In previous parts of this series I covered one attack that compromises security in NFC/RFID enabled devices. The same techniques can be applied to obtain information from other wired and wireless communication interfaces. In cases like Ethernet, WiFi, ZigBee, and Bluetooth it is even easier to accomplish with standard and low-cost hardware running on readily available security evaluation Linux distributions.
When dealing with communications security it is important to pay special attention to all kinds of vulnerabilities, especially when creating devices for a globally connected IoT world. It is a good strategy to assume that all physically accessible communication interfaces are exposed to Data Interception and Data Corruption/Manipulation attacks. Even the processor memory could get exposed when using the appropriate set of tools. It is mandatory for a secure system to implement at least one additional layer of security on top of the communication interface. This particularly holds true for payment applications involving RFID/NFC communications.
For adding robustness against these kinds of security threats it is necessary to accomplish these main goals:
- Ensure the authenticity of the device at the other end of the channel. Multi-pass mutual authentication procedures are used for proving that both devices are in possession of the same secret key. True random generators, secure memory storage, and strong encryption algorithms play key roles in this procedure.
- Exchange sensitive information using encrypted messages. There are several symmetrical and asymmetrical data encryption methods, algorithms, and standards in use today for securing smartcards, RFID, and NFC communications. Some, like AES and RSA, provide very high levels of security. DES and 3DES proved vulnerable to several types of attacks.
- Check the authenticity and integrity of exchanged messages. Man in the middle (MITM) attacks focus on intercepting and modifying the exchanged messages. Using an encrypted messages scheme does not fully protect the system against these kinds of attacks. Exchanged messages can still be altered, stored, and replayed by an attacker. It is necessary to implement additional checks to detect it and act accordingly. Messages signing, cyclic redundancy codes (CRC), messages indexing, and variable channel encryption keys can improve security against MITM attacks.
The following are not as obvious as the above.
- Use one-time keys or at least keys valid for only one session, obtained using random number generators and diversified keys.
- Use diversified keys for each device. If an attacker somehow obtains this key it will not compromise the whole system.
- Master keys should never be used globally and should never leave the secure area (e.g., one SAM module or one HSM). The rationale: If an attacker can read the memory by any means he/she could obtain the keys.
- Code defensively, making extensive use of static and dynamic code analyzing tools when writing the firmware code.
- Be humble and consider very seriously that communications security has always been a strategic research area with many talented teams and individuals working on it. Most real hackers and security analysts are highly skilled and, depending on the target system, highly motivated.
- Test your product to comply with the highest applicable standards.
- More things to add to this list? That’s for sure. Give it a try and send us some more.
RFID/NFC interfaces can be used as a proximity wireless communications enabling technology. It is up to the designer to implement the most appropriate security scheme.
For those interested on RFID/smartcards security I would recommend reading about how MIFARE Classic’s security was cracked and the vulnerabilities that made it possible and how the MIFARE DESFire D40 security was compromised using DPA attacks. Reading about the security concepts applied in the design of MIFARE DESFire EV2 and Cirpurse Version 2 provides valuable and interesting information.