Okay, that's good.
One person.
So far so good.
So my name is Jonathan Westues and today I'm going to be talking about proximity cards.
My qualifications for this are more or less that for a little while in 2003, I was working for a company that used proximity cards to control access to the building.
So you know, they gave me this featureless white card and I would hold it within a few inches of the reader every morning and every morning the door would open.
So of course it's all very magical that they work like that and you can hold your hand between them and you don't have to remove it from your wallet and it can read for basically any solid material that's not metal.
So the whole thing is very magical and of course I wanted to know how the things worked.
And actually I was also after this like big reverse engineering exercise where I had to go through pages and pages of complicated protocol.
But luckily it turns out that they actually designed the cards that my company was using with no security at all.
So that actually makes the presentation a little bit shorter and not as interesting.
But I'm going to be talking a little bit about first of all how the cards work, you know, what little pieces of physics and so on they exploit.
And then once I've talked a little bit about that I'm going to discuss what the signals are like over there, what kind of hardware do you need to talk about with them.
And then once I've described that and once I've described the protocol that the FlexPass cards, which are a particular brand of proximity card that my employer was using,
once I've described a particular protocol that they use it's pretty obvious what to do, do you want to copy one and so on.
But I think there are a few things you can do that are maybe not quite so obvious.
There's sort of engineering improvements that you know, the attack still works perfectly and it's not like you did anything mathematically different.
But you know, you can stand further away from them and still steal the card out of their wallet and stuff like that.
And finally it's pretty obvious what kind of techniques you can use to avoid that kind of attack.
And in fact people are doing so and I'll talk about some of the ways you can do that.
So to begin, a proximity card is basically exactly the same sort of device as a passive RFID tag.
What you have in either case is just this little thing that's used to track some object.
And whether that object happens to be an employee on his way through the water cooler or a power out on his way through the warehouse,
the physicist's advice actually don't change at all.
So I'll state card and proximity card and tag sort of interchangeably.
There's another thing called active RFID tags.
They're basically just a little radio transmitter with a battery so they're like any other kind of radio link.
So there's not as much stuff to talk about with them.
But the trick with the RFID tag is that first of all you can sort of infer from the RF part of it
that the link between the reader and the tag is a radio frequency link.
So in that sense it's the same sort of communications link as between, for example,
a cellular phone in the base station or between a couple of kids with a pair of rocket hockey's or whatever.
So I mean this is all stuff you use for your energy to transmit information.
But the trick is that you want to make the RFID tag as small and as cheap as possible.
And that means that there's really no space either physically or in your budget to fit in a little lithium battery or something.
So the trick with RFID tags, and you might actually don't know this but I'm going to say this anyway in case someone doesn't.
The trick with RFID tags is that the tag is actually powered by the reader.
So to accomplish this, the reader at all times transmits a very powerful carrier.
That is to say it transmits a signal that carries no information.
So think of something more like a microwave oven or something.
You're using the energy not to transmit information but simply to get some power transferred over the air.
So then the tag has an antenna that receives some fraction of the power that the reader is transmitting.
And from that it generates a nice little 3.3 volt rail to run its digital logic.
So that means you have the tag has power which means you can run your little microcontroller type thing or the little logic that reads an idea out of RAM or something.
So all good.
Then the next thing the tag can do is it can actually return an information bearing signal.
And it can do that using some of the power that's incident upon it from the reader.
So the trick with the RFID tags is that it actually does that on the same frequency.
So that means it uses the same antenna, it uses the same sort of interface components to the antenna.
And you basically keep the parts countdown as small as possible.
Of course there exists RFID tags where there's also communications from the reader to the tag.
The reader does that by modulating the signal that it sends.
It's just a sort of refinement to the concept because I mean it's easy to transmit a signal when you're going to plug it into the wall.
So you have lots of power available.
You have lots of room for discrete circuitry and so on.
So let's take a look at an RFID tag.
What you see here is a TI tag, Texas Instruments.
They make a whole line of tags with different sort of electrical properties and different sort of capabilities in this package.
And what I liked about them just to show them here is that of course they're transparent so you can see what the parts are.
So if you look over here you can see a little coil antenna.
This particular tag happens to operate around 134 kHz.
You know radio that's a very low frequency.
Think of your AM radio which is about the lowest frequency signal most people run into.
That's already operating around 500 kHz at the bottom.
So the radio link, and you can think about it sort of like a transformer bridge with the two halves and you just move them apart.
And you know the transformer works worse and worse as you move them apart but you can still get a little bit of energy through.
Then you can see there if you're an electronic sort of person you'll recognize two or three ordinary surface mount capacitors.
Probably only about five doses of three of these.
