portable rfid bumping device
play

Portable RFID Bumping Device Research Project 1 Introduction - PowerPoint PPT Presentation

Mar 01, 2024 •2.22k likes •2.56k views

Romke van Dijk & Loek Sangers Portable RFID Bumping Device Research Project 1 Introduction Radio-frequency identification Lot of applications Identification / tracking of goods Public transportation OV-chipkaart Access

  1. Romke van Dijk & Loek Sangers Portable RFID Bumping Device Research Project 1

  2. Introduction ¢ Radio-frequency identification ¢ Lot of applications £ Identification / tracking of goods £ Public transportation ˜ OV-chipkaart £ Access control ˜ Deloitte ˜ UvA Portable RFID Bumping Device, 2016 2 of 28

  3. Bumping vs Cloning ¢ Bumping £ Short interaction with the tag ¢ Cloning £ Gathering enough data to create a copy of the tag ¢ Bumping implies card / tag only attacks Portable RFID Bumping Device, 2016 3 of 28

  4. MIFARE Classic ¢ Multiple size (1K, 2K and 4K) ¢ Memory split into sectors £ Two keys: Key A and Key B ¢ Authentication + secure transmission £ Proprietary stream cipher (Crypto1) ¢ Error codes £ Parity correct or incorrect ¢ Weak pseudo random number generator £ Same “random” number every second Portable RFID Bumping Device, 2016 4 of 28

  5. MIFARE Classic EV1 ¢ Fixed weaknesses ¢ Weakness in cipher ¢ ”Hard” nested authentication attack Source: (Meijer et al., 2015) £ ¢ Requires offline calculation Portable RFID Bumping Device, 2016 5 of 28

  6. Research questions ¢ Is it possible to clone a RFID tag within five minutes with a mobile device? £ Maximal distance £ Amount of cards £ Attack vectors £ Attack time Portable RFID Bumping Device, 2016 6 of 28

  7. Proxmark3 ¢ Costs: $299,- ¢ Programmable radio-frequency reader ¢ Eavesdrop ¢ OpenSource Source: http://www.proxmark.org/ Portable RFID Bumping Device, 2016 7 of 28

  8. Antenna ¢ Costs: €5,- ¢ Simple USB Hirose cable ¢ Design by Proxmark community ¢ Range of 6-8 Portable RFID Bumping Device, 2016 8 of 28

  9. Maximal distance ¢ According to specifications -> 10cm ¢ In practice -> 3-5 cm ¢ Theoretical maximum -> 30 centimetres Source: (NXP, 2008) £ ¢ Practical maximum -> 27 centimetres Source: (Hancke et al., 2011) £ Portable RFID Bumping Device, 2016 9 of 28

  10. Setup bumping device Portable RFID Bumping Device, 2016 10 of 28

  11. Amount of cards ¢ Proxmark firmware: 1 Card ¢ Extended firmware: 3 Cards consistently ¢ Implemented Binary Tree Working Algorithm 1 0 0 1 Portable RFID Bumping Device, 2016 11 of 28

  12. Attack framework Get UIDS ”bump uids” Portable RFID Bumping Device, 2016 12 of 28

  13. Attack framework Get UIDS Check default ”bump uids” keys Portable RFID Bumping Device, 2016 13 of 28

  14. Attack framework Nested Get UIDS Check default Authentication ”bump uids” keys Attack SQLite DB SQLite DB Portable RFID Bumping Device, 2016 14 of 28

  15. Attack framework Hard nested All keys? authentication Get the data Get the data Attack Offline SQLite DB Nonces computation Portable RFID Bumping Device, 2016 15 of 28

  16. Attack vectors ¢ Experiment ¢ Random key A to sector n £ Repeated 100 times £ Amount of keys is increased ¢ Calculate the time per step Portable RFID Bumping Device, 2016 16 of 28

  17. Attack framework Nested Get UIDS Check default Authentication ”bump uids” keys Attack 2-3 seconds Portable RFID Bumping Device, 2016 17 of 28

  18. Attack framework Nested authentication attack success rate 19% Failed Successful 81% Portable RFID Bumping Device, 2016 18 of 28

  19. Attack vectors ¢ Nested authentication £ Total of 2006 random keys £ 1628 successfully recovered (81%) £ Timing issues Portable RFID Bumping Device, 2016 19 of 28

  20. Time per key 300 300 250 200 Time in seconds 150 ● 100 100 ● ● 50 ● ● 0 1 2 3 4 5 6 7 8 9 10 11 Number of keys Portable RFID Bumping Device, 2016 20 of 28

