英文翻译原文remoterelayattackonrfidaccesscontrolsystemsusingnfcenableddevices

《英文翻译原文remoterelayattackonrfidaccesscontrolsystemsusingnfcenableddevices》由会员分享，可在线阅读，更多相关《英文翻译原文remoterelayattackonrfidaccesscontrolsystemsusingnfcenableddevices（16页珍藏版）》请在装配图网上搜索。

1、附录：外文翻译Remote relay attack on RFID access control systems using NFC enabled devicesWouter van Dullink Pieter WesteinUniversity of AmsterdamFebruary 12, 2013AbstractRFID and NFC are frequently used technologies in access control systems. Despite the use of cryptology used in access control systems, t

2、hey are often still vulnerable for relay attacks. These attacks circumvent the security layer and cannot be prevented by cryptographic countermeasures. When preform a relay attack remotely, timing issues can occur due to the introduction of delay. In this paper, we present a practical relay attack o

3、n systems using the ISO/IEC 14443 standard. Here, two NFC enabled devices are used that can forward RFID communication over a network channel. This papers shows that a relay attack is possible, and we discuss a value that can be exploited to increase the chance for a successful attack. Also recommen

4、dations are given how manufacturers and users of the standard can protect them self against relay attacks.AcknowledgmentsWe would like to thank our supervisors, Bart Roos and Jop van der Lelie, for their support and feedback during this research. We are also grateful to the access control company th

5、at provided us equipment for our test environment and the companies that invited us to test their RFID system. Last, we want to thank all of the peer reviewers who gave their feedback on draft versions of this report.1 IntroductionTo keep unauthorized personnel out of their building, companies have

6、implemented access control systems. They usually give their employees an access badge with a Radio Frequency IDentification (RFID) chip in it. This technique uses electromagnetic fields to exchange data from a tag (like a smartcard) to an object (a reader) for the purpose of authentication, identifi

7、cation or tracking. RFID is a general name but has a lot of variants. There are differences in frequency, range, power12, proprietary variants and how the chip is implemented。These differences have in common the fact, that they all use a wireless noncontact system in combination with radio frequency

8、. This study will focus on the ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission) 14443 standard. A part of the ISO 14443 standard will be examined within this research, to theoretically perform a relay attack at a greater distance. This means to

9、 extend the passive read distance. With a relay attack, the adversary does not tamper with the data being sent over, but instead performs a Man-in-the-Middle attack between the smartcard and the reader. Chapter 2 describes an introduction into RFID versus NFC, the standard ISO/IEC 14443 and the card

10、s used for access control. Chapter 2.5 will explain the structure of relay attacks and will explain any timing issues that occur. Chapter 3 will explain the experiments that are conducted during this research. A scenario will be described that theoretically can be used to perform a remote relay atta

11、ck. In chapter 4, the results will be shown. Here it will be clear whether the scenario was possible and what results were found in regard to remote relay attacks.1.1 MotivationRFID and NFC are widely used and will become even more popular in the next few years, because NFC is becoming a standard in

12、 mobile phones. This research originates from the National Cyber Security Centre (NCSC). The reason behind this project is shared with the NCSC, and can be seen in their mission statement: To help increase the resilience of Dutch society in the digital domain and, by doing so, help to create a safe,

13、 open and stable information society.1.2 Research QuestionsThe focus of this research project is to minimize timing issues that occur during relay attacks, and to translate this into a practical relay-attack scenario. This attack will be demonstrated with two Near Field Communication (NFC) enabled d

14、evices, between the RFID reader and the smartcard. The following research question is stated:How can you perform a practical relay-attack, using a network channel, between two NFC enabled devices?In this paper, the landscape of a relay attack will be investigated. There are various requirements befo

15、re a relay attack is actually possible. To answer the research question, we defined the following subquestions:1. How NFC devices communicate with each other?2. What measurements are taken to provide security for RFID cards?3. Are there timing issues when performing a relay-attack over a large dista

