secure recharge of disposable rfid tickets
play

Secure recharge of disposable RFID tickets Riccardo Focardi - PowerPoint PPT Presentation

Sep 05, 2023 •208 likes •558 views

Secure recharge of disposable RFID tickets Riccardo Focardi Flaminia Luccio Universit` a Ca Foscari, Venezia { focardi,luccio } @unive.it FAST 2011 15-16 September 2011, Leuven FAST 2011 () Secure recharge of disposable RFID tickets

  1. Secure recharge of disposable RFID tickets Riccardo Focardi Flaminia Luccio Universit` a Ca’ Foscari, Venezia { focardi,luccio } @unive.it FAST 2011 15-16 September 2011, Leuven FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 1 / 17

  2. Outline Introduction 1 RFID Tickets Mifare Ultralight 2 Security mechanisms Attacks 3 Cloning/restoring a card Lesson learned A new API 4 Type-based analysis Conclusion and related work 5 FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 2 / 17

  3. Introduction RFID technology Radio Frequency IDentification (RFID) is more an more used transportation and logistics 1 hospitals 2 inventory 3 passports 4 ski resorts 5 race timing 6 animal identification 7 human implant (!?) 8 ... 9 FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 3 / 17

  4. Introduction RFID technology Radio Frequency IDentification (RFID) is more an more used transportation and logistics 1 hospitals 2 inventory 3 passports 4 ski resorts 5 race timing 6 animal identification 7 human implant (!?) 8 ... 9 FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 3 / 17

  5. Introduction RFID Tickets RFID tickets RFID cards for public transportation disposable cards chip-on-paper, very cheap 1 one or more tickets of the same kind 2 non-rechargeable 3 minimal security mechanisms 4 personal cards plastic, credit-card like cards 1 tickets or different contracts on the same card 2 rechargeable 3 strong authentication mechanisms 4 FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 4 / 17

  6. Introduction RFID Tickets How do they work? ISO/IEC 14443: very popular HF (13.56 MHz) standard for ‘proximity cards’ used for identification proximity cards and proximity coupling device, i.e., the reader initialization and anticollision: the reader talks with exactly one card if more are in the field card API: the card implements a set of functions that can be invoked by the reader secure module: the reader may have a Security Access Module (SAM) to perform cryptographic operations and authentication security mechanisms: are specific for a certain card (and its API) FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 5 / 17

  7. Mifare Ultralight Mifare Ultralight cards (a) Memory organization Byte number → 0 1 2 3 Page ID ID0 ID1 ID2 Check1 0 ID ID3 ID4 ID5 ID6 1 Check/Lock Check2 Internal Lock0 Lock1 2 OTP OTP OTP OTP OTP 3 Data R/W R/W R/W R/W 4 Data R/W R/W R/W R/W 5 Data R/W R/W R/W R/W ... Data R/W R/W R/W R/W 15 (b) Lock bytes Lock0 and Lock1 Lock0 L 7 L 6 L 5 L 4 L 3 BL 1 BL 2 BL OTP Lock1 L 15 L 14 L 13 L 12 L 11 L 10 L 9 L 8 FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 6 / 17

  8. Mifare Ultralight Security mechanisms Security mechanisms very simple API: read/write of pages with some limitations: unique ID: read-only, included in encryptions or MACs to avoid card 1 cloning OTP: One Time Programmable, monotone, prevents ticket reuse 2 lock bytes: for read-only time-based contracts, e.g. skipass 3 block locking bits: prevent locking of pages that need to be modified, 4 e.g., the OTP no security API: security is built on top of the above mechanisms ⇒ security flaws found in real application, e.g., the OV-chipkaart in Amsterdam and Rotterdam. FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 7 / 17

  9. Attacks Cloning/restoring a card Example (Card cloning) read(4 : 7); Sample (flawed) code for if ( MAC K ( p 4 , p 6 ) = p 7 ) then consuming n tickets from a p 4 := p 4 − n ; p 5 := BUS ID (); card p 6 := TIMESTAMP (); p 7 := MAC K ( p 4 , p 6 ); write(4 : 7); 0, 1 Id 2 Lock 3 Otp 4 R 5 D 1 6 D 2 7 MAC K (R , D 2 ) FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 8 / 17

  10. Attacks Cloning/restoring a card Example (Card cloning) read(4 : 7); Sample (flawed) code for if ( MAC K ( p 4 , p 6 ) = p 7 ) then consuming n tickets from a p 4 := p 4 − n ; p 5 := BUS ID (); card p 6 := TIMESTAMP (); p 7 := MAC K ( p 4 , p 6 ); write(4 : 7); Id ′ 0, 1 Id 0, 1 2 Lock 2 3 Otp 3 4 R 4 5 D 1 5 6 D 2 6 7 MAC K (R , D 2 ) 7 FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 8 / 17

