talk: K. Mayes on Attacks on Smart Cards, RFIDs and Embedded System, 10am 10/10

October 8th, 2017

Attacks on Smart Cards, RFIDs and Embedded Systems

Prof. Keith Mayes
Royal Holloway University of London

10-11:00am Tuesday, 10 October 2017, ITE 325, UMBC

Smart Cards and RFIDs exist with a range of capabilities and are used in their billions throughout the world. The simpler devices have poor security, however, for many years, high-end smart cards have successfully been used in a range of systems such as banking, passports, mobile communication, satellite TV etc. Fundamental to their success is a specialist design to offer remarkable resistance to a wide range of attacks, including physical, side-channel and fault. This talk describes a range of known attacks and the countermeasures that are employed to defeat them.

Prof. Keith Mayes is the Head of the School of Mathematics and Information Security at Royal Holloway University of London. He received his BSc (Hons) in Electronic Engineering in 1983 from the University of Bath, and his PhD degree in Digital Image Processing in 1987. He is an active researcher/author with 100+ publications in numerous conferences, books and journals. His interests include the design of secure protocols, communications architectures and security tokens as well as associated attacks/countermeasures. He is a Fellow of the Institution of Engineering and Technology, a Founder Associate Member of the Institute of Information Security Professionals, a Member of the Licensing Executives Society and a member of the editorial board of the Journal of Theoretical and Applied Electronic Commerce Research (JTAER).

Android to support near field communication

November 15th, 2010

As TechCrunch and others report, Google’s Eric Schmidt announced that the next version of Android (Gingerbread 2.3) will support near field communication. What?

Wikipedia explains that NFC refers to RFID and RFID-like technology commonly used for contactless smart cards, mobile ticketing, and mobile payment systems.

Near Field Communication or NFC, is a short-range high frequency wireless communication technology which enables the exchange of data between devices over about a 10 centimeter (around 4 inches) distance.”

The next iphone is rumored to have something similar.

Support for NFC in popular smart phones could unleash lots of interesting applications, many of which have already been explored in research prototypes in labs around the world. One interesting possibility is that this could be used to allow android devices to share RDF queries and data with other devices.

Smart phones to absorb credit cards with RFID?

October 5th, 2010

iphone + RFID + credit cards Fastcompany has an article, Credit Cards Will Go Electronic, Then Disappear Into iPhone 5, predicting the merger of RFID-enabled credit cards and smart phones.

“Nokia plans to add antennas and RFID communications chips into its phones soon, and Apple has been patenting the heck out of the idea, but both companies were probably going to rely on an in-phone antenna loop. It seems increasingly certain Apple is going to bring RFID into common usage with the iPhone for 2011 (the iPhone 5) because there’s a new patent that shows just how far Apple has gone with design thinking for RFID. The patent shows how an RFID loop, powerful enough to act as both RFID tag or a tag-reader, can actually be built right into the complex layered circuitry of the iPhone (or iPod Touch) screen. We know Apple is fond of highly-polished design and integration, and this innovation is no exception. The screen has to be exposed by its very nature, which is good for RFID purposes — the wireless signal is unobstructed by other bulk in the smartphone, and it frees up Apple to do what it likes with the rest of the phone’s design.”

Maybe building RFID into smart phones will finally unleash the potential the technology offers for cool people oriented applications, as opposed to boring inventory management tasks. However, I don’t like the idea of not being able to use my credit card because my phone ran out of power.

Scientific American special issue: will technology kill privacy?

August 30th, 2008

Scientific American\'s special issue on The Future of Privacy, September 2008.The September 2008 Scientific American is a special issue on The Future of Privacy. The issue has a good range or articles that all look like they are well worth reading and touch on all of the theme in our new MURI project on assured information sharing.

New US RFID pass card raises privacy and security concerns

January 1st, 2008

Today’s Washington Post has a story, Electronic Passports Raise Privacy Issues, on the new passport card that’s part of the DOS/DHS Western Hemisphere Travel Initiative. The program is controversial since the cards use “vicinity read” radio frequency identification (RFID) technology that can be read from a distance of 20 or even 40 feet. This is in contrast to the ‘proximity read’ RFID tags in new US passports that require that the reader be within inches. The cards will be available to US citizens to speed their processing as they cross the borders in North America.

“The goal of the passport card, an alternative to the traditional passport, is to reduce the wait at land and sea border checkpoints by using an electronic device that can simultaneously read multiple cards’ radio frequency identification (RFID) signals from a distance, checking travelers against terrorist and criminal watchlists while they wait. “As people are approaching a port of inspection, they can show the card to the reader, and by the time they get to the inspector, all the information will have been verified and they can be waved on through,” said Ann Barrett, deputy assistant secretary of state for passport services, commenting on the final rule on passport cards published yesterday in the Federal Register. src

As described in the ruling published in the Federal Register, the Government feels that privacy concerns have been addressed.

“The government said that to protect the data against copying or theft, the chip will contain a unique identifying number linked to information in a secure government database but not to names, Social Security numbers or other personal information. It will also come with a protective sleeve to guard against hackers trying to skim data wirelessly, Barrett said.” src

Of course, if you carry the card in your purse or wallet, your movements can still be tracked by the unique ID on the card. There are also security concerns since the tag’s ID may be cloned.

