8 Data Security RFID systems are increasingly being used in high security applications, such as access systems and systems for making payments or issuing tickets. However, the use of RFID systems in these applications necessitates the use of security measures to protect against attempted attacks, in which people try to trick the RFID system in order to gain unauthorised access to buildings or avail themselves of services (tickets) without paying. This is nothing new — we only have to look to myths and fairy stories to find examples of attempts to outsmart security systems. For example, Ali Baba was able to gain access to the supposedly secure hideout of the 40 thieves by discovering the secret password. Modern authentication protocols also work by checking knowledge of a secret (i.e. a cryptographic key). However, suitable algorithms can be employed to prevent the secret key being cracked. High security RFID systems must have a defence against the following individual attacks: • Unauthorised reading of a data carrier in order to duplicate and/or modify data. • The placing of a foreign data carrier within the interrogation zone of a reader with the intention of gaining unauthorised access to a building or receiving services without payment. • Eavesdropping into radio communications and replaying the data, in order to imitate a genuine data carrier (‘replay and fraud’). When selecting a suitable RFID system, consideration should be given to crypto- logical functions. Applications that do not require a security function (e.g. industrial automation, tool recognition) would be made unnecessarily expensive by the incorpo- ration of cryptological procedures. On the other hand, in high security applications (e.g. ticketing, payment systems) the omission of cryptological procedures can be a very expensive oversight if manipulated transponders are used to gain access to services without authorisation. 8.1 Mutual Symmetrical Authentication Mutual authentication between reader and transponder is based upon the principle of three-pass mutual authentication in accordance with ISO 9798-2, in which both RFID Handbook: Fundamentals and Applications in Contactless Smart Cards and Identification, Second Edition Klaus Finkenzeller Copyright  2003 John Wiley & Sons, Ltd. ISBN: 0-470-84402-7 222 8DATASECURITY participants in the communication check the other party’s knowledge of a secret (secret cryptological key). In this procedure, all the transponders and receivers that form part of an application are in possession of the same secret cryptological key K (→ symmetrical procedure). When a transponder first enters the interrogation zone of a reader it cannot be assumed that the two participants in the communication belong to the same application. From the point of view of the reader, there is a need to protect the application from manipulation using falsified data. Likewise, on the part of the transponder there is a need to protect the stored data from unauthorised reading or overwriting. The mutual authentication procedure begins with the reader sending a GET CHALLENGE command to the transponder. A random number R A is then gener- ated in the transponder and sent back to the reader (response → challenge–response procedure). The reader now generates a random number R B . Using the common secret key K and a common key algorithm e k , the reader calculates an encrypted data block (token 1), which contains both random numbers and additional control data, and sends this data block to the transponder. Token 1 = e K (R B || R A || ID A || Text1) The received token 1 is decrypted in the transponder and the random number R  A contained in the plain text is compared to the previously transmitted R A .Ifthetwo figures correspond, then the transponder has confirmed that the two common keys correspond. Another random number R A2 is generated in the transponder and this is used to calculate an encrypted data block (token 2), which also contains R B and control data. Token 2 is sent from the transponder to the reader. Token 2 = e K (R A2 || R B || Text2) The reader decrypts token 2 and checks whether R B , which was sent previously, corresponds with R  B , which has just been received. If the two figures correspond, then the reader is satisfied that the common key has been proven. Transponder and reader have thus ascertained that they belong to the same system and further communication between the two parties is thus legitimised (Figure 8.1). To sum up, the mutual authentication procedure has the following advantages: • The secret keys are never transmitted over the airwaves, only encrypted random numbers are transmitted. GET_CHALLENGE Random A Token 1 Token 2 Reader Transponder Key K Key K Figure 8.1 Mutual authentication procedure between transponder and reader 8.2 AUTHENTICATION USING DERIVED KEYS 223 • Two random numbers are always encrypted simultaneously. This rules out the possibility of performing an inverse transformation using R A to obtain token 1, with the aim of calculating the secret key. • The token can be encrypted using any algorithm. • The strict use of random numbers from two independent sources (transponder, reader) means that recording an authentication sequence for playback at a later date (replay attack) would fail. • A random key (session key) can be calculated from the random numbers generated, in order to cryptologically secure the subsequent data transmission. 