Cryptanalytic attack on an RFID chip
Ben Laurie
ben at algroup.co.uk
Sun Jan 30 07:16:03 EST 2005
Steven M. Bellovin wrote:
> Steve Bono, Matthew Green, Adam Stubblefield, Ari Juels, Avi Rubin, and
> Michael Szydlo have successfully attacked a cryptographically-enabled
> RFID chip made by Texas Instruments. This chip is used in anti-theft
> automobile immobilizers and in the ExxonMobil SpeedPass. You can find
> details at http://www.rfidanalysis.org/ (and a link to the draft paper),
> and a New York Times article at http://www.nytimes.com/2005/01/29/national/29key.html
>
> The paper itself is very nice, and combines RF techniques,
> cryptanalysis, Internet sleuthing, space-time tradeoffs, and more.
> There are some points I'm sure we'll be discussing at length, such as
> the authors' decision to withhold some of the details of their attack,
> the actual effective range of an RFID transponder when the attacker
> uses a suitable antenna, and the practical significance of the work.
> But oddly enough, what struck me was TI's response: rather than
> attacking the researchers, they co-operated, to the extent of providing
> them with challenge keys to see if the technique was really that
> effective. TI is to be congratulated -- such a response is all too
> rare.
>
> Btw, the paper suggests carrying car keys or SpeedPasses in aluminum
> foil. I suspect that a more practical form factor is a spring-loaded
> conductive sleeve that normally surrounds the RFID chip, but is push
> back either manually or on key insertion.
It has been rumoured (in the UK) that car thieves can do this for
Mercedes - does anyone know what they use in their keys (they aren't
RFID for the relevant models, they're the more traditional infrared kind)?
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list