Introduction into RFID (C) 2005 by Harald Welte During the last couple of years, various different sectors of industry and event government organizations started to talk about RFID technology. The RFID industry makes huge promises, according to which RFID will penetrate our everyday life in the very close future. RFID is used in the ICAO-compliant electronic passports, for electronic ticketing in the public transport sector and for tickets to events such as the soccer world championships in 2006. Studies are performed on the feasability of putting RFID circuitry into every Euro bill. Contrary to those industry promises, there is a growing opposition among civil liberties groups and the data protection community. The fear of abuse of this technology to invade privacy even further is big. The public debate on RFID is mostly on a very high and therefore abstract level. Even within the technical community, there's a severe lack of knowledge when it comes to really understanding RFID. This article tries to give a technical introduction into RFID, summarizing what the author has learned throughout the last year during his research and development. A lot of the ambuguity related to RFID comes from the unclear term "RFID" and it's various abuses. Strictly speaking, "RFID" means "Radio Frequency IDentification" and therefore refers to any technology facilitating identification of items using radio frequency. However, the term is generally used for meny different technologies and concepts. Another common misconception is that most RFID systems in use today are based on standards. To the opposite: In fact they're mostly proprietary systems produced by specific vendors, who obviously all proclaim to have invented an 'industry standard". Even those few RFID protocols that have been standardized by international standardization bodies such as ISO/IEC reflect the usual "either it's done way A, if not it's done way B" paradigm that seems to dominate the whole smart card industry. But that's enough of a rant for now. Overview of an RFID system A RFID system is usually composed of a reader device (which is always called reader, even if it can write) and some (RF)ID tag. Tag: 1) serial number only The most simplistic RFID systems come with read-only "serial number" tags. This basically means that the tag has a vendor-defined serial number (much like a barcode on product packaging), that can only be read. Such systems generally don't employ any form of authentication. 2) WORM tags WORM(write once read many) tags can be written once (usually at the customer site) and read many times. 3)read/write tags. Instead of only being vendor programmable, they are actually (at least partially) user programmable. Since no authentication is performed, anyone with the respective equipment can write to such a tag. 3) read/write with security This variant of tags employ read/writable memory plus some state machines that allow for (mutual) authentication of reader and tag. 4) cryptographic smartcards with RF interface The lateset generation of "tags" are not really "tags" anymore, but rather cryptographic smart cards with an RF interface. This means that you have a whole computer (sometimes called RFIC), including CPU, RAM, ROM, EEPROM, hardware random number generator, hardware crypto, etc. Since such devices originate from the smart card world, they sometimes even come as "dual interface smart cards", i.e. employ both contact based and contactless (RFID) interface. Reader: Readers are usually connected to some computer or network, using standard interfaces such as RS232 ports, serial interfaces, USB, or Ethernet. Unfortuantely, there is no standard either on hardware nor on software level. This means that most RFID applications will be written against specific vendor-rprovided driver or library API's. There's one notable exception: Reader systems employing cryptographic smartcards with RF interface often emulate API's from the contact-based smart card world such as PC/SC or CT-API. RF Interface: Between reader and tag there is some form of an RF interface. The RF interface differs from system to system in many parameters, such as frequency, modulation and operational principle. magnetic coupling: Most of todays RFID systems use a magnetic coupling principle. In such a system, the reader provides a strong magnetic field (H-field). This field is picked up by the antenna of a tag, and used to power the tag. Common frequencies for such magnetically coupled RFID systems are 125kHz and 13.56MHz. Magnetic systems often employ amplitude shift keying for the reader to tag communications channel, and load modulation from tag to the reader. The strong magnetic field only exists in the proximity of the readers' antenna. Thus, magnetically coupled RFID systems are sometimes referred to as "proximity RFID", often with operational ranges less than 10cm. backscatter: A lot of RFID systems under current developemnt operate in the UHF frequency range (868 to 956 MHz, depending on the regulatory domain). They use the electric field of the reader, and employ backscatter modulation from tag to reader. The electrical field extends over longer distance than the magnetic field. Therefore, the operational range of backscatter systems are within tens of metres. SAW: SWA tags use low-power microwave radio signals. The tag converts them to ultrasonic accoustic signals using a piezoelectric crystalline material. Variations of the reflected signal can be used to provide a unique identity such as a serial number. The remaining article will focus on magnetic coupling RFID systems only, since backscatter systems are not widely deployed yet, and therefore of little practical relevance. Protocols and standards: For the commonly-used 13.56MHz based systems, there are two major protocols in use, ISO14443 and ISO15693. ISO15693 seems only be used for "dumb" tag applications, whereas ISO14443 is used frequently with RF interfaced processor smart cards. Besides the "physical layer" issues such as modulation, coding, bit timing, and frequency, there are some other important tasks of an RFID protocol. One of the funamental effects of RFID is the possibility of multiple tags within the operating range of a reader, just like in any other shared medium communication channel. In order to cope with multiple tags, an anticollision procedure has to be specifieid. Some sophisticated protocols (as 14443-4 )even allow a reader to assign logical addresses to individual tags in order to communitace with multiple tags. ISO11784/11785 The ISO11784/11785 series of standards are used for identification of animals. This family of standards operates at 134,2 kHz and uses the magnetic coupling operational principle. It uses load modulation with no subcarrier and employs a bi-phase-code for transmission of 64bit transponder data at 4194 bits/sec. ISO14223 ISO14223 is an extension of 11784/11785 and allows for more data stored on the tag/transponder. ISO10536 ISO10536 describes "close coupling" smart cards, with an operational range of up to 1cm. It employs inductive or capacitive coupling at 4.9152 MHz. Due to this low operational range, they never appeared in widespread use on the market. ISO14443 ISO14443 describes "proximity coupling identification cards". As opposed to ISO10536, this stanrdard has an operational range of up to 10cm. ISO14443 comes in two variants: ISO14443-A and ISO14443-B. They both operate on the same frequency, but with different parameters. 