Portable RFID Bumping Device Research Project 1 Introduction - - PowerPoint PPT Presentation

▶

Mar 01, 2024 2.22k likes •2.57k views

Romke van Dijk & Loek Sangers Portable RFID Bumping Device Research Project 1 Introduction Radio-frequency identification Lot of applications Identification / tracking of goods Public transportation OV-chipkaart Access

SLIDE 1

Portable RFID Bumping Device

Research Project 1

Romke van Dijk & Loek Sangers

SLIDE 2

Portable RFID Bumping Device, 2016

Introduction

¢ Radio-frequency identification ¢ Lot of applications £ Identification / tracking of goods £ Public transportation OV-chipkaart £ Access control Deloitte UvA

2 of 28

SLIDE 3

Portable RFID Bumping Device, 2016

Bumping vs Cloning

¢ Bumping £ Short interaction with the tag ¢ Cloning £ Gathering enough data to create a copy of

the tag

¢ Bumping implies card / tag only attacks

3 of 28

SLIDE 4

Portable RFID Bumping Device, 2016

MIFARE Classic

¢ Multiple size (1K, 2K and 4K) ¢ Memory split into sectors £ Two keys: Key A and Key B ¢ Authentication + secure transmission £ Proprietary stream cipher (Crypto1) ¢ Error codes £ Parity correct or incorrect ¢ Weak pseudo random number generator £ Same “random” number every second

4 of 28

SLIDE 5

MIFARE Classic EV1

¢ Fixed weaknesses ¢ Weakness in cipher ¢ ”Hard” nested authentication attack

Source: (Meijer et al., 2015)

¢ Requires offline calculation

Portable RFID Bumping Device, 2016 5 of 28

SLIDE 6

Research questions

¢ Is it possible to clone a RFID tag within five

minutes with a mobile device?

£ Maximal distance £ Amount of cards £ Attack vectors £ Attack time

Portable RFID Bumping Device, 2016 6 of 28

SLIDE 7

Proxmark3

¢ Costs: $299,- ¢ Programmable

radio-frequency reader

¢ Eavesdrop ¢ OpenSource

Portable RFID Bumping Device, 2016

Source: http://www.proxmark.org/

7 of 28

SLIDE 8

Antenna

¢ Costs: €5,- ¢ Simple USB Hirose

cable

¢ Design by Proxmark

community

¢ Range of 6-8

Portable RFID Bumping Device, 2016 8 of 28

SLIDE 9

Portable RFID Bumping Device, 2016

Maximal distance

¢ According to specifications -> 10cm ¢ In practice -> 3-5 cm ¢ Theoretical maximum -> 30 centimetres

Source: (NXP, 2008)

¢ Practical maximum -> 27 centimetres

Source: (Hancke et al., 2011)

9 of 28

SLIDE 10

Setup bumping device

Portable RFID Bumping Device, 2016 10 of 28

SLIDE 11

Amount of cards

¢ Proxmark firmware: 1 Card ¢ Extended firmware: 3 Cards consistently ¢ Implemented Binary Tree Working Algorithm

Portable RFID Bumping Device, 2016

1 1

11 of 28

SLIDE 12

Attack framework

Portable RFID Bumping Device, 2016

Get UIDS ”bump uids”

12 of 28

SLIDE 13

Attack framework

Portable RFID Bumping Device, 2016

Get UIDS ”bump uids” Check default keys

13 of 28

SLIDE 14

Attack framework

Portable RFID Bumping Device, 2016

Get UIDS ”bump uids” Check default keys Nested Authentication Attack SQLite DB SQLite DB

14 of 28

SLIDE 15

Attack framework

Portable RFID Bumping Device, 2016

All keys? Get the data Hard nested authentication Attack Nonces Offline computation SQLite DB Get the data

15 of 28

SLIDE 16

Attack vectors

¢ Experiment ¢ Random key A to sector n £ Repeated 100 times £ Amount of keys is increased ¢ Calculate the time per step

Portable RFID Bumping Device, 2016 16 of 28

SLIDE 17

Attack framework

Portable RFID Bumping Device, 2016

Get UIDS ”bump uids” Check default keys Nested Authentication Attack 2-3 seconds

17 of 28

SLIDE 18

Attack framework

Portable RFID Bumping Device, 2016

19% 81%

Nested authentication attack success rate

Failed Successful

18 of 28

SLIDE 19

Attack vectors

¢ Nested authentication £ Total of 2006 random keys £ 1628 successfully recovered (81%) £ Timing issues

Portable RFID Bumping Device, 2016 19 of 28

SLIDE 20

Portable RFID Bumping Device, 2016

4 6 8 10 50 100 150 200 250 300

Time per key

Number of keys Time in seconds 1 3 5 7 9 11 100 300

20 of 28

SLIDE 21

Attack vectors

¢ Hard nested authentication £ Limit ”sum property” or 10.000 encrypted

nonces

£ Minimum: 49 seconds £ Maximum: ~3 minutes

Portable RFID Bumping Device, 2016 21 of 28

SLIDE 22

Number of possible keys 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243

Portable RFID Bumping Device, 2016

Leftover keyspace

22 of 28

SLIDE 23

Attack vectors

¢ 236 -> within one hour (CPU) £ Blapost’s solver ¢ 248 (full space) with 5 nonces £ 14 hours (GPU). £ Estimated 36 minutes (Dedicated hardware

(budget 20,000)) Source: (Ming-Yang Chih et al., 2010)

Portable RFID Bumping Device, 2016 23 of 28

SLIDE 24

Attack framework

Portable RFID Bumping Device, 2016

All keys? Get the data Hard nested authentication Attack Nonces Offline computation SQLite DB Get the data

24 of 28

SLIDE 25

Demo

¢ Live

Portable RFID Bumping Device, 2016 25 of 28

SLIDE 26

Conclusion

¢ Able to clone MIFARE Classic 1K £ Mobile device £ Multiple cards £ With a range of 6-8 centimetres £ Small budget £ Within 5 minutes (<= 10 non default keys)

Portable RFID Bumping Device, 2016 26 of 28

SLIDE 27

Conclusion

¢ Able to clone MIFARE Classic 1K EV1 £ Within ~5 minutes (<=2 non default keys) £ Second interaction required

Portable RFID Bumping Device, 2016 27 of 28

SLIDE 28

Any questions?

¢ About? £ Maximal distance £ Amount of cards £ Attack framework £ Attack time

Portable RFID Bumping Device, 2016 28 of 28