bart kosciarz radio frequency iden0fica0on the use of
play

Bart Kosciarz Radio-frequency iden0fica0on: the use of radio waves - PowerPoint PPT Presentation

Mar 05, 2023 •96 likes •241 views

Starbug and Henryk Pltz Karsten Nohl and David Evans Chaos Computer Club University of Virginia USENIX 2008 Bart Kosciarz Radio-frequency iden0fica0on: the use of radio waves to read and capture informaJon stored on a tag(usually aLached

  1. Starbug and Henryk Plötz Karsten Nohl and David Evans Chaos Computer Club University of Virginia USENIX 2008 Bart Kosciarz

  2. Radio-frequency iden0fica0on: the use of radio waves to read and capture informaJon stored on a tag(usually aLached to an item)

  3. Used in: Access control systems Tickets for public transport Cipher: stream cipher with 48-bit symmetric keys Cheap: Sells for .5 Euro in small quanJJes Small: 400 2-NAND Gate equivalents 128-bit AES is 3400

  4. Il faut qu’il n’exige pas le secret, et qu’il puisse sans inconvénient tomber entre les mains de l’ennemi. A cryptosystem should be secure even if everything about the system is publicly known(except the key!)

  5. • Black box analysis: Lorenz Cipher & DST cipher • So]ware disassembly: A 5/1, A 5/2 & Hitag2 and Keeloq And now…. • Silicon ImplementaJon: MIFARE Classic

  6. Use acetone to dissolve plasJc of the card Polish thin layers of the chip and limit JlJng Use microscope to image 6 layers (and account for the Jlt) Build a library of the logic gates and create templates

  7. Use MATLAB image processing for template matching

  8. Can find the cipher implementaJon by finding a 48-bit register and XOR gates Random Number Generator has output but no input Finish reverse engineering the cipher by looking to the protocol layer communicaJon

  9. OpenPCD RFID reader is open source and has an ARM micro-controller Test if secret key and tag ID are shi]ed in sequenJally The info from this + results from hardware analysis = Crypto-1 stream cipher

  10. RNG is generated by a 16-bit LFSR IniJalized to a constant Can predict future random numbers by examining when previous number occur

  11. Key space is small (48-bit) Can brute force in 50 minutes with 64 FPGAs Since random numbers are controllable and the session key + ID result in only one possible secret key, we can computer a codebook for a single ID that works for all other IDs

  12. Don’t need a RNG: Memory cells begin in a “random” state. Start cipher in this state and evolve with the feedback loop. Use the area saved for a longer key (48+16=64-bit) Introduce non-linearity to protect against staJsJcal aLacks

  13. Key contribuJons of this paper? CriJcisms/LimitaJons of the paper? Is there a place for secret ciphers? How feasible are reverse engineering aLacks like this as chips conJnue to shrink?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Radio Frequency Heating Innovating Oil Extraction with Radio Frequency Heating June 18, 2019 1

Radio Frequency Heating Innovating Oil Extraction with Radio Frequency Heating June 18, 2019 1

w w w . a c c e l e w a r e . c o m Radio Frequency Heating Innovating Oil Extraction with Radio Frequency Heating June 18, 2019 1 Acceleware: Innovating Heavy Oil and Bitumen Extraction I Forward Looking Statements & Advisory Certain

278 views • 15 slides
Radio Frequency Heating Innovating Oil Extraction with Radio Frequency Heating June 18, 2019 1

Radio Frequency Heating Innovating Oil Extraction with Radio Frequency Heating June 18, 2019 1

w w w . a c c e l e w a r e . c o m Radio Frequency Heating Innovating Oil Extraction with Radio Frequency Heating June 18, 2019 1 Acceleware: Innovating Heavy Oil and Bitumen Extraction I Forward Looking Statements & Advisory Certain

337 views • 14 slides
Low frequency observation of cosmic-ray air-shower radio emission by EXTASIS Antony Escudie et.

Low frequency observation of cosmic-ray air-shower radio emission by EXTASIS Antony Escudie et.

Low frequency observation of cosmic-ray air-shower radio emission by EXTASIS Antony Escudie et. al Subatech IMTA / CNRS / Universit de Nantes 18/07/2017 - CRI102 What ? Low frequency detection What ? Low frequency detection Radio

497 views • 26 slides
Superconducting Nb Radio Frequency Cavities for Particle Acceleration Superconducting Nb Radio

Superconducting Nb Radio Frequency Cavities for Particle Acceleration Superconducting Nb Radio

Superconducting Nb Radio Frequency Cavities for Particle Acceleration Superconducting Nb Radio Frequency Cavities for Particle Acceleration Nb Sample Thermometer Sapphire Rod Heater

295 views • 6 slides
Radio Leads Frequency is key Takes time to build High quality seller leads 95%