  11. Attacks Cloning/restoring a card Example (Card cloning) read(4 : 7); Sample (flawed) code for if ( MAC K ( p 4 , p 6 ) = p 7 ) then consuming n tickets from a p 4 := p 4 − n ; p 5 := BUS ID (); card p 6 := TIMESTAMP (); p 7 := MAC K ( p 4 , p 6 ); write(4 : 7); Id ′ 0, 1 Id 0, 1 2 Lock 2 3 Otp 3 COPY 4 R = ⇒ 4 R 5 D 1 5 6 D 2 6 D 2 7 MAC K (R , D 2 ) 7 MAC K (R , D 2 ) FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 8 / 17

  12. Attacks Cloning/restoring a card Example (double-use) read(0 : 7); if ( MAC K ( p 0 , p 1 , p 4 , p 6 ) = p 7 ) then Including the Id in the MAC p 4 := p 4 − n ; prevents cloning p 5 := BUS ID (); p 6 := TIMESTAMP (); p 7 := MAC K ( p 0 , p 1 , p 4 , p 6 ); write(4 : 7) 0, 1 Id 2 Lock 3 Otp 4 R 5 D 1 6 D 2 7 MAC K (Id , R , D 2 ) FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 9 / 17

  13. Attacks Cloning/restoring a card Example (double-use) read(0 : 7); if ( MAC K ( p 0 , p 1 , p 4 , p 6 ) = p 7 ) then Including the Id in the MAC p 4 := p 4 − n ; prevents cloning p 5 := BUS ID (); p 6 := TIMESTAMP (); p 7 := MAC K ( p 0 , p 1 , p 4 , p 6 ); write(4 : 7) 0, 1 Id 2 Lock COPY = ⇒ 3 Otp R , D 2 , MAC K (Id , R , D 2 ) 4 R 5 D 1 6 D 2 7 MAC K (Id , R , D 2 ) FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 9 / 17

  14. Attacks Cloning/restoring a card Example (double-use) read(0 : 7); if ( MAC K ( p 0 , p 1 , p 4 , p 6 ) = p 7 ) then Including the Id in the MAC p 4 := p 4 − n ; prevents cloning p 5 := BUS ID (); p 6 := TIMESTAMP (); p 7 := MAC K ( p 0 , p 1 , p 4 , p 6 ); write(4 : 7) 0, 1 Id 2 Lock COPY = ⇒ 3 Otp use tickets R , D 2 , MAC K (Id , R , D 2 ) 4 R − n D ′ 5 1 D ′ 6 2 MAC K (Id , R − n , D ′ 7 2 ) FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 9 / 17

  15. Attacks Cloning/restoring a card Example (double-use) read(0 : 7); if ( MAC K ( p 0 , p 1 , p 4 , p 6 ) = p 7 ) then Including the Id in the MAC p 4 := p 4 − n ; prevents cloning p 5 := BUS ID (); p 6 := TIMESTAMP (); p 7 := MAC K ( p 0 , p 1 , p 4 , p 6 ); write(4 : 7) 0, 1 Id 2 Lock COPY = ⇒ 3 Otp use tickets R , D 2 , MAC K (Id , R , D 2 ) 4 R 5 D 1 RESTORE ⇐ = reuse the card arbitrarily D ′ 6 2 7 MAC K (Id , R , D 2 ) FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 9 / 17

  16. Attacks Cloning/restoring a card Example (the OTP) read(0 : 7); Use the OTP to count if ( MAC K ( p 0 , p 1 , p 3 , p 6 ) = p 7 ) then resources on the card p 3 := incOTP n ( p 3 ); (initialized as 32 − R) p 5 := BUS ID (); p 6 := TIMESTAMP (); p 7 := MAC K ( p 0 , p 1 , p 3 , p 6 ); write(3 : 7) 0, 1 Id 2 Lock 3 Otp 4 5 D 1 6 D 2 7 MAC K (Id , Otp , D 2 ) FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 10 / 17

  17. Attacks Cloning/restoring a card Example (the OTP) read(0 : 7); Use the OTP to count if ( MAC K ( p 0 , p 1 , p 3 , p 6 ) = p 7 ) then resources on the card p 3 := incOTP n ( p 3 ); (initialized as 32 − R) p 5 := BUS ID (); p 6 := TIMESTAMP (); p 7 := MAC K ( p 0 , p 1 , p 3 , p 6 ); write(3 : 7) 0, 1 Id 2 Lock COPY = ⇒ 3 Otp Otp , D 2 , MAC K (Id , Otp , D 2 ) 4 5 D 1 6 D 2 7 MAC K (Id , Otp , D 2 ) FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 10 / 17

