315 lines
14 KiB
Plaintext
315 lines
14 KiB
Plaintext
Introduction into RFID
|
|
(C) 2005 by Harald Welte <laforge@gnumonks.org>
|
|
|
|
During the last couple of years, various different sectors of industry and
|
|
event government organizations started to talk about RFID technology.
|
|
|
|
The RFID industry makes huge promises, according to which RFID will penetrate
|
|
our everyday life in the very close future. RFID is used in the ICAO-compliant
|
|
electronic passports, for electronic ticketing in the public transport sector
|
|
and for tickets to events such as the soccer world championships in 2006.
|
|
Studies are performed on the feasability of putting RFID circuitry into every
|
|
Euro bill.
|
|
|
|
Contrary to those industry promises, there is a growing opposition among civil
|
|
liberties groups and the data protection community. The fear of abuse of this
|
|
technology to invade privacy even further is big.
|
|
|
|
The public debate on RFID is mostly on a very high and therefore abstract
|
|
level. Even within the technical community, there's a severe lack of knowledge when it comes to really understanding RFID.
|
|
|
|
This article tries to give a technical introduction into RFID,
|
|
summarizing what the author has learned throughout the last year during his
|
|
research and development.
|
|
|
|
|
|
A lot of the ambuguity related to RFID comes from the unclear term "RFID" and
|
|
it's various abuses. Strictly speaking, "RFID" means "Radio Frequency
|
|
IDentification" and therefore refers to any technology facilitating
|
|
identification of items using radio frequency.
|
|
|
|
However, the term is generally used for meny different technologies and
|
|
concepts.
|
|
|
|
Another common misconception is that most RFID systems in use today are based
|
|
on standards. To the opposite: In fact they're mostly proprietary systems
|
|
produced by specific vendors, who obviously all proclaim to have invented an
|
|
'industry standard". Even those few RFID protocols that have been standardized
|
|
by international standardization bodies such as ISO/IEC reflect the usual
|
|
"either it's done way A, if not it's done way B" paradigm that seems to
|
|
dominate the whole smart card industry. But that's enough of a rant for now.
|
|
|
|
|
|
Overview of an RFID system
|
|
|
|
A RFID system is usually composed of a reader device (which is always called
|
|
reader, even if it can write) and some (RF)ID tag.
|
|
|
|
Tag:
|
|
|
|
1) serial number only
|
|
The most simplistic RFID systems come with read-only "serial number" tags.
|
|
This basically means that the tag has a vendor-defined serial number (much like
|
|
a barcode on product packaging), that can only be read. Such systems generally
|
|
don't employ any form of authentication.
|
|
|
|
2) WORM tags
|
|
WORM(write once read many) tags can be written once (usually at the customer
|
|
site) and read many times.
|
|
|
|
3)read/write tags.
|
|
Instead of only being vendor programmable, they are actually (at least
|
|
partially) user programmable. Since no authentication is performed, anyone
|
|
with the respective equipment can write to such a tag.
|
|
|
|
3) read/write with security
|
|
This variant of tags employ read/writable memory plus some state machines that
|
|
allow for (mutual) authentication of reader and tag.
|
|
|
|
4) cryptographic smartcards with RF interface
|
|
The lateset generation of "tags" are not really "tags" anymore, but rather
|
|
cryptographic smart cards with an RF interface. This means that you have a
|
|
whole computer (sometimes called RFIC), including CPU, RAM, ROM, EEPROM,
|
|
hardware random number generator, hardware crypto, etc. Since such devices
|
|
originate from the smart card world, they sometimes even come as "dual
|
|
interface smart cards", i.e. employ both contact based and contactless (RFID)
|
|
interface.
|
|
|
|
|
|
Reader:
|
|
|
|
Readers are usually connected to some computer or network, using standard
|
|
interfaces such as RS232 ports, serial interfaces, USB, or Ethernet.
|
|
Unfortuantely, there is no standard either on hardware nor on software level.
|
|
This means that most RFID applications will be written against specific
|
|
vendor-rprovided driver or library API's. There's one notable exception:
|
|
Reader systems employing cryptographic smartcards with RF interface often
|
|
emulate API's from the contact-based smart card world such as PC/SC or CT-API.
|
|
|
|
|
|
|
|
RF Interface:
|
|
|
|
Between reader and tag there is some form of an RF interface. The RF interface
|
|
differs from system to system in many parameters, such as frequency,
|
|
modulation and operational principle.
|
|
|
|
magnetic coupling:
|
|
Most of todays RFID systems use a magnetic coupling principle. In such a
|
|
system, the reader provides a strong magnetic field (H-field). This field is
|
|
picked up by the antenna of a tag, and used to power the tag. Common
|
|
frequencies for such magnetically coupled RFID systems are 125kHz and 13.56MHz.
|
|
Magnetic systems often employ amplitude shift keying for the reader to tag
|
|
communications channel, and load modulation from tag to the reader.
|
|
|
|
The strong magnetic field only exists in the proximity of the readers' antenna.
