Remote Password Extraction from RFID Tags

Yossef Oren; Adi Shamir

doi:10.1109/TC.2007.1050

Publication
2007
Issue No. 9 - September
Abstract - Remote Password Extraction from RFID Tags

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Yossef Oren Articles by Adi Shamir

Remote Password Extraction from RFID Tags

September 2007 (vol. 56 no. 9)

pp. 1292-1296

	ASCII Text	x
	Yossef Oren, Adi Shamir, "Remote Password Extraction from RFID Tags," IEEE Transactions on Computers, vol. 56, no. 9, pp. 1292-1296, September, 2007.

	BibTex	x
	@article{ 10.1109/TC.2007.1050, author = {Yossef Oren and Adi Shamir}, title = {Remote Password Extraction from RFID Tags}, journal ={IEEE Transactions on Computers}, volume = {56}, number = {9}, issn = {0018-9340}, year = {2007}, pages = {1292-1296}, doi = {http://doi.ieeecomputersociety.org/10.1109/TC.2007.1050}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - JOUR JO - IEEE Transactions on Computers TI - Remote Password Extraction from RFID Tags IS - 9 SN - 0018-9340 SP1292 EP1296 EPD - 1292-1296 A1 - Yossef Oren, A1 - Adi Shamir, PY - 2007 KW - RFID KW - cryptanalysis KW - power analysis KW - sidechannel attacks VL - 56 JA - IEEE Transactions on Computers ER -

Yossef Oren

Adi Shamir

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TC.2007.1050

Side-channel attacks are used by cryptanalysts to compromise the implementation of secure systems. One very powerful class of side-channel attacks is power analysis, which tries to extract cryptographic keys and passwords by examining the power consumption of a device. We examine the applicability of this threat to electromagnetically coupled RFID tags. Compared to standard power analysis attacks, our attack is unique in that it requires no physical contact with the device under attack. Power analysis can be carried out even if both the tag and the attacker are passive and transmit no data, making the attack very hard to detect.As a proof of concept, we describe a password extraction attack on Class 1 Generation 1 EPC tags. We also show how the privacy of Class 1 Generation 2 tags can be compromised by this attack. Finally, we examine possible modifications to the tag and its RF front-end which help protect against power analysis attacks.

[1] Auto-ID Center, “860MHz-930MHz Class I Radio Frequency Identification Tag Radio Frequency & Logical Communication Interface Specification Candidate Recommendation,” version 1.0.1, Nov. 2002.
[2] J.R. Rao, D. Agrawal, B. Archambeault, and P. Rohatgi, “The EM Side-Channel(s),” Proc. Fourth Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '02), J. Hartmanis, G. Goos, and J. van Leeuwen, eds., pp. 29-45, Aug. 2002.
[3] D. Dobkin, “The RF in RFID,” http://www.enigmatic-consultng.com/Communications_articles/ RFIDRF_in_RFID_index.html , Oct. 2005.
[4] K. Finkenzeller, RFID Handbook: Fundamentals and Applications in Contactless Smart Cards and Identification. John Wiley & Sons, 2003.
[5] EPCglobal Inc., “EPC Radio-Frequency Identity Protocols Class-1 Generation-2 UHF RFID Protocol for Communications at 860 MHz-960 MHz,” version 1.0.9, Sept. 2005.
[6] G. Karjoth and P. Moskowitz, “Disabling RFID Tags with Visible Confirmation: Clipped Tags Are Silenced,” Proc. Workshop Privacy in the Electronic Society (WPES), Nov. 2005.
[7] P. Kocher, J. Jaffe, and B. Jun, “Differential Power Analysis,” Lecture Notes in Computer Science, vol. 1666, pp. 388-397, 1999.
[8] P. Kocher, J. Jaffe, and B. Jun, “US Patent 6,327,661: Using Unpredictable Information to Minimize Leakage from Smartcards and Other Cryptosystems,” 2001.
[9] P. Kocher, J. Jaffe, and B. Jun, “US Patent 6,510,518: Balanced Cryptographic Computational Method and Apparatus for Leak Minimizational in Smartcards and Other Cryptosystems,” 2003.
[10] M. Akmal, K. Tiri, and I. Verbauwhede, “A Dynamic and Differential CMOS Logic with Signal Independent Power Consumption to Withstand Differential Power Analysis on Smart Cards,” Proc. Eighth European Solid-State Circuits Conf. (ESSCIRC '02), pp. 403-406, Sept. 2002.
[11] B.W. Lampson, “Hints for Computer System Design,” Operating Systems Rev., vol. 15, no. 5, pp. 33-48, Oct. 1983.
[12] S. Mangard, “Exploiting Radiated Emissions—EM Attacks on Cryptographic ICs,” Proc. Austrochip '03, 2003.
[13] S. Dominikus, M. Feldhofer, and J. Wolkerstorfer, “Strong Authentication for RFID Systems Using the AES Algorithm,” Proc. Sixth Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '04), J.-J. Quisquater and M. Joye, eds., pp. 357-370, July 2004.
[14] T.S. Messerges, E.A. Dabbish, and R.H. Sloan, “Examining Smart-Card Security under the Threat of Power Analysis Attacks,” IEEE Trans. Computers, vol. 51, no. 5, pp. 541-552, May 2002.
[15] S.E. Sarma, S.A. Weis, and D.W. Engels, “Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems,” Proc. First Int'l Conf. Security in Pervasive Computing, 2003.
[16] A. Shamir, “US Patent 6,507,913: Protecting Smart Cards from Power Analysis with Detachable Power Supplies,” 2003.
[17] D. Sokolov, J. Murphy, A. Bystrov, and A. Yakovlev, “Design and Analysis of Dual-Rail Circuits for Security Applications,” IEEE Trans. Computers, vol. 54, no. 4, pp. 449-460, Apr. 2005.

Index Terms:

RFID, cryptanalysis, power analysis, sidechannel attacks

Citation:

Yossef Oren, Adi Shamir, "Remote Password Extraction from RFID Tags," IEEE Transactions on Computers, vol. 56, no. 9, pp. 1292-1296, Sept. 2007, doi:10.1109/TC.2007.1050

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.