This was posted on RFID Toys a little over six months ago, but I was just cleaning files from my cluttered laptop and re-discovered this gem. These guys over at the University of Virginia reverse engineered an RFID tag by physically shaving down the chip to reveal transistor layer after transistor layer, taking images of the layers, stitching them together, then analyzing the various gates and pathways to determine the crypto algorithm. Brilliant! Their paper can be found here (local pdf).
They also give talks about their endeavor, and I was surprised to find my hands on the last slide of their slide show.
Toward the end they go through options to fix or mitigate the security problem. These solutions include both changes in chip design, and updating business processes around its use. The limitation you face when placing the responsibility of encryption in the RFID chip itself is that you have limited hardware and processing power to work with. So, until RFID tags are designed well enough, and are powerful enough to truly protect their data and communications, there is an option system implementers could employ to try to mitigate the limitations of contemporary tag technology; a one time use key.
For the most part, it is safe to assume that when tag security is desired or necessary, that those tags are going to be used for a singular purpose; access control, transit, payment, etc. This means that the tag will, for the most part, be used within a controlled environment where the readers that are part of some interconnected system, under the control of a single entity (a company, transit authority, visa/mastercard, etc…). This situation lends itself to using a one time use key.
My right hand contains a Philip HITAG S tag which uses 40 bit encryption and contains 2048 bits of read/write memory. Using the 40 bit encryption features are about the equivalent to locking your car door. It doesn’t stop someone from breaking a window, but it does ward off the casual attacker. It’s easy to do, so why not use it. For the window breakers, a random one time use key could help considerably narrow the window of attack.
It’s a simple idea, and unfortunately it is somewhat vulnerable if your attacker is quick to act, but it is far better than not using any security features at all, or only relying on the rudimentary encryption features employed by some “secure” tags. It works by simply using some memory blocks to store a random string of characters. That string is also stored centrally by the system/company/etc. and used to authenticate on the next pass.
- When the user wants in the building, the tag ID and random key are read.
- The system matches the read tag ID and random key with the stored ID and key and the person is let in.
- The system then generates a new random key, stores it, and writes it to the tag.
The only way an attacker could use the key would be if they were able to read it and use it before the legitimate owner did. Because the typical sneak attack on company access cards is done while the target is on their way to work or even stepping up to the controlled access door itself, an attacker would have to read the tag and race to a controlled door before the legitimate tag owner. If the attacker does succeed in doing this, they typically won’t have much time to use their new found access. Any well built system would see the fraudulent key use right away and bring up surveillance video of the presumed “legit” key use and the following “illegitimate” key use for security guards.
Even though this solution is not truly secure, the important factor here is that the intrusion attempt will be caught. Hopefully it will be caught before the attacker gains access, but even if they do gain access, the intrusion will be caught shortly after. This does have some value, as the worst type of intrusion is the silent kind which is never detected.