DEFCON 14: A Hacker's Guide to RFID Spoofing and Jamming

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

so good evening you guys thanks for coming so I think I'm going to get started now it's about it's about nine o'clock so okay getting here me can you hear me in the back all right good deal so my talk today is about RFID spoofing and emulation now I'm actually going to start with kind of a slightly unrelated but it's sort of like a dog ate my homework story so it says in the in the abstract that I'm gonna be giving a live demo tonight and let me tell you a little story about this so yesterday I was at I was at blackhat I had given the talk it was not about spoofing and jamming it was actually about RFID malware which is one of the other sort of research topics that have worked on in the last year so I get onto the out of the talk and basically I and there's a couple people from the press the press corps that pounce on me they were all really friendly so I go and I'm speaking with them one of them is actually waiting on the she's speaking on the on a pay phone and I'm just sitting there like waiting for her in the lobby so I'm basically standing there waiting and there's basically this this table there and there's a circle of chairs lined around this table so I'm standing there holding the RFID Guardian which is what I'm gonna be talking about today is this spoofing an emulation device it's in this little cardboard box and I don't even notice but apparently I'm standing right behind this guy in this chair and he asked me what's in the box and I was I was gonna explain well this is actually something I'm doing for my PhD it's about RFID he's like no really what's in the box I said I was I was going to explain it he grabs the box Hey I basically grab it back guard it with your life turns out you thought I was trying to sniff his password so basically he he starts yelling at me I'm basically saying you know I'm not sniffing your password this is actually RFID equipment and then finally he runs off and says he's gonna tell the feds so so he runs over to the feds and he tells him that there was this really belligerent young woman who was trying to sniff his password and apparently the feds told him there's about 200 people here trying to do that what do you want come on so uh but basically right after that I tried it later that night and unfortunately through a little bit of the rough it rough-and-tumble it wasn't working completely instead though of the live demo what I'm gonna do is I actually made a video of things back when I was still in Amsterdam see how they're still gonna see the the video which basically shows exactly what I would have shown here with the demo so y'all can still see it I've also got lots of photographs so y'all won't miss out on any of the details and and with that I'll get started so RFID I'm just really curious how many people here in the audience think that they know something reasonably about RFID curation okay that's about half so I'm gonna start with some material just talking about what is RFID what is it what is it used for and why is it why is it controversial and why is it why is it interesting so RFID one of the first things is that it's a computer chip it can be sometimes the size of a grain of rice it can be tiny they have a little like millimeter ones like ones that could almost like fit on the head of a pin and the point is you put this little antenna around it and you have a reading device that sends these radio waves it powers it up it basically makes something called an inductive coupling it actually depends what kind of RFID you're using but in the particular kind my spoofing and emulation or spoofing a jamming device works with this makes an inductive coupling there's something called a load modulation resistor but essentially what it is is it's a little resistor that turns on and off in time to basically send back bits I can't send back too many of them at once because of course this is you know very limited power because you're powering it remotely but the idea is remotely you can you mean their data carriers but they're also sort of in a way like the computer of the future it's like if you think about it where RFID actually came from is there a little lot like those little you know there's stuff chemical tags so if you go to a department store and you buy one of those tags generally you know it might be on your clothing usually you know you you you go to the cashier you pay for your goods she deactivates the the tag you walk out it goes beep beep anyway and basically RFID has a whole lot like that it's powered by its reading device but the deal is instead of just having one bit that says this this item has been paid for or not it has more bits because Moore's Law I mean it's made computers so much phenomenally faster over the last decade or two the exact same thing has also happened with computers in the really small scale and basically a RFID is actually a really old technology has been around since World War two the first implementations of it were actually an identification friend and foe systems believe it or not the Germans what they used to do is they would rule their airplanes to make sort of like special receipt mills when they were using radar to actually be able to identify that those planes belong to the Germans all RFID was at that time as they came up with a little device that instead of having to roll the airplane the device basically just kind of like did the rolling for him and that was the very first kind of active RFID but of course since the 50s computers have evolves a lot since then and it's evolved now into what is modern RFID and the reason why it's really picked up so much in the last few years among other things related