A Toolbox for RFID Protocol Analysis

Many RFID tags and contact less smart cards use proprietary security mechanisms for authentication and confidentiality. There are several examples in the literature showing that once these mechanisms have been reverse engineered, their security turns out to be unsatisfactory. Since the use of these tags is quickly expanding to access control and ticketing systems, it is important to independently assess their security. In this paper, we propose three tools for the analysis of RFID protocols. These tools facilitate message eavesdropping and emulation of both tags and readers. The tools focus on high frequency tags but one of them also supports low frequency. These tools are fully programable and allow for quick prototyping, testing and debugging of new RFID protocols. All the software, firmware and hardware we have developed that is described here is open source and open design.

[1]  Christof Paar,et al.  Don't Trust Satellite Phones: A Security Analysis of Two Satphone Standards , 2012, 2012 IEEE Symposium on Security and Privacy.

[2]  Bruce Schneier,et al.  Related-Key Cryptanalysis of 3-WAY , 1997 .

[3]  Flavio D. Garcia Proof of concept , cloning the OV-Chip card Public transport system in The Netherlands , 2008 .

[4]  Flavio D. Garcia,et al.  Towards a Practical Solution to the RFID Desynchronization Problem , 2010, RFIDSec.

[5]  Gerhard de Koning Gans Analysis of the MIFARE Classic used in the OV-Chipkaart project , 2008 .

[6]  Matthew Green,et al.  Security Analysis of a Cryptographically-Enabled RFID Device , 2005, USENIX Security Symposium.

[7]  Flavio D. Garcia,et al.  Dismantling SecureMemory, CryptoMemory and CryptoRF , 2010, CCS '10.

[8]  Andrew S. Tanenbaum,et al.  RFID Guardian: A Battery-Powered Mobile Device for RFID Privacy Management , 2005, ACISP.

[9]  Òóøø Ý Ü Ø Ò Ò¹¹¹ññò××óòòð Ú Blockinøóö Ò ´¾ Ò Μ × Ü Ø,et al.  Correlation Properties of the Bluetooth Combiner , 1999 .

[10]  Lejla Batina,et al.  Using NFC Phones for Proving Credentials , 2012, MMB/DFT.

[11]  Roel Verdult,et al.  Practical Attacks on NFC Enabled Cell Phones , 2011, 2011 Third International Workshop on Near Field Communication.

[12]  Flavio D. Garcia,et al.  Gone in 360 Seconds: Hijacking with Hitag2 , 2012, USENIX Security Symposium.

[13]  Ingrid Verbauwhede,et al.  Power Analysis of Atmel CryptoMemory - Recovering Keys from Secure EEPROMs , 2012, CT-RSA.

[14]  Bart Jacobs,et al.  Dismantling MIFARE Classic , 2008, ESORICS.

[15]  Bart Preneel,et al.  Offline NFC payments with electronic vouchers , 2009, MobiHeld '09.

[16]  Flavio D. Garcia,et al.  Dismantling iClass and iClass Elite , 2012, ESORICS.

[17]  Kaisa Nyberg,et al.  Correlation Properties of the Bluetooth Combiner Generator , 1999, ICISC.

[18]  Maurizio Rebaudengo,et al.  Fair Anti-Collision Protocol in Dense RFID Networks , 2010 .

[19]  Nicolas Courtois,et al.  The Dark Side of Security by Obscurity - and Cloning MiFare Classic Rail and Building Passes, Anywhere, Anytime , 2009, SECRYPT.

[20]  William Millan,et al.  Cryptanalysis of ORYX , 1998, Selected Areas in Cryptography.

[21]  Jean-Jacques Quisquater,et al.  Practical Algebraic Attacks on the Hitag2 Stream Cipher , 2009, ISC.

[22]  Flavio D. Garcia,et al.  Exposing iClass Key Diversification , 2011, WOOT.

[23]  Joeri de Ruiter,et al.  Designed to Fail: A USB-Connected Reader for Online Banking , 2012, NordSec.

[24]  Bin Zhang,et al.  Cryptanalysis of the Atmel Cipher in SecureMemory, CryptoMemory and CryptoRF , 2011, ACNS.

[25]  Maurizio Rebaudengo,et al.  Probabilistic DCS: An RFID reader-to-reader anti-collision protocol , 2011, J. Netw. Comput. Appl..

[26]  Flavio D. Garcia,et al.  A Practical Attack on the MIFARE Classic , 2008, CARDIS.

[27]  Andrey Bogdanov,et al.  Linear Slide Attacks on the KeeLoq Block Cipher , 2007, Inscrypt.

[28]  Erik Tews,et al.  Attacks on the DECT Authentication Mechanisms , 2009, CT-RSA.

[29]  J. Golic,et al.  Cryptanalysis of Alleged A 5 Stream Cipher , 2000 .

[30]  Jovan Dj. Golic,et al.  Linear Statistical Weakness of Alleged RC4 Keystream Generator , 1997, EUROCRYPT.

[31]  Karsten Nohl,et al.  Peeling Away Layers of an RFID Security System , 2011, Financial Cryptography.

[32]  David Evans,et al.  Reverse-Engineering a Cryptographic RFID Tag , 2008, USENIX Security Symposium.

[33]  Jovan Dj. Golic,et al.  Cryptanalysis of Alleged A5 Stream Cipher , 1997, EUROCRYPT.

[34]  Flavio D. Garcia,et al.  Tutorial: Proxmark, the Swiss Army Knife for RFID Security Research , 2012 .

[35]  Flavio D. Garcia,et al.  Security Flaw in MIFARE Classic , 2008 .

[36]  Joeri de Ruiter,et al.  The SmartLogic Tool: Analysing and Testing Smart Card Protocols , 2012, 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation.

[37]  Eli Biham,et al.  Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials , 1999, Journal of Cryptology.

[38]  Flavio D. Garcia,et al.  Modeling Privacy for Off-Line RFID Systems , 2010, CARDIS.

[39]  Omar Choudary The smart card detective: a hand-held EMV interceptor , 2012 .

[40]  Flavio D. Garcia,et al.  Wirelessly Pickpocketing a Mifare Classic Card , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[41]  Sika® Armatec®-110 EpoCem Product Data Sheet , 2006 .

[42]  Bruce Schneier,et al.  Related-key cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA , 1997, ICICS.