CEHv6 module 39 RFID hacking

Trang 1

RFID Hacking

Ethical Hacking and CountermeasuresVersion 6

Module XXXIXRFID Hacking

Ethical Hacking and Countermeasures v6

Module XXXIX: RFID Hacking

Exam 312-50

Trang 2

News

Source: http://www.theregister.co.uk/

Halifax, a UK bank, began issuing RFID-enabled cards for customers, which used the Pay Wave

technology The Pay Wave technology allows customers to make transactions of up to 10 euros

without entering a PIN or signature A customer named Pete, who was issued a Pay Wave card,

was not interested in using the card and shredded it Later, his transactions with the older debit

card were blocked When he contacted the bank’s help line, he discovered that his previous bank

card had been automatically cancelled when he was issued the new bank card In this way, Halifax

forcibly made customers use the newly issued cards Finally, Pete was issued a new non-Pay Wave

Bank card from Halifax

Pete did not want to use the RFID-enabled card because it did not require any authorization for

transactions, making it highly insecure

Trang 3

RFID Hacking

Module Objective

• RFID

• Components of RFID systems

• RFID System Architecture

• RFID Collisions

• RFID Risks

• RFID and Privacy Issues

• RFID Security and Privacy Threats

• Vulnerabilities in RFID-enabled Credit Cards

• RFID Hacking Tool

• RFID Security Controls

This module will familiarize you with:

Module Objective

This module will familiarize you with:

Trang 4

Module Flow

RFID

Components of RFID systems

RFID Risks RFID Collisions RFID System Architecture

RFID Security Controls

RFID and Privacy Issues

RFID Security and Privacy Threats

Vulnerabilities in RFID-enabled Credit Cards

RFID Hacking Tool

Module Flow

Trang 5

• An Antenna for receiving and transmitting signal

RFID tags contain at least two parts: RFID

RFID is a technique in which objects are identified automatically The identity of the objects is

stored and retrieved using RFID tags and transponders

It transmits the identity of the objects in the form of a unique serial number with the help of radio

waves

It works in a way that contactless transmission of the data takes place between the data carrying

the devices and their reader The power needed for operating the electronic devices is also

transferred through a reader with the contactless technique

RFID tags can be included or attached to any product, animal, or person for its identification with

the help of the radio waves

 RFID tags are electronic devices that has the capacity to store the data

RFID tags are classified into two categories:

 Passive tags: An internal power source is not required

 Active tags: A power source is notalways required for these tags

Trang 6

Components of RFID Systems

• Tags

• Tag readers

• RFID antenna

• RFID controller

• RFID premises server

• RFID integration server

Basic components of a RFID systems:

• Passive: Requires no internal power source

• Active: Requires internal power source (Small battery)

• Semi-passive (Battery-assisted):

Requires internal power source(Small battery)

General categories of RFID tags:

The basic components of RFID systems are:

The main purpose of the RFID system is to allow the transmission of data with mobile devices

known as tags

In RFID, every object is prepared with a small tag that has a transponder and digital memory

chip Each RFID has a unique product code

RFID tags perceive the reader’s activation signal when it passes through the electromagnetic zone

Readers can be mounted on a fixed location or can be held in the hand They emit radio waves in a

broad range depending on the radio frequency used and the power output The encrypted data

present in the integrated circuit of the tags can be decrypted using these readers The data

extracted is sent to the host computer where it is processed

An antenna is bundled with the transreceiver and a decoder Radio signals are emitted by the

antenna to activate the tag It reads the data from the tag and with some tags, it can write data to

the tag

An RFID controller is used in a store or distribution-center environment

It supports the following functions:

 Provides connectivity that is either synchronous or asynchronous

 Provides software deployment, which includes device drivers, filters, aggregators, and

dynamically loaded software modules

 Ensures security that authenticates the readers at the edge

Trang 7

RFID Hacking

An RFID premises server is used in a store or distribution center

 It adds persistence for storing all incoming RFID events from controllers

 Commands and data are passed to the network using synchronous or asynchronous

communication

asynchronous methods and behaves like a gateway to the RFID integration server

 It improves RFID data from existing sources, which provides the ability to clean and

validate the data

 Business-to-business processes and various graphical user interfaces are integrated