to Moore's law is also just because in the last couple of years all the patents the original patents I think they lost about 40 years they've also just for the first time worn off much to the chagrin of actually some of the pioneers of RFID technology but but in either case but yeah so in the so in the but in the last decade really it's just been taking off getting a new life of its own and also creating quite a stir recently what the stir is about is not so much about the tags themselves but it's about what the tags are used for there's all kinds of RFID applications one of the biggest ones that they want to that they're really pushing for a supply chain management Walmart's has this grand vision of course they want to make their products really cheap and they're gonna optimize probably both in what you know how they handle their personnel but also in and how they're gonna track their products and they've basically made this mandate making sure that their top first it was their top 100 then I think it moved up to their top 300 suppliers that they're all using this RFID technology but what is it what is it used for it's basically optimizes processes it couples the physical world with the digital world and that gives you a whole lot of power because if you know what any given moment where for example a particular raw material is or what step it is and then in the assembly line you can figure out what bottlenecks are you can basically optimize your processes and companies love nothing more than return on investment this is what all the sort of all the execs and all the people in the industry keep shouting about so but that so Walmart's a big pusher for that also the Department of Defense I mean they also I mean if you think about the operations going on right now in Iraq just tremendous scale all of these food all of these supplies I mean the ammunition need to be in the same place as the as the soldiers and they're using among other things active RFID transponders for this but but there's I mean they also want to use it for other things they want to use it for anti counterfeiting purposes there were rumors for a while that they were putting them into money into things like the European Central Bank was talking about putting them into Euro bills there they're actually videos floating around of people that have microwaved their dollar bills and I'm not quite sure how they got there Dan up but there was actually one picture you know showing all his little black you know charred surface around this another video floating around that was actually a you know you just put the thing in the microwave you know hit the button up it's kind of satisfying but yeah so now also using it for example with World Cup soccer tickets that kind of stuff they also use it for for payment I mean they think you know what's more convenient than being able to yeah well IBM made this really great video and there's this guy he's in a supermarket he's basically running through the supermarket you know grabbing things off the shelves stuffing it under his jacket you know you sort of see him like covertly running towards the door and basically when it gets to the door you know there's a security guard he's like you know Thank You mr. Jones it gives him his receipt and and that's their vision of what they want to do with this technology with automatic payment it's supposed to make people's lives easy it's about I mean it's supposed to make us be able to just relax and you know worry about the things we need to where all these you know these processes can just go on automatically but also oh the companies love it because it's a way to save money another way another use of it for example is actually in animals I can tell you one time well they're using them in in dogs and they're using them in cats for example if your if your pet runs away so if somebody else picks up your pet the idea is just that you can sort of scan your pet and eventually that can get returned to you oh really and they're using it for livestock because if you have things like like the hoof and mouth the foot mouth disease and also other things perhaps like avian flu I mean if you can track your animals I mean if you have any source of contaminated meat you can basically figure out where did it come from and hopefully then you can quarantine whatever other animals were involved and then be able to prevent other people from getting sick you know this is really noble stuff so you know but and once you're actually tagging animals then you figure well you know what's the next step maybe we should be tagging people of course part of the way is that you can tag people is by giving them things they have to carry you know like their new passports another thing that they use like they tag infants in hospitals to make sure that they they won't get stolen or I guess maybe if they do get stolen they can you know be detected on their way out the door or something like that and and then my personal favorite is well there's a club actually it's in Rotterdam there's also one in Barcelona it's called the Baja beach club and this place is about twenty minutes from where I live I have to say I've actually visited there one time actually the drinks are free had a good time and but but essentially what they do there is they have this VIP lounge sort of a swanky place you can get VIP access by well first you have to fill out some forms you know and the usual indemnity stuff you know sign your your life away and you know we don't have to worry about it and then what happens is you can basically go to your doctor and he will give you an injection there's these subdermal tips called vera chips they're essentially they're about the size of a grain of rice they're just these little antennas