16、nce?4. Which fields in a frame can be used to minimize timing issues, in such a way, that a relay-attack is still possible?1.3 Related workThis study expands on the paper written by Gerhard Hancke. In this paper an attack is illustrated, which effectively allows an attacker to borrow the victims car

17、d for a short period without requiring physical access to the victims card. In this paper the terms, proxy and mole are introduced. This paper also uses this terms. The term proxy indicate that this NFC device is used to communicate with a reader. Where the term mole is used to declare, the NFC devi

18、ce that communicates with a card. A second study illustrates a peer-to-peer attack, with the help of mobile phones.A technique to prevent relay attacks is a distance bounding protocol. They calculate the delay between sending out challenge bits and the corresponding response bits. Because electromag

19、netic waves travel close to the speed of light, the distance can be calculated. Other research, that are related to relay attack, try to detect relay attacksor propose new distance bounding protocols, where the SwissKnife solution claims to solve every security problem.Issovits et al. proved that th

20、e ISO 14443 standard can be exploited, to obtain more time. In this paper they explain how to exploit the Waiting Time eXtension (WTXM) field. They developed an attack to monitor the time during the challenge response pairs, and send out WTX packets when they need more time.The practical side of thi

21、s research will be based on the work that has been done by the LibNFC community. They have written a program that performs the relay attack at USB level. They also describe how to utilize this with two laptops, connected through a network channel.2 BackgroundAs stated in the previous chapter, there

22、are a lot of variants of RFID. The International Standard Organization (ISO) published a standard, to which these systems need to be compliant. After RFID is briey explained, the ISO 14443 standard will be examined. Next, relay attacks are described, together with the timing issues that occur. Last,

23、 the timing values used within the standard are presented.2.1 Radio frequency techniquesRFID is a contactless communication technique that is widely used for different purposes. The basic concept of a RFID implementation is the following:There is a reader, referred to as a Proximity Coupling Device

24、(PCD), and a contactless card, reffered to as a Proximity Integrated Circuit Card (PICC). The reader has an electromagnetic field that scans for cards that operate on the same frequency. Once a card is inside the electromagnetic field it can communicate with the reader. In the case of an access cont

25、rol system, the purpose is to grant access to a resource.NFC is a short-range radio frequency technology that is based on RFID. NFC allows for two-way communication between endpoints, where users are able to read (and write) small amounts of data from tags and to communicate with other devices. The

26、usage is the same as RFID, but the difference is that the passive reading range is limited to a maximum of 10 CM, where RFID can also use other frequencies, stated in table 1.2.2 The ISO/IEC 14443 standardThe standard is split into four parts. The first part describes the physical characteristics of

27、 the cards. The second part describes the characteristics of the fields to be provided for power and bidirectional communication between the reader and the card. The third part describes the polling for cards entering the field of the reader, the byte format and framing, the content of the initial c

28、ommands, methods to detect and communicate with multiple cards and other parameters required to initialize communication14. The fourth part describes a half-duplex block transmission protocol and defines the activation and deactivation sequence of the protocol15. The third and fourth part of the sta

29、ndard are applicable to this research. In the following two paragraphs, they will be further examined.ISO 14443-3Part three of the standard species the basic communication of an RFID, between a reader and a card. This is shown more clearly in appendix 8.1. The reader will constantly send out Request

30、 Commands (REQ) to scan for cards. A reader accepts both type A and B cards, so the corresponding REQ will be either REQA or REQB. This is known as polling. When a card is exposed to an electromagnetic field, it will receive either a REQA or REQB. The card answers this REQ with an Answer to Request(

31、ATQ), appropriate to the card type. If there is a situation with multiple cards, collisions will occur during the multiple ATQs. The standard species a routine that will be followed, but this is not used within this research. The coding of the ATQ is shown in figure 1.Figure 1: Coding of the ATQThe

32、Unique Identification Number size (UID size) is mostly set to 00, which indicates a single UID. It can be either 01 or 11, representing double or triple UIDs respectively. The anti-collision is, as described above, used when multiple cards are presented within the electromagnetic field of the reader

