Security Analysis of a Cryptographically Enabled RFID Device Stephen C Bono Matthew Green Adam Stubblefield Aviel D Rubin Abstract We describe our success in defeating the security of an RFID device known as a Digital Signature Transponder DST Manufactured by Texas Instruments DST and variant devices help secure millions of SpeedPassTM payment transponders and automobile ignition keys Our analysis of the DST involved three phases 1 Reverse engineering Starting from a rough published schematic we determined the complete functional details of the cipher underpinning the challenge response protocol in the DST We accomplished this with only oracle or black box access to an ordinary DST that is by experimental observation of responses output by the device 2 Key cracking The key length for the DST is only 40 bits With an array of of sixteen FPGAs operating in parallel we can recover a DST key in under an hour using two responses to arbitrary challenges 3 Simulation Given the key and serial number of a DST we are able to simulate its RF output so as to spoof a reader As validation of our results we purchased gasoline at a service station and started an automobile using simulated DST devices We accomplished all of these steps using inexpensive off the shelf equipment and with minimal RF expertise This suggests that an attacker with modest resources can emulate a target DST after brief short range scanning or long range eavesdropping across several authentication sessions We conclude that the cryptographic protection afforded by the DST device is relatively weak Key words Digital Signature Transponder DST immobilizer Hellman time space tradeoff RFID Department of Computer Science The Johns Hopkins University 3400 N Charles Street Baltimore MD 21218 USA Email sbono mgreen astubble rubin cs jhu edu RSA Laboratories 174 Middlesex Turnpike MA 01739 USA Email ajuels mszydlo rsasecurity com USENIX Association Ari Juels Michael Szydlo 1 Introduction Radio Frequency IDentification RFID is a general term for small wireless devices that emit unique identifiers upon interrogation by RFID readers Ambitious deployment plans by Wal mart and other large organizations over the next couple of years have prompted intense commercial and scientific interest in RFID 23 The form of RFID device likely to see the broadest use particularly in commercial supply chains is known as an EPC Electronic Product Code tag This is the RFID device specified in the Class 1 Generation 2 standard recently ratified by a major industry consortium known as EPCglobal 9 19 EPC tags are designed to be very inexpensive and may soon be available for as little as five cents unit in large quantities according to some projections 21 20 They are sometimes viewed in effect as wireless barcodes They aim to provide identification but not digital authentication Indeed a basic EPC tag lacks sufficient circuitry to implement even symmetrickey cryptographic primitives 21 The term RFID however denotes not just EPC tags but a spectrum of wireless devices of varying capabilities More sophisticated and expensive RFID devices can offer cryptographic functionality and therefore support authentication protocols One of the most popular of such devices is known as a Digital Signature Transponder DST Manufactured by Texas Instruments DSTs are deployed in several applications that are notable for wide scale deployment and the high costs financial and otherwise of a large scale security breach These include Vehicle Immobilizers More than 150 million vehicle immobilizer keys shipped with many current automobiles including e g 2005 model Fords 7 use Texas Instruments low frequency RFID transponders This number includes systems with fixed code transponders that provide no cryptographic security as well as newer models 14th USENIX Security Symposium 1 equipped with DSTs Immobilizers deter vehicle theft by interrogating an RFID transponder embedded in the ignition key as a condition of enabling the fuel injection system of the vehicle The devices have been credited with significant reductions in auto theft rates as much as 90 1 8 Electronic Payment DSTs are used in the ExxonMobil SpeedPassTM system with more than seven million cryptographically enabled keychain tags accepted at 10 000 locations worldwide 2 A DST consists of a small microchip and antenna coil encapsulated in a plastic or glass capsule It is a passive device which is to say that it does not contain an onboard source of power but rather receives its power via electromagnetic inductance from the interrogation signal transmitted by the reading device This design choice allows for a compact design and long transponder life A DST contains a secret 40 bit cryptographic key that is field programmable via RF command In its interaction with a reader a DST emits a factory set 24 bit identifier and then authenticates itself by engaging in a challenge response protocol The reader initiates the protocol by transmitting a 40 bit challenge The DST encrypts this challenge under its key and truncating the resulting ciphertext returns a 24 bit response It is thus the secrecy of the key that ultimately protects the DST against cloning and simulation In this paper we describe our success in attacking the Texas Instruments DST system We are able to recover the secret cryptographic key from a target DST device after harvesting just two challenge response pairs For arbitrary challenge response pairs we are able to recover a key in under an hour using an array of sixteen FPGAs When the challenge response pairs derive from pre determined challenges i e in a chosen plaintext attack a time space trade off is possible reducing the cracking time to a matter of minutes The full details of this chosen response attack will appear in a future version of this work Once we have recovered a key we are able to use an inexpensive commodity RF device to clone the target DST that is to simulate its radio output so as to convince a reader In consequence we show how an attacker with modest resources just a few hundred dollars worth of commodity equipment and a PC can defeat the DST system Such an attacker can succeed upon actively skimming a DST that is scanning it at short range for a fraction of a second With additional use of an FPGA an attacker can feasibly simulate a target DST after merely intercepting multiple authentication transcripts at longer range To validate our attack we extracted the key from our own SpeedPassTM token and
View Full Document
Unlocking...