secure recharge of disposable rfid tickets
play

Secure recharge of disposable RFID tickets Riccardo Focardi - PowerPoint PPT Presentation

Sep 05, 2023 •208 likes •558 views

Secure recharge of disposable RFID tickets Riccardo Focardi Flaminia Luccio Universit` a Ca Foscari, Venezia { focardi,luccio } @unive.it FAST 2011 15-16 September 2011, Leuven FAST 2011 () Secure recharge of disposable RFID tickets

  1. Secure recharge of disposable RFID tickets Riccardo Focardi Flaminia Luccio Universit` a Ca’ Foscari, Venezia { focardi,luccio } @unive.it FAST 2011 15-16 September 2011, Leuven FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 1 / 17

  2. Outline Introduction 1 RFID Tickets Mifare Ultralight 2 Security mechanisms Attacks 3 Cloning/restoring a card Lesson learned A new API 4 Type-based analysis Conclusion and related work 5 FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 2 / 17

  3. Introduction RFID technology Radio Frequency IDentification (RFID) is more an more used transportation and logistics 1 hospitals 2 inventory 3 passports 4 ski resorts 5 race timing 6 animal identification 7 human implant (!?) 8 ... 9 FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 3 / 17

  4. Introduction RFID technology Radio Frequency IDentification (RFID) is more an more used transportation and logistics 1 hospitals 2 inventory 3 passports 4 ski resorts 5 race timing 6 animal identification 7 human implant (!?) 8 ... 9 FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 3 / 17

  5. Introduction RFID Tickets RFID tickets RFID cards for public transportation disposable cards chip-on-paper, very cheap 1 one or more tickets of the same kind 2 non-rechargeable 3 minimal security mechanisms 4 personal cards plastic, credit-card like cards 1 tickets or different contracts on the same card 2 rechargeable 3 strong authentication mechanisms 4 FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 4 / 17

  6. Introduction RFID Tickets How do they work? ISO/IEC 14443: very popular HF (13.56 MHz) standard for ‘proximity cards’ used for identification proximity cards and proximity coupling device, i.e., the reader initialization and anticollision: the reader talks with exactly one card if more are in the field card API: the card implements a set of functions that can be invoked by the reader secure module: the reader may have a Security Access Module (SAM) to perform cryptographic operations and authentication security mechanisms: are specific for a certain card (and its API) FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 5 / 17

  7. Mifare Ultralight Mifare Ultralight cards (a) Memory organization Byte number → 0 1 2 3 Page ID ID0 ID1 ID2 Check1 0 ID ID3 ID4 ID5 ID6 1 Check/Lock Check2 Internal Lock0 Lock1 2 OTP OTP OTP OTP OTP 3 Data R/W R/W R/W R/W 4 Data R/W R/W R/W R/W 5 Data R/W R/W R/W R/W ... Data R/W R/W R/W R/W 15 (b) Lock bytes Lock0 and Lock1 Lock0 L 7 L 6 L 5 L 4 L 3 BL 1 BL 2 BL OTP Lock1 L 15 L 14 L 13 L 12 L 11 L 10 L 9 L 8 FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 6 / 17

  8. Mifare Ultralight Security mechanisms Security mechanisms very simple API: read/write of pages with some limitations: unique ID: read-only, included in encryptions or MACs to avoid card 1 cloning OTP: One Time Programmable, monotone, prevents ticket reuse 2 lock bytes: for read-only time-based contracts, e.g. skipass 3 block locking bits: prevent locking of pages that need to be modified, 4 e.g., the OTP no security API: security is built on top of the above mechanisms ⇒ security flaws found in real application, e.g., the OV-chipkaart in Amsterdam and Rotterdam. FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 7 / 17

  9. Attacks Cloning/restoring a card Example (Card cloning) read(4 : 7); Sample (flawed) code for if ( MAC K ( p 4 , p 6 ) = p 7 ) then consuming n tickets from a p 4 := p 4 − n ; p 5 := BUS ID (); card p 6 := TIMESTAMP (); p 7 := MAC K ( p 4 , p 6 ); write(4 : 7); 0, 1 Id 2 Lock 3 Otp 4 R 5 D 1 6 D 2 7 MAC K (R , D 2 ) FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 8 / 17

  10. Attacks Cloning/restoring a card Example (Card cloning) read(4 : 7); Sample (flawed) code for if ( MAC K ( p 4 , p 6 ) = p 7 ) then consuming n tickets from a p 4 := p 4 − n ; p 5 := BUS ID (); card p 6 := TIMESTAMP (); p 7 := MAC K ( p 4 , p 6 ); write(4 : 7); Id ′ 0, 1 Id 0, 1 2 Lock 2 3 Otp 3 4 R 4 5 D 1 5 6 D 2 6 7 MAC K (R , D 2 ) 7 FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 8 / 17

