Bart Kosciarz Radio-frequency iden0fica0on: the use of radio waves - - PowerPoint PPT Presentation

bart kosciarz radio frequency iden0fica0on the use of
SMART_READER_LITE
LIVE PREVIEW

Bart Kosciarz Radio-frequency iden0fica0on: the use of radio waves - - PowerPoint PPT Presentation

Mar 05, 2023 96 likes •242 views

Starbug and Henryk Pltz Karsten Nohl and David Evans Chaos Computer Club University of Virginia USENIX 2008 Bart Kosciarz Radio-frequency iden0fica0on: the use of radio waves to read and capture informaJon stored on a tag(usually aLached

slide-1
SLIDE 1

Bart Kosciarz

Karsten Nohl and David Evans University of Virginia Starbug and Henryk Plötz Chaos Computer Club USENIX 2008

slide-2
SLIDE 2

Radio-frequency iden0fica0on: the use of radio waves to read and capture informaJon stored on a tag(usually aLached to an item)

slide-3
SLIDE 3

Used in: Access control systems Tickets for public transport Cipher: stream cipher with 48-bit symmetric keys Cheap: Sells for .5 Euro in small quanJJes Small: 400 2-NAND Gate equivalents 128-bit AES is 3400

slide-4
SLIDE 4

Il faut qu’il n’exige pas le secret, et qu’il puisse sans inconvénient tomber entre les mains de l’ennemi.

A cryptosystem should be secure even if everything about the system is publicly known(except the key!)

slide-5
SLIDE 5
  • Black box analysis: Lorenz Cipher & DST

cipher

  • So]ware disassembly: A 5/1, A 5/2 &

Hitag2 and Keeloq And now….

  • Silicon ImplementaJon: MIFARE Classic
slide-6
SLIDE 6

Use acetone to dissolve plasJc of the card Polish thin layers of the chip and limit JlJng Use microscope to image 6 layers (and account for the Jlt) Build a library of the logic gates and create templates

slide-7
SLIDE 7

Use MATLAB image processing for template matching

slide-8
SLIDE 8

Can find the cipher implementaJon by finding a 48-bit register and XOR gates Random Number Generator has output but no input Finish reverse engineering the cipher by looking to the protocol layer communicaJon

slide-9
SLIDE 9

OpenPCD RFID reader is open source and has an ARM micro-controller Test if secret key and tag ID are shi]ed in sequenJally The info from this + results from hardware analysis = Crypto-1 stream cipher

slide-10
SLIDE 10

RNG is generated by a 16-bit LFSR IniJalized to a constant Can predict future random numbers by examining when previous number occur

slide-11
SLIDE 11

Key space is small (48-bit) Can brute force in 50 minutes with 64 FPGAs Since random numbers are controllable and the session key + ID result in only one possible secret key, we can computer a codebook for a single ID that works for all other IDs

slide-12
SLIDE 12

Don’t need a RNG: Memory cells begin in a “random” state. Start cipher in this state and evolve with the feedback loop. Use the area saved for a longer key (48+16=64-bit) Introduce non-linearity to protect against staJsJcal aLacks

slide-13
SLIDE 13

Key contribuJons of this paper? CriJcisms/LimitaJons of the paper? Is there a place for secret ciphers? How feasible are reverse engineering aLacks like this as chips conJnue to shrink?