the real “brains” of any section in detail. RFID deployment. Thus the middleware itself is When an RFID reader scans a tag, it expects a common target of attackers. to receive information in a predetermined format. However, an attacker could write carefully crafted 5.4.1 Buffer Overflow data on an RFID tag, which is so unexpected that its processing corrupts the reader’s back-end Buffer overflow is one of the most frequent software. sources of security vulnerabilities in software.

52 Computer System Attacks

Found in both legacy and modern software, buf- Countermeasures: The usual countermeasures fer overflows cost the software industry hundreds to buffer overflow attacks can be used in RFID of millions of dollars per year. Buffer overflows systems. The general idea is to make bounds have also played a prominent part in events of check, which can prevent buffer overflow attacks hacker legend and lore. Programming languages by detecting whether an index lies within the such as C or C++ are not memory safe. C library limits of an array. Static or dynamic source code functions such as strcpy (), strcat (), sprintf () and analyzers should be employed to check the code vsprintf () operate on null terminated strings and for buffer overflow problems. perform no boundary checking. The function gets () is another function that reads user input (into 5.4.2 Malware a buffer) from stdin until a terminating newline or EOF is found. The scanf () family of functions RFID tags can be used in order to propagate hostile may also result in a buffer overflow. Hence the code that could subsequently infect other entities in best way to deal with buffer overflow problems the RFID network (readers, middleware and back- is to not allow them to occur in the first place. end systems). In this scenario, an adversary uses Developers should be educated about how to the memory space of RFID tags in order to store minimize the use of these vulnerable functions. the infecting viruses or other RFID malware and Buffer overflow stores data or code beyond the then spread them through the back-end system. bounds of a fixed-length buffer. Middleware can be infected by viral tags. Middleware systems are designed to accept Considering the fact that middleware applica- tag data of a certain size. Adversaries may use tions use multiple scripting languages such as RFID tags to launch buffer overflow attacks on JavaScript, PHP, XML etc; an adversary may the middleware and back-end. Although this might exploit this and inject malicious code in order not be trivial, considering the memory storage of to compromise the middleware systems. More RFID tags, there are still commands that allow specifically, RFID tags can be employed in order an RFID tag to send the same data block repeat- to perform code insertions in RFID applications edly in order to overflow a buffer in the back-end that use web protocols and intercept scripting RFID middleware. Other options include the use languages. In the same way, SQL injections can of other devices with more resources such as smart also be performed, a special code insertion attack cards or devices that are able to emulate multiple based on unexpectedly executing SQL statements RFID tags. For example, consider a middleware that may lead to unauthorized access to back-end system written in C or C++ code, which reads tag databases and subsequently reveal or even modify data into a predefined memory size. If an intruder data stored in the back-end RFID. brings a tag with more capacity, it may force the In March 2006, Melanie R. Rieback of Vrije back-end system to have a buffer overflow, thus University, Amsterdam released a paper (Rie- leading to a system crash. back, Crispo and Tanenbaum (2006)) regarding RFID tags are limited to 1024 bits or less. the possibility of using tags and their data to However, commands like ‘write multiple blocks’ attack middleware and back-end databases. The from ISO-15693 can allow a low cost RFID tag paper proposed that there were vulnerabilities in to repeatedly send the same data block, with the middleware applications that left room for tags to net result of filling up an application-level buffer be written with malicious payloads that could af- by meticulous formatting of the repeatedly sent fect back-end database systems, and possibly lead data. An attacker can also use contactless smart to a virus. At the core of the paper was the idea cards, which have a larger amount of available that even though RFID tags did not have a lot of storage space. storage space, it may still be possible to perform

53 Computer System Attacks

certain attacks through special data written to $ID AND Name = ‘$Name’. The SQL injection them. Rieback et al. have done significant work attack is made by a malicious string in the Name in this area while providing a proof-of-concept field of the tag: a’ OR ‘a’ = ‘a. The resulting SQL for both Linux and Windows based systems. In query during execution is: SELECT * FROM their paper, they target Oracle with Server-Side Table WHERE ID = $ID AND Name = ‘a’ OR Includes (SSI) performing SQL injection and ‘a = a’, thus the query when executed will always script based attacks. They used PHP along with return a value, which in turn grants the person SSI to achieve the above result. access to the door.