 Customers can select various software products to replace servers or to implement their

own skills

Trang 8

RFID Collisions

• RFID Tag collision happens when multiple tags are energized by RFID tag reader simultaneously, and reflect their respective signals back to reader at the same time

RFID Tag Collision:

• Reader collision occurs in RFID systems when coverage area of one RFID reader overlaps with that of another reader

• This causes two different problems:

• Signal interference

• Multiple reads of same tag

RFID Reader Collision:

Source: http://www.technovelgy.com/ct/Technology-Article.asp?ArtNum=57

RFID Tag Collision

Tag collision in RFID systems occurs when numerous tags are energized by the RFID tag reader

and the respective signals are reflected back to the reader simultaneously When a large number

of volume tags are read together in the same RF field, it is difficult for the reader to differentiate

the signals, as tag collision confuses the reader

Many systems are invented to distinguish individual tags; these systems may vary from vendor to

vendor For example, when the reader identifies that tag collision is done, he/she sends a gap

pulse signal By receiving this signal, each tag asks a random number counter to determine the

interval before sending its data Tags send their data separately, as each one gets a unique number

interval

RFID Reader Collision:

Reader collision in RFID systems occurs when the coverage area of one RFID reader coincides

with another reader

This collision causes two problems:

This problem arises when RF fields of two or more readers coincide and interfere This

issue is solved by enabling the reader program to read the different data at different

times This technique is known as Time Division Multiple Accesses (TDMA) that results

in reading the same tag twice

This problem arises when the same tag is read only once by the overlapping readers It is

solved by allowing the given tag to be read only once by the programmed RFID system

Trang 9

RFID Hacking

RFID RisksBusiness Process Risk

Business Intelligence Risk

Privacy Risk

• Hazards of Electromagnetic Radiation

• Computer Network Attacks

Externality Risk

Source: http://csrc.nist.gov/publications/nistpubs/800-98/SP800-98_RFID-2007.pdf

RFID technology enables an organization to significantly change its business process to:

 Increase its efficiency, which results in lower costs

 Increase its effectiveness, which improves the mission’s performance and makes the

implementing organization more resilient and more capable to assign accountability

other applications

The RFID technology itself is complex, combining a number of different computing and

communications technologies to achieve the desired objectives Unfortunately, both change and

complexity generate risk For RFID implementations to be successful, organizations need to

effectively manage that risk, which requires an understanding of its sources and its potential

characteristics

This section reviews the major high-level business risks associated with the RFID systems so that

organizations planning or operating these systems can better identify, characterize, and manage

the risk in their environments The risks are as follows:

Direct attacks on RFID system components potentially could undermine the business

processes the RFID system was designed to enable

An adversary or competitor potentially could gain unauthorized access to

RFID-generated information and use it to harm the interests of the organization implementing

the RFID system

Trang 10

RFID technology potentially could represent a threat to non-RFID networked or

collocated systems, assets, and people

An important characteristic of RFID that impacts all of these risks is that RF communication is

invisible to operators and users In other AIDC and IT systems, it is often easier to identify when

there is unauthorized behavior

Trang 11

RFID Hacking

RFID Risks: Business Process

Organizations implementing RFID systems could become reliant on those systems

Failure in any component or subsystem of RFID system could result in system wide failure

Unlike most of other risks, business process risk can occur as a result of both human action and natural causes

If network supporting RFID system is down, then RFID system is likely to be down as well