8.2 Authentication Using Derived Keys One disadvantage of the authentication procedure described in Section 8.1 is that all transponders belonging to an application are secured using an identical cryptological key K. For applications that involve vast quantities of transponders (e.g. the ticketing system for the public transport network, which uses several million transponders) this represents a potential source of danger. Because such transponders are accessible to everyone in uncontrolled numbers, the small probability that the key for a transponder will be discovered must be taken into account. If this occurred, the procedure described above would be totally open to manipulation. A significant improvement on the authentication procedure described can be achieved by securing each transponder with a different cryptological key. To achieve this, the serial number of each transponder is read out during its production. A key K X is cal- culated (→ derived) using a cryptological algorithm and a master key K M ,andthe transponder is thus initialised. Each transponder thus receives a key linked to its own ID number and the master key K M . The mutual authentication begins by the reader requesting the ID number of the transponder (Figure 8.2). In a special security module in the reader, the SAM (security authentication module), the transponder’s specific key is calculated using the master key K M , so that this can be used to initiate the authentication procedure. The SAM Transponder Reader GET_ID ID-Number GET_CHALLENGE Random A Token 1 Token 2 ID-Number Production time Key K X Key K X Key K M K M Figure 8.2 In an authentication procedure based upon derived keys, a key unique to the transponder is first calculated in the reader from the serial number (ID number) of the transpon- der. This key must then be used for authentication 224 8DATASECURITY normally takes the form of a smart card with contacts incorporating a cryptoprocessor, which means that the stored master key can never be read. 8.3 Encrypted Data Transfer Chapter 7 described methods of dealing with interference caused by physical effects during data transmission. Let us now extend this model to a potential attacker. We can differentiate between two basic types of attack. Attacker 1 behaves passively and tries to eavesdrop into the transmission to discover confidential information for wrongful purposes. Attacker 2, on the other hand, behaves actively to manipulate the transmitted data and alter it to his benefit. See Figure 8.3. Cryptological procedures are used to protect against both passive and active attacks. To achieve this, the transmitted data (plain text) can be altered (encrypted) prior to transmission so that a potential attacker can no longer draw conclusions about the actual content of the message (plain text). Encrypted data transmission always takes place according to the same pattern. The transmission data (plain text) is transformed into cipher data (cipher text) (→ encryp- tion, ciphering) using a secret key K and a secret algorithm. Without knowing the encryption algorithm and the secret key K a potential attacker is unable to inter- pret the recorded data. It is not possible to recreate the transmission data from the cipher data. The cipher data is transformed back to its original form in the receiver using the secret key K  and the secret algorithm (→ decryption, deciphering ).SeeFigure8.4. If the keys K for ciphering and K  for deciphering are identical (K = K  )orin a direct relationship to each other, the procedure is a symmetrical key procedure.If knowledge of the key K is irrelevant to the deciphering process, the procedure is an asymmetrical key procedure. RFID systems have for a long time used only symmetrical procedures, therefore we will not describe other procedures in further detail here. If each character is individually encrypted prior to transmission, the procedure is known as sequential ciphering (or stream ciphering). If, on the other hand, several characters are incorporated into a block then we talk of a block cipher. Because block 94 0E 5F 85 FF 32 94 1E 5F 85 FF 32 1E Interference Transmission data Received data Attacker 1 Attacker 2 Figure 8.3 Attempted attacks on a data transmission. Attacker 1 attempts to eavesdrop, whereas attacker 2 maliciously alters the data 8.3 ENCRYPTED DATA TRANSFER 225 Transmission data 94 0E 5F 85 FF 32 Received data 94 0E 5F 85 FF 32 38 F0 17 33 05 62 Attacker Cipher data Key K KK ′ ??? Figure 8.4 By encrypting the data to be transmitted, this data can be effectively protected from eavesdropping or modification ciphers are generally very calculation intensive, they play a less important role in RFID systems. Therefore the emphasis is placed on sequential ciphers in what follows. A fundamental problem of all cryptological procedures is the secure distribution of the secret key K, which must be known by the authorised communication participants prior to the start of the data transfer procedure. 