One drawback with RFID chips is their inability to know the distance of any device that is interrogating them. That allows a malicious user to attack from a distance, more or less at leisure and without the owner being any the wiser. One problem, in particular, is that attackers can set themselves up as intermediaries between readers and cards, so-called relay attacks. This gives attackers all the information they need to mount future fraudulent attacks.
That’s an increasingly serious loophole given the role that these cards now play in our society. RFID cards control access to the public transport system, private cars, buildings and in some parts of the world act like ready cash.
In principle, it’s not hard to work out the distances by measuring the signal strength or round trip time of returned messages between the card and reader. The problem for RFID chips is that they normally have no internal power, receiving all they need from the reader, and very limited processing ability, which is determined by the standards to which they are designed.
One answer is to give the the chips their own juice and enough horsepower to make distance measurements. Various groups have proposed schemes like this. But in a sense, this defeats the object: RFID cards are useful because they are cheap and passive.
Now Eslam Gamal Ahmed and buddies at Ain Shams University in Cairo have a come up with a protocol that they say prevents relay attacks on standard low cost RFID chips. Their solution is to use both the valid reader and the RFID chip working together to discover and exclude a man-in-the-middle attacker.
Past approaches have tackled this problem by giving both the reader and the tag the ability to generate random numbers and to repeatedly swap them while measuring the propagation time. Distant attackers can listen to this exchange but can only intercede if they are able to guess and send the next bit in advance (otherwise, the increased propagation time will give them away). The protocols are designed so that the attacker has only a (1/2)^n chance of guessing correctly after n swaps.
The trouble with this protocol is that the RFID card has to generate its own random numbers, something that is impossible for today’s passive devices.
The trick the Egyptians have come up with is a protocol in which the reader generates random numbers, while the tag simply stores them. That something that current simple devices can easily do.
Crucially, Ahmed and co have tested the idea by simulating the processing ability of an ordinary low cost RFID chip on an FPGA and then implementing the new protocol. They say it works fine.
As ever, new security protocols need to be digested by the community before they can given any reasonable stamp of security assurance. Who knows what loophole their might be in such a scheme.
Nevertheless, this looks like an interesting approach. This and others like it will certainly be needed to counter the growing sophistication of attackers and protect the increasingly valuable loot they seek.
Ref: arxiv.org/abs/1004.1237: Lightweight Distance bound Protocol for Low Cost RFID Tags
The worst technology of 2021
Face filters, billionaires in space, and home-buying algorithms that overpay all made our annual list of technology gone wrong.
A horrifying new AI app swaps women into porn videos with a click
Deepfake researchers have long feared the day this would arrive.
Meet Altos Labs, Silicon Valley’s latest wild bet on living forever
Funders of a deep-pocketed new "rejuvenation" startup are said to include Jeff Bezos and Yuri Milner.
A gene-edited pig’s heart has been transplanted into a human for the first time
The procedure is a one-off, and highly experimental, but the technique could help reduce transplant waiting lists in the future.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.