RFID and ticketing application Who? C edric Lauradoux - - PowerPoint PPT Presentation

rfid and ticketing application
SMART_READER_LITE
LIVE PREVIEW

RFID and ticketing application Who? C edric Lauradoux - - PowerPoint PPT Presentation

Sep 15, 2022 835 likes •1.2k views

RFID and ticketing application Who? C edric Lauradoux EPL/INGI/GSI When? January 22, 2009 Outline RFID primer Technology Information leakage Malicious tracability Denial of service Relay attacks Ticketing primer

slide-1
SLIDE 1

RFID and ticketing application

Who?

C´ edric Lauradoux EPL/INGI/GSI

When?

January 22, 2009

slide-2
SLIDE 2

Outline

  • RFID primer

◮ Technology ◮ Information leakage ◮ Malicious tracability ◮ Denial of service ◮ Relay attacks

  • Ticketing primer

◮ Problem ◮ Attacks

  • when RFID meet ticketing. . .
slide-3
SLIDE 3

Radio Frequency IDentification

slide-4
SLIDE 4

Radio Frequency IDentification

The big Napoleon

asymmetric xor Distance yes no 1024 13.56Mhz 900Mhz 2.4Ghz Frequency 0.20$ 0.80$ 3$ Crypto Tamper resistance 124Khz meters EPC Gen 2 ISO 14443 Norms Memory Cost ISO 15963 symmetric centimeters 128

slide-5
SLIDE 5

Radio Frequency IDentification

Identification

Definition

The result of an identification protocol is the identity claimed by the queried RFID tag.

Alice the tag Bob the door Alice

Who are you ?

slide-6
SLIDE 6

Radio Frequency IDentification

Authentification

Definition

The result of an authentification protocol is the genuine identity

  • f a(the) participant(s).

Alice the tag Bob the door f (k, n1, Id) n1 (k, Id) (k, Id)

In brief: Authentification = Identity + Proof.

slide-7
SLIDE 7

Frequency band

  • 125–134 kHz (LF): Pet identification, livestock tracking. . .
  • 13.553–13.567 MHz (HF): Smartcards, libraries. . .
  • 860–960 MHz (UHF): Supply chain tracking. . .
  • 2.4000–2.4835 GHz (UHF): Highway toll, vehicle fleet. . .
slide-8
SLIDE 8

Norms

lost in translation ??

ISO Identification protocols:

10536 18046 24710 18185 17366 15418 24721 19789 15459 18047 14443 15963 11784 17367 17368 15693 11785 17365 19762 18000 15961

slide-9
SLIDE 9

Radio Frequency IDentification

Beijing Olympic Games

First event of this scale to use RFID:

  • 16 millions RFID tags used

(224) Tags usage:

  • ticket anti-counterfeiting system
  • food production and delivery monitoring
  • subway and hotels access control

Next event, the Universal Exhibition (Shanghai 2010):

  • 70 millions tickets

(226)

slide-10
SLIDE 10

Radio Frequency IDentification

Beijing Olympic Games

Tag technology:

  • 13.56 Mhz range 1-10cm;
  • ISO 14443B;
  • No cryptographic capabilities;
  • TMC products THR1064.

Reader technology:

  • CPLD centric (reconfigurable);
  • Software Defined Radio;
  • PDA interface.
slide-11
SLIDE 11

Tag

Memory RF−interface Collision Interface ALU Authen.

slide-12
SLIDE 12

RFID and security

  • Information leakage

Okay, you got us. . . crypto what ?

  • Malicious tracability

We don’t care !

  • Relay attacks

What the hell is that ?

  • Denial of service

. . . . . . ?

slide-13
SLIDE 13

Malicious traceability

Definition

An adversary should not be able to track the tag holder: impossibility to correlate the tag interactions with the context of the usage.

Alice the tag Bob the door Got you! f (k, n1, Id) n1 n1 f (k, n1, Id) (k, Id) (k, Id) f (k, n1, Id) n1

slide-14
SLIDE 14

Malicious traceability

Tag architecture

Memory RF−interface Collision Interface ALU

RNG f k Id

slide-15
SLIDE 15

Malicious traceability

slide-16
SLIDE 16

Malicious traceability

Data analysis in forensic

E c2 ∈ F2m, m ≤ n t1, p2, Id1 F2n E t1, p1, Id1 c1 ∈ F2m, m ≤ n

Choices for E:

  • plaintext, transposition

differential analysis

  • adaptative compression

??