  18. Attacks Cloning/restoring a card Example (the OTP) read(0 : 7); Use the OTP to count if ( MAC K ( p 0 , p 1 , p 3 , p 6 ) = p 7 ) then resources on the card p 3 := incOTP n ( p 3 ); (initialized as 32 − R) p 5 := BUS ID (); p 6 := TIMESTAMP (); p 7 := MAC K ( p 0 , p 1 , p 3 , p 6 ); write(3 : 7) 0, 1 Id 2 Lock COPY = ⇒ 3 Otp + n use Otp , D 2 , MAC K (Id , Otp , D 2 ) 4 D ′ 5 1 D ′ 6 2 MAC K (Id , Otp + n , D ′ 7 2 ) FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 10 / 17

  19. Attacks Cloning/restoring a card Example (the OTP) read(0 : 7); Use the OTP to count if ( MAC K ( p 0 , p 1 , p 3 , p 6 ) = p 7 ) then resources on the card p 3 := incOTP n ( p 3 ); (initialized as 32 − R) p 5 := BUS ID (); p 6 := TIMESTAMP (); p 7 := MAC K ( p 0 , p 1 , p 3 , p 6 ); write(3 : 7) 0, 1 Id 2 Lock COPY = ⇒ 3 Otp + n use Otp , D 2 , MAC K (Id , Otp , D 2 ) 4 5 D 1 RESTORE ⇐ = FAIL! D ′ 6 2 7 MAC K (Id , Otp , D 2 ) FAST 2011 () Secure recharge of disposable RFID tickets September 2011, Leuven 10 / 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Secure UHF Tags with Strong Cryptography Development of ISO/IEC 18000-63 Compatible Secure RFID

Secure UHF Tags with Strong Cryptography Development of ISO/IEC 18000-63 Compatible Secure RFID

Secure UHF Tags with Strong Cryptography Development of ISO/IEC 18000-63 Compatible Secure RFID Tags and Presentation of First Results Walter Hinz, Klaus Finkenzeller, Martin Seysen Barcelona, February 19 th , 2013 Agenda Motivation for

416 views • 26 slides
Recharge Basics January 10, 2019 Presented by Recharge Review, Budget & Resource Management

Recharge Basics January 10, 2019 Presented by Recharge Review, Budget & Resource Management

Recharge Basics January 10, 2019 Presented by Recharge Review, Budget & Resource Management Course objectives Understand basic recharge concepts and the policies governing recharge activities Develop recharge rates in accordance

1.12k views • 78 slides
Atlanta, USA 1. TSA worldwide RFID Trial History 2. ASTREC research effort in RFID 3. Inflight

Atlanta, USA 1. TSA worldwide RFID Trial History 2. ASTREC research effort in RFID 3. Inflight

March 2, 2014 Monte Jade's RFID Seminar Atlanta, USA 1. TSA worldwide RFID Trial History 2. ASTREC research effort in RFID 3. Inflight RFID 4. Current Airport RFID Deployments 5. Atlanta International Airport Activity with IATA RFID

912 views • 35 slides
IntelliSense RFID RFID PLATFORM WITH SENSORS INTEGRATION CAPABILITIES One Global Sensing

IntelliSense RFID RFID PLATFORM WITH SENSORS INTEGRATION CAPABILITIES One Global Sensing

IntelliSense RFID RFID PLATFORM WITH SENSORS INTEGRATION CAPABILITIES One Global Sensing Tag Oslo, 28 November 2007 IntelliSense RFID Workshop IntelliSense RFID RESEARCH PROJECT FOR TECHNOLOGY DEVELOPMENT WITHIN THE FIELDS OF RFID

788 views • 13 slides
1 Active recharge (not talking about passive) Talking about recharge (not direct use for now) 2 3

1 Active recharge (not talking about passive) Talking about recharge (not direct use for now) 2 3

1 Active recharge (not talking about passive) Talking about recharge (not direct use for now) 2 3 **Statement about unit cost may contradict the next slide on the costs** Variable hydrology and limited storage? Army Corps dams, etc. Peak flows

584 views • 13 slides
The Art of RFID Exploitation Melanie Rieback FIRST 20 June, 2007 What is RFID? RFID = Radio

The Art of RFID Exploitation Melanie Rieback FIRST 20 June, 2007 What is RFID? RFID = Radio

The Art of RFID Exploitation Melanie Rieback FIRST 20 June, 2007 What is RFID? RFID = Radio Frequency Identification Modern RFID Applications VeriChips Subdermal RFID VeriChips Subdermal RFID VeriChips Subdermal RFID VeriChips

628 views • 29 slides
An elliptic curve and zero knowledge based forward secure RFID Protocol S. Mart nez, M.

