Absence makes the heart grow fonder: new directions for implantable medical device security
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
On the security issues of NFC enabled mobile phones
International Journal of Internet Technology and Secured Transactions
Practical eavesdropping and skimming attacks on high-frequency RFID tokens
Journal of Computer Security - 2010 Workshop on RFID Security (RFIDSec'10 Asia)
All you can eat or breaking a real-world contactless payment system
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
SP 800-116. A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
SP 800-98. Guidelines for Securing Radio Frequency Identification (RFID) Systems
SP 800-98. Guidelines for Securing Radio Frequency Identification (RFID) Systems
Gone in 360 seconds: Hijacking with Hitag2
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Lapin: an efficient authentication protocol based on Ring-LPN
FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
Hi-index | 0.00 |
Radio-Frequency Identifier (RFID) technology, using the ISO-14443 standard, is becoming increasingly popular, with applications like credit-cards, national-ID cards, Epassports, and physical access control. The security of such applications is clearly critical. A key feature of RFID-based systems is their very short range: Typical systems are designed to operate at a range of 5-10cm. Despite this very short nominal range, Kfir and Wool predicted that a rogue device can communicate with an ISO-14443 RFID tag from a distance of 40-50cm, based on modeling and simulations. Moreover, they claimed that such a device can be made portable, with low power requirements, and can be built very cheaply. Such a device can be used as a stand-alone RFID skimmer, to surreptitiously read the contents of simple RFID tags. The same device can be as the "leech" part of a relay-attack system, by which an attacker can make purchases using a victim's RFID-enhanced credit card-despite any cryptographic protocols that may be used. In this study we show that the modeling predictions are quite accurate. We show how to build a portable, extended-range RFID skimmer, using only electronics hobbyist supplies and tools. Our skimmer is able to read ISO-14443 tags from a distance of ≈ 25cm, uses a lightweight 40cm-diameter copper-tube antenna, is powered by a 12V battery-and requires a budget of ≈$100. We believe that, with some more effort, we can reach ranges of ≈35cm, using the same skills, tools, and budget. We conclude that (a) ISO-14443 RFID tags can be skimmed from a distance that does not require the attacker to touch the victim; (b) Simple RFID tags, that respond to any reader, are immediately vulnerable to skimming; and (c) We are about halfway toward a full-blown implementation of a relay-attack.