- different types of RFID - serial-number-only - read/writeable memory - read/writeable memory with authentication - processor chip cards (like contact-based) - physical/electrical characteristics - old 125kHz systems - current 13.56MHz systems - ISO 14443-A - ISO 14443-B - ISO 15693 - both 125kHz and 13.56MHz are magnetic H-field systems - reader provides strong magnetic field to provide power to PICC - data from reader to PICC is modulated onto carrier. - PICC uses load modulation to send back replies to reader - ISO 14443 - 14443-1 - defines physical layer (e.g. field strength, ...) - 14443-2 - 14443-3 A - 100% ASK from reader to PICC - binary search tree anticollision - 14443-3 B - 10% ASK from reader to PICC - slotted aloha anticollision - 14443-4 - also called T=CL - datagram-based transport protocol - handles retransmission, ack/nack - optional signal strength signalling - data rates between 106 and 848 kbps - Mifare - proprietary system by philips - requires philips circuits in tag and reader - authentication using two 40bit? keys - proprietary encryption algoritm - brute-force of 40bit not possible due to slow devices - ISO 15693 - only used by tags, not by smart cards - STm - Legic - Available readers - generally based on either Philips or STM reader ASIC - reader ASIC integrates analogue RF and digital part - typically offer SPI and/or parallel bus interface - host interface either serial or USB (planned: ethernet, see also IETF working group on this subject) - serial readers speak either proprietary protocol or sometimes emulate serial contact-based readers for 14443-4 (T=CL) - stupid readers - only connect reader ASIC to host pc - protocol stack implemented on host pc - intelligent readers - handle protocol stack in firmware of microcontroller in the reader - sometimes even parts of the application are embedded in the reader firmware - problem: often only support very specific protocols/applications - librfid - implements 14443-1234 and 15693 stack - has hooks for mifare and other proprietary RFID protocols - implements fairly generic driver for Philips CL RC632 ASIC - currently only supports Omnikey CardMan 5121 - currently only offers non-standard API for higher-level apps - scheduled to provide OpenCT backend (OpenCT supports CT-API and PC/SC) - Problems - T=CL looks almost like a layer 4 network protocol, 14443 supports operation of multiple PICC's simultaneously (by using CID addressing). Therefore it looks like a master/slave network protocol. - Current API's for contact based cards (like PC/SC) cannot deal well with multiple PICC's coming and going. - Passive Sniffing of 14443 - dream: ethereal-like program for RFID - h-field decreases tremendously with distance - h-field antennas required - reader -> picc signal strong and easily detected, beyon 10m - picc -> reader signal very weak (60-70dB below reader->picc). so far barely recognizable beyond 3m, even with 1m-loop-antenna - various hardware approaches - using software defined radio (gnuradio) - quite expensive, unless you happen to already have one - flexible, since everything can be done in software - gnuradio-implementation of 14443 on my TODO list - using dedicated demodulation hardware - way cheaper than SDR - 13.56MHz low enough for DIY-hardware - under development by Milosch - using existing reader ASIC, put it in read-only mode - might be feasible, but operation is unlikely due to lack of phase and clock synchronization with external source - ICAO compliant MRTDs - ICAO already regulates MRZ on current travel documents in Doc 9303 - Working group created standards for new MRTD with biometric data - Specifications publicly available - 14443 A or B PICC - ISO 7816-4 (inter-industry commands) - LDS (Logical Data Structure) - DG1 - data as printed on passport - DG2 - facial JPEG, min 80pixels between eyes - EF.SOD - signature of DG1, DG2 - DG_FIXME - optional fingerprint data - Security - passive auth - basic access control - prevents unauthorized reading by refusing access until key derived from MRZ is presented to PICC - probably weak, since key is derived only from DOB, document expiry date and document number - provides session key generation for SM encrypted transport layer - active auth - TR-PKI - each country operates its own root CA - intermediate document signer certificates - country root certificates available via public LDAP - certificates of all recognized countries need to be stored in every inspection system - certificate chain of EF.SOD signature can be verified - specifies CRL polling intervals, etc. - libicao - aims to implement all required functions for access to ICAO MRTD - basic access control present, but no secure messaging yet - can use OpenCT or PC/SC as underlying API