“Randy Vanderhoof, executive director of the Smart Card Alliance, represents technology firms that make another kind of RFID chip, one that can only be read up close, and he is critical of the passport card’s technology. It offers no way to check whether the card is valid or a duplicate, he said, so a hacker could alter the number on the chip using the same techniques used in cloning. “Because there’s no security in the numbering system, a person who obtains a passport card and is later placed on a watchlist could easily alter the number on the passport card to someone else’s who’s not on the watchlist,” Vanderhoof said.” src

Gimme that RFID impant

January 16th, 2006

Smart doorknob: an exciting RFID application

November 27th, 2005

Here is what a smart doorknob can do.

“When you approach the door and you’re carrying groceries, it opens and lets you in. This doorknob is so smart, it can let the dog out but it won’t let six dogs come back in.

It will take FedEx packages and automatically sign for you when you’re not there. If you’re standing by the door, and a phone call comes in, the doorknob can tell you that ‘you’ve got a phone call from your son that I think you should take.”

This smart doorknob is part of a MIT research project called “Internet of Things” (see IHT). An interesting thing about this system is that it relies on the extensive usage of RFID tags. When it comes to RFID technology, some people are very worried, and some others are very excited.

UN foresees an Internet of things

November 17th, 2005

The Internet of Things is the seventh in the series of “ITU Internet Reports” published since 1997 by the UN’s International Telecommunication Union. The report will be available in mid November and include chapters on enabling technologies, the shaping of the market, emerging challenges and implications for the developing world, as well as comprehensive statistical tables covering over 200 economies. Here’s an AP story about today’s announcement at the World Summit on the Information Society [2] in Tunis.

Machines and objects to overtake humans on the Internet: ITU, AP, Nov 17

Machines will take over from humans as the biggest users of the Internet in a brave new world of electronic sensors, smart homes, and tags that track users’ movements and habits, the UN’s telecommunications agency predicted.

In a report entitled “Internet of Things”, the International Telecommunication Union (ITU) outlined the expected next stage in the technological revolution where humans, electronic devices, inanimate objects and databases are linked by a radically transformed Internet.

“It would seem that science fiction is slowly turning into science fact in an ‘Internet of Things’ based on ubiquitous network connectivity,” the report said Thursday, saying objects would take on human characteristics thanks to technological innovation.

UK tests active RFID license plates

August 23rd, 2005

The prospect of every licensed vehicle being required to have an active RFID tag raises lots of privacy issues, although in many ways ways we have them already with visual tags and modern image processing. It also opens the door to many new opportunities.

Brit License Plates Get Chipped, Mark Beard, Wired News, 9 august 2005

The British government is preparing to test new high-tech license plates containing microchips capable of transmitting unique vehicle identification numbers and other data to readers more than 300 feet away.

Proponents argue that making such RFID tags mandatory and ubiquitous is a logical move to counter the threat of terrorists using the roadways, and that it will scoop up insurance and registration scofflaws in the process.

The U.K. Department for Transport gave the official go-ahead for the microchipped number plates (as they are called in the United Kingdom) last week, and the trial is expected to begin later this year. The government has been tight-lipped about the details. One of the vendors bidding to participate in the trial said it would start with smartplates added to some police cars.

The point of the test is to see whether microchips will make number plates harder to tamper with and clone, said U.K. Department for Transport spokesman Ian Weller-Skitt. Many commuters use counterfeit plates to avoid the London congestion charge, a fee imposed on passenger vehicles entering central London during busy hours.

MORE (via Bruce Schneier)

User adaptive door from Japan

August 13th, 2005

This new automatic door from Japan creates a minimal opening for an object to pass through. The door is composed of a series of strips which open when activated by the infrared sensors on their edges. It’s said that the door also can identify people (RFID?) for security. Such doors can help manage energy loss in a a room, garage or freezer and protect a space from unwanted dust, pollen, bugs, and germs. Plus, they are cooler than the doors on Star Trek. See this video.

Here’s a marketing tip: get the door to occasionally say “Gee, you’ve lost weight, haven’t you?” and it will sell like hotcakes.

DHS to deploy RFID at border crossings

July 31st, 2005

The U.S. Department of Homeland Security will install radio frequency technology at five border posts with Canada and Mexico to track foreigners driving in and out of North America beginning this coming Thursday. As people pass thorough the security check once, they will be given an index card sized document containing the chip. The document is to be placed on the car’s dashboard so that a person’s personal information can be read as they approach a border crossing. The mandatory program will apply to all foreigners with U.S. visas–including those from the 27 countries whose citizens don’t need visas for short U.S. visits–who cross into the United States at those points. Canadians and Mexicans, who fall under special immigration rules, are exempt from needing the chip. (Link )

I found these quotes, from Link), to be misleading:

Kimberly Weissman, spokeswoman for the US-VISIT program at the U.S. Department of Homeland Security told The Whig-Standard yesterday that the new devices can’t be tracked outside the border crossing area. “It has a range of 10 to 15 metres,” she said. “The UHF frequency that we’ve chosen makes it impossible to locate a specific person.”

She must have meant that (1) while the tags were in the border crossing area they couldn’t be read from outside the area; (2) the tags are not designed for localization. Such mistatements, which I assume were due to carelessness, can come back to haunt.

Former Bush cabinet officer gets RFID implant

July 20th, 2005

President Bush’s first Health and Human Services Secretary, Tommy Thompson, former Governor of Wisconsin, is getting an RFID implant. Thompson has joined the board of Applied Digital, which owns VeriChip, the company that specializes in subcutaneous RFID tags for humans and pets. Thompson will get chiped to help promote the concepts behind the technology. If all of Applied Digital’s board members are required to get chipped it should make taking attendance at future board meetings much easier. (Link, spotted on Boing Boing)