AI helps you reading Science

AI generates interpretation videos

AI extracts and analyses the key points of the paper to generate videos automatically


pub
Go Generating

AI Traceability

AI parses the academic lineage of this thesis


Master Reading Tree
Generate MRT

AI Insight

AI extracts a summary of this paper


Weibo:
The authors hope that future cryptographic Radio-Frequency IDentification system designers will embrace a critical lesson preached by the scientific community: Cryptographic hardware systems are generally strongest when they employ industry standard cryptographic algorithms with ...

Security analysis of a cryptographically-enabled RFID device

USENIX Security, pp.1-1, (2005)

Cited by: 375|Views148
EI
Full Text
Bibtex
Weibo

Abstract

We describe our success in defeating the security of an RFID device known as a Digital Signature Transponder (DST). Manufactured by Texas Instruments, DST (and variant) devices help secure millions of SpeedPassTM payment transponders and automobile ignition keys. Our analysis of the DST involved three phases: 1. Reverse engineering: Start...More

Code:

Data:

0
Introduction
  • Radio-Frequency IDentification (RFID) is a general term for small, wireless devices that emit unique identifiers upon interrogation by RFID readers.
  • The form of RFID device likely to see the broadest use, in commercial supply chains, is known as an EPC (Electronic Product Code) tag.
  • EPC tags are designed to be very inexpensive – and may soon be available for as little as five cents/unit in large quantities according to some projections [21, 20]
  • They are sometimes viewed in effect as wireless barcodes: They aim to provide identification, but not digital authentication.
  • A basic EPC tag lacks sufficient circuitry to implement even symmetrickey cryptographic primitives [21]
Highlights
  • Radio-Frequency IDentification (RFID) is a general term for small, wireless devices that emit unique identifiers upon interrogation by Radio-Frequency IDentification readers
  • We conclude that the cryptographic protection afforded by the Digital Signature Transponder device is relatively weak
  • The form of Radio-Frequency IDentification device likely to see the broadest use, in commercial supply chains, is known as an EPC (Electronic Product Code) tag. This is the Radio-Frequency IDentification device specified in the Class 1 Generation 2 standard recently ratified by a major industry consortium known as EPCglobal [9, 19]
  • The most straightforward architectural fix to the problems we describe here is simple: The underlying cryptography should be based on a standard, publicly scrutinized algorithm with an adequate key length, e.g., the Advanced Encryption Standard (AES) in its 128-bit form, or more appropriately for this application, HMACSHA1 [15]
  • The weakness we have demonstrated in the TI system is due to the inadequate key-length of the underlying DST40 cipher
  • The authors hope that future cryptographic Radio-Frequency IDentification system designers will embrace a critical lesson preached by the scientific community: Cryptographic hardware systems are generally strongest when they employ industry standard cryptographic algorithms with key lengths sufficient to endure over the life of the devices and assets they protect
Results
  • Significant declines in automobile theft rates – up to 90% – have been attributed to immobilizers during their initial introduction.
Conclusion
  • The weakness the authors have demonstrated in the TI system is due to the inadequate key-length of the underlying DST40 cipher.
  • It is quite possible, that cryptanalysis will reveal weaknesses in the cipher itself.
  • The authors have preliminary experimental evidence that promises effective cryptanalytic attack.
  • This would improve the efficacy of the attacks the authors have described.
  • The authors hope that future cryptographic RFID system designers will embrace a critical lesson preached by the scientific community: Cryptographic hardware systems are generally strongest when they employ industry standard cryptographic algorithms with key lengths sufficient to endure over the life of the devices and assets they protect
Related work
  • The pre-eminent historical example of black-box reverse-engineering of a cipher was the reconstruction of the Japanese Foreign Office cipher Purple during the Second World War. Under the leadership of William F. Friedman, the United States Signals Intelligence Service performed the feat of duplicating the Purple enciphering machine without ever having physical access to one [13].