33、. In this research, this part is not examined. After receiving the corresponding ATQ, the reader will send another frame, containing a Select (SEL) and a Number of Valid Bits (NVB) field. The NVB field will have an initial value of 20, saying all the cards inside the electromagnetic field have to se

34、nd their Unique Identifier (UID). With no collisions, there will be only one UID received by the reader. Then the reader will send out another SEL and NVB, following all 40 bits of the UID and a checksum correlated with the cards type. The NVB is set to 70 here, indicating that the reader will trans

35、mit the complete UID. The card, that matches the UID, will respond to this message with a Select Acknowledge (SAK). The SAK contains 8 bits, which indicate whether the UID is complete and if the card supports the transmission protocol described in part four of the standard, or if the card supports a

36、nother specific protocol. The communication process is shown in figure 2.Figure 2: Communication between the card and the readerISO 14443-4Part four of the standard specifies a transmission protocol. This protocol is capable of transferring application protocol data units, as defined in ISO/IEC7816-

37、416. This protocol is only used when the SAK of the card is set on 20. In case of other values, the card uses a different transmission protocol. This protocol describes an addition to the normal procedure, and how blocks and frames are generated. The addition to the normal procedure, is an Answer To

38、 Select (ATS). When the reader sees the SAK at value 20, it will send out a Request Answer To Select(RATS). The RATS is shown in figure 3. The parameter field consists of two parts:1. The Frame Size for Device Integer (FSDI) codes the Frame Size for Device(FSD). The FSD defines the maximum size of a

39、 frame that the reader is able to receive.2. The Card IDentifier (CID) defines a unique identifier for every card.The card will respond to the RATS with an ATS. The ATS is shown in figure 3. The ATS is used to define parameters, to set how the exchange of data happens. The most important field is th

40、e TB(1) field, which codes the Frame Waiting Integer(FWI). This value is further examined in chapter 2.4. If the card supports any changeable parameters in the ATS, the reader may use a Protocol and Parameter Selection (PPS) request to change these parameters. This is not applicable to this research

41、, so it will not be further examined.Figure 3: Transmission protocol in the standardAfter receiving the ATS, the reader will start with the first challenge-response pair that is part of the access control application. The challenge-response pair is described in the ISO 7816-3 standard.16 After the c

42、hallenge-response sequence ends and a certain limit of pairs is reached, the reader will deactivate the card. With this action the reader will send a DESELECT frame to the card containing the appropriate CID and the UID. The card will send an acknowledgement response back, based on this request.2.3

43、Card typesLike the techniques in RFID systems, there are many variants in the implementation of contactless cards. For the ISO 14443, there are two types: Type A and Type B. The main differences between these types concern modulation methods, coding schemes13 and protocol initialization procedures14

44、. Both Type A and Type B cards use the same transmission protocol described in part 4 of the standard15. The transmission protocol species data block exchange and related mechanisms:Data block chainingWaiting time extensionMulti-activationThese are the MIFARE cards developed by NXP5. The cards are m

45、ostly based on the ISO 14443 standard, but some slighty differ according to their own version of the implementation of the transmission protocol. Looking at the tables above, the first observation here is that the first four cards do not have an ATS defined. As described in chapter 2.2, the ATS is u

46、sed to define the FWT. If the transmission protocol in part four of the standard, and therefor the ATS, there might be a proprietary protocol in use.2.4 Timing valuesPart four of the ISO 14443 standard describes two timing values, that are used as parameters for communication between the card and th

47、e reader. This chapter describes both values, which are the Frame Waiting Time (FWT) and the Waiting Time Extension (WTX).2.4.1 Frame Waiting TimeThe first timing value within the standard, is the Frame Waiting Time (FWT). The FWT is the allowed time between a request and a response. The FWT is set

48、in the ATS during the initialization phase. Each time a challenge and response sequence is sent and received by the reader, it will calculate the difference by means of the timestamps of the frame.Figure 4: Overview Frame Waiting TimeIf the difference between the request and the response is greater

49、than the FWT, the reader will try to resend the challenge, since a transmission error could have occurred. When the difference in the retry is also greater than the FWT, the reader will close the communication with the card. The reader calculates the FWT by means of the Frame Waiting Integer (FWI).