RFID systems typically are implemented to replace or enhance a paper or partially automated

process Organizations implementing RFID systems could become reliant on those systems,

which if not implemented properly with business continuity planning might be less resilient to

disruptions than the systems they replace FAn example would be if a warehouse replaces its

paper-based inventory management system with an RFID-enabled system The paper system

involves storing completed forms at the warehouse and sending the duplicates of the forms to a

central office, while the new RFID system locates its backend database servers at a single

computing center In this environment, the paper system might be more resilient to a local

disaster than the RFID system, despite the increased efficiency, accuracy, or effectiveness of the

RFID-enabled business process

Failure in any component or subsystem of the RFID system could result in system wide failure In

the warehouse example, system wide failure might result from many causes, such as loss of the

network connection between the warehouse and the computing facility, a software virus that

disables critical middleware functionality, or a new source of radio interference that prevents

readers from accurately reading tags If an RFID system is rendered unavailable for any reason,

then potential impacts can range from a deceleration of the business process to the loss of critical

business or operational records If the system is mission critical, then the consequences could be

devastating to the organization’s performance

An example of an intentional attack on an RFID business process is cloning, which occurs when

an adversary reads information from a legitimate RFID tag and then programs another tag or

device to emulate the behavior of the legitimate tag Another attack on an RFID business process

would be removing a tag from the item it is intended to identify and attaching it to another

unrelated item Someone might, for example, perform such an attack to get a better price on an

expensive item in a store

Trang 12

of the implementing organization

Trang 13

RFID Hacking

RFID Risks: Business Intelligence Risk

RFID supports wireless remote access to get information about assets and people that either previously did not exist or was difficult to create or dynamically maintain

A competitor or adversary can gain information from RFID system in a number of ways:

• Eavesdropping on RF links between readers and tags

• Performing independent queries on tags to obtain relevant data

• Obtaining unauthorized access to a back-end database which stores information about tagged items

Using controls such as database access controls, password-protection, and cryptography can significantly mitigate business intelligence risk if applied properly

RFID is a powerful technology, in part, because it supports wireless remote access to information

about assets and people that either previously did not exist or was difficult to create or

dynamically maintain While this wireless remote access is a significant benefit, it also creates a

risk that unauthorized parties could also have similar access to that information if proper controls

are not in place This risk is distinct from the business process risk because it can be realized even

when business processes are functioning as intended

A competitor or adversary can gain information from the RFID system in a number of ways,

including eavesdropping on RF links between readers and tags, performing independent queries

on tags to obtain relevant data, and obtaining unauthorized access to a back-end database storing

information about tagged items Supply chain applications may be particularly vulnerable to this

risk because a variety of external entities may have read access to the tags or related databases

The risk of unauthorized access is realized when the entity engaged in the unauthorized behavior

does something harmful with that information

In some cases, the information may trigger an immediate response For example, someone might

use a reader to determine whether a shipping container holds expensive electronic equipment,

and then break into the container when it gets a positive reading This scenario is an example of

targeting

In other cases, data might also be aggregated over time to provide intelligence regarding an

organization’s operations, business strategy, or proprietary methods For instance, an

organization could monitor the number of tags entering a facility to provide a reasonable

indication of its business growth or operating practices In this case, if someone determined that a

warehouse recently received a number of very large orders, then that might trigger an action in

financial markets or prompt a competitor to change its prices or production schedule

Trang 14

RFID Risks: Privacy RiskBusiness objectives often conflict with privacy objectives

Organizations can benefit from analysis and sharing of personal information obtained with RFID technology

• Penalties if organization does not comply with privacy laws and regulations

• Customer avoidance or boycott of organization because of real or perceived privacy concerns about RFID technology

• Being held legally liable for any consequences of weak privacy protections

• Employees, shareholders, and other stakeholders might disassociate with organization due to concerns about corporate social responsibility

Privacy risk from the perspective of organization implementing RFID, might include:

RFID Risks: Privacy Risk (cont’d)

• Whether personal information is stored on tags

• Whether tagged items are considered personal

• The likelihood that the tag will be in proximity of compatible readers

• Length of time records are retained in analytic or archival systems

• Effectiveness of RFID security controls, in particular:

• Efficiency of tag memory access control and authentication mechanisms

• Ability of tags to be disabled after their use in a business process

• Ability of users to effectively shield tags to prevent unauthorized read transactions

Other factors that impact the level of privacy risk include:

RFID technology raises several important privacy concerns One concern is that organizations

may collect personal information for a particular purpose, such as to complete a financial

transaction or grant an individual access to a facility, and then later use that information for a

different purpose that the individual finds undesirable, such as to conduct a direct marketing

campaign Another concern is that organizations that are implementing RFID systems to serve a

particular business process might not be aware of how the RFID information could be used for

unintended purposes, such as the targeting or tracking of individuals, or the potential disclosure

of personal practices or preferences to unauthorized third parties

There are privacy risks from the perspective of the individual as well as the organization

implementing RFID technology The privacy risk from the perspective of the individual is the

unauthorized revelation of personal information and the personal consequences of that breach

The privacy risk from the perspective of the implementing organization might include:

 Penalties if the organization does not comply with privacy laws and regulations

Trang 15

RFID Hacking

 Customer avoidance or boycott of the organization because of real or perceived privacy

concerns about RFID technology

 Being held legally liable for any consequences of the weak privacy protections

organization due to concerns about corporate social responsibility

Business objectives often conflict over privacy objectives Organizations can benefit from the

analysis and sharing of personal information obtained from RFID technology At the same time,

these activities may potentially violate the privacy rights or expectations of the citizens and

consumers Similarly, methods to protect personal privacy may pose a business process risk For

example, consumers may want tags to be disabled at point-of-sale so that they cannot be used for

tracking purposes afterwards However, if it is easy to disable a tag at point-of-sale, then it may

also be easier for adversaries to disable tags prior to point-of-sale, thereby disrupting the business

process Moreover, organizations may want to use tags after point-of-sale for post-sale support,

recalls, and other purposes

Privacy risk may increase when an individual possesses tags from multiple organizations because

someone reading the tags can now combine and correlate information to profile individuals in

ways that none of the organizations alone might have anticipated For example, if a consumer

purchases a tagged item and the tag is not disabled or removed, then the seller or someone else

could subsequently use the tag to reveal the presence of that person in another location and time

The consumer may have purchased the item with cash, presuming to remain anonymous in the

transaction However, if she also carries another tag that reveals her identity, such as an

RFID-enabled identification card, then someone may be able to surreptitiously read both tags to

establish an association between the purchased item and her identity that did not exist previously

As people possess more tagged items and readers become more prevalent in everyday life, the

potential for complex associations and inferences increases

Other factors that impact the level of privacy risk include:

 Whether the tagged items are considered personal (e.g., pharmaceuticals or devices that

would reveal a medical condition, or a book that might reveal a political or religious

affiliation)

 The likelihood that the tag will be in the proximity of compatible readers

 The length of time records is retained in analytic or archival systems

 The effectiveness of RFID security controls, in particular:

o The ability of tags to be disabled after their use in a business process has been

completed

o The ability of users to effectively shield tags to prevent unauthorized read

transactions

Trang 16

RFID Risks: Externality Risk

RFID systems typically are not isolated from other systems and assets in enterprise

Externality risks can exploit both RF and enterprise subsystems of an RFID system:

• Major externality risk for RF subsystem is hazards resulting from electromagnetic radiation

• Major externality risk for enterprise subsystem is computer network attacks on networked devices and applications

As externality risk by definition involves risks outside of RFID system; it is distinct for both business process and business intelligence risks

