A Comprehensive Study for RFID

cribabsurdΗλεκτρονική - Συσκευές

27 Νοε 2013 (πριν από 4 χρόνια και 1 μήνα)

89 εμφανίσεις

A Comprehensive Study for RFID
Malwares on Mobile Devices

TBD


Outline


Motivation


State
-
of
-
Art Malwares and Countermeasures for
RFID and Mobile Systems


RFID Security Challenge


Mobile Security Challenge


New Challenge from RFID Malwares on Mobile
Devices


Extended Threat Model


Basic Design of Anti
-
malware Framework for
Mobile Devices in RFID Systems


Conclusion

Motivation


Severe challenge for RFID security on mobile devices,
because


RFID systems are still in its
infant

stage.


Many RFID Systems are
lack of security protection
.


To improve productivity, more
mobile

devices will be used.


Mobile systems are
more vulnerable
than non
-
portable systems.


Limitations for RFID malwares are being
relaxed

as the
development of technology.


Cheaper

RFID

tags with
larger

storage capacity


hold
more

malicious data.


Better

network connection for
mobile

devices


easier

for
malware propagation.

New Opportunities for RFID Malwares

C1
:
The tag data size
limitation (
<1024

bits
) make
RFID malware unrealistic
.

EPC Gen2 Class3 Tags have
at least kilo bytes
storage.

C2
:
RFID Systems
are
closed
-
loop

systems
.

New RFID Standard:

EPCglobal

Architecture
may
require exchanging data
with
EPCglobal

Network
through
the Internet
.

C3
:
More mobile devices will
be used as RFID readers
.

RFID
Malware

Lessons from Practices (1/2)


L1
:

A small number of bits are enough to
construct a RFID malware. RFID malwares can
spread itself by modifying database for tag value
writing.


In
2006
, researchers in
Vrije University
proposed the
first
proof
-
of
-
concept

malware design
and
basic

propagation model
.


Even when the space is very limited, it is still possible
to store
a smaller malware trigger
in a RFID tag which
may awake malwares that already exist in the system.




Lessons from Practices (2/2)


L2
:
Malwares may trigger exception flow to
bypass pure data level protection mechanism.
System level protection is required.


In
2007
, German RFID experts shows

how to crash
RFID Reader for RFID enabled E
-
Passport

by

modifying
JPEG2000

photo image file in E
-
Passport.


exploit
buffer overflow
vulnerability in
off
-
the
-
shelf

libraries when loading the photo image.

Basic Threat Model & Countermeasures

1. Defend Cloning and Counterfeiting

2. Defend Malware

3. Defend Denial
-
of
-
Service

Less attention for
front
-
end devices as
(
mobile
) RFID reader!

Malware State on Mobile Devices


First proof
-
of
-
concept mobile malware was reported in
2004
. But no major outbreak of mobile malwares is
reported until now.


In
F
-
Secure

Cell
-
phone Malwares Report 2007


373

malwares in total (including variants).


Total number of malware reaches
1 million
in
Symantec

Internet Security Threat Report 2007


In CVE (
C
ommon
V
ulnerabilities and
E
xposures)
database (2002
-
2008)


138

vulnerabilities found for software on mobile systems.


iPhone

contributes
1/4

number of vulnerabilities.




Malware Trend on Mobile Devices


Why are mobile malwares so
unpopular
?


Limited
function

of mobile device


All existed mobile malwares requires user interaction.


Poor
network

connection


only allow local propagations in most of time.


Low potential
profit


Most people only use phone or Email functions of mobile devices.


The situation is changing.


New
multi
-
function

platform: iPhone


New
network

techniques: Wi
-
Fi, 3G


More people use it to store
sensitive

or
private

data.


Businessmen and college students.


Major Malware Challenge on
Mobile Devices


Lack of permission control


Most mobile system are single
-
user systems running on
simple hardware without runtime privilege control.


Social engineering are widely used in mobile malwares.


Limited resources


Powered by battery


Less computation and storage capability compared to
general purpose platform.


Resource
-
demanding security protections are prohibited.


Countermeasure status


Still emerging, not mature, useful mostly for
post
-
infection
cleanup
.

No
-
Tech Attacks in Mobile
Malwares

The
distribution
of


Vulnerabilities

[From CVE]

The
distribution

of


Malwares

[From F
-
Secure]

Symbian

OS
,
the
most popular mobile
system with only
3

reported
vulnerabilities,

has
the largest number
of malwares.

New Challenge from RFID Malware on
Mobile Devices


RFID Systems:


High potential
profit
.


Global
connection

in EPCglobal architecture.


Mobile Systems:


More
vulnerable

than non
-
portable counterpart.


Limited resources
prohibit

resource demanding
security protection.



RFID Systems + Mobile Systems:


Attractive

targets for hackers.

Extended Threat Model

RFID Tag can carry:

1.
Malware
trigger

2.
Malware
fragment

3.
Malware
entity

Reader Firmware

may be compromised

Mobile Device /
Middleware on it

may be compromised

Front
-
end Server may
be compromised

Enterprise Database System
may be compromised

EPCglobal

Network
may be compromised

Bad News
:
Every

node
can be compromised.

Good News
: They are
connected in a
chain
.

Public Domain

Company Domain

EPC Core Domain

Basic Design of Anti
-
malware Framework
for Mobile Devices in RFID Systems

To secure the frontier of RFID security chain,

we arm the mobile device with
I
ntrusion
P
revention
S
ystem and
I
ntrusion
D
etection
S
ystem.

IPS

IDS

Dangerous
Data Source

Filter out
anything can
be filtered.

Detect
anything can
be detected.

Firewall + Check Data Format and Content.

Defend
DoS
, SQL/Script Injection, Shell Code in text input.

Another alternative: Distort Binary Data?

Validate Program Behavior on Given Data Input.

Defend Buffer Overflow, Unexpected Behavior.

IDS

is well known
inefficient

and
resource
demanding
.

Is it
feasible

to use it on
mobile device?

Potential Techniques (1/2)


1. Good Signature Checking


Why is IDS known inefficient and resource
-
demanding?


Check the related signatures
one by one
.


Complex

program behaviors are inevitable in general
purpose systems.


Many

signatures to check, no matter whether good or
malicious signatures are used.


However, the functions of RFID systems are much
SIMPLE
than general purpose systems.


Check good signatures should be
affordable
.


To provide a more flexible system,
combine

good signatures
with malicious signatures if necessary.




Some Problem?


How to automatically generate efficient good
signatures?


How to secure the good signature database and the IDS
monitor on mobile device?





Potential Techniques (2/2)


2. Cooperative mode


Connection with EPCglobal network is compulsory
for new RFID Standard.


Network connection is
guaranteed
.


To achieve longer battery time and enable
sophisticated IDS protection,
SHIFT part or all of
intrusion detection workload to cooperative
servers
.



Some Problems?


What kinds of workload should be shifted to
cooperative servers?


What to do when the connection to cooperative servers
is lost?


How to efficiently balance the workload between
mobile client and cooperative servers?





Conclusion


We survey state
-
of
-
art malware and
countermeasures for RFID and mobile
systems, and…


Propose an extended threat model to capture the
malware threats to RFID systems with mobile
devices


Discuss some potential techniques to defend
against such malware threats.




Q & A

TBD