wound around these little ferrite cores they're in a little glass casing and they just shoot it shoot it in your arm it's a in fact exactly the same chips almost as what they're using in other animals like the dogs and the cats and the ferrets and all that it's FDA not FDA it's approved by yeah yeah yeah I was approved by the FDA so they know there's no nasty side effect and basically once you have this thing implanted then you're cool and and all you have to do and then you can get into their VIP area and I'm telling you they've got this this little like boat you know where they have all these bartenders dressed up as sailors I'm not joking okay it's something called a pin it's called the princess Monica deck but you'd like to know that and basically what happens is when you actually want to get into this this this deck basically they just scan your arm and voila you are now a number in their system and you can see it now on this on this barcode reader this very tip reader and what happens is then when you actually want to pay for your drink because that's what they do they put drink money on these things is you can then look at the the bartender can look at the screen and the number that was just read from the arm of that woman is now on the screen basically her account gets debited she has her drink and now she can get you know pretty much is wasted as she wants without having to carry a wallet and so who wouldn't love that all right so which sort of leads to a few questions about little inconvenient things like security and one time a reporter decided to go to the go to the horse's mouth and go to the CEO of a company called applied digital that that makes these chips and to quote ma'am apply digital implantable chips do not employ cryptography as of yet but the system is nevertheless safe because it's chips can only be read by the company's proprietary scanners and and the especially brilliant thing is a couple months ago there was this guy named Jonathan West Hughes and he wasn't he actually managed to build a device it's actually a bit similar to our device works a little differently but where we've actually succeeded in cloning it so so much so much for the marketing talk although I have to say I think our device was first alright but it's not the only security problem out there there's a few others unauthorized tagging this is just an obvious one if you have an RFID reader these little tags are actually usually they're so stupid and power limited they can't manage their own access control so the deal is anybody with a compatible reader can go up and they can basically skin their arm and they can get this information I mean certain more expensive kinds of tags like contactless smart cards I mean some of you might you know swipe them nut swipe them but use them at the door to your buildings to get into your offices perhaps those are also RFID but generally you have to hold them closer to the reader because they use a lot more power and also they tend to be a lot more expensive so it's usually not going to be used in things like supply chain management but but but still on authorized tag readings a problem you've stropping you can also eavesdrop on the communications between RFID readers and RFID tags that way I mean if you figure you know the RFID tag is only supposed to talk about 10 centimeters however the RFID reader itself I mean it's gonna talk it probably up to up to a meter and also and this is just for really short-range RFID if you're talking about higher frequencies that use back together and things like that if you eavesdrop on the reader communications it could just be you can listen to this stuff from really far away tracking I mean sometimes that's useful it may be even in the context of people like if it's that infant I was telling you about but but but of course other times you don't want that it's a problem tag cloning that's what I'm gonna be talking about today at least somewhat and denial-of-service and that also partially comes into the jamming I was telling you about before although there's also other ways you can do denial-of-service namely just wrapping it in some tinfoil or something like that and you can usually prevent tags from working oh and one other one is RFID malware and I gave a talk on that yesterday at black hats and that's essentially just saying you can launch things like traditional hacking attacks like exploits traditional exploits buffer overflows sequel injection attacks you can actually launch all of that from an RFID tag and anybody who actually wants to know more about my work on that should go to WWE RFID virus org alright so but now I'm going to talk a bit about the spoofing and jamming so we've built a device and I'm going to tell you just really generally what's in it for the hackers what could we do with such a device what features does this offer here's a few possibilities you can do false positives you can basically make multiple tags appear that don't exist the way that it works is this particular kind of tag that we're using it uses an anti collision algorithm called slotted Aloha so basically it uses 16 time slots so if you do one single inventory query it can spoof up to 16 tags at one time if the tag is repeatedly pulling you can basically spoof an unlimited number of tags and of course says since most of the time they're not really going to be sure about where a tag is at any given time they're probably going to be polling so well another thing is false negatives you can actually make one or more existing tags disappear and it's not just that you're randomly sending out some kind of jamming signal that's going to interfere with all RFID traffic because of course besides being probably inconvenient that's probably also illegal but what you