summaryrefslogtreecommitdiff
path: root/2005/rfid-ccc_ds2005
diff options
context:
space:
mode:
Diffstat (limited to '2005/rfid-ccc_ds2005')
-rw-r--r--2005/rfid-ccc_ds2005/rfid-datenschleuder-gliederung.txt145
-rw-r--r--2005/rfid-ccc_ds2005/rfid-datenschleuder.txt314
2 files changed, 459 insertions, 0 deletions
diff --git a/2005/rfid-ccc_ds2005/rfid-datenschleuder-gliederung.txt b/2005/rfid-ccc_ds2005/rfid-datenschleuder-gliederung.txt
new file mode 100644
index 0000000..05646e2
--- /dev/null
+++ b/2005/rfid-ccc_ds2005/rfid-datenschleuder-gliederung.txt
@@ -0,0 +1,145 @@
+
+- different types of RFID
+ - serial-number-only
+ - read/writeable memory
+ - read/writeable memory with authentication
+ - processor chip cards (like contact-based)
+
+- physical/electrical characteristics
+ - old 125kHz systems
+ - current 13.56MHz systems
+ - ISO 14443-A
+ - ISO 14443-B
+ - ISO 15693
+ - both 125kHz and 13.56MHz are magnetic H-field systems
+ - reader provides strong magnetic field to provide power to PICC
+ - data from reader to PICC is modulated onto carrier.
+ - PICC uses load modulation to send back replies to reader
+
+- ISO 14443
+ - 14443-1
+ - defines physical layer (e.g. field strength, ...)
+ - 14443-2
+ - 14443-3 A
+ - 100% ASK from reader to PICC
+ - binary search tree anticollision
+ - 14443-3 B
+ - 10% ASK from reader to PICC
+ - slotted aloha anticollision
+ - 14443-4
+ - also called T=CL
+ - datagram-based transport protocol
+ - handles retransmission, ack/nack
+ - optional signal strength signalling
+ - data rates between 106 and 848 kbps
+
+- Mifare
+ - proprietary system by philips
+ - requires philips circuits in tag and reader
+ - authentication using two 40bit? keys
+ - proprietary encryption algoritm
+ - brute-force of 40bit not possible due to slow devices
+
+- ISO 15693
+ - only used by tags, not by smart cards
+
+- STm
+
+- Legic
+
+- Available readers
+ - generally based on either Philips or STM reader ASIC
+ - reader ASIC integrates analogue RF and digital part
+ - typically offer SPI and/or parallel bus interface
+ - host interface either serial or USB (planned: ethernet, see also
+ IETF working group on this subject)
+ - serial readers speak either proprietary protocol or sometimes
+ emulate serial contact-based readers for 14443-4 (T=CL)
+ - stupid readers
+ - only connect reader ASIC to host pc
+ - protocol stack implemented on host pc
+ - intelligent readers
+ - handle protocol stack in firmware of microcontroller in the
+ reader
+ - sometimes even parts of the application are embedded in the
+ reader firmware
+ - problem: often only support very specific
+ protocols/applications
+
+- librfid
+ - implements 14443-1234 and 15693 stack
+ - has hooks for mifare and other proprietary RFID protocols
+ - implements fairly generic driver for Philips CL RC632 ASIC
+ - currently only supports Omnikey CardMan 5121
+ - currently only offers non-standard API for higher-level apps
+ - scheduled to provide OpenCT backend (OpenCT supports CT-API and PC/SC)
+
+- Problems
+ - T=CL looks almost like a layer 4 network protocol, 14443 supports
+ operation of multiple PICC's simultaneously (by using CID
+ addressing). Therefore it looks like a master/slave network
+ protocol.
+ - Current API's for contact based cards (like PC/SC) cannot deal well
+ with multiple PICC's coming and going.
+
+- Passive Sniffing of 14443
+ - dream: ethereal-like program for RFID
+ - h-field decreases tremendously with distance
+ - h-field antennas required
+ - reader -> picc signal strong and easily detected, beyon 10m
+ - picc -> reader signal very weak (60-70dB below reader->picc). so far
+ barely recognizable beyond 3m, even with 1m-loop-antenna
+ - various hardware approaches
+ - using software defined radio (gnuradio)
+ - quite expensive, unless you happen to already have one
+ - flexible, since everything can be done in software
+ - gnuradio-implementation of 14443 on my TODO list
+ - using dedicated demodulation hardware
+ - way cheaper than SDR
+ - 13.56MHz low enough for DIY-hardware
+ - under development by Milosch
+ - using existing reader ASIC, put it in read-only mode
+ - might be feasible, but operation is unlikely due to
+ lack of phase and clock synchronization with external
+ source
+
+- ICAO compliant MRTDs
+ - ICAO already regulates MRZ on current travel documents in Doc 9303
+ - Working group created standards for new MRTD with biometric data
+ - Specifications publicly available
+ - 14443 A or B PICC
+ - ISO 7816-4 (inter-industry commands)
+ - LDS (Logical Data Structure)
+ - DG1
+ - data as printed on passport
+ - DG2
+ - facial JPEG, min 80pixels between eyes
+ - EF.SOD
+ - signature of DG1, DG2
+ - DG_FIXME
+ - optional fingerprint data
+ - Security
+ - passive auth
+ - basic access control
+ - prevents unauthorized reading by refusing
+ access until key derived from MRZ is
+ presented to PICC
+ - probably weak, since key is derived only from
+ DOB, document expiry date and document number
+ - provides session key generation for SM
+ encrypted transport layer
+ - active auth
+ - TR-PKI
+ - each country operates its own root CA
+ - intermediate document signer certificates
+ - country root certificates available via public LDAP
+ - certificates of all recognized countries need to be
+ stored in every inspection system
+ - certificate chain of EF.SOD signature can be verified
+ - specifies CRL polling intervals, etc.