|
|
Thus, magnetically coupled RFID systems are sometimes referred to as "proximity
|
|
RFID", often with operational ranges less than 10cm.
|
|
|
|
backscatter:
|
|
A lot of RFID systems under current developemnt operate in the UHF frequency
|
|
range (868 to 956 MHz, depending on the regulatory domain). They use the
|
|
electric field of the reader, and employ backscatter modulation from tag to
|
|
reader. The electrical field extends over longer distance than the magnetic
|
|
field. Therefore, the operational range of backscatter systems are within tens
|
|
of metres.
|
|
|
|
SAW:
|
|
SWA tags use low-power microwave radio signals. The tag converts them to
|
|
ultrasonic accoustic signals using a piezoelectric crystalline material.
|
|
Variations of the reflected signal can be used to provide a unique identity
|
|
such as a serial number.
|
|
|
|
The remaining article will focus on magnetic coupling RFID systems only, since
|
|
backscatter systems are not widely deployed yet, and therefore of little
|
|
practical relevance.
|
|
|
|
|
|
Protocols and standards:
|
|
|
|
For the commonly-used 13.56MHz based systems, there are two major protocols in
|
|
use, ISO14443 and ISO15693. ISO15693 seems only be used for "dumb" tag
|
|
applications, whereas ISO14443 is used frequently with RF interfaced processor
|
|
smart cards.
|
|
|
|
Besides the "physical layer" issues such as modulation, coding, bit timing,
|
|
and frequency, there are some other important tasks of an RFID protocol.
|
|
|
|
One of the funamental effects of RFID is the possibility of multiple tags
|
|
within the operating range of a reader, just like in any other shared medium
|
|
communication channel.
|
|
|
|
In order to cope with multiple tags, an anticollision procedure has to be
|
|
specifieid. Some sophisticated protocols (as 14443-4 )even allow a reader to
|
|
assign logical addresses to individual tags in order to communitace with
|
|
multiple tags.
|
|
|
|
|
|
ISO11784/11785
|
|
|
|
The ISO11784/11785 series of standards are used for identification of animals.
|
|
This family of standards operates at 134,2 kHz and uses the magnetic coupling
|
|
operational principle. It uses load modulation with no subcarrier and employs
|
|
a bi-phase-code for transmission of 64bit transponder data at 4194 bits/sec.
|
|
|
|
ISO14223
|
|
|
|
ISO14223 is an extension of 11784/11785 and allows for more data stored on the
|
|
tag/transponder.
|
|
|
|
ISO10536
|
|
|
|
ISO10536 describes "close coupling" smart cards, with an operational range of
|
|
up to 1cm. It employs inductive or capacitive coupling at 4.9152 MHz. Due to
|
|
this low operational range, they never appeared in widespread use on the market.
|
|
|
|
ISO14443
|
|
|
|
ISO14443 describes "proximity coupling identification cards". As opposed to
|
|
ISO10536, this stanrdard has an operational range of up to 10cm.
|
|
|
|
ISO14443 comes in two variants: ISO14443-A and ISO14443-B. They both operate
|
|
on the same frequency, but with different parameters.
|
|
|
|
14443A 14443B
|
|
mod rdr->tag 100%ASK 10%ASK
|
|
mod tag->rdr load modulation at load modulation at 847kHz, BPSK
|
|
847kHz, ASK
|
|
code rdr->tag modified miller NRZ
|
|
code tag->rdr manchester NRZ
|
|
anticol binary search slotted aloha
|
|
|
|
ISO14443-4 specifies an (optional) transport level protocol on top of the lower
|
|
three layers of the ISO14443 protocol. This transport protocol is sometimes
|
|
referred to as "T=CL" (transport=contactless). This designation bears its
|
|
origin in the smart card world, where other protocols such as "T=0" and "T=1"
|
|
are in widespread use for decades.
|
|
|
|
|
|
ISO15693:
|
|
|
|
ISO15693 describes "vicinity coupling" RFID, with an operational range of up
|
|
to 1m. Like ISO14443, it operates on 13.56 MHz and employs magnetic near-field
|
|
inductive coupling.
|
|
|
|
This standard again supports various modes, such as 10% or 100% ASK, 1.65kb/s
|
|
or 26.48kb/s data rate, ASK or FSK based load modulation.
|
|
|
|
ISO18000 series
|
|
|
|
This ISO series is under current development. It intends to specify unique
|
|
world wide standards for item management. Specifications include operation
|
|
on 13.56MHz, 2.45GHz, 5.8GHz and the 868 to 956 MHz UHF band.
|
|
|
|
The remaining paper will mostly look at ISO14443, since it is in widespread use
|
|
today and also used by the electronic Passport system specified by ICAO.
|
|
|
|
|
|
A closer look on Readers:
|
|
There's a variety of readers for the 13.56MHz world, ranging from embedded
|
|
readr modules to PC-connected readers for USB and serial connections,
|
|
Ethernet-connected readers as well as readers for handheld devices with
|
|
CompactFlash interface.