actually do is you you have an access control list I mean just like a pack of filter and you actually put in the idea of the tag that you would want to block you might even give it some information about when you would like it blocked and it winds up happening is the RFID reader does a query to the tag the tag does a response back this is all dictated by a particular timing and it knows exactly when the response is going to come back so it sends out a really brief very brief jamming signal so it only blocks that one tag it's a bit of a simplification I'm gonna actually go into a little bit more detail about how that jamming works on one of my later slides but the but that's the general idea so in such a way though if you have let's say three tags there you can just make one of them disappear while the other two of them are still perfectly readable another thing that you can do and this is also kind of fun is you can also just craft invalid RFID packets and I have to say using our RFID guarding using our device by just sending it enough things where the CRC check fails and sending it stuff that doesn't check out actually one of the Philips applications that I was using it was right out of the box you know I don't have the source for this thing basically it crashed so us being good hackers we know what we can do then with these kinds of possibilities once again they refer back to RFID virus org for more details on that and also uh malware injection because when you're talking about things like these buffer overflows I mean if you have some kind of a tag emulating device then you can really send the reader more data than it's expecting to receive so this is the part where I would have given the demo but instead I'm going to show you the video I made it a couple months ago it's actually using the old prototype that I made we actually have version 1 and version 2 I'm going to talk mostly about version 2 but actually in this video it's showing you version 1 so when the video is over I'll actually explain the differences between the two versions but here's the video hi my name is Melanie Rybak my name is Chris wholesome and with from the front in your tights what free University of Amsterdam this film today is going to sell you a bit about the on earth mind Agana that's a handheld device that people can use to control their security and privacy and Oracle RFID tags since we're may be discussing secure on earth by the security and privacy today there are going to have a quick primer on are any technology specifically the Senate that we're introducing this year there's an rfid reader that's pretty special if it's a My Fair I quote an rfid reader the works of my friend contact with smartphones and I've heard our son eat eggs this year our iPod SLI RFID tags these are high frequency tags there where that the frequency of 13 point 56 minutes and they're work with the ISO 15 6 9 3 standard these are fairly standard tags and applications likes to management and access control now that it was a bit about our our much equipment let's see it in action we've taken the RFID reader I believe in touch to the computer as you can see here here is its user interface it's stolen right now doing something wrong important queries it was up registering another penny tags because they're too far away from the reader they're not being picked up if you take the three RFID tags and you place them within reading range of the reader as you would expect the three line honey talk show up on the user interface nothing to sell you a little bit about the RFID guardian this is the project that we're building at my university right now we're servant and the knight prototyping phase in a project so remember for every element using primitive board and a trident development kids a certain point retirement of replacing this for the printed circuit board but for now I'll give you a rate or are you serving pieces just you can see general and how it is and how to put together the first employment is the Trekker development kit it consists of an excellent processor the PXA 270 and the functions as the central nervous system our RF and Eternia as a microprocessor and as all of memory an entire system together the rest of the RFID Guardian consistent around electronics there's two most important parts that were going to demonstrate today combined these two parts the tag transmitter and the tag receiver allowing Fida guarding to act like an RFID tag this year is the tag transmitter this produces sideband this interview is disputed by are plenty tags and this here is the tag receiver and the tag receive that state simply picks up the signal of an rfid reader and it decodes it so we can understand what I mean it's also useful to keep in mind that the tag transmitter and the tag receiver both have their own unique antennas so now this is the interesting part it's time to see the RFID guardian in action now just as a preliminary sign up for our experiments you're taking the RFID reader and you send up down here probably about half a meter away from the RFID are you if you lose you can see now then this constantly employment mode and that is picking up three RFID tags that have located right there directly on top of the reader the rfid funding is controlled by a serial interface that leads to a computer that's been compelled by liquor over here there are outputting experiments yeah I think I mean is going to be turned on and off at various times by River what we're going to demonstrate moving as you mentioned the barcode reader in an ollie mode and even com3 RFID tags that are currently found now further starts up the RFID right in as you can see on the screen this presents as our picked up that's okay and it's um you see this reliability one four times