  11. Attacks Cloning/restoring a card Example (Card cloning) read(4 : 7); Sample (flawed) code for if ( MAC K ( p 4 , p 6 ) = p 7 ) then consuming n tickets from a p 4 := p 4 − n ; p 5 := BUS ID (); card p 6 := TIMESTAMP (); p 7 := MAC K ( p 4 , p 6 ); write(4 : 7); Id ′ 0, 1 Id 0, 1 2 Lock 2 3 Otp 3 COPY 4 R = ⇒ 4 R 5 D 1 5 6 D 2 6 D 2 7 MAC K (R , D 2 ) 7 MAC K (R , D 2 ) FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 8 / 17

  12. Attacks Cloning/restoring a card Example (double-use) read(0 : 7); if ( MAC K ( p 0 , p 1 , p 4 , p 6 ) = p 7 ) then Including the Id in the MAC p 4 := p 4 − n ; prevents cloning p 5 := BUS ID (); p 6 := TIMESTAMP (); p 7 := MAC K ( p 0 , p 1 , p 4 , p 6 ); write(4 : 7) 0, 1 Id 2 Lock 3 Otp 4 R 5 D 1 6 D 2 7 MAC K (Id , R , D 2 ) FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 9 / 17

  13. Attacks Cloning/restoring a card Example (double-use) read(0 : 7); if ( MAC K ( p 0 , p 1 , p 4 , p 6 ) = p 7 ) then Including the Id in the MAC p 4 := p 4 − n ; prevents cloning p 5 := BUS ID (); p 6 := TIMESTAMP (); p 7 := MAC K ( p 0 , p 1 , p 4 , p 6 ); write(4 : 7) 0, 1 Id 2 Lock COPY = ⇒ 3 Otp R , D 2 , MAC K (Id , R , D 2 ) 4 R 5 D 1 6 D 2 7 MAC K (Id , R , D 2 ) FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 9 / 17

  14. Attacks Cloning/restoring a card Example (double-use) read(0 : 7); if ( MAC K ( p 0 , p 1 , p 4 , p 6 ) = p 7 ) then Including the Id in the MAC p 4 := p 4 − n ; prevents cloning p 5 := BUS ID (); p 6 := TIMESTAMP (); p 7 := MAC K ( p 0 , p 1 , p 4 , p 6 ); write(4 : 7) 0, 1 Id 2 Lock COPY = ⇒ 3 Otp use tickets R , D 2 , MAC K (Id , R , D 2 ) 4 R − n D ′ 5 1 D ′ 6 2 MAC K (Id , R − n , D ′ 7 2 ) FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 9 / 17

  15. Attacks Cloning/restoring a card Example (double-use) read(0 : 7); if ( MAC K ( p 0 , p 1 , p 4 , p 6 ) = p 7 ) then Including the Id in the MAC p 4 := p 4 − n ; prevents cloning p 5 := BUS ID (); p 6 := TIMESTAMP (); p 7 := MAC K ( p 0 , p 1 , p 4 , p 6 ); write(4 : 7) 0, 1 Id 2 Lock COPY = ⇒ 3 Otp use tickets R , D 2 , MAC K (Id , R , D 2 ) 4 R 5 D 1 RESTORE ⇐ = reuse the card arbitrarily D ′ 6 2 7 MAC K (Id , R , D 2 ) FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 9 / 17

  16. Attacks Cloning/restoring a card Example (the OTP) read(0 : 7); Use the OTP to count if ( MAC K ( p 0 , p 1 , p 3 , p 6 ) = p 7 ) then resources on the card p 3 := incOTP n ( p 3 ); (initialized as 32 − R) p 5 := BUS ID (); p 6 := TIMESTAMP (); p 7 := MAC K ( p 0 , p 1 , p 3 , p 6 ); write(3 : 7) 0, 1 Id 2 Lock 3 Otp 4 5 D 1 6 D 2 7 MAC K (Id , Otp , D 2 ) FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 10 / 17

  17. Attacks Cloning/restoring a card Example (the OTP) read(0 : 7); Use the OTP to count if ( MAC K ( p 0 , p 1 , p 3 , p 6 ) = p 7 ) then resources on the card p 3 := incOTP n ( p 3 ); (initialized as 32 − R) p 5 := BUS ID (); p 6 := TIMESTAMP (); p 7 := MAC K ( p 0 , p 1 , p 3 , p 6 ); write(3 : 7) 0, 1 Id 2 Lock COPY = ⇒ 3 Otp Otp , D 2 , MAC K (Id , Otp , D 2 ) 4 5 D 1 6 D 2 7 MAC K (Id , Otp , D 2 ) FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 10 / 17

