copyright notice
link to published version: IEEE Computer, January, 2013

accesses since December 3, 2012

RFIDiocy: It’s déjà vu all over again

Hal Berghel


Not content with the pedestrian applications, some manufacturers just had to extend RFID far beyond the level justified by good taste and common sense. RFID has now found its way into the holy trinity of security: authentication, validation and verification.


One of the social glues that bonds baby boomers together is AM radio. Not the current AM talk show radio babble, but the good stuff of yesteryear: Chicago bluesmen, rockabilly, and iconic American rock and roll bands like the Zombies, Traffic, and Spencer Davis. Howard Duff as Sam Spade, the Lux Radio Theater, and the Cisco Kid brought us together with shared experiences that were staples of daily life in that bygone era. “Yours Truly, Johnny Dollar,” “Boston Blackie,” Sonny Boy Williamson II on the King Biscuit Hour, and the Grand Ole Opry on Nashville's WSM did it for me. We could get a taste of life in distant lands and exotic places on the other end of the signal.

For a variety of reasons, this radio format only lasted a few years – from the inception of radio in the early part of the 20 th century through the 1950s when modern transportation removed much of the curiosity inherent in the experience, and a displacing technology called television caught on.

But those of us who remember old time radio are indebted to one inconvertible law of physics: radio frequency signals don't obey property lines. Hold that thought for a moment.

NOT EVERYTHING WE CAN DO IS WORTH DOING

There has never been a shortage of bad ideas. But there are bad ideas, worse ideas, and what I'll call the “ estupidísima .” Some of the purposes to which we've put RFID fall into the latter category.

A posteriori bad ideas are those that seemed reasonable enough at the time but failed at the level of implementation. Examples might include New Coke, the Microsoft Bob operating system, the PC Junior, and the Edsel. They just didn’t catch on – not because of some fundamental flaw – but rather because they filled a non-existent need or misjudged a market. A posteriori bad ideas produce responses like “I’m not seeing this.” or “This isn’t ready for prime time.”

“Estupidísima” ideas are a special-class of a priori bad ideas. They enjoy a special status in the world of sub-optimal decision making. This set might include placement of the Ford Pinto fuel tank close to the rear bumper, the installation of untested blowout preventers in deep water oil exploration, and building bridges in high wind areas while failing to really embrace the notion of aeroelastic flutter. Conceptually flawed a priori bad ideas usually produce questions like “What were they thinking?” or, perhaps, “What were they smoking?” These are the superfund sites of stupid. They may usually be identified by one or more of the following red flags:

  1. Industry associations and oversight groups either fail to warm up to them, or are critical of them, early on in their gestation
  2. The wisest of investors tend to shy away from them
  3. Roll-outs are frequently unpredictable and rocky
  4. Criticism, embarrassment, litigation, and/or hacks evolve in parallel with the implementation.
  5. Eventually, they become part of the literature on ecological nightmares, engineering disasters, and the like, and if dumb enough will eventually be featured in eponymous documentaries.
  6. They tend to be career stoppers for the primary principals involved.

One of the most recent examples of exceedingly bad ideas is the use of RFID in security-challenging applications. The operative part of RFID is RF – the very phenomena, you may recall, that we agreed didn't obey property lines a few paragraphs back.

This parallels the proliferation of corporate mercenaries (aka private armies, private military contractors, private security contractors) like Academi (formerly, Xe Services, Blackwater) and Triple Canopy. I predict that in time these interests will all converge into one-size-fits-all, general-purpose private army/police/intelligence-for-hire concerns. But for the moment, the cyber side seems to largely remain decoupled. We note that experiments at such integration have already occurred (e.g., Computer Sciences Corporation owned the private military contractor DynCorp from 2003-2005.) Not surprisingly, some of these companies have been known to target Wikileaks (see Figure 1).

RFID

RFID (Radio Frequency IDentification) uses RF frequency transmissions to exchange information between a ‘tag' (aka transponder) and an interrogator (aka a reader) via middleware that supports the interface of the RFID hardware and the applications software.

