Introduction into RFID
During the last couple of years, various different sectors of industry and
event government organizations started to advertise and deploy RFID technology.
The RFID industry makes huge promises, according to which RFID will penetrate
our everyday life in the very close future. As an example, RFID is used in the
ICAO-compliant electronic passports, for electronic ticketing in the public
transport sector and for tickets to events such as the soccer world
championships in 2006. Studies have been performed on the feasability of putting
RFID circuitry into every Euro bill.
Contrary to those industry promises, there is a growing opposition among civil
liberties groups and the data protection community. The fear of abuse of this
technology to invade privacy even further is big.
The public debate on RFID is mostly on a very high and therefore abstract
level. Even within the technical community, there's a severe lack of knowledge
when it comes to really understanding RFID.
This article tries to give a technical introduction into RFID,
summarizing what the author has learned throughout the last year during his
research and development.
What is RFID?
A lot of the ambuguity related to RFID comes from the unclear terminology.
Strictly speaking, "RFID" means "Radio Frequency IDentification" and therefore
refers to any technology facilitating identification of items using radio
frequency.
However, in reality the term "RFID" is used for meny different technologies and
concepts.
Another frequent misconception is that most RFID systems in use today are based
on standards. To the opposite: In fact they're mostly proprietary systems
produced by specific vendors, who obviously all proclaim to have invented an
'industry standard". Even those few RFID protocols that have been standardized
by international standardization bodies such as ISO/IEC reflect the usual
"either it's done way A, if not it's done way B" paradigm that seems to
dominate the whole smart card industry. But that's enough of a rant for now.
Components of an RFID system
A RFID system is usually composed of a reader device (which is always called
reader, even if it can write) and some (RF)ID tag, sometimes referred to as
transponder.
Tag (or Transponder)
1-bit Tags
1-bit tags don't really provide any form of identification. A 1-bit RFID
system can only tell whether (at least) one tag is within reach of the reader.
While this is quite limited, it still has one very popular application:
Preventing theft of items from a store.
Serial Number Tags
The most simplistic RFID systems come with read-only "serial number" tags.
This basically means that the tag has a vendor-defined serial number (much like
a barcode on product packaging), that can only be read. Such systems generally
don't employ any form of authentication.
WORM Tags
Instead of vendor-programmed serial numbers, WORM(write once read many) tags
can be written once (usually at the customer site) and read many times.
Read/Write Tags
Read/Write tags can be read and written a large number of times. r/w tags can be
seen analogous to synchronous memory chip cards in the contact-based world.
Read/Write with "passive" security
This variant of tags employ read/writable memory plus some state machines that
allow for (mutual) authentication of reader and tag, and/or encryption of the
transferred data.
Cryptographic Smartcards with RF Interface
The lateset generation of "tags" are not really tags anymore, but rather
cryptographic smart cards with an RF interface. This means that you have a
whole computer (sometimes called RFIC), including CPU, RAM, ROM, EEPROM,
hardware random number generator, hardware crypto, etc. inside the "tag".
Since such devices originate from the contact-based smart card world, they
sometimes even are available as "dual interface smart cards", i.e. employ both
contact-based and contactless (RFID) interface.
Reader
Readers (sometimes called proximity coupling devices, PCDs) are usually
connected to some computer or network, using standard interfaces such as RS232
ports, serial interfaces, USB, or Ethernet. Unfortuantely, there is no
standard either on hardware nor on software level. This means that most RFID
applications will be written against specific vendor-rprovided driver or
library API's.
There's one notable exception: Reader systems employing cryptographic
smartcards with RF interface often emulate API's from the contact-based smart
card world such as PC/SC or CT-API.
RF Interface
Between reader and tag there is some form of an RF interface. The RF interface
differs from system to system in many parameters, such as frequency,
modulation and operational principle.
Magnetic Coupling
Most of todays RFID systems use a magnetic coupling principle. In such a
system, the reader provides a strong magnetic field (H-field). This field is
picked up by the antenna of a tag, and used to power the tag. Common
frequencies for such magnetically coupled RFID systems are 125kHz and 13.56MHz.
Magnetic systems often employ amplitude shift keying for the reader to tag
communications channel, and load modulation from tag to the reader.
The strong magnetic field only exists in the proximity of the readers' antenna.
Thus, magnetically coupled RFID systems are sometimes referred to as "proximity
or vicinity RFID", often with operational ranges less than 10cm.