  18. Attacks Cloning/restoring a card Example (the OTP) read(0 : 7); Use the OTP to count if ( MAC K ( p 0 , p 1 , p 3 , p 6 ) = p 7 ) then resources on the card p 3 := incOTP n ( p 3 ); (initialized as 32 − R) p 5 := BUS ID (); p 6 := TIMESTAMP (); p 7 := MAC K ( p 0 , p 1 , p 3 , p 6 ); write(3 : 7) 0, 1 Id 2 Lock COPY = ⇒ 3 Otp + n use Otp , D 2 , MAC K (Id , Otp , D 2 ) 4 D ′ 5 1 D ′ 6 2 MAC K (Id , Otp + n , D ′ 7 2 ) FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 10 / 17

  19. Attacks Cloning/restoring a card Example (the OTP) read(0 : 7); Use the OTP to count if ( MAC K ( p 0 , p 1 , p 3 , p 6 ) = p 7 ) then resources on the card p 3 := incOTP n ( p 3 ); (initialized as 32 − R) p 5 := BUS ID (); p 6 := TIMESTAMP (); p 7 := MAC K ( p 0 , p 1 , p 3 , p 6 ); write(3 : 7) 0, 1 Id 2 Lock COPY = ⇒ 3 Otp + n use Otp , D 2 , MAC K (Id , Otp , D 2 ) 4 5 D 1 RESTORE ⇐ = FAIL! D ′ 6 2 7 MAC K (Id , Otp , D 2 ) FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 10 / 17

Recommend

Secure UHF Tags with Strong Cryptography Development of ISO/IEC 18000-63 Compatible Secure RFID

Secure UHF Tags with Strong Cryptography Development of ISO/IEC 18000-63 Compatible Secure RFID

Secure UHF Tags with Strong Cryptography Development of ISO/IEC 18000-63 Compatible Secure RFID Tags and Presentation of First Results Walter Hinz, Klaus Finkenzeller, Martin Seysen Barcelona, February 19 th , 2013 Agenda Motivation for

416 views • 26 slides
Recharge Basics January 10, 2019 Presented by Recharge Review, Budget & Resource Management

Recharge Basics January 10, 2019 Presented by Recharge Review, Budget & Resource Management

Recharge Basics January 10, 2019 Presented by Recharge Review, Budget & Resource Management Course objectives Understand basic recharge concepts and the policies governing recharge activities Develop recharge rates in accordance

1.12k views • 78 slides
Atlanta, USA 1. TSA worldwide RFID Trial History 2. ASTREC research effort in RFID 3. Inflight

Atlanta, USA 1. TSA worldwide RFID Trial History 2. ASTREC research effort in RFID 3. Inflight

March 2, 2014 Monte Jade's RFID Seminar Atlanta, USA 1. TSA worldwide RFID Trial History 2. ASTREC research effort in RFID 3. Inflight RFID 4. Current Airport RFID Deployments 5. Atlanta International Airport Activity with IATA RFID

912 views • 35 slides
IntelliSense RFID RFID PLATFORM WITH SENSORS INTEGRATION CAPABILITIES One Global Sensing

IntelliSense RFID RFID PLATFORM WITH SENSORS INTEGRATION CAPABILITIES One Global Sensing

IntelliSense RFID RFID PLATFORM WITH SENSORS INTEGRATION CAPABILITIES One Global Sensing Tag Oslo, 28 November 2007 IntelliSense RFID Workshop IntelliSense RFID RESEARCH PROJECT FOR TECHNOLOGY DEVELOPMENT WITHIN THE FIELDS OF RFID

788 views • 13 slides
1 Active recharge (not talking about passive) Talking about recharge (not direct use for now) 2 3

1 Active recharge (not talking about passive) Talking about recharge (not direct use for now) 2 3

1 Active recharge (not talking about passive) Talking about recharge (not direct use for now) 2 3 **Statement about unit cost may contradict the next slide on the costs** Variable hydrology and limited storage? Army Corps dams, etc. Peak flows

584 views • 13 slides
The Art of RFID Exploitation Melanie Rieback FIRST 20 June, 2007 What is RFID? RFID = Radio

The Art of RFID Exploitation Melanie Rieback FIRST 20 June, 2007 What is RFID? RFID = Radio

The Art of RFID Exploitation Melanie Rieback FIRST 20 June, 2007 What is RFID? RFID = Radio Frequency Identification Modern RFID Applications VeriChips Subdermal RFID VeriChips Subdermal RFID VeriChips Subdermal RFID VeriChips

628 views • 29 slides
An elliptic curve and zero knowledge based forward secure RFID Protocol S. Mart nez, M.