  21. Attack vectors ¢ Hard nested authentication £ Limit ”sum property” or 10.000 encrypted nonces £ Minimum: 49 seconds £ Maximum: ~3 minutes Portable RFID Bumping Device, 2016 21 of 28

  22. Leftover keyspace 2 25 2 26 2 27 2 28 2 29 2 30 2 31 2 32 2 33 2 34 2 35 2 36 2 37 2 38 2 39 2 40 2 41 2 42 2 43 Number of possible keys Portable RFID Bumping Device, 2016 22 of 28

  23. Attack vectors ¢ 2 36 -> within one hour (CPU) £ Blapost’s solver ¢ 2 48 (full space) with 5 nonces £ 14 hours (GPU). £ Estimated 36 minutes (Dedicated hardware (budget 20,000)) Source: (Ming-Yang Chih et al., 2010) Portable RFID Bumping Device, 2016 23 of 28

  24. Attack framework Hard nested All keys? authentication Get the data Get the data Attack Offline SQLite DB Nonces computation Portable RFID Bumping Device, 2016 24 of 28

  25. Demo ¢ Live Portable RFID Bumping Device, 2016 25 of 28

  26. Conclusion ¢ Able to clone MIFARE Classic 1K £ Mobile device £ Multiple cards £ With a range of 6-8 centimetres £ Small budget £ Within 5 minutes (<= 10 non default keys) Portable RFID Bumping Device, 2016 26 of 28

  27. Conclusion ¢ Able to clone MIFARE Classic 1K EV1 £ Within ~5 minutes (<=2 non default keys) £ Second interaction required Portable RFID Bumping Device, 2016 27 of 28

  28. Any questions? ¢ About? £ Maximal distance £ Amount of cards £ Attack framework £ Attack time Portable RFID Bumping Device, 2016 28 of 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

PC PORTABLE PC PORTABLE PC PORTABLE Introducing the PC Portable Lamp, one of a range of

PC PORTABLE PC PORTABLE PC PORTABLE Introducing the PC Portable Lamp, one of a range of

PC PORTABLE PC PORTABLE PC PORTABLE Introducing the PC Portable Lamp, one of a range of new light fjxtures based on Pierre Charpins original PC Task Light, a HAY classic. Like its predecessor, the PC Portable hides its engineering

271 views • 15 slides
The ACTAtek Device A Biometric RFID IoT Solution for Workforce Management and Physical

The ACTAtek Device A Biometric RFID IoT Solution for Workforce Management and Physical

The ACTAtek Device A Biometric RFID IoT Solution for Workforce Management and Physical Security Introduction And Context In 2016, a study by Kessler International found that eighty percent of workers admitted to at least some

508 views • 8 slides
Atlanta, USA 1. TSA worldwide RFID Trial History 2. ASTREC research effort in RFID 3. Inflight

Atlanta, USA 1. TSA worldwide RFID Trial History 2. ASTREC research effort in RFID 3. Inflight

March 2, 2014 Monte Jade's RFID Seminar Atlanta, USA 1. TSA worldwide RFID Trial History 2. ASTREC research effort in RFID 3. Inflight RFID 4. Current Airport RFID Deployments 5. Atlanta International Airport Activity with IATA RFID

912 views • 35 slides
PORTABLE DEVICE FOR DRILLING RESISTANCE TEST METHOD Alessio Benincasa, SINT Technology

PORTABLE DEVICE FOR DRILLING RESISTANCE TEST METHOD Alessio Benincasa, SINT Technology

PORTABLE DEVICE FOR DRILLING RESISTANCE TEST METHOD Alessio Benincasa, SINT Technology PRESENTATION CONTENTS Laboratory and on site tests The Drilling Resistance test method The DRMS: portable device for drilling resistance tests

622 views • 25 slides
IntelliSense RFID RFID PLATFORM WITH SENSORS INTEGRATION CAPABILITIES One Global Sensing

IntelliSense RFID RFID PLATFORM WITH SENSORS INTEGRATION CAPABILITIES One Global Sensing

IntelliSense RFID RFID PLATFORM WITH SENSORS INTEGRATION CAPABILITIES One Global Sensing Tag Oslo, 28 November 2007 IntelliSense RFID Workshop IntelliSense RFID RESEARCH PROJECT FOR TECHNOLOGY DEVELOPMENT WITHIN THE FIELDS OF RFID

788 views • 13 slides
The Art of RFID Exploitation Melanie Rieback FIRST 20 June, 2007 What is RFID? RFID = Radio

The Art of RFID Exploitation Melanie Rieback FIRST 20 June, 2007 What is RFID? RFID = Radio