    There are a number of well known contemporary examples of the reverse-engineering of proprietary cryptographic algorithms. For example, the RC4 cipher, formerly protected as a trade secret by RSA Data Security Inc., was publicly leaked in 1994 as the result of what was believed to be reverse-engineering of software implementations [4]. The A5/1 and A5/2 ciphers, employed for confidentiality in GSM phones, were likewise publicly disclosed as a result of reverse engineering. The exact method of reverse-engineering has not been disclosed, although the source was purportedly “an actual GSM phone” [6].
Reference
  • Automotive immobilizer anti-theft systems experience rapid growth in 1999, 1 June 1999. Texas Instruments Press Release. Available at http://www.ti.com/tiris/docs/news/news releases/90s/rel06-01-99.shtml.
    Findings
  • SpeedpassTM Press Kit Fact Sheet, June 2004. Referenced at http://www.exxonmobil.com/corporate/files/
    Findings
  • Security and privacy in rfid systems, 2005. Web-based bibliography. Referenced at http://lasecwww.epfl.ch/gavoine/rfid/.
    Locate open access versionFindings
  • AN0NYM0US USER. RC4?, September 199Sci.crypt posting.
    Google ScholarFindings
  • BIHAM, E., AND SHAMIR, A. Differential fault analysis of secret key cryptosystems. In CRYPTO ’97 (1997), B. Kaliski, Ed., SpringerVerlag, pp. 513–525.
    Google ScholarFindings
  • BIRYUKOV, A., SHAMIR, A., AND WAGNER, D. Real time cryptanalysis of A5/1 on a PC. In Fast Software Encryption (FSE) (2000), pp. 1 – 18.
    Google ScholarLocate open access versionFindings
  • 2004. Slide presentation. Referenced at http://www.ris.averydennison.com/ris/ris2site.nsf/
    Findings
  • ELECTRONICS, R. P. Identification applications car immobilization, 2005. Web page. Referenced at http://www.semiconductors.philips.com/markets/identification/products/automotive/transponders/ Contains links to data sheets.
    Locate open access versionFindings
  • EPCglobal Web site. http://www.epcglobalinc.org, 2005.
    Findings
  • GILMORE, J. EFF builds DES cracker that proves that data encryption standard is insecure. EFF press release (July 1998).
    Google ScholarFindings
  • GORDON, J., KAISER, U., AND SABETTI, T. A low cost transponder for high security vehicle immobilizers. In 29th ISATA Automotive Symposium (3-6 June 1996).
    Google ScholarLocate open access versionFindings
  • HELLMAN, M. A cryptanalytic time-memory trade-off. IEEE Transactions on Information Theory 26, 4 (July 1980), 410–416.
    Google ScholarLocate open access versionFindings
  • KAHN, D. The Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet. Macmillan, 1996.
    Google ScholarFindings
  • KAISER, U. Universal immobilizer crypto engine. In Fourth Conference on the Advanced Encryption Standard (AES) (2004). Guest presentation. Slides referenced at http://www.aes4.org/english/events/aes4/program.html.
    Locate open access versionFindings
  • KRAWCZYK, H., BELLARE, M., AND CANETTI, R. HMAC: Keyed-hashing for message authentication. Internet Request For Comments (RFC) 2104 (February 1997).
    Google ScholarFindings
  • OF INVESTIGATION (FBI), F. B. Uniform crime report, 2003. Referenced at http://www.fbi.gov/ucr/03cius.htm.
    Findings
  • QUISQUATER, J., AND STANDAERT, F. Exhaustive key search of the DES: Updates and refinements. SHARCS 2005 (2005).
    Google ScholarLocate open access versionFindings
  • QUISQUATER, J.-J., STANDAERT, F.-X., ROUVROY, G., DAVID, J.-P., AND LEGAT, J.-D. A cryptanalytic time-memory tradeoff: First FPGA implementation, 2002.
    Google ScholarFindings
  • ROBERTI, M. EPCglobal ratifies Gen 2 standard. RFID Journal (16 Dec. 2004). Referenced at http://www.rfidjournal.com/article/articleview/1293/1/1/.
    Locate open access versionFindings
  • SARMA, S. Towards the five-cent tag. Tech. Rep. MIT-AUTOID-WH-006, MIT Auto ID Center, 2001. Referenced at http://www.epcglobalinc.org.
    Findings
  • SARMA, S. E., WEIS, S. A., AND ENGELS, D. Radio-frequency-identification security risks and challenges. rsa laboratories. CryptoBytes 6, 1 (2003).
    Google ScholarLocate open access versionFindings
  • SCHNEIER, B., AND KELSEY, J. Unbalanced feistel networks and block cipher design. In Fast Software Encryption (FSE) (1996), p. 121144.
    Google ScholarLocate open access versionFindings
  • SULLIVAN, L. Wal-Mart oulines RFID expansion plans. InformationWeek (17 June 2004).
    Google ScholarLocate open access versionFindings
  • YOSHIDA, J. Tests reveal e-passport security flaw. EE Times (30 August 2004). Referenced at http://www.eedesign.com/news/showArticle.jhtml?articleID=45400010.
    Locate open access versionFindings
Your rating :
0

 

Tags
Comments
数据免责声明
页面数据均来自互联网公开来源、合作出版商和通过AI技术自动分析结果,我们不对页面数据的有效性、准确性、正确性、可靠性、完整性和及时性做出任何承诺和保证。若有疑问,可以通过电子邮件方式联系我们:report@aminer.cn
小科