Weaknesses in RFID-based transponders

Matt Blaze mab at crypto.com
Sat Jan 29 14:19:24 EST 2005


A group of computer scientists at Johns Hopkins and RSA Labs
is reporting practical attacks against the TI "Digital Signature
Transponder" RFID chip, which is used, among other things, to
secure many automotive "transponder" ignition keys and the
"SpeedPass" payment system.  Their paper is available at
    http://www.rfidanalysis.org
The results are also mentioned in today's New York Times, at
    http://www.nytimes.com/2005/01/29/national/29key.html

Aside from the practical significance of this work (a thief
may be able to copy your ignition immobilizer and payment
transponder from a short distance away without your knowledge
or cooperation), it nicely illustrates yet again the increasing
convergence of cryptology, computer security and physical security,
as well as the importance of exposing any security technology to
scrutiny before it is fielded.

 From a cursory scan of the paper, it appears that these attacks
could have been easily avoided had the designers of the system
followed well known, widely accepted computer security practices
such as the use of well-scrutinized algorithms and, most importantly,
not depending on easily discovered "secrets".  Unfortunately, as
this work demonstrates, many designers of both computer and
physical security systems have yet to take these principles
seriously.

-matt


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list