Sneaking RFIDs

Download Report

Transcript Sneaking RFIDs

Sneaking RFID
Anuradha Jambunathan – 276786
Computer Security Seminar
BIT WS 06/07
7/17/2015
Sneaking RFID-Anuradha J
1
Agenda







What is RFID?
RFID vs Barcode
RFID System Architecture
Uses of RFID Systems
RFID Threats & Attacks
Protection Against Attacks
Conclusion
7/17/2015
Sneaking RFID-Anuradha J
2
What is RFID ?




Acronym for Radio Frequency Identification.
Automatic Identification Procedure
RFID uses radio waves to automatically identify
people or other objects.
Useful for tracking the associated object.
7/17/2015
Sneaking RFID-Anuradha J
3
RFID Vs BARCODE

Technology Used
 RFID - Radio Technology
 BARCODE - Optical Technology

Line of Sight Reading
 RFID - Doesn’t Require Line of Sight – Pass through
Barriers
 BARCODE – Requires Line of Sight reading

Efficiency
 RFID - Multiple tags read simultaneously
 BARCODE - One at a Time
7/17/2015
Sneaking RFID-Anuradha J
4
RFID Vs BARCODE

Storage
 RFID
 Large
amount of Storage
 Ability to Read and Write
 BARCODE
 Only

be Read
Cost
 RFID
7/17/2015
is expensive compared to BARCODE
Sneaking RFID-Anuradha J
5
RFID System Architecture
7/17/2015
Sneaking RFID-Anuradha J
6
RFID Components
RFID Tag or Transponder
 Actual
data carrying device of an RFID system.
 Combination of Transmitter and Responder
Types of RFID Tags
 Passive
Tag
 Active Tag
7/17/2015
Sneaking RFID-Anuradha J
7
RFID Components

Passive RFID Tag
Do not have Internal Battery Power
Short Range Communications
Read Only Tags

Active RFID Tag
Have Own Internal Battery
Long Range Communications
Read/Write Tags
7/17/2015
Sneaking RFID-Anuradha J
8
RFID Components
RFID Reader
Antenna, Transceiver and Decoder
 Sends Signals to Query Tag data
 Read or Read/Write the tags

RFID Middleware
Data processing
 Connects to Backend Database

7/17/2015
Sneaking RFID-Anuradha J
9
Common Uses of RFID Systems
Hospitals
Track Patient Location
Track Expensive & Critical equipments
Pet identification
Animal Identification Purpose
Control Rabies – Portugal Gov
Retail stores
Monitor & Control Inventory
Supply Chain Management
7/17/2015
Sneaking RFID-Anuradha J
10
Common Uses of RFID Systems
Traffic Monitoring
Roadside RFID readers to collect signals
Passports
The first RFID passports were issued by Malaysia
in 1998
Records the travel history of entries and exists
Human implants
7/17/2015
Sneaking RFID-Anuradha J
11
RFID Threats
Sniffing
-- Skimming of digital passports
Spoofing
-- SQL injection, Buffer Overflow attacks
Denial of Service
-- e.g.. Hospital applications
7/17/2015
Sneaking RFID-Anuradha J
12
RFID Threats
Replay Attacks
-- Man in the Middle Attack
-- e.g. Passport Readers
Unwanted Tracking
-- Tracking without the Knowledge
7/17/2015
Sneaking RFID-Anuradha J
13
Real World Scenarios

In Retail Stores
 Attacker purchase product that has RFID tag
attached
 Writes a virus in Blank RFID Tag
 Attaches the Virus Tag to the product
 Whole Product database system is infected
7/17/2015
Sneaking RFID-Anuradha J
14
Real World Scenarios

In Pet
 Pet with RFID Tag attached
 Writes a virus in Pet RFID Tag
 Asks for Pet Scan
 Database system is infected
 Newly-tagged animals also infected
7/17/2015
Sneaking RFID-Anuradha J
15
Real World Scenarios

In Airport Baggage system
 Baggage handling Systems with RFID tags
 Easier to read at greater distances
 Virus Tag attached to baggage
 Whole Database system is infected
 E.g. Smugglers or terrorists to hide their
baggage
7/17/2015
Sneaking RFID-Anuradha J
16
RFID Passports

Advantages
 Avoid
human errors by immigration officials
 Efficiency of processing passenger data
 Safeguard against counterfeit passports

Problems
Skimming
 Eavesdropping

7/17/2015
Sneaking RFID-Anuradha J
17
Problems with RFID Systems

Lots of Source Code
RFID tags – Power constraint
 RFID middleware – Millions of Code
 Software Bugs


Generic Protocols and Facilities
RFID middleware on existing internet architecture
 Internet attacks

7/17/2015
Sneaking RFID-Anuradha J
18
Problems with RFID Systems

Back-End Databases
Data Collection Centre – Core Part
 Critical part of the RFID system
 Databases have their own unique attacks