+
+- libicao
+ - aims to implement all required functions for access to ICAO MRTD
+ - basic access control present, but no secure messaging yet
+ - can use OpenCT or PC/SC as underlying API
+
diff --git a/2005/rfid-ccc_ds2005/rfid-datenschleuder.txt b/2005/rfid-ccc_ds2005/rfid-datenschleuder.txt
new file mode 100644
index 0000000..0ef98dc
--- /dev/null
+++ b/2005/rfid-ccc_ds2005/rfid-datenschleuder.txt
@@ -0,0 +1,314 @@
+Introduction into RFID
+(C) 2005 by Harald Welte <laforge@gnumonks.org>
+
+During the last couple of years, various different sectors of industry and
+event government organizations started to talk about RFID technology.
+
+The RFID industry makes huge promises, according to which RFID will penetrate
+our everyday life in the very close future. RFID is used in the ICAO-compliant
+electronic passports, for electronic ticketing in the public transport sector
+and for tickets to events such as the soccer world championships in 2006.
+Studies are performed on the feasability of putting RFID circuitry into every
+Euro bill.
+
+Contrary to those industry promises, there is a growing opposition among civil
+liberties groups and the data protection community. The fear of abuse of this
+technology to invade privacy even further is big.
+
+The public debate on RFID is mostly on a very high and therefore abstract
+level. Even within the technical community, there's a severe lack of knowledge when it comes to really understanding RFID.
+
+This article tries to give a technical introduction into RFID,
+summarizing what the author has learned throughout the last year during his
+research and development.
+
+
+A lot of the ambuguity related to RFID comes from the unclear term "RFID" and
+it's various abuses. Strictly speaking, "RFID" means "Radio Frequency
+IDentification" and therefore refers to any technology facilitating
+identification of items using radio frequency.
+
+However, the term is generally used for meny different technologies and
+concepts.
+
+Another common misconception is that most RFID systems in use today are based
+on standards. To the opposite: In fact they're mostly proprietary systems
+produced by specific vendors, who obviously all proclaim to have invented an
+'industry standard". Even those few RFID protocols that have been standardized
+by international standardization bodies such as ISO/IEC reflect the usual
+"either it's done way A, if not it's done way B" paradigm that seems to
+dominate the whole smart card industry. But that's enough of a rant for now.
+
+
+Overview of an RFID system
+
+A RFID system is usually composed of a reader device (which is always called
+reader, even if it can write) and some (RF)ID tag.
+
+Tag:
+
+1) serial number only
+The most simplistic RFID systems come with read-only "serial number" tags.
+This basically means that the tag has a vendor-defined serial number (much like
+a barcode on product packaging), that can only be read. Such systems generally
+don't employ any form of authentication.
+
+2) WORM tags
+WORM(write once read many) tags can be written once (usually at the customer
+site) and read many times.
+
+3)read/write tags.
+Instead of only being vendor programmable, they are actually (at least
+partially) user programmable. Since no authentication is performed, anyone
+with the respective equipment can write to such a tag.
+
+3) read/write with security
+This variant of tags employ read/writable memory plus some state machines that
+allow for (mutual) authentication of reader and tag.
+
+4) cryptographic smartcards with RF interface
+The lateset generation of "tags" are not really "tags" anymore, but rather
+cryptographic smart cards with an RF interface. This means that you have a
+whole computer (sometimes called RFIC), including CPU, RAM, ROM, EEPROM,
+hardware random number generator, hardware crypto, etc. Since such devices
+originate from the smart card world, they sometimes even come as "dual
+interface smart cards", i.e. employ both contact based and contactless (RFID)
+interface.
+
+
+Reader:
+
+Readers are usually connected to some computer or network, using standard
+interfaces such as RS232 ports, serial interfaces, USB, or Ethernet.