The concept of RFID is not new. Leon Theremin of electronic musical instrument fame invented one progenitor was invented in the 1940's. This device, called “The Thing,” was a passive cavity resonator that derived its power from an RF signal provided by an external transmitter. Requiring no internal power source, it was easy to conceal and difficult to detect and thus became useful in spying. In fact this was the technique used by the Russians in the now famous bugging of the Moscow office of U.S. Ambassador, W. Averell Harriman. The Thing was embedded in a wooden plaque of the Great Seal of the United States presented by a Soviet “good will” organization. There the plaque continued to broadcast conversations in the Ambassador's office until 1952 when it was discovered accidentally by a British amateur radio operator who overheard some office conversations. There's a second lesson here, folks: not only doesn't RF obey property lines, it also doesn't respond well to authority!

We flash forward 50 years: “the thing” has evolved into an inexpensive and more capable alternative to bar code recognition for asset management, inventory control, point-of-sale systems, pet identification, high-value chip control in the gaming industry, firearms, and the list goes on and on. If there's a need to know what something is, or where it is, RFID technology was ready and waiting (see sidebar).

Not content with the pedestrian applications, some manufacturers just had to extend RFID far beyond the level justified by good taste and common sense. RFID has now found its way into the holy trinity of security: authentication, validation and verification. They just couldn't leave good enough alone. Over the last decade or so, RFID tags have become nearly as ubiquitous as name tags.

Current Applications of RFID Technology (source: Grover and Berghel (2011))

 

RFIDIOCY

Simply put, RFIDs are not a great choice for single-token verification/authentication mechanisms – they're both too noisy and too easy to hack. The reasons are both obvious and subtle. I'll illustrate with two modest examples, both applications being spectacular in their foolishness.

First, consider keyless entry and transit passes. Many of you are familiar with these applications from your commute or from your office building access. This application was wrapped around the concept of convenience, pure and simple - convenience for users, convenience for managers who feel more comfortable with a steady stream of exception reports, and convenience for the people who have to keep and maintain access logs. But, the concept it was not wrapped around was security.

Imagine the appeal of accessing a building, or boarding a bus, without so much as a card swipe? One such solution was the NXP Mifare DESfire MF3ICD40 RFID smart card (“Mifare” is the encryption standard used, and NXP is the subsidiary of Philips Electronics that makes the card.) This technology has been exceedingly popular for the past decade – at least until 2011 when virtually everyone with any interest knew how to hack it. However, this is not one of those a posteriori bad ideas that I mentioned earlier. This is a serious contender for E stupidísima status. Why? The system was built around a known vulnerability that was understood as far back as 1999.

Regarding relationships with the media, Stratfor works with media organizations and journalists whom they refer to as (among other things) “Confederation Partners.” It's not at all obvious that a private intelligence organizations close relations with the media satisfies the standards of journalistic ethics taught in the academy.

Paul Kocher, one of the architects of SSL 3.0, developed techniques for breaking cryptographic systems called side channel attacks in the late 1990's. The basic idea was to use the physical characteristics of the system against itself. Kocher observed that by observing power consumption, timing frequencies, electromagnetic propagation, acoustic signals, etc., one may observe enough of the operation of the processors to recover keys and messages. Kocher's research went viral, as they say, and subsequent researchers have proven the viability of his concept in scores of professional publications. As we mentioned above, the technique of using “compromising emanations” to gain intelligence from electronics dates back as far as Theremin's “Thing” and was the stuff of which the National Security Agencies' project “Tempest” in the 1970's, so by the time that time that NXP produced their DESfire product, the toothpaste was not only out of the tube, but downright moldy. The nail in the coffin of the NXP DESfire came from a specific type of side channel attack called a “template attack” that literally showed that further resistance to hack attacks were futile.

However, as ill-conceived as DESfire was, it pales in comparison to the Western Hemisphere Travel Initiative's (WHTI) People Access Security Service (PASS) card. This was a mistake carried through to digital perfection if ever there was one.