And one of those is the antenna tuning capacitor and one of them is used for energy storage to sort of like smooth out the DC rail so that you don't have to ripple on it when the carrier goes away because that's a good choice in the TI tags too.
And then finally if we could see the other side of the tag which we can't we would see a black epoxy block and under there there is a full custom integrated circuit and that is what actually contains the chip that does all the logic.
So I'll just show another part by VTag for an example.
And here you see that, I mean it looks completely different but the parts are still there.
So before we had a coil of hundreds and hundreds of turns of magnet wire.
Now we have a coil of only a few turns of foil.
The reason for this is because the previous tag worked at 134 kilohertz this one works at 13.56 megahertz.
The frequency changes, the physics change and wow you need a different kind of antenna.
And similarly you can see that they did the capacitor a bit differently.
You don't need nearly so much capacitance which means that you can actually integrate the capacitor.
If you think back to your high school physics you may remember the concept of a parallel plate capacitor where you have foil, two pieces of foil with some insulator between them.
That's what you have here.
The insulator is a plastic substrate, the foil is a conductors.
And then this time we can actually see the check there.
And you can see that it's using some sort of fancy packaging technology.
Obviously they're not going to put the thing in an epoxy case or anything.
So with any RFID tag, no matter how they do the, no matter what frequency it operates on, no matter what particular details of the protocol they chose,
you'll have a situation kind of like this.
Over the air you're always going to have two signals.
The first signal that you have is the signal that's required to power the tag.
And that is sent by the reader and that is of course very powerful because you want to get through not just enough power that you can detect through the signals out there,
but enough power that you can rectify it and you can build yourself a DC rail and you can run a microprocessor off of that.
So you have one powerful signal with no information and then the tag returns a very weak signal that carries the information.
And that has to be a weak signal because the only power available to the tag is the power that was incident on that from the reader,
which is going to be only a fraction of the power that the reader transmits.
So that means that when you're actually looking at the signal at the reader, you're going to see the superposition of the two signals.
Well, because that's what signals do.
So you're going to see a really big signal with no information on it.
And on top of that, you're going to see this really weak signal riding on it.
And that's the one you actually care about.
In this case, of course, I greatly exaggerated the modulation depth.
If I actually drew it the way that it looked for real, then you wouldn't be able to see the information during signal at all.
So what that means is that the situation isn't really the same as a typical radio link
because in a typical radio link, you don't have this big spike of carrier right in the middle of everything that you have to somehow reject.
So that means that the electronic techniques that you use to deal with these signals are a little bit unusual.
So that's basically the only point that I'm making there is that you need special hardware.
So I had this card that my employer issued me, and I had access to their readers.
That is to say that I can say late at night and hope that the security guard didn't come while I was probing on it.
Anyways, so the question was how do you figure out how the tags work?
So the first thing, well, what's been pointed out to me last night actually is that I could have just read the data sheet for the ICs
and it would have told me exactly how they worked.
But that turns out not to be what I needed at that time, of course.
So I had to experiment.
So the first thing that I had to do, and that's not what that is on the list, is to determine the frequency of operation of the tag.
Because as I said previously, the tags operate on a variety of different frequency bands.
If you try to energize it at the wrong frequency, then nothing happens because the antennas just aren't tuned to that.
So I did that. Well, take a broadband antenna, put it near the legitimate reader, measure the frequency of the signal that it's sending out.
And half of the back signal was at 125 kilohertz.
Okay, so now that I know that it works at 125 kilohertz.
So the next thing that I had to do is to look at what kind of modulation method was used.
Because there's a lot of ways to turn bits into signals that can be sent over the air.
I mean, think of the fancy modulation schemes that your cell phone uses.
It's like pages and pages of Etsy documents just describing the mathematical relations that turn bits into some sort of signal that you can feed into the RF private.
No, the RF private that you can feed into the RF subsystem.
So it happened that the actual modulation scheme that the flexcast cards used was PSK with an operating frequency of 62.5 kilohertz that modulated carrier.
It doesn't really matter what that means.
It's just a matter of looking at the signal sent over the air.
And you can do that with a little bit of custom electronics and a scope that's just ordinary development work at that point.
And picking out what kind of modulation method is used.
Then once you've done that, it's just sort of a matter of figuring out the communication parameters of the link.
Figure out what the bit time is.
Figure out what kind of transition represents a one versus a zero and so on.
So that way you can sort of reverse engineer the parameters of the link.
And then you can buy or build.
In my case I built it because I don't know where you can buy it without spending thousands and thousands of dollars.
But you do something that will cause you to end up with a piece of hardware that will allow you to speak to the card.