8.3.1 Stream cipher Sequential ciphers or stream ciphers are encryption algorithms in which the sequence of plain text characters is encrypted sequentially using a different function for every step (Fumy, 1994). The ideal realisation of a stream cipher is the so-called one-time pad, also known as the Vernam cipher after its discoverer (Longo, 1993). In this procedure a random key K is generated, for example using dice, prior to the transmission of encrypted data, and this key is made available to both parties (Figure 8.5). The key sequence is linked with the plain text sequence by the addition of characters or using XOR gating. The random sequence used as a key must be at least as long as the message to be encrypted, because periodic repetitions of a typically short key in relation to the plain text would permit cryptoanalysis and thus an attack on the transmission. Furthermore, the key may only be used once, which means that an extremely high level of security is required for the secure distribution of keys. Stream ciphering in this form is completely impractical for RFID systems. To overcome the problem of key generation and distribution, systems have been created based upon the principle of the one-time pad stream cipher, that use a so- called pseudorandom sequence instead of an actual random sequence. Pseudorandom sequences are generated using so-called pseudorandom generators. Figure 8.6 shows the fundamental principle of a sequential cipher using a pseudo- random generator: because the encryption function of a sequential cipher can change (at random) with every character, the function must be dependent not only upon the 226 8DATASECURITY Key destruction 0 1 0 1 0 0 0 1 1 1 0 1 Transmitted data 0 1 1 1 0 1 Received data Key 0 1 0 1 0 0 Key Cipher text Key generation Figure 8.5 In the one-time pad, keys generated from random numbers (dice) are used only once and then destroyed (wastepaper basket). The problem here is the secure transmission of the key between sender and recipient 1 0 Transmission data Cipher data Pseudorandom generator 1 1 0 1 0 1 1 0 1 0 f ( K ) M g ( K ) Figure 8.6 The principle underlying the generation of a secure key by a pseudorandom gen- erator current input character but also upon an additional feature, the internal state M.This internal state M is changed after every encryption step by the state transformation function g(K ). The pseudorandom generator is made up of the components M and g(K ). The security of the cipher depends principally upon the number of internal states M and the complexity of the transformation function g(K ). The study of sequential ciphers is thus primarily concerned with the analysis of pseudorandom generators. The encryption function f(K) itself, on the other hand, is generally very simple and can only comprise an addition or XOR logic gating (Fumy, 1994; Glogau, 1994). From a circuitry point of view, pseudorandom generators are realised by state machines. These consist of binary storage cells, so-called flip-flops. If a state machine 8.3 ENCRYPTED DATA TRANSFER 227 Shift register Timing pulse Flip-flop Switching device (coder) Figure 8.7 Basic circuit of a pseudorandom generator incorporating a linear feedback shift register (LFSR) has n storage cells then it can take on 2 n different internal M states. The state transformation function g(K ) is represented by combinatorial logic (a more detailed explanation of the functionality of state machines can be found in Chapter 10). The implementation and development of pseudorandom generators can be greatly simplified if we restrict ourselves to the use of linear feedback shift registers (Figure 8.7). A shift register is realised by the serial connection of flip-flops (output n is connected with input n+1 ) and the parallel connection of all timing inputs. The content of the flip- flop cell is shifted forwards by one position with every timing pulse. The content of the last flip-flop is output (Golomb, 1982; Rueppel, 1986). . of RFID systems in these applications necessitates the use of security measures to protect against attempted attacks, in which people try to trick the RFID. 8 Data Security RFID systems are increasingly being used in high security applications, such