we're not going to demonstrate the RF anybody mean static jamming abilities now it's not just any kind of Germany it's lots of jamming we've configured behind by the Guardian to take one out of the three RFID tags and make it completely unreadable to the reader that's right to find out what tags are available now if you take a look at the screen once again struggling with the c3 RFID tags within the range in the reader now they're activates the RFID guardian now see that it's went from three out of five it says those two so I presume in this demonstration textbook me attend German heartburn features we are Penn garden with there are many features there actually we're hiring RFID security and privacy features that I haven't discussed the existing authentication key management access control and auditing for more information on these other functions which I'm not going to discuss now please serve over to www.imtcva.org and reply some more information as well as an academic papers concerning the subject all right so so that was version 1 since then we've actually created version 2 because as you saw with version 1 it was sort of something well you know is it was it was a labor of love so it's also not very portable so we wanted to try and create something that's a bit more usable for either the hackers or the well-meaning people who want to protect themselves of the world so basically what we did here's a one picture actually a picture of the top side of it and basically what you see now is we no longer have a separate our receiver a tag receiver and tag transmitter but actually all of that analog circuitry is now integrated into one board another thing that we actually added that we didn't have in version one is we're basically trying to put all the logic in a CPL D it's like an FPGA so we're essentially trying to turn as much of the the analog circuitry as we can basically into something that we can represent with VHDL provides us more flexibility at fewer things will break it also gives us a lot more options about doing things like supporting basically new modes of operation later on and yeah and that's one thing that that we've changed another thing you can also see it's sort of let me see if I can get a cursor here on my laptop so I can point to it this is this little chip right here is also an rfid reader actually reader on a chip it's produced by Alexis so another thing that this this the particular device can do is it can also actually act like an rfid reader and then such a basically having such a mode of operation allows it to also do things like like relay attacks which makes it more interesting for a hacker but also for as I say the more more well-meaning people I mean they might also want to use our device just to help them in managing the tags that happened to be around them yeah but this is also still sort of an intermediate to effort in what we're building we're actually already working on version 3 what basically our plan with that is this stilll version 2 still requires a serial cable so you still have to have a kind of to the laptop what we're actually doing with the version 3 is we're putting a touchscreen on it and we're also the version 3 is also gonna be professionally made so I mean we yeah we have no immediate plans to like mass-produce these things but our intention really is that with version 3 it should be something that will be a device that you can use that's handy that's reliable and and that's really our idea and we're hoping and then I mean we're working on it right now we're hoping in about the next six months that hopefully we can have something so oh yeah oh and that's the other thing once we actually have all of this finished we are releasing both the hardware schematics and all of the software code open source so here's actually a look at the at the back end of the Guardian what you can see is basically besides some of the power circuitry you can see what we actually took from the the Triton development board there's something called the Triton module here's actually a bit more of a close-up on it and once again this is now the that X scale processor the PXA 270 basically in our current version we actually did it this way that you could just unplug this little Triton module actually from the development kit we were using it before and basically use a connector to connect the whole thing directly to to our our prototype actually the reason why we're doing that is because the X scale is well well something called a ball gate array and essentially if you want to if you if you want to produce a PCB that well it has layers and layers and layers of pins so it's really expensive actually to to make and solder these kinds of things so that's actually why we just took the entire development module and sort of transplanted it so it's sort of our solution for now I also have to say we're we also made a really conscious choice in using the X scale for a couple reasons I mean one because it's just a it's a beast it's a workhorse it's a full fledged computer and and what we've actually found is that we need it we need the horsepower because I actually know some other people who have been the building they've been working on similar projects but they've been using things like pix or at mills and they've actually been running into into limitations so sort of in in hindsight it's actually a really good thing because we we actually don't really have to worry too much about time constraints in December I'm actually releasing an academic paper that gives lots and lots of details about how we built this yeah it'll be published in December it's at USENIX Lisa though it is a large installation system administration conference so so basically when that's published you guys can also get