And my thought was that okay, at that point I can start trying to figure out what the higher layer protocols are.
And then I can figure out what kind of signal in the center between the card and the reader.
And I can see if it's secure and I can see whether I can maybe take some portion of that out.
What it turns out though is that the signaling between the card and the reader is basically nothing.
The card has the secret ID.
The ID is 64 bits in length of which a lot of them seem like they're mostly zero.
But I store all 64 of them in my attack because it's not really worth figuring out which ones are important and which ones aren't.
But in any case, the card has its secret ID code.
It has that stored in memory and the card sends the ID code to the reader over the air.
Then the reader has the list of authorized IDs.
It verifies that the ID that it's received is on that list.
And if the ID is on the list, the door opens. Otherwise it doesn't.
And that's it.
So as soon as I had the radio reverse engineered, as soon as I figured out the modulation method and the frequency of operation, the bit time, the length of the ID and so on, I was done.
And that's the point at which I built this.
So what this is, and you can see it's much easier to see on the slide where the case was still transparent.
What this is is a sort of the multi-purpose cloner, replayer, reader, snooper device for the black box cards.
So if you look on the slide, then you can see the basic pieces of it.
So around the edges, there's the coil antenna.
You can think of the strange similarity between that coil antenna and the coil antenna back a lot of slides ago on the TI tag.
It's the same kind of frequency of operation, so you use the same kind of antenna.
And therefore, I live in this case.
So that's my antenna. The thing runs off of a couple of lithium batteries.
Then on the circuit board, you can pick out a microcontroller that runs most of the show.
A couple of streets that do some power sort of things because you need a power driver to run the antenna to generate that powerful carrier that powers the tag.
And then you can pick out some analog circuitry off to the side here, and that copes with stuff like basically transforming the signal from the antenna into something that I can deal with in the microcontroller.
So the use of this device is pretty simple.
Unfortunately, I don't have a demo because the legitimate reader is still stuck to the wall of my old employer, in fact, 600 kilometers from here.
But what you do is you simply press the read button.
And lights light up.
Then you hold the card nearby. It reads the card.
It reads the card a number of times, in fact, to verify that it has the ID correct.
Because, you know, it would be embarrassing to go to all that trouble and then accidentally false sync on it and get the wrong ID.
And then as soon as it has the ID in memory, well, you're set.
You just place it, you know, you just walk up to the reader, push the replay button, and the door opens.
Because, I mean, there wasn't any security to defeat.
It's like...
I know, isn't this a boring talk?
Yeah?
Oh, I'll get to this.
In fact, I'll get to this in two sides.
But anyways, my point with this is that there's nothing difficult about this.
The only security that these had was the complexity of the hardware.
And that is not so bad.
It's low frequency of operation, like I said, 125 kilohertz.
That's like practically audio frequency.
There's nothing difficult about the intellectual design at this point.
Anyone who understands this can clone them.
I mean, I don't think that the engineers who designed the cards would be so surprised.
But anyways, I'll get to the big question now as to what the read range is.
Because, of course, if you have a read range of two or three inches, then that's already not bad.
Because, you know, walk by someone in the hall, and you have a read range of two or three inches of them without too much trouble, or bump into them in the subway.
You know, if you can get like five or ten feet, then you could do a little bit better.
So I'm going to answer this very vaguely, and I'm going to try to say as little as I can so that you can't come down in case someone does better or worse than I said you could.
And I'll say that it depends.
Because there's a number of things that determine the read range that you can achieve.
The first thing is the card actually has to be powered, right?
Because, as I said, the reader supplies the power to the card.
So the card has to be close enough to the reader, and the reader has to be pumping out enough power that, you know, the microcontroller thingy in there powers up and it can all run.
So that's the first thing.
The second thing is the information here signal that the RFID type sends back still has to be intelligible at the reader.
Because I mean, this is more familiar to any kind of radio link. When you're in a car listening to your app on radio, as you drive away from the station, it gets weaker and weaker and weaker until you can't hear it over the noise.
And the same sort of effect is present here.
What it turns out, the first effect dominates, at least with the short to medium range readers that I was working with.
So it's a question of how much power can you get out there to the tag?
And, wow, I mean, in theory, you can pop out as much as you want.
But there's practical limits.
The first limit is, of course, that NASDAQ agency that goes by the name of the FCC or Industry Canada here, because they say that you can only transmit so much on 125 kHz.
But we can ignore that one.
So moving along to the practical limitations.
The first limitation is that antennas at 125 kHz are basically negligibly efficient.
They overwrite. It's the nature of the signals.
So that means that to get even a small amount of energy coming out of the antenna, you have to put a very large amount of energy into the antenna.
