Transcript A Comprehensive Study for RFID malware on Mobile Devices

A Comprehensive Study for RFID
Malwares on Mobile Devices
TBD
Outline
• Motivation
• State-of-Art Malwares and Countermeasures for
RFID and Mobile Systems
– RFID Security Challenge
– Mobile Security Challenge
– New Challenge from RFID Malwares on Mobile
Devices
• Extended Threat Model
• Basic Design of Anti-malware Framework for
Mobile Devices in RFID Systems
• Conclusion
Motivation
• Severe challenge for RFID security on mobile devices,
because
– RFID systems are still in its infant stage.
• Many RFID Systems are lack of security protection.
– To improve productivity, more mobile devices will be used.
• Mobile systems are more vulnerable than non-portable systems.
• Limitations for RFID malwares are being relaxed as the
development of technology.
– Cheaper RFID tags with larger storage capacity – hold
more malicious data.
– Better network connection for mobile devices – easier for
malware propagation.
New Opportunities for RFID Malwares
C1: The tag data size
limitation (<1024 bits) make
RFID malware unrealistic.
EPC Gen2 Class3 Tags have
at least kilo bytes storage.
C3: More mobile devices will
be used as RFID readers.
C2: RFID Systems
are closed-loop
systems.
RFID
Malware
New RFID Standard:
EPCglobal Architecture may
require exchanging data
with EPCglobal Network
through the Internet.
Lessons from Practices (1/2)
• L1: A small number of bits are enough to
construct a RFID malware. RFID malwares can
spread itself by modifying database for tag value
writing.
– In 2006, researchers in Vrije University proposed the
first proof-of-concept malware design and basic
propagation model.
– Even when the space is very limited, it is still possible
to store a smaller malware trigger in a RFID tag which
may awake malwares that already exist in the system.
Lessons from Practices (2/2)
• L2: Malwares may trigger exception flow to
bypass pure data level protection mechanism.
System level protection is required.
– In 2007, German RFID experts shows how to crash
RFID Reader for RFID enabled E-Passport by
modifying JPEG2000 photo image file in EPassport.
– exploit buffer overflow vulnerability in off-theshelf libraries when loading the photo image.
Basic Threat Model & Countermeasures
1. Defend Cloning and Counterfeiting
Less attention for
front-end devices as
(mobile) RFID reader!
2. Defend Malware
3. Defend Denial-of-Service
Malware State on Mobile Devices
• First proof-of-concept mobile malware was reported in
2004. But no major outbreak of mobile malwares is
reported until now.
• In F-Secure Cell-phone Malwares Report 2007
– 373 malwares in total (including variants).
– Total number of malware reaches 1 million in Symantec
Internet Security Threat Report 2007
• In CVE (Common Vulnerabilities and Exposures)
database (2002-2008)
– 138 vulnerabilities found for software on mobile systems.
– iPhone contributes 1/4 number of vulnerabilities.
Malware Trend on Mobile Devices
• Why are mobile malwares so unpopular?
– Limited function of mobile device
• All existed mobile malwares requires user interaction.
– Poor network connection
• only allow local propagations in most of time.
– Low potential profit
• Most people only use phone or Email functions of mobile devices.
• The situation is changing.
– New multi-function platform: iPhone
– New network techniques: Wi-Fi, 3G
– More people use it to store sensitive or private data.
• Businessmen and college students.
Major Malware Challenge on
Mobile Devices
• Lack of permission control
– Most mobile system are single-user systems running on
simple hardware without runtime privilege control.
– Social engineering are widely used in mobile malwares.
• Limited resources
– Powered by battery
– Less computation and storage capability compared to
general purpose platform.
– Resource-demanding security protections are prohibited.
• Countermeasure status
– Still emerging, not mature, useful mostly for post-infection
cleanup.
[From CVE]
Symbian OS, the
[From F-Secure]
The distribution of
Malwares
The distribution of
Vulnerabilities
No-Tech Attacks in Mobile
Malwares
most popular mobile
system with only 3
reported
vulnerabilities, has
the largest number
of malwares.
New Challenge from RFID Malware on
Mobile Devices
• RFID Systems:
– High potential profit.
– Global connection in EPCglobal architecture.
• Mobile Systems:
– More vulnerable than non-portable counterpart.
– Limited resources prohibit resource demanding
security protection.
• RFID Systems + Mobile Systems:
– Attractive targets for hackers.
Extended Threat Model
Reader Firmware
may be compromised
Front-end Server may
be compromised
EPCglobal Network
may be compromised
RFID Tag can carry:
1. Malware trigger
2. Malware fragment
3. Malware entity
Bad News: Every node
can be compromised.
Good News: They are
connected in a chain.
Mobile Device /
Middleware on it
may be compromised
Enterprise Database System
may be compromised
Public Domain
Company Domain
EPC Core Domain
Basic Design of Anti-malware Framework
for Mobile Devices in RFID Systems
To secure the frontier of RFID security chain,
we arm the mobile device with Intrusion Prevention System and Intrusion Detection System.
Filter out
anything can
be filtered.
Firewall + Check Data Format and Content.
Defend DoS, SQL/Script Injection, Shell Code in text input.
Another alternative: Distort Binary Data?
IPS
Dangerous
Data Source
IDS
IDS is well known
inefficient and resource
demanding.
Is it feasible to use it on
mobile device?
Validate Program Behavior on Given Data Input.
Defend Buffer Overflow, Unexpected Behavior.
Detect
anything can
be detected.
Potential Techniques (1/2)
• 1. Good Signature Checking
– Why is IDS known inefficient and resourcedemanding?
• Check the related signatures one by one.
• Complex program behaviors are inevitable in general
purpose systems.
• Many signatures to check, no matter whether good or
malicious signatures are used.
– However, the functions of RFID systems are much
SIMPLE than general purpose systems.
• Check good signatures should be affordable.
• To provide a more flexible system, combine good signatures
with malicious signatures if necessary.
– Some Problem?
• How to automatically generate efficient good
signatures?
• How to secure the good signature database and the IDS
monitor on mobile device?
•…
Potential Techniques (2/2)
• 2. Cooperative mode
– Connection with EPCglobal network is compulsory
for new RFID Standard.
• Network connection is guaranteed.
– To achieve longer battery time and enable
sophisticated IDS protection, SHIFT part or all of
intrusion detection workload to cooperative
servers.
– Some Problems?
• What kinds of workload should be shifted to
cooperative servers?
• What to do when the connection to cooperative servers
is lost?
• How to efficiently balance the workload between
mobile client and cooperative servers?
•…
Conclusion
• We survey state-of-art malware and
countermeasures for RFID and mobile
systems, and…
– Propose an extended threat model to capture the
malware threats to RFID systems with mobile
devices
– Discuss some potential techniques to defend
against such malware threats.
Q&A
TBD