Radio Leads Frequency is key Takes time to build High quality seller leads 95%

Radio Leads Frequency is key Takes time to build High quality seller leads 95% conversion rate Radio RESULTS $15,000 radio budget per month $45,000 radio GCI per month 13 closings per month 3-to-1 ROI (return on

901 views • 33 slides
Airborne Radio Frequency Interference Studies at C-band Using a Digital Receiver IGARSS 2004:

Airborne Radio Frequency Interference Studies at C-band Using a Digital Receiver IGARSS 2004:

Airborne Radio Frequency Interference Studies at C-band Using a Digital Receiver IGARSS 2004: Frequency Allocations for Remote Sensing Joel T. Johnson, A. J. Gasiewski*, G. A. Hampson, S. W. Ellingson+, R. Krishnamachari, M. Klein* Department

195 views • 18 slides
RADIO FREQUENCY SPECTRUM ISSUES RELATING TO SMALL RADIO FREQUENCY SPECTRUM ISSUES SATELLITES

RADIO FREQUENCY SPECTRUM ISSUES RELATING TO SMALL RADIO FREQUENCY SPECTRUM ISSUES SATELLITES

RADIO FREQUENCY SPECTRUM ISSUES RELATING TO SMALL RADIO FREQUENCY SPECTRUM ISSUES SATELLITES RELATING TO SMALL SATELLITES Linden Petzer Linden Petzer 13 December 2017 13 December 2017 What is a Small Satellite? 1kg? RADIO FREQUENCY

287 views • 15 slides
121.03.04 - Low Level Radio Frequency SC1 - Accelerator Systems In partnership with: Brian

121.03.04 - Low Level Radio Frequency SC1 - Accelerator Systems In partnership with: Brian

121.03.04 - Low Level Radio Frequency SC1 - Accelerator Systems In partnership with: Brian Chase India/DAE Italy/INFN PIP-II IPR UK/STFC 4-6 December 2018 France/CEA/Irfu, CNRS/IN2P3 Outline Scope/Deliverables (Including In-Kind

687 views • 23 slides
Gigahertz Electromagnetic Structures via Direct Ink Writing Radio-Frequency Oscillator and

Gigahertz Electromagnetic Structures via Direct Ink Writing Radio-Frequency Oscillator and

Gigahertz Electromagnetic Structures via Direct Ink Writing Radio-Frequency Oscillator and Transmitter Applications Chengye Liu Inductors and Capacitors B B C. Liu et al., Advanced Material (2017) Coplanar Strip (CPS) Standing Wave Resonator

359 views • 11 slides
Radio-frequency and mm-wave sources accelera&ng cavity

Radio-frequency and mm-wave sources accelera&ng cavity

Radio-frequency and mm-wave sources accelera&ng cavity needs to be excited by radiofrequency ](RF) or mm waves. RF are typically

325 views • 17 slides
Amateur Radio Non-Commercial, two-way radio hobby and service Hobby: we do it for fun

Amateur Radio Non-Commercial, two-way radio hobby and service Hobby: we do it for fun

Amateur Radio Non-Commercial, two-way radio hobby and service Hobby: we do it for fun Service: Licensed by the FCC Emergency and community service 1 November 12 The Fun Part World-wide High Frequency Comm. Local

755 views • 52 slides
Identifying Storms in Noisy Radio Frequency Data via Satellite: an Application of Density

Identifying Storms in Noisy Radio Frequency Data via Satellite: an Application of Density

Identifying Storms in Noisy Radio Frequency Data via Satellite: an Application of Density Estimation and Cluster Analysis Tom Burr, Angela Mielke Safeguards Systems Group Los Alamos National Laboratory Abram Jacobson Space and Atmospheric

213 views • 18 slides
Radio Frequency Identification (RFID) Implementation Efforts at Four Firms: Integrating Lessons

Radio Frequency Identification (RFID) Implementation Efforts at Four Firms: Integrating Lessons

Radio Frequency Identification (RFID) Implementation Efforts at Four Firms: Integrating Lessons Learned and RFID-specific Survey Pedro M. Reyes Alfred P. Sloan Foundation Industry Studies, 2007 Background Literature review

326 views • 28 slides
Radio Frequency Exposure Risk Assessment and Communication: Critique of ARPANSA TR-164 Report : Do

Radio Frequency Exposure Risk Assessment and Communication: Critique of ARPANSA TR-164 Report : Do

Radio Frequency Exposure Risk Assessment and Communication: Critique of ARPANSA TR-164 Report : Do We Have a Problem? Radiation Protection of Australia, 2017. 34(2): p. 9-18.Leach, V.A. and S. Weller SOURCE:

469 views • 18 slides
A New Approach to Ultrasound Guided Radio-Frequency Needle Placement Claudio Alcrreca, Jakob

A New Approach to Ultrasound Guided Radio-Frequency Needle Placement Claudio Alcrreca, Jakob