+Unfortuantely, there is no standard either on hardware nor on software level.
+This means that most RFID applications will be written against specific
+vendor-rprovided driver or library API's. There's one notable exception:
+Reader systems employing cryptographic smartcards with RF interface often
+emulate API's from the contact-based smart card world such as PC/SC or CT-API.
+
+
+
+RF Interface:
+
+Between reader and tag there is some form of an RF interface. The RF interface
+differs from system to system in many parameters, such as frequency,
+modulation and operational principle.
+
+magnetic coupling:
+Most of todays RFID systems use a magnetic coupling principle. In such a
+system, the reader provides a strong magnetic field (H-field). This field is
+picked up by the antenna of a tag, and used to power the tag. Common
+frequencies for such magnetically coupled RFID systems are 125kHz and 13.56MHz.
+Magnetic systems often employ amplitude shift keying for the reader to tag
+communications channel, and load modulation from tag to the reader.
+
+The strong magnetic field only exists in the proximity of the readers' antenna.
+Thus, magnetically coupled RFID systems are sometimes referred to as "proximity
+RFID", often with operational ranges less than 10cm.
+
+backscatter:
+A lot of RFID systems under current developemnt operate in the UHF frequency
+range (868 to 956 MHz, depending on the regulatory domain). They use the
+electric field of the reader, and employ backscatter modulation from tag to
+reader. The electrical field extends over longer distance than the magnetic
+field. Therefore, the operational range of backscatter systems are within tens
+of metres.
+
+SAW:
+SWA tags use low-power microwave radio signals. The tag converts them to
+ultrasonic accoustic signals using a piezoelectric crystalline material.
+Variations of the reflected signal can be used to provide a unique identity
+such as a serial number.
+
+The remaining article will focus on magnetic coupling RFID systems only, since
+backscatter systems are not widely deployed yet, and therefore of little
+practical relevance.
+
+
+Protocols and standards:
+
+For the commonly-used 13.56MHz based systems, there are two major protocols in
+use, ISO14443 and ISO15693. ISO15693 seems only be used for "dumb" tag
+applications, whereas ISO14443 is used frequently with RF interfaced processor
+smart cards.
+
+Besides the "physical layer" issues such as modulation, coding, bit timing,
+and frequency, there are some other important tasks of an RFID protocol.
+
+One of the funamental effects of RFID is the possibility of multiple tags
+within the operating range of a reader, just like in any other shared medium
+communication channel.
+
+In order to cope with multiple tags, an anticollision procedure has to be
+specifieid. Some sophisticated protocols (as 14443-4 )even allow a reader to
+assign logical addresses to individual tags in order to communitace with
+multiple tags.
+
+
+ISO11784/11785
+
+The ISO11784/11785 series of standards are used for identification of animals.
+This family of standards operates at 134,2 kHz and uses the magnetic coupling
+operational principle. It uses load modulation with no subcarrier and employs
+a bi-phase-code for transmission of 64bit transponder data at 4194 bits/sec.
+
+ISO14223
+
+ISO14223 is an extension of 11784/11785 and allows for more data stored on the
+tag/transponder.
+
+ISO10536
+
+ISO10536 describes "close coupling" smart cards, with an operational range of
+up to 1cm. It employs inductive or capacitive coupling at 4.9152 MHz. Due to
+this low operational range, they never appeared in widespread use on the market.
+
+ISO14443
+
+ISO14443 describes "proximity coupling identification cards". As opposed to
+ISO10536, this stanrdard has an operational range of up to 10cm.
+
+ISO14443 comes in two variants: ISO14443-A and ISO14443-B. They both operate
+on the same frequency, but with different parameters.
+
+ 14443A 14443B
+mod rdr->tag 100%ASK 10%ASK
+mod tag->rdr load modulation at load modulation at 847kHz, BPSK
+ 847kHz, ASK
+code rdr->tag modified miller NRZ
+code tag->rdr manchester NRZ
+anticol binary search slotted aloha
+
+ISO14443-4 specifies an (optional) transport level protocol on top of the lower
+three layers of the ISO14443 protocol. This transport protocol is sometimes
+referred to as "T=CL" (transport=contactless). This designation bears its
+origin in the smart card world, where other protocols such as "T=0" and "T=1"
+are in widespread use for decades.
+
+
+ISO15693:
+
+ISO15693 describes "vicinity coupling" RFID, with an operational range of up
+to 1m. Like ISO14443, it operates on 13.56 MHz and employs magnetic near-field
+inductive coupling.
+
+This standard again supports various modes, such as 10% or 100% ASK, 1.65kb/s
+or 26.48kb/s data rate, ASK or FSK based load modulation.
+
+ISO18000 series
+
+This ISO series is under current development. It intends to specify unique
+world wide standards for item management. Specifications include operation
+on 13.56MHz, 2.45GHz, 5.8GHz and the 868 to 956 MHz UHF band.