The Art of RFID Exploitation Melanie Rieback FIRST 20 June, 2007 What is RFID? RFID = Radio Frequency Identification Modern RFID Applications VeriChips Subdermal RFID VeriChips Subdermal RFID VeriChips Subdermal RFID VeriChips

628 views • 29 slides
Project Plan RFID Mobile Device Tracking System The Capstone Experience Team Quicken Loans

Project Plan RFID Mobile Device Tracking System The Capstone Experience Team Quicken Loans

Project Plan RFID Mobile Device Tracking System The Capstone Experience Team Quicken Loans Keyur Patel Josh Rasor Jacob Riesser Department of Computer Science and Engineering Michigan State University Spring 2014 From Students to

573 views • 11 slides
Portable Watering Device Group 9 Chris Havekost | CpE Joan Henriquez | CpE Peter Nachtigal |

Portable Watering Device Group 9 Chris Havekost | CpE Joan Henriquez | CpE Peter Nachtigal |

Portable Watering Device Group 9 Chris Havekost | CpE Joan Henriquez | CpE Peter Nachtigal | EE Ronak Patel | CpE Project Motivation - Growing plants as a hobby - Learning from a bad personal experience - Finding the right solution

799 views • 45 slides
WIDE Project RFID/Auto-ID activities Yojiro UO Auto-ID Labs, JAPAN WIDE Project Auto-ID

WIDE Project RFID/Auto-ID activities Yojiro UO Auto-ID Labs, JAPAN WIDE Project Auto-ID

WIDE Project RFID/Auto-ID activities Yojiro UO Auto-ID Labs, JAPAN WIDE Project Auto-ID activities in WIDE Why are we working for RFID? RFID (radio frequency Identification) is a one of the key device to glue Real and Virtual space

820 views • 6 slides
Spark a portable device for harvesting excess cooking heat User Needs &amp; Background People in

Spark a portable device for harvesting excess cooking heat User Needs &amp; Background People in

Spark a portable device for harvesting excess cooking heat User Needs &amp; Background People in developing Phones provide access to countries with limited mobile banking, healthcare, electricity access need a way educational tools, and to

770 views • 9 slides
Portable Oxygen Generating Device Design Membrane and Pressure Swing Adsorption Technology

Portable Oxygen Generating Device Design Membrane and Pressure Swing Adsorption Technology

Portable Oxygen Generating Device Design Membrane and Pressure Swing Adsorption Technology Alternatives and Market Analysis Oxygen Design Group Adam Bortka TJ Chancellor Jon Demster Ashlee Ford Eli Kliewer Kara Shelden

1.7k views • 122 slides
Pocket Science Lab Powerful and Portable Mini Open Hardware Device for Open Science Mario

Pocket Science Lab Powerful and Portable Mini Open Hardware Device for Open Science Mario

Pocket Science Lab Powerful and Portable Mini Open Hardware Device for Open Science Mario Behling @mariobehling Asias Open Tech Organization Improving People's Lives Since 2009 Original SEELABLET First Open PSLab Version in Arduino Uno

781 views • 29 slides
with DRMS Cordless 1 DRMS: PORTABLE DEVICE FOR THE DRILLING RESISTANCE MEASUREMENT The Drilling

with DRMS Cordless 1 DRMS: PORTABLE DEVICE FOR THE DRILLING RESISTANCE MEASUREMENT The Drilling

Statistical analysis of mortars with DRMS Cordless 1 DRMS: PORTABLE DEVICE FOR THE DRILLING RESISTANCE MEASUREMENT The Drilling Resistance Measurement System (DRMS) is a tool for the determination of the mechanical properties of the materials

493 views • 13 slides
TrainTraxx.com HiveID RFID/NFC Solutions for Model Railroaders Presented by Carlton Brown &amp;

TrainTraxx.com HiveID RFID/NFC Solutions for Model Railroaders Presented by Carlton Brown &amp;

TrainTraxx.com HiveID RFID/NFC Solutions for Model Railroaders Presented by Carlton Brown &amp; Blaine McDonnell Using RFID for Model Railroad Operations What is RFID? How does RFID Work? RFID Frequencies and Type of Tags

853 views • 25 slides
DEVELOPMENT OF AN RFID SYSTEM FOR SPS-ALPHA 1 OBJECTIVES RFID Implementation: SPS-ALPHA

DEVELOPMENT OF AN RFID SYSTEM FOR SPS-ALPHA 1 OBJECTIVES RFID Implementation: SPS-ALPHA

DEVELOPMENT OF AN RFID SYSTEM FOR SPS-ALPHA 1 OBJECTIVES RFID Implementation: SPS-ALPHA Structure RFID Technology Applications in SPS-ALPHA architecture Part Identification Location Referencing 2 Why Space Solar No