An elliptic curve and zero knowledge based forward secure RFID Protocol S. Mart nez, M.

An elliptic curve and zero knowledge based forward secure RFID Protocol S. Mart nez, M. Valls, C. Roig, F. Gin e and J.M. Miret Escola Polit` ecnica Superior. Universitat de Lleida. { santi,magda,roig,sisco,miret } @eps.udl.es

417 views • 12 slides
Securing RFID with Ultra-wideband Modulation Pengyuan Yu, Patrick Schaumont and Dong Ha

Securing RFID with Ultra-wideband Modulation Pengyuan Yu, Patrick Schaumont and Dong Ha

Securing RFID with Ultra-wideband Modulation Pengyuan Yu, Patrick Schaumont and Dong Ha Presented By: Eric Simpson Summary Traditional Secure Communications Securing the physical layer with UWB TH-PPM RFID digital baseband

386 views • 19 slides
/// DISPOSABLE JOURNALISTS? LOCAL INJURED JOURNALISTS IN SYRIA AND THE FUTURE OF CONFLICT

/// DISPOSABLE JOURNALISTS? LOCAL INJURED JOURNALISTS IN SYRIA AND THE FUTURE OF CONFLICT

1 /// DISPOSABLE JOURNALISTS? /// DISPOSABLE JOURNALISTS? LOCAL INJURED JOURNALISTS IN SYRIA AND THE FUTURE OF CONFLICT REPORTING 1 /// DISPOSABLE JOURNALISTS? From the start of the revolution in March 2011 through May 2019, the Syrian

381 views • 11 slides
Managed Aquifer Recharge Symposium Innovative Use of Existing Facilities for Managed Recharge in

Managed Aquifer Recharge Symposium Innovative Use of Existing Facilities for Managed Recharge in

Managed Aquifer Recharge Symposium Innovative Use of Existing Facilities for Managed Recharge in the Upper Snake River Basin, Idaho David R. Tuthill, Jr., Ph.D., P.E. January 26, 2011 Outline The physical scenario The legal framework

308 views • 27 slides
TrainTraxx.com HiveID RFID/NFC Solutions for Model Railroaders Presented by Carlton Brown &

TrainTraxx.com HiveID RFID/NFC Solutions for Model Railroaders Presented by Carlton Brown &

TrainTraxx.com HiveID RFID/NFC Solutions for Model Railroaders Presented by Carlton Brown & Blaine McDonnell Using RFID for Model Railroad Operations What is RFID? How does RFID Work? RFID Frequencies and Type of Tags

853 views • 25 slides
DEVELOPMENT OF AN RFID SYSTEM FOR SPS-ALPHA 1 OBJECTIVES RFID Implementation: SPS-ALPHA

DEVELOPMENT OF AN RFID SYSTEM FOR SPS-ALPHA 1 OBJECTIVES RFID Implementation: SPS-ALPHA

DEVELOPMENT OF AN RFID SYSTEM FOR SPS-ALPHA 1 OBJECTIVES RFID Implementation: SPS-ALPHA Structure RFID Technology Applications in SPS-ALPHA architecture Part Identification Location Referencing 2 Why Space Solar No

241 views • 22 slides
Privately Developed Groundwater Recharge Dave Tuthill, Ph.D., P.E. August 2, 2018 Topics 1.

Privately Developed Groundwater Recharge Dave Tuthill, Ph.D., P.E. August 2, 2018 Topics 1.

Idaho Section Privately Developed Groundwater Recharge Dave Tuthill, Ph.D., P.E. August 2, 2018 Topics 1. Why Privately Develop Managed Aquifer Recharge? 2. What are: Recharge Development Corporation An Aquifer Recharge Unit (ARU)?

698 views • 22 slides
Groundwater Recharge and Recovery by the Public Works Department What is Recharge and Recovery?

Groundwater Recharge and Recovery by the Public Works Department What is Recharge and Recovery?

7/21/2020 Groundwater Recharge and Recovery by the Public Works Department What is Recharge and Recovery? 1 7/21/2020 Introduction to the Groundwater Recharge Facility The City operates an aquifer storage and recovery facility; the

329 views • 4 slides
Sun Direct Electronic Recharge by EPRS. PRESENTATION EPRSS Prepaid Recharge Services India Pvt.

Sun Direct Electronic Recharge by EPRS. PRESENTATION EPRSS Prepaid Recharge Services India Pvt.