RFID systems typically are not isolated from other systems and assets in the enterprise Every

connection point between the RFID system and something outside the RFID system represents a

potential vulnerability for the entity on the other side of the connection, whether that is an

application process, a valued asset, or a person Externality risks are present for both the RF and

enterprise subsystems of an RFID system The main externality risk for the RF subsystem is the

hazards resulting from electromagnetic radiation, which could possibly range from adverse

human health effects to the ignition of the combustible material, such as fuel or ordnance The

main externality risk for the enterprise subsystem is the successful computer network attacks on

networked devices and applications Computer network attacks can involve malware (e.g., worms

and viruses) or attack tools that exploit software vulnerabilities and configuration weaknesses to

gain access to systems, perform a denial of service, or cause other damage The impact of

computer network attacks can range from performance degradation to complete compromisation

of a mission-critical application

Because the externality risk by definition involves risks outside the RFID system, it is distinct

from both the business process and business intelligence risks; externality risks can be realized

without having any effect on RFID-supported business processes or without revealing any

information to adversaries

Hazards of Electromagnetic Radiation

RFID technology, like any other radio technology, relies on the use of electromagnetic radiation to

communicate information The potential risk of electromagnetic radiation includes:

 Hazards of electromagnetic radiation to other materials, including medical supplies such

as blood products, vaccines, and pharmaceuticals

Computer Network Attacks

RFID technology represents a new attack vector on an enterprise network Once RFID systems

are implemented, a possibility exists that attackers could reach non-RFID and enterprise

subsystem computers through a reader, although no such attack is known to have successfully

Trang 17

RFID Hacking

occurred to date If the system involves wireless handheld readers, then the wireless link between

the reader and the networked middleware servers is another point of entry Once RFID servers

are compromised, they can be used to launch attacks on other networked systems Attack

possibilities include the introduction of malware (e.g., a worm or virus) or the exploits of a single

adversary compromising one computer at a time Once additional systems are compromised, all

types of adverse consequences to the IT infrastructure are possible, including loss of

confidentiality, integrity, and availability

While the risk of network compromise through an RFID interface is considered low, it is possible,

especially as the number of RFID reader, middleware, and enterprise applications increases

RFID air-interface protocols do not support the execution of remote commands on the RFID

interface, but if the reader accepts data formats outside those expected by the protocol, then

conceivably an adversary could exploit buffer overflow vulnerability on a reader by sending

non-compliant data If the system is poorly designed, the adversary may be able to insert code or

commands in memory buffers read by processes that can execute administrative functions such as

disabling security controls The potential consequence is that the adversary could gain full control

of the device and use that control to attack other systems

Trang 18

RFID and Privacy Issues

• By placing RFID tags hidden from eyes, and using it for stealth tracking

• Using unique identifiers provided by RFID for profiling and identifying consumer pattern and behavior

• Using hidden readers for stealth tracking and getting personal information

RFID attacks used to bypass personal privacy information are:

Any organization contemplating the use of RFID should first ensure that it is aware of its privacy obligations under different laws before it starts accumulating data

Source: http://www.tutorial-reports.com/wireless/rfid/security.php

RFID can be used to bypass individual privacy by:

 Using the unique identifier provided by RFID for the purpose of profiling and identifying

the consumer’s pattern and behavior

 Making use of hidden readers for stealth tracking and gaining personal information

The main privacy concern about RFID systems is the capability of tracking anybody anywhere

without permission Due to the smaller size of the RFID tags, it is possible to hide the tags so that

no one is aware of the presence of the tags

When any company collects data with the help of RFID, it needs to follow some laws This means

that the company has to follow its local legal requirements for various kinds of personal data

gathered with the help of RFID Also, the company has to properly safeguard the personal

information it obtains

Trang 19

RFID Hacking

Countermeasures

RSA Blocker Tags:

• It helps in maintaining the privacy of consumer by spamming from any reader who attempts to scan tags without the authorization

RFID tags are getting smaller and smaller every day; they can be kept hidden in such a way that

the person with whom the tag is placed cannot be noticed and his or her privacy can be exploited

The tags can be molded in plastic or rubber and even can be sewn up inside a piece of clothing

These tags are read by a hidden reader for stealth tracking and gaining personal information In

order to overcome these types of attacks, the following measures should be taken:

RSA Blocker Tags

RSA blocker tags look like RFID tags and are the same size When the attacker tries to scan tags

without proper authorization, these tags confuse the reader by making the reader believe that

there are many tags in the same proximity using a spamming technique, and thus maintain the

privacy of the consumer

Kill Switches

Kill switches are new RFID tags that allow RFID tags to be disabled Usually, consumers are given

an option of disabling the RFID tag before leaving the store; this helps to avoid profiling and

stealth tracking

Trang 20

RFID Security and Privacy Threats

Sniffing Tracking Spoofing Replay attacks Denial-of-service

RFID is a noticeable target for attackers Wireless identification is a powerful capability Using

wireless identification, RFID reveals the nature and location of physical objects

RFID tags are designed to be readable by any compliant reader They easily collect RFID

data by overhearing something on the wireless RFID channel Medical and personal

details can be revealed by the data collected using tags, which can cause denial of

insurance coverage or employment of a person

RFID facilitates secret monitoring of individuals’ location and actions RFID readers

located in strategic places record unique responses of RFID tags, which are determinedly

associated with a person’s identity Tracking is done by forming gatherings, recurring

groups of tags that are associated with a person The readers monitor the entire group of

people

Attackers imitate the genuine RFID tags by writing suitably formatted data on blank

RFID tags Tag cloning is one type of spoofing attack, which produces illegal copies of the

lawful RFID tags

Relay devices interrupt and retransmit the RFID queries, which are used by the criminals

for mistreatment of various RFID applications RFID-enabled license plates and e-Plates

are examples of current RFID systems that are vulnerable to attack by a relay device

In order to work properly, RFID systems should have back-end databases and RFID tags

If tags are removed from RFID tagged items, they can be exploited easily by wrapping

them in a foil-lined booster bag These tags cannot be detected by readers if they are kept

in aluminum foil

Trang 21

RFID Hacking

Sniffing

RFID tags are designed to be readable by any compliant reader

It is easy to collect RFID data by eavesdropping on wireless RFID channel

Unrestricted access to tag data can have serious implications

Collected tag data might reveal information such as medical predispositions or unusual personal inclinations, causing denial of insurance coverage or employment for an individual

RFID tags are designed in such a way that they are readable by any type of reader; therefore, they

are indiscriminate But this leads to unauthorized readers reading the tags from a distance, which

affects privacy By eavesdropping on a wireless network, the data can be collected by a third party

Unauthorized access of tag data leads to serious privacy implications; the data collected might

reveal the information about the product and personal implications, which cause denial of

insurance coverage for individual and loss of business

Trang 22

RFID tags without unique identifiers facilitates tracking by forming constellation means recurring groups of tags that are associated with an individual

Clandestine monitoring of individuals and actions can be facilitated by RFID technology RFID

readers can be placed at doorways where they catch the unique responses from the RFID tags of

the individual people and help to identify the person associated with that organization If there is

a recurring group of tags without unique identifiers associated, then an individual can be

facilitated by the constellations Entire groups of people can be monitored by RFID technology

Trang 23

Tag cloning is another kind of spoofing attack, which produces unauthorized copies

of legitimate RFID tags

Researchers from Johns Hopkins University recently cloned a cryptographically- protected Texas Instruments digital signature transponder

Appropriately formatted data written on blank RFID tags helps attackers to authenticate the tags

For example, in a supermarket, the item tags can be replaced with similar tags so that thieves can

purchase the items at cheaper prices Producing unauthorized copies of similar RFID tags is

called as tag cloning, another type of spoofing attack Digital signature transponders can unlock a

DST-based car immobilization system and purchase gasoline These are cryptographically

protected and designed by John Hopkins University researchers

Trang 24

Researchers have explained and implemented RFID relay devices independently But these relay

devices are misused by attackers to hack various applications These devices retransmit and

intercept with RFID queries England’s e-plates are new RFID-enabled license plates that are

susceptible to attack by any relay device The encrypted code of these active e-plates is stored in

the UK Ministry of Transport vehicle database When license plates of other cars are scanned by

the attacker, they are recorded by the encrypted identifier and can be replayed later