The remaining article will focus on magnetic coupling RFID systems only, since
backscatter systems are not widely deployed yet, and therefore of little
practical relevance.
Backscatter
A lot of RFID systems under current developemnt operate in the UHF frequency
range (868 to 956 MHz, depending on the regulatory domain). They use the
electric field of the reader, and employ backscatter modulation from tag to
reader. The electrical field extends over longer distance than the magnetic
field. Therefore, the operational range of backscatter systems are within tens
of metres.
Surface Accoustic Wave
SAW tags use low-power microwave radio signals. The tag converts them to
ultrasonic accoustic signals using a piezoelectric crystalline material.
Variations of the reflected signal can be used to provide a unique identity
such as a serial number.
Protocols and Standards
For the commonly-used 13.56MHz based systems, there are two major protocols in
use, ISO 14443 and ISO 15693. ISO 15693 seems only be used for "dumb" tag
applications, whereas ISO 14443 is used frequently with RF interfaced processor
smart cards.
Besides the "physical layer" issues such as modulation, coding, bit timing,
and frequency, there are some other important tasks of an RFID protocol.
One of the funamental effects of RFID is the possibility of multiple tags
within the operating range of a reader, just like in any other shared medium
communication channel.
In order to cope with multiple tags, an anticollision procedure has to be
specifieid. Some sophisticated protocols (as 14443-4 )even allow a reader to
assign logical addresses to individual tags in order to communitace with
multiple tags.
ISO 11784 / 11785
The ISO 11784 / 11785 series of standards are used for identification of animals.
This family of standards operates at 134,2 kHz and uses the magnetic coupling
operational principle. It uses load modulation with no subcarrier and employs
a bi-phase-code for transmission of 64bit transponder data at 4194 bits/sec.
ISO 14223
ISO 14223 is an extension of 11784/11785 and allows for more data stored on the
tag/transponder.
ISO 10536
ISO 10536 describes "close coupling" smart cards, with an operational range of
up to 1cm. It employs inductive or capacitive coupling at 4.9152 MHz. Due to
this low operational range, they never appeared in widespread use on the market.
ISO 14443
ISO 14443 describes "proximity coupling identification cards". As opposed to
ISO 10536, this standard has an operational range of up to 10cm.
ISO 14443 has two variants: ISO 14443-A and ISO 14443-B. They both operate
on the same frequency, but with different parameters.
Parameter
ISO 14443-A
ISO 14443-B
Modulation Reader->Tag100% ASK10% ASK
Modulation Tag->Readerload modulation at 847kHz subcarrier, ASKload modulation at 847kHz subcarrier, BPSK
Code Reader->TagModified MillerNRZ
Code Tag->ReaderManchesterNRZ
AnticollisionBinary SearchSlotted ALOHA
ISO 14443-4 specifies an (optional) transport level protocol on top of the lower
three layers of the ISO 14443 protocol. This transport protocol is sometimes
referred to as "T=CL" (transport=contactless). This designation bears its
origin in the smart card world, where other protocols such as "T=0" and "T=1"
are in widespread use for decades.
The remaining paper will mostly look at ISO 14443, since it is in widespread use
today and also used by the electronic Passport system specified by ICAO.
ISO 15693
ISO 15693 describes "vicinity coupling" RFID, with an operational range of up
to 1m. Like ISO 14443, it operates on 13.56 MHz and employs magnetic near-field
inductive coupling.
This standard again supports various modes, such as 10% or 100% ASK, 1.65kb/s
or 26.48kb/s data rate, ASK or FSK based load modulation.
Given the big distance between reader and tag, it is very unlikely that high
power consumption processor smart cards will be developed for this standard.
ISO 18000 series
This ISO series is under current development. It intends to specify unique
world wide standards for item management. Specifications include operation
on 13.56MHz, 2.45GHz, 5.8GHz and the 868 to 956 MHz UHF band.
A closer look on Readers
There's a variety of readers for the 13.56MHz world, ranging from embedded
reader modules to PC-connected readers for USB and serial connections,
Ethernet-connected readers as well as readers for handheld devices with
CompactFlash interface.
As opposed to the contact-based smartcard world where most readers now support
the USB CCID standard (to my surprise even non-usb devices!), there is no
standardization. Neither does any of the readers - to the best of the authors'
knowledge - have any publicly and/or freely available documentation. A similar
lack is observed for Linux drivers. If they are available, then often for an
extra charge, and in proprietary x86-only format.