And, of course, the energy that doesn't come out, this radiation, is going to be coming out as heat.
So that introduces all sorts of interesting practical limitations, if you don't want your antenna coil to melt, and if you don't want to have to put a car battery in your backpack to run the run.
The other thing is, I mean, I don't think it's any secret to anyone that antennas tend to work better the bigger you make them.
If you look at commercial long-range readers, because such things do exist.
I mean, people use RFID tags very similar to flex-mass cards in warehouses, and there, they have a different reason to be allowing to read them from a long distance.
But in those sorts of situations, they use sort of data antennas that are getting so high and this wide.
So, depending on what kind of power you can throw at it, depending on how big you can make the antenna, and depending on all sorts of things, your read range will vary.
Okay, what will it vary between? I'll say very big. We have more than a couple of these.
The batteries are weak, the coil is small, and so on.
If you have a data, if you're willing to have some sort of strange assembly that fits in the back of a camel truck, and you back it up to your victim as they're walking by on the street.
Okay, maybe you're going to be pushing the definition of a queue.
Maybe an aircraft will mistake you for a navigation beacon.
Okay, so the FCC is good for something. They use all the latest signal processing techniques to try to really get a good, sensitive receiver.
And of course, that's the situation that occurs when the legitimate reader energizes the card.
So, if I want to snoop on people as they walk by on the street, then I have to, I mean, it's difficult for me.
Because not only do I have to read the signal that the card returns, but I have to actually get the energy out there to the card.
But if I set up within a few feet of a legitimate reader, which could be outside the building of the parking lot or something, then the employee is hopefully going to energize the thing for me.
So, at that point, the more difficult part of the task is already done. So you can set yourself only to the task of picking out the signal from that big area that the reader transmits in the noise.
I haven't actually tried to do this really, really well. The smart way to, I don't know, I have some ideas on the smartest ways to do that you need.
You don't want to go straight into a digital signal processor or anything because of the dynamic range of the signal.
You need to have that big carrier. But I have some ideas on the smart way to do that, but I haven't actually tried it.
So, I can't really commit to how well this works. But I can say pretty confidently that this will work a fair bit better than trying to energize the tag and read it yourself.
And of course, the other thing you want to keep in mind as you think about all these attacks is, remember, the signal goes through walls.
It goes through anything that's not metal, more or less. Which means that, you know, the most obvious place to set up an eavesdropper doesn't necessarily have to have a line in sight to the device.
And I think there's other ways that you can, you know, make sort of small engineering improvements to the quality of the attack.
So, one way that seems rather obvious to me is that the cards, when they're in the field, I mean, they're not smart enough to know that the door was already opened.
So, they just repeat their idea over and over and over in a week. And of course, the reader doesn't care. I mean, it just has to read it once and open the door.
So, it doesn't really care what the tag does before or after. But, I mean, once you do the math with the bit times and the idea,
the time that someone holds the card by the reader, the idea is probably not going to repeat it quite a lot of times.
And that means you can apply the mutual signal processing methods to sort of average together the multiple copies of it.
Which means that you can get your sensitivity up a little bit. It's the same sort of idea as error-correcting code. It's a very bad error-correcting code, but, you know, take what you can get, I guess.
So, you have all these interesting problems. And I think the fundamental cause of all these problems is that the, well, the tag operates using radio frequency energy.
And that energy doesn't sort of stop where you want it to. It keeps going, you know, all the way past the legitimate reader to the game's drop or the panel in the parking lot.
So, I mean, the problem is that the energy goes too far. So, the solution, I mean, no, no, no, this time the tin foil was for real, actually.
The solution is that you just put the card in this metal box, of course, when you're not using it.
You can buy those. I think it's like 30 US dollars or something in pre-shipping.
You don't need to be in great demand. But, you know, you can do better with that, of course.
So, if you think about it from an information security standpoint, I mean, the problem is that the secret ID, which is the only thing that sort of the card has to prove who it is to the reader,
that secret ID gets sent over the air every time. And then that's the problem, right? Because the e-drop group listens in, gets a secret ID, and, okay, now I mean, you're done for it.
There's nothing secret anymore. So, I mean, the solution to that is that the ID simply has to be transmitted over the air in encrypted form.
So, that's what Motorola has come up with. What you do, or maybe it was Indala at the time, Motorola and Indala bought a prox card business from each other a few times, and it went back and forth, and I lost track of it.
But anyway, one of them had the idea that, okay, so we'll take the ID and we'll encrypt it.
So, that means that the ID programmed into the card, I mean, is fixed, but it's encrypted. So, then, I mean, when the card is in the field now, that means that the encrypted ID will be sent over the air.
