Romke van Dijk & Loek Sangers Portable RFID Bumping Device Research Project 1
Introduction ¢ Radio-frequency identification ¢ Lot of applications £ Identification / tracking of goods £ Public transportation OV-chipkaart £ Access control Deloitte UvA Portable RFID Bumping Device, 2016 2 of 28
Bumping vs Cloning ¢ Bumping £ Short interaction with the tag ¢ Cloning £ Gathering enough data to create a copy of the tag ¢ Bumping implies card / tag only attacks Portable RFID Bumping Device, 2016 3 of 28
MIFARE Classic ¢ Multiple size (1K, 2K and 4K) ¢ Memory split into sectors £ Two keys: Key A and Key B ¢ Authentication + secure transmission £ Proprietary stream cipher (Crypto1) ¢ Error codes £ Parity correct or incorrect ¢ Weak pseudo random number generator £ Same “random” number every second Portable RFID Bumping Device, 2016 4 of 28
MIFARE Classic EV1 ¢ Fixed weaknesses ¢ Weakness in cipher ¢ ”Hard” nested authentication attack Source: (Meijer et al., 2015) £ ¢ Requires offline calculation Portable RFID Bumping Device, 2016 5 of 28
Research questions ¢ Is it possible to clone a RFID tag within five minutes with a mobile device? £ Maximal distance £ Amount of cards £ Attack vectors £ Attack time Portable RFID Bumping Device, 2016 6 of 28
Proxmark3 ¢ Costs: $299,- ¢ Programmable radio-frequency reader ¢ Eavesdrop ¢ OpenSource Source: http://www.proxmark.org/ Portable RFID Bumping Device, 2016 7 of 28
Antenna ¢ Costs: €5,- ¢ Simple USB Hirose cable ¢ Design by Proxmark community ¢ Range of 6-8 Portable RFID Bumping Device, 2016 8 of 28
Maximal distance ¢ According to specifications -> 10cm ¢ In practice -> 3-5 cm ¢ Theoretical maximum -> 30 centimetres Source: (NXP, 2008) £ ¢ Practical maximum -> 27 centimetres Source: (Hancke et al., 2011) £ Portable RFID Bumping Device, 2016 9 of 28
Setup bumping device Portable RFID Bumping Device, 2016 10 of 28
Amount of cards ¢ Proxmark firmware: 1 Card ¢ Extended firmware: 3 Cards consistently ¢ Implemented Binary Tree Working Algorithm 1 0 0 1 Portable RFID Bumping Device, 2016 11 of 28
Attack framework Get UIDS ”bump uids” Portable RFID Bumping Device, 2016 12 of 28
Attack framework Get UIDS Check default ”bump uids” keys Portable RFID Bumping Device, 2016 13 of 28
Attack framework Nested Get UIDS Check default Authentication ”bump uids” keys Attack SQLite DB SQLite DB Portable RFID Bumping Device, 2016 14 of 28
Attack framework Hard nested All keys? authentication Get the data Get the data Attack Offline SQLite DB Nonces computation Portable RFID Bumping Device, 2016 15 of 28
Attack vectors ¢ Experiment ¢ Random key A to sector n £ Repeated 100 times £ Amount of keys is increased ¢ Calculate the time per step Portable RFID Bumping Device, 2016 16 of 28
Attack framework Nested Get UIDS Check default Authentication ”bump uids” keys Attack 2-3 seconds Portable RFID Bumping Device, 2016 17 of 28
Attack framework Nested authentication attack success rate 19% Failed Successful 81% Portable RFID Bumping Device, 2016 18 of 28
Attack vectors ¢ Nested authentication £ Total of 2006 random keys £ 1628 successfully recovered (81%) £ Timing issues Portable RFID Bumping Device, 2016 19 of 28
Time per key 300 300 250 200 Time in seconds 150 ● 100 100 ● ● 50 ● ● 0 1 2 3 4 5 6 7 8 9 10 11 Number of keys Portable RFID Bumping Device, 2016 20 of 28
Attack vectors ¢ Hard nested authentication £ Limit ”sum property” or 10.000 encrypted nonces £ Minimum: 49 seconds £ Maximum: ~3 minutes Portable RFID Bumping Device, 2016 21 of 28
Leftover keyspace 2 25 2 26 2 27 2 28 2 29 2 30 2 31 2 32 2 33 2 34 2 35 2 36 2 37 2 38 2 39 2 40 2 41 2 42 2 43 Number of possible keys Portable RFID Bumping Device, 2016 22 of 28
Attack vectors ¢ 2 36 -> within one hour (CPU) £ Blapost’s solver ¢ 2 48 (full space) with 5 nonces £ 14 hours (GPU). £ Estimated 36 minutes (Dedicated hardware (budget 20,000)) Source: (Ming-Yang Chih et al., 2010) Portable RFID Bumping Device, 2016 23 of 28
Attack framework Hard nested All keys? authentication Get the data Get the data Attack Offline SQLite DB Nonces computation Portable RFID Bumping Device, 2016 24 of 28
Demo ¢ Live Portable RFID Bumping Device, 2016 25 of 28
Conclusion ¢ Able to clone MIFARE Classic 1K £ Mobile device £ Multiple cards £ With a range of 6-8 centimetres £ Small budget £ Within 5 minutes (<= 10 non default keys) Portable RFID Bumping Device, 2016 26 of 28
Conclusion ¢ Able to clone MIFARE Classic 1K EV1 £ Within ~5 minutes (<=2 non default keys) £ Second interaction required Portable RFID Bumping Device, 2016 27 of 28
Any questions? ¢ About? £ Maximal distance £ Amount of cards £ Attack framework £ Attack time Portable RFID Bumping Device, 2016 28 of 28
Recommend
More recommend