+
+The remaining paper will mostly look at ISO14443, since it is in widespread use
+today and also used by the electronic Passport system specified by ICAO.
+
+
+A closer look on Readers:
+There's a variety of readers for the 13.56MHz world, ranging from embedded
+readr modules to PC-connected readers for USB and serial connections,
+Ethernet-connected readers as well as readers for handheld devices with
+CompactFlash interface.
+
+As opposed to the contact-based smartcard world where most readers now support
+the USB CCID standard (to my surprise even non-usb devices!), there is no
+standardization. Neither does any of the readers - to the best of the authors'
+knowledge - have any publicly and/or freely available documentation. A similar
+lack is observed for Linux drivers. If they are available, then often for an
+extra charge, and in proprietary x86-only format.
+
+On the electrical level, a lot of readers are surprisingly equal. Almost all
+of them seem to use readily available "reader ASICs" of vendors such as TI or
+Philips. Those ASIC's usually integrate both the analogue RF part (including
+modulation/demodulation) and the digitial part. They are interfaced by serial
+(SPI) or parallel address/data bus. As you could have guessed by now, there's
+again no publicly/freely available documentation on any of the chipsets.
+
+After doing some research and re-engineering on commonly-available existing
+readers, there seems to be a two different basic architectures:
+
+1) active
+Active readers do all the 14443/15693 processing within a microcontroller of
+the reader. Advantages of an active design are low latency, high speed and
+applicability in embedded or remotely connected environments where no host
+computer could do protocol processing.
+
+2) passive
+Passive readers simply include the most basic logic to interface the reader
+ASIC with the external interface. Therefore all protocol processing has to be
+done on the host system.
+
+For obvious reasons, the passive architecture allows for cheaper development
+and total product cost. The author anticipates that all PC-based readers will
+eventually become passive. A commonly-available passive reader (Omnikey
+CardMan 5121) was chosen for the development of librfid.
+
+
+Omnikey CardMan 5121
+
+On the first glance, the cm5121 is a USB CCID contact based smartcard reader.
+It can be used with vendor-supplied proprietary drievers, or with various
+freely available CCID reader drivers, such as the OpenCT project.
+
+However, the RFID part is simply a Philips CL RC632 reader asic that can be
+accessed transparently by issuing read/write_byte and read/write_fifo commands
+via CCID PC_to_RDR_Escape usb messages.
+
+The author further obtained a (publicly available, but encrypted) detailed data
+sheet of the Philips CL RC632 reader asic, which magically decrypted itself by
+using a couple of days worth of CPU power.
+
+The CL RC632 is a multi-protocol reader asic, supporting 14443-A, 14443-B,
+15693 as well as the proprietary 14443A-based Mifare system.
+
+Using the data sheet, a free and GPL licensed RFID stack could be implemented
+from scratch.
+
+
+Security Issues
+
+Sniffing
+Like any RF interface, the magnetic RFID interface can be passively sniffed.
+Due to the use of the H-field in 125kHz and 13.56MHz systems, the possible
+surveillance range is very slow. Also, given the enormous power constraints
+within the tag, the power put into the tag->reader channel is very low.
+Furthermore, the main carrier and the subcarrier are very close in the radio
+spectrum - while their signal strength differs some 60 to 80 dB.
+
+Measurements conducted by the author do not suggest that passive surveilance of
+ISO 14443 compliant systems is not possible outside a range of 4-5 metres - at
+least not with DIY equipment.
+
+
+DoS
+ISO14443-A and -B anticollision systems are subject to denial of service
+attacks.
+
+For 14443-A, such an attack could simply cause one collision for every bit in
+the address, thus preventing the reader to complete its binary search algoritm
+and fully select one of the available tags.
+
+Authenticity/Confidentiality
+ISO14443-A doesn't provide any form of security. Any kind of authentication
+and/or encryption has to be employed at a higher level, such as ISO7816 secure
+messaging. Compare the system with a TCP/IP stack (level 1..4) with SSL/TLS on
+top.
+
+Proprietary Security
+The security of vendor-speciifc proprietary systems such as Mifare are based on
+security by obscurity. The encryption alogorithm is not publicly documented,
+and only implemented in vendor-supplied hardware, usually the reader ASIC and
+inside the tag itself. Keys are stored on the tag and in the reader ASIC.
+
+Security by obscurity within the software industry generally doesn't work.
+However, in the hardware world vendors still seems to assume it as a valid
+paradigm.
+
+The key lengths used seem extermely small (40bit). Should the algorithm ever
+be uncovered, it is expected to compromise the security of the whole system.
+The arithmetic complexity of the algorithm can only be low, given it's
+implementation in lowest-cost state-machine-only tags. Therefore it is
+expected that
+
+
personal git repositories of Harald Welte. Your mileage may vary