Example 1 (SQL injection attack): SQL is an Example 2 (Malicious file): Another research interactive query language which can access group has used malware to attack middle- a database. SQL injection attacks employ ware systems. Lukas Grunwald, a security this interaction to access the external data- consultant with DN-Systems in Germany base interface, insert user data to the actual and an RFID expert, started cracking RFID database operating language, form new SQL systems in 2006 (see RFDump in section sentences, and modify the function of the 6.1). In 2007, he showed how to construct original operation to invade the database. a malicious JPEG2000 image file that con- SQL injection is a type of traditional “hack- tains an e-passport photo to crash RFID ing” attack that tricks a database into running middleware by exploiting the buffer overflow SQL code that was not intended. Attack- vulnerability in an off-the-shelf JPEG library. ers may use those special SQL sentences Although the JPEG data is protected by a to read, modify or delete the data in the digital signature, an attacker is still able to database, and may also gain users’ names crash the system by loading malicious data. and passwords from the database and other Example 3 (Code insertion): Code insertion important information, even obtaining the can also target web-based components, database administrator’s privileges. In the such as remote management interfaces and case of RFID systems, the vulnerability web-based database front-ends (like Oracle occurs mostly in middleware. iSQL*Plus). An attacker might inject malicious code into an application, using any Because of the limitations of tag data storage, script language (i.e. VBScript, CGI, Java, it was believed that the injection attack was im- JavaScript, PHP, and Perl, etc.). HTML possible on RFID systems. But many experiments insertion and Cross-Site Scripting (XSS) have showed that SQL injection attacks can be are common code insertions. Usually, the disastrous to RFID systems. Such as when used presence of the following special characters in an airport, by injecting a very small amount of in input data: < > ? ’ % ;) (& + - is a sign SQL, such as the command: ;shutdown- which of this kind of attack. shuts down an SQL server instantly, and has only 12 characters of input, a great deal of harm can be RFID tags with data written in a scripting done. By injecting another command: drop table language can perform code insertion attacks on , the specified database table will be RFID middleware and back-end systems. If the deleted. When used in an access control system, RFID applications use web protocols to query an unauthorized person can use a counterfeited back-end databases (as EPC Global does), there tag to access legitimate logs. The middleware is a chance that RFID middleware clients can in- authenticates the tag with the following SQL terpret the scripting languages. If this is the case, query: SELECT * FROM Table WHERE ID = then the RFID middleware will be susceptible to

54 Computer System Attacks

the same code insertion problems as web brows- were more susceptible to attacks than others. The ers. Client-side scripting exploits generally have WWW management interface was a large source limited consequences because web browsers have of vulnerabilities; upon script exploitation, the limited access to the host. However, an RFID- compromised Apache web server allowed unau- based JavaScript exploit could still compromise thorized system commands and manipulation of a machine by directing the client’s browser to a the back-end. page containing malicious content, like an image To prevent malware in middleware, the sug- containing the recently discovered WMF-bug: gested countermeasures are as follows: Sanitize the input: Code injection attacks are . systems, tag data should be sanitize before it is processed by middleware systems. It is much Server-side scripting, on the other hand, has easier to only accept data that contains the stan- obvious far-reaching consequences; it can execute dard alphanumeric characters (0-9,a-z,A-Z) than payloads with the web server’s permissions. to explicitly strip off the special characters (such Server-Side Includes (SSIs) can execute system as ‘‘‘,*,...”). However, it is not always possible commands like: to eliminate all special characters. So sanitizing rules should be designed very carefully to leverage