Sunday, March 19, 2006

Power analysis of RFID tags

Power analysis is a type of cryptanalysis, in which the physical implementation of the cryptosystem is attacked instead of exploiting on the established algorithm. Although the designer has implemented a strong encryption algorithm, the computers and the processors in which it is implemented and the microchips leak information about the operation, processed. In power analysis, the power consumption measurements and knowledge about the baseband modulation scheme can be used to find the secrets.

Yossi Oren and Adi Shamir (the same Shamir of RSA) have shown how such an attack can be launched on RFID.

UHF C1G1 RFIDs are generally passive. These high-frequency gadgets get alive when they come to a 3 meter distance from the RFID reader. The reader generates a powerful em-waves and all the tags lying around use this and act like a standing wave generator to empower themselves. They use pulse amplitude modulation in baseband. They have a 128 bits internal tag memory. The usual communication is through 96 bits payload and 8 bit kill password bits. A handheld device can be used to send a properly formatted data for kill password. If all the bits in MSB match, the RFID tag self-destructs without intentionally sending any message to the reader.

This is actually a serious issue and the manufacturers should take care to fix it at the earliest. This problem can be fixed, if a proper attention is given to it, since the power analysis based attacks are age-old and known fixes are available handy for them.

1 comment:

  1. Thanks for sharing excellent information. Your web-site is very cool.