An elliptic curve and zero knowledge based forward secure RFID Protocol S. Mart nez, M.

An elliptic curve and zero knowledge based forward secure RFID Protocol S. Mart nez, M. Valls, C. Roig, F. Gin e and J.M. Miret Escola Polit` ecnica Superior. Universitat de Lleida. { santi,magda,roig,sisco,miret } @eps.udl.es

417 views • 12 slides
Securing RFID with Ultra-wideband Modulation Pengyuan Yu, Patrick Schaumont and Dong Ha

Securing RFID with Ultra-wideband Modulation Pengyuan Yu, Patrick Schaumont and Dong Ha

Securing RFID with Ultra-wideband Modulation Pengyuan Yu, Patrick Schaumont and Dong Ha Presented By: Eric Simpson Summary Traditional Secure Communications Securing the physical layer with UWB TH-PPM RFID digital baseband

386 views • 19 slides
/// DISPOSABLE JOURNALISTS? LOCAL INJURED JOURNALISTS IN SYRIA AND THE FUTURE OF CONFLICT

/// DISPOSABLE JOURNALISTS? LOCAL INJURED JOURNALISTS IN SYRIA AND THE FUTURE OF CONFLICT

1 /// DISPOSABLE JOURNALISTS? /// DISPOSABLE JOURNALISTS? LOCAL INJURED JOURNALISTS IN SYRIA AND THE FUTURE OF CONFLICT REPORTING 1 /// DISPOSABLE JOURNALISTS? From the start of the revolution in March 2011 through May 2019, the Syrian

381 views • 11 slides
Managed Aquifer Recharge Symposium Innovative Use of Existing Facilities for Managed Recharge in

Managed Aquifer Recharge Symposium Innovative Use of Existing Facilities for Managed Recharge in

Managed Aquifer Recharge Symposium Innovative Use of Existing Facilities for Managed Recharge in the Upper Snake River Basin, Idaho David R. Tuthill, Jr., Ph.D., P.E. January 26, 2011 Outline The physical scenario The legal framework

308 views • 27 slides
TrainTraxx.com HiveID RFID/NFC Solutions for Model Railroaders Presented by Carlton Brown &

TrainTraxx.com HiveID RFID/NFC Solutions for Model Railroaders Presented by Carlton Brown &

TrainTraxx.com HiveID RFID/NFC Solutions for Model Railroaders Presented by Carlton Brown & Blaine McDonnell Using RFID for Model Railroad Operations What is RFID? How does RFID Work? RFID Frequencies and Type of Tags

853 views • 25 slides
DEVELOPMENT OF AN RFID SYSTEM FOR SPS-ALPHA 1 OBJECTIVES RFID Implementation: SPS-ALPHA

DEVELOPMENT OF AN RFID SYSTEM FOR SPS-ALPHA 1 OBJECTIVES RFID Implementation: SPS-ALPHA

DEVELOPMENT OF AN RFID SYSTEM FOR SPS-ALPHA 1 OBJECTIVES RFID Implementation: SPS-ALPHA Structure RFID Technology Applications in SPS-ALPHA architecture Part Identification Location Referencing 2 Why Space Solar No

241 views • 22 slides
Privately Developed Groundwater Recharge Dave Tuthill, Ph.D., P.E. August 2, 2018 Topics 1.

Privately Developed Groundwater Recharge Dave Tuthill, Ph.D., P.E. August 2, 2018 Topics 1.

Idaho Section Privately Developed Groundwater Recharge Dave Tuthill, Ph.D., P.E. August 2, 2018 Topics 1. Why Privately Develop Managed Aquifer Recharge? 2. What are: Recharge Development Corporation An Aquifer Recharge Unit (ARU)?

698 views • 22 slides
Groundwater Recharge and Recovery by the Public Works Department What is Recharge and Recovery?

Groundwater Recharge and Recovery by the Public Works Department What is Recharge and Recovery?

7/21/2020 Groundwater Recharge and Recovery by the Public Works Department What is Recharge and Recovery? 1 7/21/2020 Introduction to the Groundwater Recharge Facility The City operates an aquifer storage and recovery facility; the

329 views • 4 slides
Sun Direct Electronic Recharge by EPRS. PRESENTATION EPRSS Prepaid Recharge Services India Pvt.

