One drawback with RFID chips is their inability to know the distance of any device that is interrogating them. That allows a malicious user to attack from a distance, more or less at leisure and without the owner being any the wiser. One problem, in particular, is that attackers can set themselves up as intermediaries between readers and cards, so-called relay attacks. This gives attackers all the information they need to mount future fraudulent attacks.
That’s an increasingly serious loophole given the role that these cards now play in our society. RFID cards control access to the public transport system, private cars, buildings and in some parts of the world act like ready cash.
In principle, it’s not hard to work out the distances by measuring the signal strength or round trip time of returned messages between the card and reader. The problem for RFID chips is that they normally have no internal power, receiving all they need from the reader, and very limited processing ability, which is determined by the standards to which they are designed.
One answer is to give the the chips their own juice and enough horsepower to make distance measurements. Various groups have proposed schemes like this. But in a sense, this defeats the object: RFID cards are useful because they are cheap and passive.
Now Eslam Gamal Ahmed and buddies at Ain Shams University in Cairo have a come up with a protocol that they say prevents relay attacks on standard low cost RFID chips. Their solution is to use both the valid reader and the RFID chip working together to discover and exclude a man-in-the-middle attacker.
Past approaches have tackled this problem by giving both the reader and the tag the ability to generate random numbers and to repeatedly swap them while measuring the propagation time. Distant attackers can listen to this exchange but can only intercede if they are able to guess and send the next bit in advance (otherwise, the increased propagation time will give them away). The protocols are designed so that the attacker has only a (1/2)^n chance of guessing correctly after n swaps.
The trouble with this protocol is that the RFID card has to generate its own random numbers, something that is impossible for today’s passive devices.
The trick the Egyptians have come up with is a protocol in which the reader generates random numbers, while the tag simply stores them. That something that current simple devices can easily do.
Crucially, Ahmed and co have tested the idea by simulating the processing ability of an ordinary low cost RFID chip on an FPGA and then implementing the new protocol. They say it works fine.
As ever, new security protocols need to be digested by the community before they can given any reasonable stamp of security assurance. Who knows what loophole their might be in such a scheme.
Nevertheless, this looks like an interesting approach. This and others like it will certainly be needed to counter the growing sophistication of attackers and protect the increasingly valuable loot they seek.
Ref: arxiv.org/abs/1004.1237: Lightweight Distance bound Protocol for Low Cost RFID Tags