50、The FWI is a four bit field inside the ATS packet.Figure 5: Overview Frame Waiting Integer field2.4.2 Waiting Time ExtensionIt can happen that during the challenge response sequence, the card needs more computation time. The protocol described in part four of the standard species that the card can u

51、se the Waiting Time Extension (WTX) in such a case. The WTX is set by creating a frame with an S-Block format, shown in figure 6.Figure 6: S Block FormatAs stated in the standard, the S-Block will contain an Information field (INF), in the case of a WTX frame. This INF field is shown in figure 7.Fig

52、ure 7: Details Information (INF) fieldWithin this INF field the first part will set the power level. This will indicatewhether the card has enough power to process large command sets. The second part will set the Waiting Time Extension Multiplier (WTXM). The WTXM codes a 6 bit value that will be use

53、d to create the temporarily FWT used for that specific challenge-response pair. The representation of this bit will be in the range of 1 to 59. When the card sends the WTX request, the reader will respond to it with an acknowledgement containing the same information as the request. Both the card and

54、 the reader will then calculate the temporary FWT. Depending on the FWT that is being used by the RFID system, it is possible that the FWTtemp will be higher than the FWTmax. If this happens, the RFID system will use the FWTmax instead of the FWTtemp.2.5 Relay attackA RFID system can be subjected to

55、 many types of attacks, where this study will focus on relay attacks. This attack focuses on extending the range between the card and the reader and makes use of two NFC enabled devices, one acting as a reader and one acting as a card emulator. The access control system will not notice such an attac

56、k because it will think a card is actually in front of it.An attacker can hold the NFC reader near the card of a victim and relay the data over another communication channel to a second NFC reader. The second reader will be placed in proximity to the original reader and will emulate the victims card

57、. This setup is shown, in more depth, in figure 8.Figure 8: Overview relay attack2.5.1 Timing issuesIn telecommunication, delays are very common17. The term is used to explain the time a packet needs to travel from one node to another node. The delay is not only caused by propagation delay (how far

58、the packet needs to travel or the distance it needs to accomplish), but also the processing delay, (the time a router needs to process a packet). Two elements of processing delay are queuing time (the time a packet is in the routing queue) and the transmission queue(the time it takes to push the pac

59、kets on the link). For this research, the main focus will be on the distance and the delay that it causes.If you increase the physical distance between the two NFC devices, the packets that are relayed will take longer to travel. Because a RFID system has a certain FWT, the time between a challenge

60、and response will causes problems because it will be higher than the maximum allowed FWT.3 Test setupIn this chapter the test setup will be described. First, the test environment will be examined and the attack scenario will be described. A program is developed to change the FWT bit in the ATS phase

61、, in order to gain more time between the challenge-response pair. At the end of this chapter additional environments will be mentioned. These environments are real life situations, where the experiments will also be performed.3.1 EnvironmentTo test the attack scenario, a test environment was built.

62、This test environment was made with components that was provided by an access control manufacturer, and consists of:1. A wallreader2. Software to manage the access control on doors3. Empty proximity cardsWith these components, a replica of a company implementation was built, to test our attack scena

63、rio. The software to manage access control was installed on a laptop. With the laptop and the other components connected in a Local Area Network (LAN), it was possible to simulate a working test environment. The empty cards were of two types3.2 Network setupThe relay attack layout was build within a

64、 test network. The network in this project is shown in figure 9.Figure 9: Network setup overviewThe two NFC readers were each connected to a laptop by USB. The laptops were connected to a switch and each had a separate LAN. The router connected the two LANs. During the relay attack, the laptops used

65、 an open source program called Socat6 to initialize a TCP connection. Once this TCP connection is active, the challenge-response sequence will be transported over this channel. The readers that were connected to a laptop either performed the relay attack in initiator mode or in target mode. In initiator mode, the reader had the card in proximity, close enough to read the tag that was present on the card. It then connected to a target machine that sent the tag, where the target could emulate it. In target mode, the reader received a