done a lot of the details about how some of this stuff works it won't have schematics though it's still an academic paper so but plus or so we're still changing them so um all right so just tag spoofing so I'm gonna actually go a little bit more now into how that work first I'm going to explain a little bit what a real rfid tag response looks like this picture was taken out of the RFID handbook essentially what you're looking at is you have a one really big peak in the middle that's actually the carrier signal and about 90 decibels lower you have two little side bends that are on either side of the carrier signal now this big peak in the middle is what the RFID reader sends and these two little side bends these two little tiny peaks are actually what the RFID tag generates and it's because there's such a large difference basically in volume between these two signals it's actually a part of why it's so difficult to keep RFID tags powered and be able to read them from from long distances because it's it's a weak now basically what we've done is its these little is these little side bends these two little peaks of in from Peaks of information that actually transmit the bits back so what we're actually doing is we're sending the those little side bends with the correct timing as dictated by the standard so that's essentially how you spoof an RFID tag you just need to produce those two little two little frequencies on either side of the carrier say go and do it with a correct timing it's as simple as that and believe it or not I mean the actual circuitry you need to do that is very simple so here is actually a scope trace showing what we do now you're going to notice that this picture actually looks a bit different you still have that carrier signal that's in the middle but now take a look at the sidebands now we're artificially producing them we have a transmitter that right now is is powered by something plugged into the wall which basically means that if an RFID reader operates at only about 10 centimeters then our device has absolutely no problem operating for example a meter away spoofing a tag in fact uh yeah I mean before I left from Amsterdam we measured it with our actually with our latest prototype being a meter away so all right I'm gonna also talk a little bit more about the jamming and how that actually works essentially what we're doing the the actual jamming signal itself is randomly produced noise all we're trying to do is we're trying to generate that noise at the right time so that it basically disrupts the whole signal-to-noise ratio so that the reader can't actually get the the signal of the of the tag back now you one thing that's I need to explain is how do we actually how do we actually block one tag and leave the rest of them alone and at least that with the particular kinds of tags that we're working with it's actually fairly easy part look as the protocol because this anti-collision protocol so so slotted Aloha has sixteen time slots and this is uh this is actually illustrated in this picture here and basically what you see the way that it works is that tags actually calculates deterministically what time slot they're going to respond in what they wind up doing is in each round of anti-collision they basically XOR their their tag ids with some kind of a mask value and anti-collision mask value that's changed in each round of anti-collision and I mean you can almost think of it like pseudo randomly I mean because that's basically what the final result is it's almost like each tag with pseudo random we pick a time slot that that's going to speak in and then as an event as it advances to the next round then it's going to basically speak again but in that also pre calculated time slot but of course remembering that if the tag is able to calculate that we know how it works so we're able to we're able to calculate it as well so if you take a look then at the at the picture let's say we have four tags that are present one of them is going to transmit in round one in time slot two let's say there's tags one of four that are going to transmit in time slot five and then tag two wants to transmit in time slot nine now let's say that we would like to have tagged three be able to speak we also perhaps one Tagg 1 & 4 alone but actually the one that we're after the one that we want to block is tagged 2 so essentially what winds up happening is to basically tag 3 transmits and time slot 2 there's nothing else transmitting at the time so it's a actually able to get its message back tag 1 and tag 4 in this case are transmitting in the same time slot so they're actually interfering with each other but of course as you advance to the next round of anti collision there's probably a probabilistically a high chance that they'll pick you know different time slots for the next round so hopefully then those tags can actually get their signal their signals through but with but with tag number 2 this might be you know a tag we don't want other people to be able to read it could be our passport for example well basically during each round of anti-collision we know when it's going to speak so basically in this case in time slot 9 we know that tag 2 is going to speak so we just make a really short jamming signal just in that time slot then you go to the next round of anti-collision we calculated again just in that one time slot we go through all 16 rounds of anti-collision the reader gives up sometimes it reports a CRC err sometimes it doesn't even notice I haven't quite quite figured out what we need to do to control which is which but yeah but that's basically how also in that demo video that's exactly how it works so um so I was I was talking a little bit about malicious uses for RFID spoofing and jamming