|
|
|
|
As opposed to the contact-based smartcard world where most readers now support
|
|
the USB CCID standard (to my surprise even non-usb devices!), there is no
|
|
standardization. Neither does any of the readers - to the best of the authors'
|
|
knowledge - have any publicly and/or freely available documentation. A similar
|
|
lack is observed for Linux drivers. If they are available, then often for an
|
|
extra charge, and in proprietary x86-only format.
|
|
|
|
On the electrical level, a lot of readers are surprisingly equal. Almost all
|
|
of them seem to use readily available "reader ASICs" of vendors such as TI or
|
|
Philips. Those ASIC's usually integrate both the analogue RF part (including
|
|
modulation/demodulation) and the digitial part. They are interfaced by serial
|
|
(SPI) or parallel address/data bus. As you could have guessed by now, there's
|
|
again no publicly/freely available documentation on any of the chipsets.
|
|
|
|
After doing some research and re-engineering on commonly-available existing
|
|
readers, there seems to be a two different basic architectures:
|
|
|
|
1) active
|
|
Active readers do all the 14443/15693 processing within a microcontroller of
|
|
the reader. Advantages of an active design are low latency, high speed and
|
|
applicability in embedded or remotely connected environments where no host
|
|
computer could do protocol processing.
|
|
|
|
2) passive
|
|
Passive readers simply include the most basic logic to interface the reader
|
|
ASIC with the external interface. Therefore all protocol processing has to be
|
|
done on the host system.
|
|
|
|
For obvious reasons, the passive architecture allows for cheaper development
|
|
and total product cost. The author anticipates that all PC-based readers will
|
|
eventually become passive. A commonly-available passive reader (Omnikey
|
|
CardMan 5121) was chosen for the development of librfid.
|
|
|
|
|
|
Omnikey CardMan 5121
|
|
|
|
On the first glance, the cm5121 is a USB CCID contact based smartcard reader.
|
|
It can be used with vendor-supplied proprietary drievers, or with various
|
|
freely available CCID reader drivers, such as the OpenCT project.
|
|
|
|
However, the RFID part is simply a Philips CL RC632 reader asic that can be
|
|
accessed transparently by issuing read/write_byte and read/write_fifo commands
|
|
via CCID PC_to_RDR_Escape usb messages.
|
|
|
|
The author further obtained a (publicly available, but encrypted) detailed data
|
|
sheet of the Philips CL RC632 reader asic, which magically decrypted itself by
|
|
using a couple of days worth of CPU power.
|
|
|
|
The CL RC632 is a multi-protocol reader asic, supporting 14443-A, 14443-B,
|
|
15693 as well as the proprietary 14443A-based Mifare system.
|
|
|
|
Using the data sheet, a free and GPL licensed RFID stack could be implemented
|
|
from scratch.
|
|
|
|
|
|
Security Issues
|
|
|
|
Sniffing
|
|
Like any RF interface, the magnetic RFID interface can be passively sniffed.
|
|
Due to the use of the H-field in 125kHz and 13.56MHz systems, the possible
|
|
surveillance range is very slow. Also, given the enormous power constraints
|
|
within the tag, the power put into the tag->reader channel is very low.
|
|
Furthermore, the main carrier and the subcarrier are very close in the radio
|
|
spectrum - while their signal strength differs some 60 to 80 dB.
|
|
|
|
Measurements conducted by the author do not suggest that passive surveilance of
|
|
ISO 14443 compliant systems is not possible outside a range of 4-5 metres - at
|
|
least not with DIY equipment.
|
|
|
|
|
|
DoS
|
|
ISO14443-A and -B anticollision systems are subject to denial of service
|
|
attacks.
|
|
|
|
For 14443-A, such an attack could simply cause one collision for every bit in
|
|
the address, thus preventing the reader to complete its binary search algoritm
|
|
and fully select one of the available tags.
|
|
|
|
Authenticity/Confidentiality
|
|
ISO14443-A doesn't provide any form of security. Any kind of authentication
|
|
and/or encryption has to be employed at a higher level, such as ISO7816 secure
|
|
messaging. Compare the system with a TCP/IP stack (level 1..4) with SSL/TLS on
|
|
top.
|
|
|
|
Proprietary Security
|
|
The security of vendor-speciifc proprietary systems such as Mifare are based on
|
|
security by obscurity. The encryption alogorithm is not publicly documented,
|
|
and only implemented in vendor-supplied hardware, usually the reader ASIC and
|
|
inside the tag itself. Keys are stored on the tag and in the reader ASIC.
|
|
|
|
Security by obscurity within the software industry generally doesn't work.
|
|
However, in the hardware world vendors still seems to assume it as a valid
|
|
paradigm.
|
|
|
|
The key lengths used seem extermely small (40bit). Should the algorithm ever
|
|
be uncovered, it is expected to compromise the security of the whole system.
|
|
The arithmetic complexity of the algorithm can only be low, given it's
|
|
implementation in lowest-cost state-machine-only tags. Therefore it is
|
|
expected that
|
|
|
|
|