Sun Direct Electronic Recharge by EPRS. PRESENTATION EPRSS Prepaid Recharge Services India Pvt.

Sun Direct Electronic Recharge by EPRS. PRESENTATION EPRSS Prepaid Recharge Services India Pvt. Ltd. C-207 KPCT Commercial Complex, Pune 411013 Phone - 020-26860160. Fax - 020-26860578 Email: info@eprs.co.in Web - www.eprs.co.in Introduction

320 views • 16 slides
RFID from Farm to Fork Piero Filippin p.filippin@wlv.ac.uk RFID from Farm to Fork Funded by

RFID from Farm to Fork Piero Filippin p.filippin@wlv.ac.uk RFID from Farm to Fork Funded by

RFID - From Farm to Fork Strengthening SME competitive advantage through RFID implementation RFID from Farm to Fork Piero Filippin p.filippin@wlv.ac.uk RFID from Farm to Fork Funded by the EU as part of the Competitiveness and Innovation

356 views • 9 slides
Privately Developed Privately Developed Groundwater Recharge Dave Tuthill, Ph.D., P.E. August

Privately Developed Privately Developed Groundwater Recharge Dave Tuthill, Ph.D., P.E. August

Idaho Section Privately Developed Privately Developed Groundwater Recharge Dave Tuthill, Ph.D., P.E. August 2, 2018 Topics 1. Why Privately Develop Managed Aquifer Recharge? 2. What are: Recharge Development Corporation

406 views • 22 slides
RFID Hacking Live Free or RFID Hard 01 Aug 2013 Black Hat USA 2013 Las Vegas, NV Presen

RFID Hacking Live Free or RFID Hard 01 Aug 2013 Black Hat USA 2013 Las Vegas, NV Presen

RFID Hacking Live Free or RFID Hard 01 Aug 2013 Black Hat USA 2013 Las Vegas, NV Presen sented ed b by: Francis Brown Bishop Fox www.bishopfox.com Agenda O V E R V I E W Qu Quic ick k Over erview ew RFID badge

883 views • 50 slides
Implementation of Public and Private Managed Aquifer Recharge in Idaho Managed Aquifer Recharge

Implementation of Public and Private Managed Aquifer Recharge in Idaho Managed Aquifer Recharge

Aquifer Storage and Recovery: A Practical Training Workshop Implementation of Public and Private Managed Aquifer Recharge in Idaho Managed Aquifer Recharge in Idaho David R. Tuthill, Jr., Ph.D., P.E. August 19, 2015 Outline Idaho and many

549 views • 27 slides
RFID Technologies: Emerging Issues, Challenges, Policy Options A study by TNO and Telecom Italia

RFID Technologies: Emerging Issues, Challenges, Policy Options A study by TNO and Telecom Italia

RFID Technologies: Emerging Issues, Challenges, Policy Options A study by TNO and Telecom Italia for IPTS IFIP/FIDIS Summerschool Karlstad - 2007 Overview RFID Technologies RFID Markets RFID Privacy issues Conclusions 2

734 views • 19 slides
Insider Threat Engineering Secure Software Last Revised: November 11, 2020 SWEN-331: Engineering

Insider Threat Engineering Secure Software Last Revised: November 11, 2020 SWEN-331: Engineering

Insider Threat Engineering Secure Software Last Revised: November 11, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Lottery Story At a lottery agency, a manager was able to turn losing tickets into winners He would buy

309 views • 19 slides
Mobile Data Entry for RFID RFID MRR NCDOT Materials and Tests Unit Welcome Transportation 2

Mobile Data Entry for RFID RFID MRR NCDOT Materials and Tests Unit Welcome Transportation 2

Mobile Data Entry for RFID RFID MRR NCDOT Materials and Tests Unit Welcome Transportation 2 WELCOME Transportation 3 Introduction The final link in the RFID program is the receiving of the project onto the project site. The producer

508 views • 30 slides
RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium February 2011,

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium February 2011,

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium February 2011, Corua, Spain RFID Primer RFID Primer Definition Radio frequency identification'' (RFID) means the use of electromagnetic radiating waves

729 views • 47 slides
Smart Sensing RFID Technology Passi sive, Activ ive e RFID, , Barcode code & BLE based

Smart Sensing RFID Technology Passi sive, Activ ive e RFID, , Barcode code & BLE based

Smart Sensing RFID Technology Passi sive, Activ ive e RFID, , Barcode code & BLE based ed Hybri rid d Asset set Trac acking ing syst stem em Smart Sensing RFID Technology and Management Consultancy Every day, our work helps

579 views • 27 slides

More recommend