but there are probably also other uses for it just for people that aren't necessarily hackers but that want to be able to protect their own civil liberties that want to protect their own privacy and so basically what we're also sort of in the academic community because what I'm not speaking at hacker conference is I'm actually well attempting to do a PhD right now so I well at least for the academic community I sort of have to target this is this is something also that can that can help people and something that can you know I mean yeah I mean well they're funding me so I do my best but yeah so basically what we're also billing The Guardian as is as in being something that can either protect people or it can protect fixed locations so the idea is that if you for example know what tags you have with you and you know what tags belong to you you might for example want to protect just those tags and then if there's others RFID systems around you you can want to be able to just protect your tags while leaving all the other tags alone and actually sort of the way that we're advertising this is it's being kinda like an RFID firewall I mean just like a packet filter you have an access control list you basically say okay well this is where the query is coming from I'll explain a little later how we determine that this is the tags that this is where the query is going to so these are the tags that it's targeting this is the actual query that it's trying to do and what do we you know perhaps maybe even extra context information that can also help you make the decision and then we would either like to block it or we or we would like to allow it and essentially just using a rule set rule set just like with a packet filter you can determine your security policy and in such a way you can manage you know who can read your tags and when and and how and that's a yeah and that's pretty I think it's kind of like a novel thing the only inconvenient thing about it though is just that is limited by the by the range of the Guardian so if the Guardian only works for example at the range of one meter it can actually only protect tags that are one meter away from you so if you have this thing clipped to your belt I mean you know that you'll probably have you know maybe a meter of protection in this direction a meter of protection in this direction but if you leave that zone you're on your own so I mean this device does have limitations of course how big the zone of protection is depends on the frequencies that are used by the RFID but but that's the basic idea and what the main functions are are one of which is auditing kind of like foo blood in Germany they produce one of these RFID detectors they actually have a little bracelet that if an RFID query comes in it lights up it's pretty cool what the Guardian can do is because of course because they can actually decode RFID queries it can actually log this stuff for you so you can do auditing I mean just like you would audit your traffic on the network you can audit your RFID traffic and that could be useful because for example if for example let's say they pass a law saying that you have to signpost when you're using RFID just to protect consumers if it turns out that they don't signpost it but they're actually querying your tags anyway you can log it and then that would actually give the consumer some way of having some kind of legal recourse to be able to maybe you know go to the Chamber of Commerce and say hey you know that store isn't playing by the rules I mean another thing way that that might be useful is in logging RFID tags that are around you I mean let's say somebody you know I I have a bag with me and somebody drops a tag into my bag now if somebody can if you just do RFID queries on a periodic basis correlate them across time another thing is you could also figure out when an RFID tag has been added to you maybe it's a tag you don't want but of course you can't remove an RFID tag unless you know about it and right now consumers I mean we're being foisted into this world where these tags are around but we actually have no idea when it's around us we don't know when the tags are there and we don't know when the readers are there and by giving people the ability to do some kind of auditing you're really putting the the choice the decision back into their own hands key management is another possible use for it they're talking about putting some kinds of security features on RFID tags for example EPC Global has a kill feature a pass served like a password protected skill feature on their tags but the question is first of all how do you how do you get these keys how do you store them how do you use them I mean are you going to rely on some kind of a kiosk by the door to do it for you I mean there's a group called Caspian that went to the Metro future store they had in rønneberg Germany they had a killing station that was there apparently it didn't even work I mean they basically zeroed out the the data memory but actually the tag ID was perfectly fine and intact so the tag wasn't even deactivated when the store said that it was and you just yeah and you have no I mean isn't it better if you can deactivate your tags yourself isn't it better for example if the tags have likes things like sleep and wake modes which they're also the companies are also working on if you can determine for yourself and have the tool I mean present for you know for yourself to be able to turn turn it on and off in different situations and when you want and we think that something like the Guardians really is useful for that um access control alright this is what I was talking about before I like it being being a firewall I mean essentially you want to be able to make those decisions make a