So, now it's a simple matter in your reader to decrypt the ID, because the reader also knows the key, and then the reader simply has to compare the decrypted ID against its sort of list of legitimate IDs, and now it knows whether to open the door.
And I mean, the trick is that then this system is secure because the unencrypted ID, which is the real secret, never goes over the air.
And then the only problem with this technique is that it doesn't work at all.
Because, I mean, from the standpoint of an attacker, okay, so it's an arbitrary bit string that's sent over the air, and I have to reproduce it.
So, now, okay, so it's an arbitrary bit string that happens to be the encrypted version of another arbitrary bit string.
Oh, good.
So, yeah, I found out that this security feature was present long after I had phoned the card.
So, it's funny, I'm laughing at them now, but it is actually good for something.
I don't know, I can easily imagine without that, that, you know, okay, so we're setting up proximity cards at this new company.
So, okay, the president will get card number one, and the vice president will get card number two, and then, you know, all the way down to like the janitor with card number 468.
And if the non-companies did that, then, I mean, you wouldn't even need to clone a card.
You'd just sort of start counting at zero, you know, maybe wait until you get the janitor or something.
So, in that sense, it does at least make the IDs look random, and it's good for that.
You know, I mean, I can easily, yeah, I can easily imagine someone using some sort of like really valuable piece of information
or programing with your credit card number or something without it.
So, maybe it's not so bad, but certainly that kind of security feature doesn't do anything to help you with the cloning problem.
So, the solution is, of course, to do the coverage. That should be pretty obvious to anyone.
So, you can do a challenge response scheme. You can do basically any kind of scheme.
You could do between two hosts on the internet. You could do between a tag and the reader.
And there's nothing really knuckle about any of this. And in fact, you can buy cards that do it now.
So, you might ask yourself, you know, why didn't they do this from the beginning? Oh, because they're stupid.
Well, no. It does actually cost you a little bit more to do something like challenge response in this application than between two hosts on the internet.
In this application, for example, before, with my FlexPass card, with my massively insecure FlexPass card,
it did at least have the advantage that the communications between the tag and the reader were one way.
The tag sent its ID to the reader, and the reader listened for the ID from the tag.
But the reader never actually sent anything to the tag. So, that was kind of nice, because that means you can sort of cut down on the pieces in your communications.
And the other nice thing before is that the task, in terms of computational complexity, that the tag has to perform is actually not that bad.
You know, you read an ID out of memory, and you modulate it, and you send it out with the error.
You know, you're looking at like hundreds of gates here, but it's nothing.
Any crypto algorithm is going to be worse than that. I mean, it depends on the algorithm.
There's lots of research that's far beyond being to develop algorithms that are particularly efficient to implementing hardware and so on.
So, you know, you can probably do something smart, but it will be worse than just a simple ID, if only hard, regardless.
And then the other cost, of course, is that no matter what you do, you're going to end up requiring that bi-directional communication.
So, that means, you know, there's nothing fundamentally hard about this, but it's just more pieces.
And in software, more pieces is, you know, a little bit more executable space.
And well, the JPEG with the splash screen is already 300k, so who cares?
But in this sort of application, you know, you do care a little.
So, there is one separate way, actually, that you can do it a little bit differently, because in a classical challenge response scheme,
you know, the reader gets, the reader comes up with some random challenge because you go through the listing sequence,
and any code that was used before will never be used again, which means that a new drop will end up with nothing.
And of course, instead of having a list of codes, you can have like a counter and an algorithm that generates them.
So, this sort of scheme is good, because you don't need the bi-directional communications anymore.
I mean, I know that I can send code number seven, and the reader knows that it's expecting code number seven.
Okay, so I send code number seven.
And then at that point, the reader, okay, I got a legitimate code. That means I should update my counter.
Okay, so now the reader is expecting code number eight, and the tag goes, okay, I sent a code. So that means I should update my counter.
So next time, the tag, it should send code number eight.
So this all works without the bi-directional communications.
The problem is that in exchange for that, now you need non-volatile storage, because you have to know, like, which code is next, basically.
So, for the reader, of course, who cares? I mean, it's a big piece of electronics. You can fit it in there somewhere.
For the tag, that's a big deal, because now you need, like, a little piece of E-prong or something, or, sorry, a B-squared prong or something to store that.
And that adds complexity. And further, I mean, like, you're powered off the reader, which means that, you know, you could lose power at any time as the card is moved away from the reader,
which is, you know, like, the problem with hard driving and power failure, but, like, it's so much worse.
So, it does add a lot of complexity. And I don't know anyone who's actually attempted that with a passive card.
On the other hand, if you have a lithium battery that's running the card, the transceiver or whatever, then, okay, I have lots of power.