On the electrical level, a lot of readers are surprisingly equal. Almost all
of them seem to use readily available "reader ASICs" of vendors such as TI or
Philips. Those ASIC's usually integrate both the analogue RF part (including
modulation/demodulation) and the digitial part. They are interfaced by serial
(SPI) or parallel address/data bus. As you could have guessed by now, there's
again no publicly/freely available documentation on any of the chipsets.
After doing some research and re-engineering on commonly-available existing
readers, there seems to be a two different basic architectures:
Active Readers
Active readers do all the 14443/15693 processing within a microcontroller of
the reader. Advantages of an active design are low latency, high speed and
applicability in embedded or remotely connected environments where no host
computer could do protocol processing.
Passive Readers
Passive readers simply include the most basic logic to interface the reader
ASIC with the external interface. Therefore all protocol processing has to be
done on the host system.
For obvious reasons, the passive architecture allows for cheaper development
and total product cost. The author anticipates that all PC-based readers will
eventually become passive. A commonly-available passive reader (Omnikey
CardMan 5121) was chosen for the development of librfid.
Omnikey CardMan 5121
On the first glance, the cm5121 is a USB CCID contact based smartcard reader.
It can be used with vendor-supplied proprietary drievers, or with various
freely available CCID reader drivers, such as the OpenCT project.
However, the RFID part is simply a Philips CL RC632 reader asic that can be
accessed transparently by issuing read/write_byte and read/write_fifo commands
via CCID PC_to_RDR_Escape usb messages.
The author further obtained a (publicly available, but encrypted) detailed data
sheet of the Philips CL RC632 reader asic, which magically decrypted itself by
using a couple of days worth of CPU power.
The CL RC632 is a multi-protocol reader asic, supporting 14443-A, 14443-B,
15693 as well as the proprietary 14443A-based Mifare system.
Using the data sheet, a free and GPL licensed RFID stack could be implemented
from scratch.
Security Issues
Eavesdropping
Like any RF interface, the magnetic RFID interface can be passively sniffed.
Due to the use of the H-field in 125kHz and 13.56MHz systems, the possible
surveillance range is very slow. Also, given the enormous power constraints
within the tag, the power put into the tag->reader channel is very low.
Furthermore, the main carrier and the subcarrier are very close in the radio
spectrum - while their signal strength differs some 60 to 80 dB.
Measurements conducted by the author do not suggest that passive surveilance of
ISO 14443 compliant systems is not possible outside a range of 4-5 metres - at
least not with DIY equipment.
Denial of Service
ISO 14443-A and -B anticollision systems are subject to denial of service
attacks.
For 14443-A, such an attack could simply cause one collision for every bit in
the address, thus preventing the reader to complete its binary search algoritm
and fully select one of the available tags.
There have already been public demonstrations of "blocker tags" which employ
such a technique to prevent other tags in the vicinity of the blocker tag from
being read.
Authenticity/Confidentiality
ISO 14443-A doesn't provide any form of security. Any kind of authentication
and/or encryption has to be employed at a higher level, such as ISO 7816 secure
messaging. Compare the system with a TCP/IP stack (level 1..4) with SSL/TLS on
top.
Proprietary Security
The security of vendor-speciifc proprietary systems such as Mifare are based on
security by obscurity. The encryption alogorithm is not publicly documented,
and only implemented in vendor-supplied hardware, usually the reader ASIC and
inside the tag itself. Keys are stored on the tag and in the reader ASIC.
Security by obscurity within the software industry generally doesn't work.
However, in the hardware world vendors still seems to assume it as a valid
paradigm.
The key lengths used in many proprietary systems seem extermely small (40bit,
sometimes even only 24 bit). Should the algorithm ever be uncovered, it is
expected to compromise the security of the whole system. The arithmetic
complexity of the algorithm can only be low, given it's implementation in
lowest-cost state-machine-only tags. Therefore it is expected that once
somebody has performed the difficult task of re-engineering a reader ASIC, the
system security will be compromised.
Brute-force attacks on tags themselves seem very unlikely, due to the extremely
slow hardware. However, after a successful (legitimate) conversation between
reader and tag has been sniffed, brute forcing can be done on fast computers.