centralized security policy I mean the other problem with with things like well there's something called the RFID blocker tag I think it's a wonderful idea it's by a guy named Ari jewels from RSA security he's really a brilliant guy in fact part his work partially inspired me to start working on RFID but he was working on on this thing called the blocker tag and his idea was he would have this rfid tag with its own security policy and then essentially by a spoofing actually well not spoofing so much because it was actually a tag but essentially that it would disrupt it's actually a different idea collision that's called the tree walking algorithm then you could basically cause the thing to traverse the entire namespace when it's doing inventory queries looking for tags it's a great idea but the problem is you have a security policy on a single tag I mean I mean all the network administrators out there and system administrators I mean what would it be like if you have all these devices and you want it like update your policy okay I mean that's a nightmare so what the Guardian then lets you do is it just has a centralized security policy so you only actually have to make one change it's your policy that then can reflect how all of your tags are treated and I think that's one what one thing that's also really really quite handy and an authentication now generally you can't tell where an RFID queries coming from because there's no room in the protocol for it this is actually one of my pet peeves because it would be a very easy thing to add but the standards committees actually do not want to add it and the reason why is because there's a lot of let's just say dedicated RFID companies that are part of these committees and if they make a change to the standard they obsolete their whole product line so just because a feature is is you know technologically a no-brainer to be able to add and just because it does something useful like being able to improve privacy doesn't always mean that this this change will be added so the problem is then there's no room in the protocol for authentication information there's no room for challenges and responses there's no room for anything like authentication like basically like will receipts basically cryptographic receipts that that indicate that this particular query is actually coming from a particular source now the idea that we have with the Guardian is that since the since it's basically a computer that can talk directly with an rfid reader without requiring extra infrastructure it can also basically do security protocols directly with the reader which means that if you pre distribute secret keys to the to the rfid readers that basically they can then authenticate themselves and the way that you would do this is just using read and write operations the usual read and write operations read data block write data block all you have to do is just basically put meta information in the data blocks that you're sending that are recognizable to at least the Guardian and some kind of a guardian aware reader and in such a way you can actually identify the reader that that's sending this particular query and that'll gives you the basis that allows you to make your access control decision so so this is basically our vision for for the Guardian and we're continuing working on it and I think in six months we're going to be a lot further with it so and that's basically it any questions oh how did that get in there Hey any questions yes um no not really I mean it's just big oh oh he was saying that the RFID reader are sorry the RFID guardian is plugged into the wall and it's able to achieve a range of operational range of 1 meter do I think that when we convert the RFID Guardian to being powered by batteries that we're gonna have problems at achieving the same read distance my answer is no I don't think that's going to be a problem because it's not so much that we're even transmitting with that much power we're certainly not I mean we're certainly staying well within regulatory you know limitations but yeah I mean essentially it's just a very short amount of time that we're transmitting so it doesn't even use that much that much power we were actually doing some back of the envelope calculations with with the batteries that we're planning on using rechargeable batteries in the next version and we think you can probably go about a day having the thing but you're having the thing be probably Mitton the unreasonably active in the in transmitting so yeah I don't think that's going to be a problem are there yes the smart cards where the different five cents a hunter for example you said by the Guardian could for example selectively block basketball actually his question was contact with smart cards may work differently than sort of the more the cheaper RFID tags do I believe that the Guardian will also work with contactless smart cards and more specifically with the new passports my answer is yes they're different but there's actually more of a difference between I think the difference well especially the different frequencies that that's the biggest problem and that has nothing to do with contactless smartcard versus versus tag but we're actually working right now we're about halfway done with implementing an iso 14443 stack which is the standard that the passports use so I mean basically our intention and hopefully once we get the demo fixed I mean one of the first things we do we would like to be able to show that we can jam or spoof would be a passport reply so okay well thank you guys

Info

Channel: Christiaan008

Views: 9,705

Rating: 4.8222222 out of 5

Keywords: rfid, security, tag

Id: AWwVokZfEls

Channel Id: undefined

Length: 50min 8sec (3008 seconds)

Published: Mon Jan 31 2011