I have, well, I know that my power won't be going away, so I can have something like a little power system or whatever.
And that kind of becomes very practical. And that, for example, is what Microchip does with its Keylog devices, which are used in applications like, well,
I think of the Keyless Entry device as your card. So, it's just another way of doing it that may hold certain advantages in some applications.
More kind of an engineering tweak than anything fundamental.
You're also subject to race and additional.
How do you mean? Because, of course, you're subject to general.
I'm a root course. So, if I unsync the card with the reader, I can get in and read the one with the card can't.
Oh, it's true. Well, I mean, I think that the, I don't know if I understood it completely, but I think the best attack, of course, is that if you can read a legitimate card once.
You don't even have to.
Say that again.
You don't have to read the card. You just input the numbers and you'll get in at some point.
And the...
Oh, but you can root course anything, right? So, it's what puts...
The point is, it's unsynced now, so you just know the owner of the card can't get in anymore.
Oh, that's true in terms of like the denial of service attacks.
So, you can make the deep sleeper faster.
Yeah, but it's my understanding that they keep a window of acceptable codes rather than a single code, and that they make the window big and that they grade right at you.
But I don't know the details.
All right. Yeah.
Do you bother with the hours that I can get so that you can read the...
Sorry, can you speak about it?
If you just pop up the R8.
And you get a code and you do not have an acceptable window, then it's like, maybe you can't tell me if you can read it exactly.
Very much, yes.
Can you repeat the question?
Oh, sorry.
What he said was that if you get access to a legitimate transponder and you can get it to give you a code,
like you get it to give you code number seven when the reader is expecting code number seven,
then at that point you can take the legitimate code that the legitimate tag gave you,
and then you can input that to the reader because that would be the tag that is expected.
Like if you can get access, like if you can get the tag to give you a code,
then the code that it will give you will be the next one that you need, basically.
But that isn't nearly so bad for something like a keyless entry device to a car,
because at least there you have to push a button before it gives you a code.
Yeah?
I think what you guys talked about was that for like a root-4 transaction or something,
if you have a big window, it's also a bigger chance of you getting a possible key that happens at the large limit of the process.
Oh yeah, that's very true.
Like if you have 1024 drives and you have a window of 256, then you have a 4-bit key, basically.
That is very good.
Yeah?
I guess it's also quite bad for giving access control because all the readers are connected together to get in sync.
Yeah, which is another sort of thing that goes away when you use it in a car.
But that is great, because if you were using it in access control for a building,
then each reader would have to know what the current counter is for each corresponding to each code,
which means that for every view, you'd have to have a record in a central database and so on.
Yeah?
Yeah, another problem is that where I work, they use two different key systems using the same key,
but they're independent, so I think the authentication servers can't plug into each other
and they wouldn't be able to keep it synced as an other situation.
Okay, so there's lots of reasons why people don't use that.
And there are a lot of reasons why you wouldn't use that in the ProxyCard system,
running the car from any kind of practicality and implementation and so on.
But I don't know, it works pretty well with the car and the automotive application, of course.
Although it is a little bit scary that you can once get a legitimate code.
I don't know, I wonder how often things get triggered by accident in people's pockets and so on.
Like, what if you just follow someone through the mall and wait for them to...
Kind of an interesting field.
Anyways, put it apart from any of this, I think that the future for these attacks might not actually be so good.
I mean, maybe I'm being very optimistic about how people will implement the new secure crypto tags and so on.
But I mean, I'm hoping that the days for an attack like mine where I do just read the ID and replay it are numbered.
And after that, the tags are beginning to become more like little computers.
They have not just a mess of hardwired logic in there, but something actually...
Well, they actually do have microcontrollers in there.
So you begin to wonder whether you're going to be coding a little locker overruns inside an RIT tag or something terrible like that.
But I think that there are some things about just the way that the systems are put together that make them a little bit more secure.
I mean, for example, it tends to be a hardwired architecture micro in there,
which means that even if you do end up doing something silly that allows the user to write to arbitrary memory,
well, okay, but you still can't run your own code because it's completely different memory space.
Just saying the constraints on the size of the code that you can have and the constraints on the data rate and so on
should hopefully make it a little bit more difficult to do clever things like this.
And of course, by the end of it, there will always be beautiful sort of silly mistakes to make exploits possible.
So anyways, my big points in conclusion are that, yeah, a card that just sends the ID over here unencrypted,
the same ID every time is probably not in a mathematical sense secure.
That's pretty obvious.
And that there are ways that you can make it secure, most of which are based on systems that are kind of sort of like challenge response.
And when I posted my web page and stuff, I get all sorts of email.