High-Value Data
Extremely confidential Data
 Eg. Data on e-passports
 Harms tagged real-world objects


False Sense of Security
7/17/2015
Sneaking RFID-Anuradha J
19
RFID-Based Exploits


RFID tags directly exploits back-end RFID
Middleware
Manipulation of less than 1K bits of on-tag
RFID data can exploit security holes in RFID
middleware
RFID Middleware attacks requires more
cleverness than resources 
7/17/2015
Sneaking RFID-Anuradha J
20
RFID Attacks
The Main types of RFID Exploits :
SQL Injection Attack
Buffer Overflow Attack
Code Insertion Attack
7/17/2015
Sneaking RFID-Anuradha J
21
SQL Injection Attack
“A SQL Injection attack is a form of
attack that comes from user input
that has not been checked to see that it is valid. The objective is to fool the
database system into running malicious code that will reveal sensitive
information”

RFID tag written with a virus, can attack the
backend database used by the RFID middleware
It may be possible to trigger the database into
executing SQL code that is stored on the tag.
This process is referred to as SQL injection
7/17/2015
Sneaking RFID-Anuradha J
22
SQL Injection Attack


Once a virus, worm, or other malware has
entered the database, subsequent tags written
from the database may be infected and the
problem may spread.
Example: Airport Baggage System Attack
Which uses the RFID tag attached to the
baggage
7/17/2015
Sneaking RFID-Anuradha J
23
SQL Injection Attack

Suppose the airport middleware has a template
for queries
"Look up the next flight to <x>"
where <x> is the airport code written on the tag
when the bag was checked in.
 The middleware then builds a query from the
fetched data.
 Suppose the bag has a bogus tag with data
"LHR; shutdown“
7/17/2015
Sneaking RFID-Anuradha J
24
SQL Injection Attack

Incorrectly filtered escape characters
“This form of SQL injection attack takes place when the user input data is
not properly filtered for escape characters and is directly passed on into the
SQL query”
Example:
Stmt: = “SELECT * FROM users WHERE name = “’+ username + ’”;”
The Above SQL Stmt can cause problems in
Authentication systems
7/17/2015
Sneaking RFID-Anuradha J
25
Buffer Overflow Attack
“A buffer overflow is an anomalous condition where a process attempts to
store data beyond the boundaries of a fixed length buffer.”

Results Writing extra information or executable
code on adjacent memory locations.

The overwritten data may include other buffers,
variables and program flow data.
7/17/2015
Sneaking RFID-Anuradha J
26
Buffer Overflow - Causes
Improper use of languages such as C or C++
that are considered to be non memory-safe.
 Functions without bounds checking like strcpy,
strlen, gets etc
 Functions with null termination problems like
strncpy, strncat etc
 User- created functions with pointer bugs

7/17/2015
Sneaking RFID-Anuradha J
27
Buffer Overflow Attack - Example

Attacker entering intentionally longer data than
actually allocated in the Buffer
Example in RFID system
Suppose an application uses 128-byte tags
Attacker tries to use a 512-byte fake tag or an
even larger one  Buffer Overflow Attack
7/17/2015
Sneaking RFID-Anuradha J
28
Exploitations of Buffer Overflow
Classified as :
Stack
- Based exploitation
Heap - Based exploitation
7/17/2015
Sneaking RFID-Anuradha J
29
Exploitations of Buffer Overflow
Stack - Based exploitation

Manipulate the program by overwriting a local
variable or Return address on the stack
Heap - Based exploitation
Generally do not contain return addresses such as
the stack
 Overwrite internal structures such as linked list and
pointers

7/17/2015
Sneaking RFID-Anuradha J
30
Code Insertion Attack
Malicious code injected into an application by an
attacker, using any of scripting languages like
VBScript, JavaScript, Perl etc
Special Characters in Input data like
<>.'%;)(&+Inserting malicious URLs
7/17/2015
Sneaking RFID-Anuradha J
31
Protect against RFID Attacks
Code review
 Rigorous Code Review of Middleware Code
Bounds checking
 Proper bounds checking either by programmer
or compiler
 Right choice of programming language
 This Prevents against buffer Overflow attacks
7/17/2015
Sneaking RFID-Anuradha J
32
Protect against RFID Attacks
Parameter binding



Use Stored procedures
Bound parameters using the PREPARE statement are not treated as a value
Prevents against SQL Injection Attack
Sanitize the input

Use built-in data sanitizing available functions
Limit Database Permissions



Offer limited rights
Tables should be made read-only or inaccessible
The execution of multiple SQL statements in a single query.
7/17/2015
Sneaking RFID-Anuradha J
33
Conclusion
We have Discussed
 RFID in General
 RFID Attacks
 Prevention solutions
“Talking barcodes that change our lives”
BBC NEWS
7/17/2015
Sneaking RFID-Anuradha J
34
Danke Schön
7/17/2015
Sneaking RFID-Anuradha J
35