Trang 25

RFID-Another attack takes the opposite approach; floods an RFID system with more data than it can handle

Attacker can remove RFID tags and plant them on other items, causing RFID systems to record useless data, discrediting, and devaluing RFID technology

In order to work properly, RFID systems should have properly managed back-end databases and

RFID tags

If tags are removed from the RFID-tagged items, they can be exploited easily by wrapping them in

a foil lined booster bag If these tags are kept in aluminum foil, then they cannot be detected by

readers temporarily Another denial-of-service attack could be flooding the RFID system by

providing more data than it can handle normally Attackers can even replace the tags from

legitimate item on fake item, creating a tag to read useless data

Trang 26

Protection against RFID Attacks

• Minimalist cryptography

• Human-computer authentication

• Hash locks

Cryptography:

• RFID Detektor (http://tinyurl.com/)

• Data Privatizer (https://shop.foebud.org/)

• RFID Guardian (www.rfidguardian.org)

Detection and evasion:

• Consumers can deactivate their RFID tags to avoid most modern-day threats

Developers have established a lightweight version of the symmetric key and public key

cryptography to protect the tags from attacks RFID-specific authentication techniques

are light weighted

Consumers who have the capacity to detect unauthorized RFID activity can take their

own evasive maneuvers C’t magazine’s RFID Detektor and FoeBuD’s Data Privatizer

devices that are used by users to recognize the RFID activities

RFID tags can be deactivated to protect them from the modern threats On-tag

mechanisms are also available for tag deactivation EPC global tags have a

password-protected capability that deactivates the tags permanently There are some expensive tags

that have a password-protected function that deactivates temporarily and then reactivates

the RFID tags

There are several techniques available to protect RFID devices from the attack By

changing the outward show of RFID, tags prevent devices from unauthorized access

Trusted RFID readers or an on-tag pseudorandom number generator refresh the names

periodically present in RFID tags’ pseudonyms

Trang 27

RFID Guardian monitors and regulates RFID usage on behalf of customers

It is meant for personal use and manages the RFID tags within physical proximity of a person

It acts like an RFID reader, querying tags, and decoding the tag responses, and it can also emulate an RFID tag, allowing it to perform direct in-band communications with other RFID readers

RFID Guardian is a portable battery-powered device that mediates interactions between RFID

readers and RFID tags The RFID Guardian leverages an on-board RFID reader combined with

novel tag emulation capabilities to audit and control RFID activity, thus enforcing conformance to

a centralized security policy The majority of RFID readers will not explicitly interact with the

RFID Guardian Eavesdropping and clever tag emulation tactics are necessary to glean

information from these readers However, a small group of RFID readers will have special

back-end SW installed, which provides them with an “awareness” of the Guardian.1 These RFID

readers tend to be in familiar locations (i.e., at home, at the office), and they are intentionally

granted more generous access permissions These RFID readers may explicitly cooperate with the

guardian, sending data containing authentication messages, context updates, or secret keys

Auditing

The RFID Guardian monitors RFID scans and tags in its vicinity, serving as a barometer of the

(unauthorized) RFID activity RFID auditing is a prerequisite for the enforcement of RFID

security policies, plus it furnishes individuals with both the awareness and proof needed to take

legal recourse against perpetrators of RFID abuse

Key Management

Modern RFID tags have a variety of security functionality, ranging from tag deactivation

commands, to password-protected memory, to industrial-grade cryptography These security

features often require the use of associated key values, which present logistical issues because the

keys must be acquired, stored, and available for use at appropriate times The RFID Guardian is

well suited to manage RFID tag keys due to its two-way RFID communications abilities Tag key

transfer could occur by eavesdropping on the RFID channel when a reader (for example, an RFID

tag “deactivation station”) issues a query containing the desired key information Additionally,

Tiêu đề	RFID Hacking
Trường học	EC-Council
Chuyên ngành	Information Security
Thể loại	lecture note

Định dạng
Số trang	54
Dung lượng	1,14 MB