People don't seem, yeah, people seem actually surprised at this.
Like, apparently people thought these things were secure.
But it just doesn't actually bother me that much that they're not secure.
I mean, if you look at the 5-pin tumbler block on almost anyone's front door, anyone can pick that, right?
I mean, they don't need to steal your keys for a few seconds.
It's not secure at all.
But I don't know, the world seems to survive somehow.
Because like an attack against a proximity card just isn't as big of a deal as an attack against a piece of software.
You can't automate it.
Like, you actually have to go out there and stand where you're vulnerable and where the neighborhood policeman could happen by while you're performing the attack and so on.
So I think you can tolerate a bit more insecurity and nothing terrible will happen.
But that said, it would be really nice if the vendors would actually tell you what you were getting.
Certainly, they took me quite a few reads through flex secure web page before I figured out what exactly they were doing.
And the marketing materials, I mean, they're not lies.
They just make it very easy to misinterpret.
Because of course they would like you.
So yeah, that's my only point, I guess.
It would be really nice if they tell you what you're getting.
So questions?
Because you had your hand up for our question.
I was wondering if you would have any idea of the challenge response problems so far?
I haven't actually got my hands on any.
There was a paper by the CABI group.
The TI CABI?
Yeah.
Yeah, that one was interesting.
For people who don't understand a certain thing, I think it's a little bit more complex.
Well, I mean, the thing is that once you have the...
Well, I think the thing is that...
I don't know, I guess the only sort of fundamental thing is that once you reverse engineered all the details of the communications over the air,
the link between the tag and the reader is the same as any other link.
So an impact that would work if you implemented a particular cryptographic algorithm and a particular protocol and so on
between two servers on the internet is no more or less secure when you implement it between an RL tag and the reader.
It just takes a lot more hardware and a lot more messing around with an oscilloscope
before you can get to the point that you can actually send and receive bits from the tag.
So, you know, I mean, if you use an insecure algorithm, which they did,
the TI people, that is, for this feedback transponder, they used an insecure algorithm.
And so some people at Gribbett University actually went to the trouble of building devices that can talk to the tags
and then the crypt rock and then the fancy academic cryptographers did the stuff that I don't understand that they do with anything else.
And it broke.
Is it possible to do signal analysis to read more than one tag at once if you have the problem easy?
It depends on the tags. For a tabulated flexcast card, no.
Well, you can read more than one tag at once and you'll read the superposition of your IDs,
which is not the most useful thing in the world.
For tags like, for example, the EPC tags, electronic product code,
which are intended for use as a replacement for barcodes and consumer items,
they have a fancy thing where you can say, like, okay, tags don't speak until spoken to.
Now I would like everyone whose ID ends in one to speak.
Okay, conflict. Now I would like everyone whose ID ends in zero to speak.
And so on until you get just one tag at a time. And there are all sorts of things to that.
Fabian?
So I guess you first said there was a lot of deals that seemed to be zero, the key, so there's a 64-bit key, right?
It's a 64-bit key, but I think it's actually only 20-something, 26, that are meaningful.
Because there's a... well, because I didn't have access to a huge number of the cards,
so I didn't know which bits were changing and which ones were just sort of fixed.
I think some of them are synced to Fabian too at the beginning.
So, how, for your readers, what rate did you set?
Yeah, I wanted to do that too.
What are the practices of the key space?
I don't think it's the most practical thing in the world.
I think that the actual key space is something on the border of 20 bits.
I think it's more than 20 bits, but I think it's something in that border.
And the further thing is that thanks to the otherwise useless flex-secure thing,
I don't know what algorithm they used, but as long as it's not terrible,
that means that they showed that the key should end up pretty well randomly distributed through that space,
even if they just counted one, two, three to start with.
The time to validate an ID, actually...
Actually, this is one place where a flex-secure thing can help the effect.
Because as far as I can tell, and this is getting more conjecture-y,
because I don't know the details of the link,
but for example, if I get some of the bits wrong on the ID, then the reader doesn't even beep.
But if I get others of them wrong, the reader beeps, but the door doesn't open.
So my conjecture is that in the beeps, but the door doesn't open situation,
it actually had to check with the central computer to make sure that the ID was not authorized,
but in the no-beep, the door doesn't open situation,
and it knew for some reason, like internally, without checking, that the ID was wrong.
And it seems to be able to do that a lot faster.
You can check something or something in the ID, too.
That is very possible.
But at any rate, the time to check, the time...
The latency is going to be like 10 milliseconds at least.
At least.
Well, because the other thing is how do you know when you're done?
The door opens.
Yeah, but you need a door open sensor,
and then you're subject to the latency of this hall and all that stuff.