241 views • 22 slides
RFID from Farm to Fork Piero Filippin p.filippin@wlv.ac.uk RFID from Farm to Fork Funded by

RFID from Farm to Fork Piero Filippin p.filippin@wlv.ac.uk RFID from Farm to Fork Funded by

RFID - From Farm to Fork Strengthening SME competitive advantage through RFID implementation RFID from Farm to Fork Piero Filippin p.filippin@wlv.ac.uk RFID from Farm to Fork Funded by the EU as part of the Competitiveness and Innovation

356 views • 9 slides
Linux Network Programming with P4 Linux Plumbers 2018 Fabian Ruffy, William Tu, Mihai Budiu

Linux Network Programming with P4 Linux Plumbers 2018 Fabian Ruffy, William Tu, Mihai Budiu

Linux Network Programming with P4 Linux Plumbers 2018 Fabian Ruffy, William Tu, Mihai Budiu VMware Inc. and University of British Columbia Outline Introduction to P4 XDP and the P4 Compiler Fabian Testing Example

730 views • 53 slides
4/2/2019 EOY LPACs Presentation for Teachers 1 4/2/2019 Composition of the LPAC The LPAC is

4/2/2019 EOY LPACs Presentation for Teachers 1 4/2/2019 Composition of the LPAC The LPAC is

4/2/2019 EOY LPACs Presentation for Teachers 1 4/2/2019 Composition of the LPAC The LPAC is composed of a: Elementary -Campus Administrator -Certified Bilingual Educator -LPAC Parent -Special Education Rep Secondary -Campus

582 views • 6 slides
Technology Coordinator Webinar Illinois State Board of Education January 31, 2018 Whole Child

Technology Coordinator Webinar Illinois State Board of Education January 31, 2018 Whole Child

Technology Coordinator Webinar Illinois State Board of Education January 31, 2018 Whole Child Whole School Whole Community PARCC 2018 Administration Window March 5, 2018 to April 20, 2018 Check with your District Test Coordinator

881 views • 32 slides
Responses of Microbial Communities to Increases in Nitrogen Loads in Salt Marshes Jennifer L.

Responses of Microbial Communities to Increases in Nitrogen Loads in Salt Marshes Jennifer L.

Responses of Microbial Communities to Increases in Nitrogen Loads in Salt Marshes Jennifer L. Bowen University of Massachusetts Boston ! Symposium on C/N Cycling and Ecosystem Valuation of Tidal Wetlands in the Northeast Waquoit Bay National

406 views • 8 slides
ALIGN SEO EFFORTS WITH TODAYS SEARCH Learn How to Perform Proper Keyword Research, Align Them

ALIGN SEO EFFORTS WITH TODAYS SEARCH Learn How to Perform Proper Keyword Research, Align Them

ALIGN SEO EFFORTS WITH TODAYS SEARCH Learn How to Perform Proper Keyword Research, Align Them to Personas and the Buyers Journey, Then Map Them to Content 1. Ask the Right Questions 2. Gather Your Data 3. Create a Strategy &amp; Plan

1.42k views • 42 slides
Wines Chardonnay, Santa Lucia Highlands Chardonnay, Estate, Santa Lucia Highlands Pinot Noir,

Wines Chardonnay, Santa Lucia Highlands Chardonnay, Estate, Santa Lucia Highlands Pinot Noir,

Wines Chardonnay, Santa Lucia Highlands Chardonnay, Estate, Santa Lucia Highlands Pinot Noir, Santa Lucia Highlands Pinot Noir, Estate, Santa Lucia Highlands Merlot, Kimberly, Arroyo Seco McIntyre - One of Californias Great Producers of

653 views • 5 slides
Workshop : swissbib for the short distance runner Gnter Hipler, system architect, project

Workshop : swissbib for the short distance runner Gnter Hipler, system architect, project

Bibliothq ue de l'EPFL Workshop : swissbib for the short distance runner Gnter Hipler, system architect, project swissbib University Library, Basel 1 10 octobre 2013 Bibliothq ue de l'EPFL Outline Part I Dusty theory

714 views • 20 slides
CONCUR: BOOKING WITH THE TRAVEL TEAM - Stephen Russell Business Development Manager

CONCUR: BOOKING WITH THE TRAVEL TEAM - Stephen Russell Business Development Manager

CONCUR: BOOKING WITH THE TRAVEL TEAM - Stephen Russell Business Development Manager Stephanie Petrie Systems Support Manager 1 AGENDA: Benefits of Booking with Concur &amp; TTT For UB/Organizational - For Users &amp; Admins

282 views • 15 slides

More recommend