Chair for Computer Aided Medical Procedures & Augmented Reality | wwwnavab.cs.tum.edu A New Approach to Ultrasound Guided Radio-Frequency Needle Placement Claudio Alcrreca, Jakob Vogel , Marco Feuerstein, and Nassir Navab March 26,

342 views • 19 slides
PE Amateur Radio Society Crossbanding - applications, considerations and cautions

PE Amateur Radio Society Crossbanding - applications, considerations and cautions

PE Amateur Radio Society Crossbanding - applications, considerations and cautions Christopher Scarr, ZS2AAW 16 January 2018 1 PE Amateur Radio Society Simplex radio communications: Single frequency for TX and RX radios

585 views • 25 slides
r . ,", 3 - - , . Teritary Antibody r secondary antibody li~j..ng~P;;~xidase di 1 utions

r . ,", 3 - - , . Teritary Antibody r secondary antibody li~j..ng~P;;~xidase di 1 utions

albumini~edl/lO i v e r CIHRT Exhibit P-2156 Page 1 y G u l l 7 : T e r r g e 2 5 s o u r c e 14 P a a l t h - o l u m e r n H e V E a s t e Day I s : S l i d e Prepare H d e . Cut

237 views • 3 slides
From laboratory to industrial scale scale-up calculations of chemical processes for LCA Fabiano

From laboratory to industrial scale scale-up calculations of chemical processes for LCA Fabiano

From laboratory to industrial scale scale-up calculations of chemical processes for LCA Fabiano Piccinno 1,2 Roland Hischier 1 , Stefan Seeger 2 , Claudia Som 1 1 Empa, Technology and Society Lab, St. Gallen, Switzerland 2 University of Zurich,

367 views • 23 slides
Binary liquid mixture of EmimBF 4 and methoxyethanol Binary liquid mixture excess molar volume

Binary liquid mixture of EmimBF 4 and methoxyethanol Binary liquid mixture excess molar volume

Binary liquid mixture of EmimBF 4 and methoxyethanol Binary liquid mixture excess molar volume (mL/mol) T=298 K P = 1 bar * + ( 1 x 1 ) V 2 * + x 1 ( 1 x 1 )( c + d x 1 ) V m = x 1 V 1 1 / 28 2 / 28 source: M. S. Reddy, et al .,

197 views • 4 slides
Birck Nanotechnology Center BNC 202: Solvent Cleaning Course Overview Why clean? What is

Birck Nanotechnology Center BNC 202: Solvent Cleaning Course Overview Why clean? What is

Birck Nanotechnology Center BNC 202: Solvent Cleaning Course Overview Why clean? What is clean? Chemical / particle contamination Sample handling Quick Review Acid vs Solvent Hood Required PPE Birck Supply

561 views • 21 slides
Nebraska Hazardous Waste Regulations for Solvent-Contaminated Wipes NDEQ Waste Division Initial

Nebraska Hazardous Waste Regulations for Solvent-Contaminated Wipes NDEQ Waste Division Initial

Proposed Amendments to Title 128 Nebraska Hazardous Waste Regulations for Solvent-Contaminated Wipes NDEQ Waste Division Initial Outreach Meeting, Lincoln NE June 4, 2014 Solvent Wipes Public Outreach What? When? 1 st Outreach Meeting to

432 views • 10 slides
An Acta E from Hell Jim Simpson Title: 1,3-bis(iodomethyl) benzene a re-determination.

An Acta E from Hell Jim Simpson Title: 1,3-bis(iodomethyl) benzene a re-determination.

An Acta E from Hell Jim Simpson Title: 1,3-bis(iodomethyl) benzene a re-determination. Seemingly no very obvious problems here the fact that the paper reports a re-determination and/or other unusual features e.g. powder or synchrotron

588 views • 27 slides
344 Organic Chemistry Laboratory Chemical and Laboratory Safety Chapter 1 in 344 lab manual

344 Organic Chemistry Laboratory Chemical and Laboratory Safety Chapter 1 in 344 lab manual

344 Organic Chemistry Laboratory Chemical and Laboratory Safety Chapter 1 in 344 lab manual MUST READ Pre-lab Discussion Session - Ask questions - Come prepared - Pre-lab questions/table completed Pre-lab ReagentTable PAGE 2-3 IN LAB MANUAL M

780 views • 30 slides
Yield10 Bioscience Platform: Technologies for Increasing Seed Yield and Oil Content in Oilseeds

Yield10 Bioscience Platform: Technologies for Increasing Seed Yield and Oil Content in Oilseeds

Yield10 Bioscience Platform: Technologies for Increasing Seed Yield and Oil Content in Oilseeds Megh ghna M Malik, P PhD, T Team L Leader er Metabolix Oilseeds, the Canadian subsidiary of Yield10 Bioscience Today Sept. 10, 2018 Safe fe

409 views • 16 slides

More recommend