So how far ahead can you get?
It's a neat subject.
I worked with HIV, and these readers really have no knowledge at all,
and everything is sent to the server.
So I guess you could support it with all the rates for identification,
and you could put five seconds delay to monitor it.
Which would be really smart, actually, from a security standpoint.
Well, that's awesome.
And it's also for manage.
Also, the DAG was using that.
They have a different number of bits in them,
and the DAG was, I saw, at 26, and it was really random.
Thank you, 26.
That's like an industry standard thing for having...
Yeah, it was more or less.
And it was used to be like,
six or eight bytes of factory code,
but it was really a pretty random stuff.
Did you see that they were doing it?
Well, no, I found some technical issues on the web,
and I would create some cards to see the patterns.
Okay.
Aya?
Yeah, I have two questions.
First, to have a broader range,
would you use a six volt battery or some kind of that?
Or a battery, or also an antenna that you put on your back?
Yeah, I was thinking about that too,
that under your shirt was probably better.
Because, you know, you're...
Not the body, but the hindrance, I don't know.
Oh, no, the base frequencies,
as long as you're not made of copper,
and you can extend it all the way through.
And so the range could be a bit more longer.
Yeah, I'll stay nice and vague,
because I mean it depends on so many different things and so on.
And the second question is about the speed pass and stuff like this.
Yeah, which I don't know all that much about,
but I did read the paper.
Okay, let's hear more from Austin.
Yeah?
Just out of interest, all of these box cards that come with serial numbers on them?
I couldn't find the relationship.
I was just wondering if you could check, okay.
Yeah.
Well, if they do that black security thing,
then you'd hope that I wouldn't be able to, right?
Although, I forget his name from MIT.
I forget his name, I was in correspondence with him,
and he said that he was able to find the relationship on the MIT cards,
which were a box card issued to all the students,
that it was like X-OR-ed or something.
But I don't remember the details.
Yeah?
I actually was in the back.
Okay.
I don't think jet damage should be used to be strong security.
Sorry?
Jet damage should be used to be strong security.
Yes, they do eventually fry, but I've never managed to get them that far.
It's pretty hard to get energy out over there, 125 kHz.
Yes?
Yeah.
When the card is in power by the reader, how long does the power stay in the card?
The night that you move on.
Like, almost no time at all.
Seconds?
No, no, milliseconds at most.
And that actually depends a bit on the card.
The cards like FlexTest and just like every other manufacturer,
they are designed to operate with continuous carrier,
so that the reader is constantly powering them for as long as they're operating,
which means that the capacitor, if you think about it,
only has to fill in the peaks between the 125 kHz,
which is like eight microseconds, so no time.
The TI tags do something a bit different.
If you look at the carrier power, like they give you a pulse that's on for a few milliseconds,
and then they turn off the carrier, and it's during that time that the TI tags,
including, by the way, the speed pass tag, I think, are expected to give their response.
And that's a little bit clever because that means you don't have the massive dynamic range problem anymore,
because that means that at that point,
instead of seeing the synchronization of the carrier and the information variance they form,
you only see one or the other.
On the other hand, that is the reason why on that side you saw two capacitors instead of one.
You need one of them to tune the coil and one of them to store your energy during the sort of quiet periods.
Of course, that's still in the millisecond. It's not very fast.
That's good.
So how do you actually program the product?
It depends. I see that so much today.
You can buy parts that are programmable over the air, even.
So it's not that bad.
You can buy it programmable over the air, so using the same kind of bidirectional communications scheme
that you would use to do crypto or to do some sort of advanced electronic product code thing,
you go through and you program the ID, and it actually gets enough power over the air to do a sort of charge pumping
and to program the non-volatile memory.
Others are marketed as non-programmable.
My guess is that it's probably OTP, one-time programmable EEPROM,
like UV erasable EEPROM that you can never ever UV erase or something like that.
That's my guess.
Is that the case in your company's tech? Do you know what they programmable or what are they?
They are marketed as non-programmable.
So that means the number you get is from the factory?
Yes.
So you can do a worldwide correlation of all the ID's.
It's true. I take a lot of that.
They never get reused, right? What numbers never get reused across all their needed components?
I don't know, actually.
Because the key space certainly seems small for that to be the case.
Right, and otherwise that would be like an ideal employee of Microsoft who just told you, you know, get a key.
Little bit.
You know, the salesman can stand up and say that that would hardly ever happen.
It's true.
Did you move around that?
Yeah, I went way over time, I think.
I just wanted to ask a question.
Okay.
Matt, you know, always speak in the near future.
Oh, give up.
I think it's over now.
Thank you.