14443A 14443B mod rdr->tag 100%ASK 10%ASK mod tag->rdr load modulation at load modulation at 847kHz, BPSK 847kHz, ASK code rdr->tag modified miller NRZ code tag->rdr manchester NRZ anticol binary search slotted aloha ISO14443-4 specifies an (optional) transport level protocol on top of the lower three layers of the ISO14443 protocol. This transport protocol is sometimes referred to as "T=CL" (transport=contactless). This designation bears its origin in the smart card world, where other protocols such as "T=0" and "T=1" are in widespread use for decades. ISO15693: ISO15693 describes "vicinity coupling" RFID, with an operational range of up to 1m. Like ISO14443, it operates on 13.56 MHz and employs magnetic near-field inductive coupling. This standard again supports various modes, such as 10% or 100% ASK, 1.65kb/s or 26.48kb/s data rate, ASK or FSK based load modulation. ISO18000 series This ISO series is under current development. It intends to specify unique world wide standards for item management. Specifications include operation on 13.56MHz, 2.45GHz, 5.8GHz and the 868 to 956 MHz UHF band. The remaining paper will mostly look at ISO14443, since it is in widespread use today and also used by the electronic Passport system specified by ICAO. A closer look on Readers: There's a variety of readers for the 13.56MHz world, ranging from embedded readr modules to PC-connected readers for USB and serial connections, Ethernet-connected readers as well as readers for handheld devices with CompactFlash interface. As opposed to the contact-based smartcard world where most readers now support the USB CCID standard (to my surprise even non-usb devices!), there is no standardization. Neither does any of the readers - to the best of the authors' knowledge - have any publicly and/or freely available documentation. A similar lack is observed for Linux drivers. If they are available, then often for an extra charge, and in proprietary x86-only format. On the electrical level, a lot of readers are surprisingly equal. Almost all of them seem to use readily available "reader ASICs" of vendors such as TI or Philips. Those ASIC's usually integrate both the analogue RF part (including modulation/demodulation) and the digitial part. They are interfaced by serial (SPI) or parallel address/data bus. As you could have guessed by now, there's again no publicly/freely available documentation on any of the chipsets. After doing some research and re-engineering on commonly-available existing readers, there seems to be a two different basic architectures: 1) active Active readers do all the 14443/15693 processing within a microcontroller of the reader. Advantages of an active design are low latency, high speed and applicability in embedded or remotely connected environments where no host computer could do protocol processing. 2) passive Passive readers simply include the most basic logic to interface the reader ASIC with the external interface. Therefore all protocol processing has to be done on the host system. For obvious reasons, the passive architecture allows for cheaper development and total product cost. The author anticipates that all PC-based readers will eventually become passive. A commonly-available passive reader (Omnikey CardMan 5121) was chosen for the development of librfid. Omnikey CardMan 5121 On the first glance, the cm5121 is a USB CCID contact based smartcard reader. It can be used with vendor-supplied proprietary drievers, or with various freely available CCID reader drivers, such as the OpenCT project. However, the RFID part is simply a Philips CL RC632 reader asic that can be accessed transparently by issuing read/write_byte and read/write_fifo commands via CCID PC_to_RDR_Escape usb messages. The author further obtained a (publicly available, but encrypted) detailed data sheet of the Philips CL RC632 reader asic, which magically decrypted itself by using a couple of days worth of CPU power. The CL RC632 is a multi-protocol reader asic, supporting 14443-A, 14443-B, 15693 as well as the proprietary 14443A-based Mifare system. Using the data sheet, a free and GPL licensed RFID stack could be implemented from scratch. Security Issues Sniffing Like any RF interface, the magnetic RFID interface can be passively sniffed. Due to the use of the H-field in 125kHz and 13.56MHz systems, the possible surveillance range is very slow. Also, given the enormous power constraints within the tag, the power put into the tag->reader channel is very low. Furthermore, the main carrier and the subcarrier are very close in the radio spectrum - while their signal strength differs some 60 to 80 dB. Measurements conducted by the author do not suggest that passive surveilance of ISO 14443 compliant systems is not possible outside a range of 4-5 metres - at least not with DIY equipment. DoS ISO14443-A and -B anticollision systems are subject to denial of service attacks. For 14443-A, such an attack could simply cause one collision for every bit in the address, thus preventing the reader to complete its binary search algoritm and fully select one of the available tags. Authenticity/Confidentiality ISO14443-A doesn't provide any form of security. Any kind of authentication and/or encryption has to be employed at a higher level, such as ISO7816 secure messaging. Compare the system with a TCP/IP stack (level 1..4) with SSL/TLS on top. Proprietary Security The security of vendor-speciifc proprietary systems such as Mifare are based on security by obscurity. The encryption alogorithm is not publicly documented, and only implemented in vendor-supplied hardware, usually the reader ASIC and inside the tag itself. Keys are stored on the tag and in the reader ASIC. Security by obscurity within the software industry generally doesn't work. However, in the hardware world vendors still seems to assume it as a valid paradigm. The key lengths used seem extermely small (40bit). Should the algorithm ever be uncovered, it is expected to compromise the security of the whole system. The arithmetic complexity of the algorithm can only be low, given it's implementation in lowest-cost state-machine-only tags. Therefore it is expected that