We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Emerging Technology from the arXiv

A View from Emerging Technology from the arXiv

How to Stop Distant Attacks on RFID Chips

The limited power and processing ability of RFID chips makes them vulnerable to attackers operating at a distance. A new protocol could tackle this problem.

  • April 16, 2010

One drawback with RFID chips is their inability to know the distance of any device that is interrogating them. That allows a malicious user to attack from a distance, more or less at leisure and without the owner being any the wiser. One problem, in particular, is that attackers can set themselves up as intermediaries between readers and cards, so-called relay attacks. This gives attackers all the information they need to mount future fraudulent attacks.

That’s an increasingly serious loophole given the role that these cards now play in our society. RFID cards control access to the public transport system, private cars, buildings and in some parts of the world act like ready cash.

In principle, it’s not hard to work out the distances by measuring the signal strength or round trip time of returned messages between the card and reader. The problem for RFID chips is that they normally have no internal power, receiving all they need from the reader, and very limited processing ability, which is determined by the standards to which they are designed.

One answer is to give the the chips their own juice and enough horsepower to make distance measurements. Various groups have proposed schemes like this. But in a sense, this defeats the object: RFID cards are useful because they are cheap and passive.

Now Eslam Gamal Ahmed and buddies at Ain Shams University in Cairo have a come up with a protocol that they say prevents relay attacks on standard low cost RFID chips. Their solution is to use both the valid reader and the RFID chip working together to discover and exclude a man-in-the-middle attacker.

Past approaches have tackled this problem by giving both the reader and the tag the ability to generate random numbers and to repeatedly swap them while measuring the propagation time. Distant attackers can listen to this exchange but can only intercede if they are able to guess and send the next bit in advance (otherwise, the increased propagation time will give them away). The protocols are designed so that the attacker has only a (1/2)^n chance of guessing correctly after n swaps.

The trouble with this protocol is that the RFID card has to generate its own random numbers, something that is impossible for today’s passive devices.

The trick the Egyptians have come up with is a protocol in which the reader generates random numbers, while the tag simply stores them. That something that current simple devices can easily do.

Crucially, Ahmed and co have tested the idea by simulating the processing ability of an ordinary low cost RFID chip on an FPGA and then implementing the new protocol. They say it works fine.

As ever, new security protocols need to be digested by the community before they can given any reasonable stamp of security assurance. Who knows what loophole their might be in such a scheme.

Nevertheless, this looks like an interesting approach. This and others like it will certainly be needed to counter the growing sophistication of attackers and protect the increasingly valuable loot they seek.

Ref: arxiv.org/abs/1004.1237: Lightweight Distance bound Protocol for Low Cost RFID Tags

Want to go ad free? No ad blockers needed.

Become an Insider
Already an Insider? Log in.
Want more award-winning journalism? Subscribe to Insider Plus.
  • Insider Plus {! insider.prices.plus !}*

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    Print + Digital Magazine (6 bi-monthly issues)

    Unlimited online access including all articles, multimedia, and more

    The Download newsletter with top tech stories delivered daily to your inbox

    Technology Review PDF magazine archive, including articles, images, and covers dating back to 1899

    10% Discount to MIT Technology Review events and MIT Press

    Ad-free website experience

You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.