Sun Direct Electronic Recharge by EPRS. PRESENTATION EPRSS Prepaid Recharge Services India Pvt. Ltd. C-207 KPCT Commercial Complex, Pune 411013 Phone - 020-26860160. Fax - 020-26860578 Email: info@eprs.co.in Web - www.eprs.co.in Introduction

320 views • 16 slides
RFID from Farm to Fork Piero Filippin p.filippin@wlv.ac.uk RFID from Farm to Fork Funded by

RFID from Farm to Fork Piero Filippin p.filippin@wlv.ac.uk RFID from Farm to Fork Funded by

RFID - From Farm to Fork Strengthening SME competitive advantage through RFID implementation RFID from Farm to Fork Piero Filippin p.filippin@wlv.ac.uk RFID from Farm to Fork Funded by the EU as part of the Competitiveness and Innovation

356 views • 9 slides
Lecture 5 Remotes Midterm Next Week No stressing allowed! 50 minutes in- class. You

Lecture 5 Remotes Midterm Next Week No stressing allowed! 50 minutes in- class. You

Lecture 5 Remotes Midterm Next Week No stressing allowed! 50 minutes in- class. You probably wont need the whole time. You can use the Git man pages and the lecture slides, but no googling Questions very similar to the homework

368 views • 19 slides
www.dealii.org How to submit patches Github Github is a hosting service: For open source

www.dealii.org How to submit patches Github Github is a hosting service: For open source

Planning for the future: www.dealii.org How to submit patches Github Github is a hosting service: For open source projects For other projects (for $) Stores the central repository of projects Stores individual people's

604 views • 11 slides
The black hole interior in AdS/CFT Kyriakos Papadodimas CERN and University of Groningen Strings

The black hole interior in AdS/CFT Kyriakos Papadodimas CERN and University of Groningen Strings

The black hole interior in AdS/CFT Kyriakos Papadodimas CERN and University of Groningen Strings 2014 Princeton based on work with Suvrat Raju: 1211.6767, 1310.6334, 1310.6335 + work in progress, with Souvik Banerjee (postdoc at University of

723 views • 43 slides
CSCI 2133 RAPID PROGRAMMING TECHNIQUES FOR INNOVATION Lab 02: Prep Lab: Basics of Git

CSCI 2133 RAPID PROGRAMMING TECHNIQUES FOR INNOVATION Lab 02: Prep Lab: Basics of Git

CSCI 2133 RAPID PROGRAMMING TECHNIQUES FOR INNOVATION Lab 02: Prep Lab: Basics of Git Instructor: Gang Liu Faculty of Computer Science Dalhousie University Lab Overview Creating repositories and sharing with TAs in future Git

460 views • 17 slides
Design Patterns Factory Method Oliver Haase 1 Idea If client knows when to create certain

Design Patterns Factory Method Oliver Haase 1 Idea If client knows when to create certain

Design Patterns Factory Method Oliver Haase 1 Idea If client knows when to create certain object(s), but doesn't know (neither care) how, then... make client an abstract class; define an abstract method for object creation; leave

506 views • 37 slides
Schema validation and evolution for PGs Eugenia Oshurko (ENS Lyon) 7 March 2019 Main ideas

Schema validation and evolution for PGs Eugenia Oshurko (ENS Lyon) 7 March 2019 Main ideas

Schema validation and evolution for PGs Eugenia Oshurko (ENS Lyon) 7 March 2019 Main ideas Schema as a PG Schema validation via graph homomorphisms Schema nodes define node types Schema relations define relations allowed between

340 views • 11 slides
MODEL-BASED API TESTING FOR SMT SOLVERS Aina Niemetz , Mathias Preiner , Armin

MODEL-BASED API TESTING FOR SMT SOLVERS Aina Niemetz , Mathias Preiner , Armin

MODEL-BASED API TESTING FOR SMT SOLVERS Aina Niemetz , Mathias Preiner , Armin Biere Johannes Kepler University, Linz, Austria Stanford University, USA SMT Workshop 2017, July 22 23 Heidelberg, Germany SMT Solvers

701 views • 27 slides
Imitating Latent Policies from Observation Ashley D. Edwards, Himanshu Sahni, Yannick Schroecker,

Imitating Latent Policies from Observation Ashley D. Edwards, Himanshu Sahni, Yannick Schroecker,

Imitating Latent Policies from Observation Ashley D. Edwards, Himanshu Sahni, Yannick Schroecker, Charles L. Isbell Georgia Institute of Technology Introduction Imitation from Observation enables learning from state sequences Typical

553 views • 10 slides

More recommend