Remote Power Analysis of RFID Tags

cribabsurdΗλεκτρονική - Συσκευές

27 Νοε 2013 (πριν από 3 χρόνια και 8 μήνες)

79 εμφανίσεις

1

Remote Power Analysis of RFID Tags

Joint work with Adi Shamir


yossi.oren[at]weizmann.ac.il

28/Aug/06

2

Abstract


The RF power
reflected
by an RFID tag is
dependent on its
internal power
consumption


This property allows
power analysis
attacks
to be performed
over a distance


In the short term, it can be used to
extract
the kill password
of EPC tags

3

Talk Structure


Introduction to passive RFID


Introduction to power analysis


Our attack


Countermeasures

4

A Taxonomy of RFID Tags


An RFID tag is a
very simple computer
, usually
associated with a
physical object


Tags communicate with a powerful
reader

over
a
wireless link


Tags can be
active
or
passive


… can be
inductively

or
radiatively
coupled,
and work in a variety of
operating frequencies


Have various levels of
computing power


EPC tags:
passive tags, radiatively


coupled, 900MHz, read/write memory

5

Components of the EPC RFID System

Tag


The
reader

has a powerful antenna and an
external
power supply


The reader surrounds itself with an
electromagnetic field


The
tag
is
illuminated

by this field

Reader

6

Reader

Tag Data Exchange

Tag


The reader sends commands to the tag via
pulse amplitude modulation


The tag sends responses to the reader via
backscatter modulation

Reader

7

Reader

Tag Data Exchange

Tag


The reader sends commands to the tag via
pulse amplitude modulation


The tag sends responses to the reader via
backscatter modulation

Reader

8

Do Tags Have Secrets?


Most of the payload of today’s RFID tags
is
public



that’s what they’re for


However, tags still have secrets!


Today


EPC tags have secret
access
and
kill passwords


Tomorrow


cryptographic keys
?


9

An Introduction to power analysis

Toggle Flip
-
flop

VCC

A

OUT

Oscilloscope


Key observation


modern ICs consume
more
power

when they
switch
between states


Used by [Kocher et al. ‘
99
], others to attack
cryptographic smart cards

5
V

10

Cracking passwords with power
analysis


We send the password to a

secure device
bit by bit


The
first wrong bit

is very
“exciting”


Allows password to be recoverable
in
linear time


Was used in practice to crack
PIN
codes

on smart cards

11

Previous work


EM attacks ([van Eck ‘
85
], [Mangard ‘
03
])


Attacks on RFID


Zapping [“Minime” et al. ‘
05
]


Jamming [Juels et al. ‘
03
], [Bolan ‘
06
]


Skimming [
Kirschenbaum et al. ‘
06
]

12

Our attack

13

A Closer Look at Backscatter
Modulation

Tag

Reader


The
current

flowing through the tag antenna
results in an
electromagnetic field


Busy tag

=
More current
=
stronger field


We call this effect
parasitic backscatter

14

Lab setup


physical


15

Lab setup


logical


16

Overview of results


Existence of parasitic backscatter


Effect of power consumption on
backscatter


Full power analysis attack from
backscatter

17

Existence of parasitic backscatter (
1
)


Trace shows the signal reflected from a
Generation
1
tag during a
kill command


Tag is supposed to be
completely silent


Is it? Let’s zoom in…

Power


Time

18

Existence of parasitic backscatter (
2
)


The distinctive saw
-
tooth pattern is added by the
tag to the clean reader signal


Probably caused by tag’s power extraction circuit


We can show that “thirsty” tags reflect more power


Reflection from tag

Original signal from reader

Power


Time

19

Full power analysis attack from
parasitic backscatter


Recap: The first bad password bit is “very
exciting”


Experiment was done with
one tag
at a
fixed location


Tag was programmed with
kill password

1111 1111
”, then “
0000 0001



In both cases we tried to kill it with the
wrong password

0000 0000


20

Extracting one password bit


Here, the tag is expecting “
1111 1111


Here, it is expecting “
0000 0001


In both cases, tag gets “
0000 0000


Power


Time

21

Power analysis countermeasures

Oscilloscope


Two main approaches:



Mitigation
: Lower the
signal
-
to
-
noise ratio
of the power trace




Prevention
:
Completely
decorrelate
power consumption
from internal state

22

Mitigation countermeasures


Common approach: add noise to power
consumption


Problematic to add to tag


Problematic to add to reader

23

Prevention countermeasures


Common approach: consume the same
amount of power every clock cycle


Problem: Power consumption is always
worst case


Increases tag cost, reduces

its usable range

24

Double
-
buffering power supply

Tag

Logic

Tag

Logic

Power

Extraction


Decouple power supply from consumers


Compatible with current RF front ends


Requires no modifications to tag’s control circuit

Power

Extraction

25

Closing Remarks


Power analysis attacks come from the
world of smart cards


The rules of the market

for RFID tags are
not the same
as the one for smart cards


Power analysis threat should be
understood and publicized
, or nobody
will do anything about it

26


The authors wish to thank Mickey Cohen, Ari Juels, Simon Krausz, Oded Smikt, Eran Tromer, Amir Yakoby, Oren Zarchin and the m
any

other people who shared their knowledge, time and equipment and helped this research take shape.

27

It’s all scratch slides from here on


You really want to exit the slide show…

28


TU Graz site, August
2005
:

Almost previous work?

29

Double
-
buffering power supply


Decouple power supply from consumers


Compatible with current RF front ends


Requires no modifications to tag’s control circuit

Power

Extraction

Tag

Logic

Tag

Logic

Power

Extraction

30

Double
-
buffering power supply


Decouples power supply from consumers


Compatible with current RF front ends


Requires no modifications to tag’s control circuit

Tag

Logic

Power

Extraction

31

Double
-
buffering power supply


Decouple power supply from consumers


Compatible with current RF front ends


Requires no modifications to tag’s control circuit

Power

Extraction

Tag

Logic

32

Double
-
buffering power supply


Decouple power supply from consumers


Compatible with current RF front ends


Requires no modifications to tag’s control circuit

Power

Extraction

Tag

Logic

33

Scratch

Tag

Reader

34

Scratch
2

Tag

Reader

35

Scratch
3

Tag


The
reader

has a powerful antenna and a
power supply


The reader surrounds itself with an
electromagnetic field


The
tag
is illuminated by the field, providing
it with power

Reader

36

Scratch
4