The concept is simple enough. Millions of people cross U.S. Borders each year. Wouldn't it be nice if we could (a) speed up the process, and (b) detect potential threats as far away from the turnstile as possible. I'm sure you see where this is headed. That's right, the Department of Homeland Security decided upon RFID as the solution of choice. Immediately following the announcement, trade groups such as the Smart Card Alliance pointed out that RFID was not the best fit because the use of RFID raised security and privacy concerns. (cf. red flags, above)

The problems are twofold. From a privacy perspective, it's just not the best idea to broadcast data that is used in identification – even if encrypted, and even if it's not PII. From a security perspective, this is an invitation for RFID spoofing – e.g., hacking the system to produce bogus credentials so that the bad guys look like good guys, v.v. What every narco-trafficker and terrorist needs is a bogus RFID tag that takes on a persona with saint-like qualities. RFID spoofing is as old as RFID itself. It wasn't perceived as a problem in the earliest applications of RFID, because so little was at stake. After all, what was the likelihood that someone would spoof RFID tags to mess up a grocer's inventory control system? However, the WHTI PASS card presented an opportunity to put RFID spoofing to important use.

Of course the proponents of this ridiculous use of RFID pointed to the uber-secure, 20 year old Mifare RFID security standard embedded in the Mifare Classic cards (e.g., DESFire EV1). WHTI's experience with this technology is priceless. While the first batch of PASS cards were being manufactured in Spring, 2008, at least one hack was presented (Chaos Communication Congress, December, 2007) and published online. In addition, an actual attack was demonstrated on YouTube ( http://www.youtube.com/watch?v=NW3RGbQTLhE ) in February, 2008 – several months before the PASS card became an official standard for. It is useful to compare this YouTube video with the NXP promotional video produced just a few months earlier ( http://www.youtube.com/watch?v=teKBR0BvulU ) .

The PASS card remains in use, though it is my understanding that DHS is no longer confident in it as a source of trusted identity. By the way, the DHS solution to the RFID spoofing problem is the placement of the RFID card in a metallic sleeve. Of course, this eliminates the advantage of RFID over more secure options like smart cards in the first place – which is pretty much what Smart Card Alliance pointed out to Congress before the roll-out.


OOB URL Pearls

The unsuitability of RFID for secure applications has been understood as long as the technology has been produced. The Smart Card Alliance came out against the DHS RFID standard for the PASS card in 2006, three years before the PASS cards were put into service ( http://www.smartcardalliance.org/articles/2006/06/08/smart-card-alliance-challenges-dhs-stand-on-deploying-rfid-for-whti-pass-card ). Despite the obviousness that using RFID in secure applications, the RFID industry continues to suppress disclosures of vulnerabilities by trying to suppress technical publications and presentations, and even television shows (e.g., Adam Savage of Mythbusters fame mentions such RFID Censorship at http://www.youtube.com/watch?v=-St_ltH90Oc .)

The earliest side channel attacks like simple power analysis (SPA) required some understanding of the circuits involved. More powerful side channel attacks like differential power analysis and high-order differential power analysis, use advanced statistics and are largely circuit insensitive. Much of the pioneering work in side channel attacks was done by Paul Kocher and his colleagues at Cryptography Research ( http://www.cryptography.com ). Discussion of the “template attack,” including links to source documents, may be found on arstechnica.com ( http://arstechnica.com/business/2011/10/researchers-hack-crypto-on-rfid-smart-cards-used-for-keyless-entry-and-transit-pass/ ) .

The original State Department RFI for WHTI PASS card system was released in 2006 (cf. http://www.homelandsecuritynewswire.com/state-department-issues-rfi-whti-pass-card-system .) A Smart Card Alliance press release critical of the use of RFID in the WHTI PASS card followed quickly thereafter (cf. http://www.smartcardalliance.org/articles/2006/06/08/smart-card-alliance-challenges-dhs-stand-on-deploying-rfid-for-whti-pass-card .) A short DHS description and video on how the PASS card is intended to be used is at http://www.getyouhome.gov/html/rfid/rfid_how_to.html . A comparison of this video with one at http://www.youtube.com/watch?v=NW3RGbQTLhE should prove illuminating.

There is no shortage of online resources on cracking Mifare RFID cards in a variety of settings from transportation tokens to key vaults. PASS cards are manufactured by Connecticut defense contractors, L-1 Identity Solutions which was acquired by the French defense company, Safran, in 2011. See also Bruce Schneier’s blog at http://www.schneier.com/blog/archives/2008/08/hacking_mifare.html. Schneier refer’s to Mifare Classic security as “kindergarden cryptography.”

For an overview of RFID and concomitant security issues, see Grover and Berghel (2011) at http://www.berghel.net/publications/rfid/rfid.pdf.