Weaknesses in RFID-based transponders

Ian G iang at systemics.com
Sun Jan 30 11:51:58 EST 2005 

Matt Blaze wrote:

> A group of computer scientists at Johns Hopkins and RSA Labs
> is reporting practical attacks against the TI "Digital Signature
> Transponder" RFID chip, which is used, among other things, to
> secure many automotive "transponder" ignition keys and the
> "SpeedPass" payment system.  Their paper is available at
>    http://www.rfidanalysis.org
> The results are also mentioned in today's New York Times, at
>    http://www.nytimes.com/2005/01/29/national/29key.html


This is good research!

> From a cursory scan of the paper, it appears that these attacks
> could have been easily avoided had the designers of the system
> followed well known, widely accepted computer security practices
> such as the use of well-scrutinized algorithms and, most importantly,
> not depending on easily discovered "secrets".  Unfortunately, as
> this work demonstrates, many designers of both computer and
> physical security systems have yet to take these principles
> seriously.


I don't think the designers have done the wrong thing.  A
cursory scanning of the HTML above indicates that:

     + the device reduced auto theft by "as much as 90%";
     + In 2003, auto loss was 1.3 million vehicles and $8.6
         billion dollars.
     + the device was fitted to 150,000 vehicles.

If we say (pick a number any number) 1% of vehicles are
stolen every year, then 1500 of those vehicles were to have
been stolen, and only a tenth of them were.  That's a saving
of 1350 vehicles, or at a cost o $6600, $8.9 million saved.

Saved.  Nothing can change that (except picking better
fudge factors, of course ;).

To criticise the actions of the designers would be to say
that they will lose inordinately more in the future, but even
that's not the case.  It is unlikely that the system will result
in all vehicles now being at 'ordinary' risk of theft, it is more
likely that the risk benefit will shift from 10% to 20% over
time.  So even in the future, they still save, just not as much
as last year.

Which is to say, the designers are still in profit.

Also, one has to wonder when the algorithm/size was chosen.
If 150,000 of these are out there, it wouldn't surprise me if the
basic design paramaters of the system are 10 years old, which
takes us back to the good old days when RC4 was considered
good, 40 bits was not easy to crack, and you were lucky to get
an RFID that could do crypto ...  (Indeed, the paper states that
40 bits was beyond them unless they built the 16-way FPGA
array!).

iang

-- 
News and views on what matters in finance+crypto:
        http://financialcryptography.com/


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list