  • strict avalanche criteria functions

??

  • cryptography

side-channel attacks

slide-17
SLIDE 17

Tonight word:

Definition

Anonymity – [. . . ] the term typically refers to a person, and

  • ften means that the personal identity, or personally identifiable

information of that person is not known. More strictly, and in reference to an arbitrary element [. . . ], within a well-defined set (called the ”anonymity set”), ”anonymity” of that element refers to the property of that element of not being identifiable within this set. If it is not identifiable, then the element is said to be ”anonymous”. WIKIPEDIA

Definition

Anonymity – we don’t put your data into the database. STIB, RATP. . .

slide-18
SLIDE 18

Relay attacks

Chess player problem

  • 1. d4
  • 1. d4
  • 1. .. Cf6
  • 1. .. Cf6

Rusé ce Jean−Pierre !

slide-19
SLIDE 19

Relay attacks

in RFID.

Bob the door Alice the tag Bob the door Alice the tag f (k, n1, Id) (k, Id) (k, Id) n1 n1 (k, Id) f (k, n1, Id) (k, Id)

slide-20
SLIDE 20

Relay attacks

Solution

Round Trip Time ?

Problem

  • BCET
  • WCET
  • σ ?
  • reception t2
  • ok if δt < σ

Verification (n1 ◦ t1)

F(n1 ◦ t1, k, Id)

  • f −1(n1 ◦ t1, k, Id)
slide-21
SLIDE 21

Relay attacks

More headaches !

  • Attacker model:

◮ freeze the time ◮ speed the time ◮ he is all-mighty !

  • On tag solutions:

◮ don’t dream no clock ! ◮ any computation is a potential noise for the result.

slide-22
SLIDE 22

Relay attacks

3 types of attacks

  • Mafia fraud: the basic attack.
  • Distance fraud: the prover cheats by sending early answer.
  • Terrorism fraud: the prover colludes with the attacker

without revealing its secret key. The solutions are the distance-bounding protocols.

slide-23
SLIDE 23

Denial of services

DoS is important in a competition context:

  • RF Jammer: secure spread spectrum;
  • Collision Jammer: improved algorithms;
  • ElectroMagnetic Pulse: no possible solution.

Almost unvoidable attacks:

  • Important to know your enemy;
  • Critical to know what can do your commpetitor to ternish

your reputation;

  • Fun.
slide-24
SLIDE 24

Ticketing applications

An access control problem

slide-25
SLIDE 25

Ticketing problem

The players Don’t want to know any complex stuffs The thief The customer The steward Responsible for the customers line Don’t like to wait (short line) Hold the ticket (don’t expect anything else) The owner Designer of the system A few constraints: money, time... Collusion with the thief to increase profit Unlimited evilness Collusion with the owner Smart: through time find always all the weaknesses

slide-26
SLIDE 26

Ticketing problem

The rules

?? check check collusion control collusion sell

Specific attacks on ticketing systems:

  • Counterfeit
  • ne for many;
  • Pass-back

a few for many;

  • Illegal multiple sales

many for many;

  • Black market

money for money.

slide-27
SLIDE 27

Counterfeit

sell 63 check 63 check 63 control counterfeit 63

slide-28
SLIDE 28

Counterfeit: ticket like bills ?

. . . or can we take advantage of money anti-counterfeiting system

Paper anti-counterfeiting system:

  • special paper;
  • special ink;
  • holography;

Hard to check !

slide-29
SLIDE 29

Pass-back

t1 t2 t3 t4

slide-30
SLIDE 30

Pass-Back

t1, t2, t3, t4

slide-31
SLIDE 31

Pass-back

t1 t2 t3 t4

slide-32
SLIDE 32

Pass-back

slide-33
SLIDE 33

Pass-back

Coupon

Disavantages:

  • one shot;
  • not resistant to collusion;
slide-34
SLIDE 34

Black market and illegal multiple sales

I am not Santa Claus !

slide-35
SLIDE 35

RFID and ticketing

I have a dream of an RFID ticketing solutions that is:

  • efficient;
  • secure;
  • cheap (no crypto on tag);
  • compatible;
  • simple (this is a dream);

I am free to forget:

  • privacy;
  • relay;
  • other complex stuffs;