Go Back   Club Conspiracy Forums > General Conspiracy Discussion > General Conspiracy Discussion
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Thread Tools Display Modes
Old 09-13-2006, 04:45 AM
Posts: n/a
Default Cellphone could crack RFID tags, says cryptographer


SAN JOSE — A well known cryptographer has applied power analysis techniques to crack passwords for the most popular brand of RFID tags.

Adi Shamir, professor of computer science at the Weizmann Institute, reported his work in a high-profile panel discussion at the RSA Conference here. Separately, Ron Rivest, who co-developed the RSA algorithms with Shamir, used the stage of the annual panel to call for an industry effort to create a next-generation hashing algorithm to replace today’s SHA-1.

In recent weeks, Shamir used a directional antenna and digital oscilloscope to monitor power use by RFID tags while they were being read. Patterns in power use could be analyzed to determine when the tag received correct and incorrect password bits, he said.

Adi Shamir

"The reflected signals contain a lot of information," Shamir said. "We can see the point where the chip is unhappy if a wrong bit is sent and consumes more power from the environment…to write a note to RAM that it has received a bad bit and to ignore the rest of the string," he added.

"I haven’t tested all RFID tags, but we did test the biggest brand and it is totally unprotected," Shamir said. Using this approach, "a cellphone has all the ingredients you need to conduct an attack and compromise all the RFID tags in the vicinity," he added.

Shamir said the pressure to get tags down to five cents each has forced designers to eliminate any security features, a shortcoming that needs to be addressed in next-generation products.

Separately, cryptographers discussed the weaknesses in the fundamental SHA-1 hashing algorithm that were announced at the group’s panel in 2005. "That was a real wake up call for cryptographers," said Rivest, who is also professor of electrical engineering and computer science at MIT.

"I would like to see a process like the industry conducted for the AES algorithm to work on a new hash function that could be delivered by 2010," Rivest said. "We are skating too close to the edge with the hash functions we use now," he added.

The National Institute of Standards and Technology ran the program that resulted in AES, but complained last year it lacked the resources in the near term to develop a similar program for hash functions.

"My guess is they will get pushed into doing this again," said Rivest in an interview after the panel. "A four-year time frame is probably fine for a technology bake off. There’s no reason to panic," he added.

"If it was brought up by this panel, it will probably spark a fire and the NSA or someone will get something going," said Sheueling Chang, a distinguished engineer in cryptography at Sun Microsystems who attended the panel.

Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
NO RFID roscoe General Conspiracy Discussion 2 01-02-2008 05:15 PM
Company defends RFID implant product Insider Share the knowledge 1 06-02-2006 08:47 AM
RFID tags vulnerable to viruses, study says General Conspiracy Discussion 0 03-17-2006 12:32 PM
Bush Tags Bloggers As Terrorists Insider Share the knowledge 1 02-15-2006 02:29 AM
Big Brother tags the kiddies = Big $$$$ marypopinz General Conspiracy Discussion 3 02-25-2005 08:42 AM

All times are GMT -6. The time now is 12:49 AM.

Powered by vBulletin® Version 3.6.12
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.