Papers by Ilan Kirschenbaum
Radio-Frequency Identifier (RFID) technology, using the ISO-14443 standard, is becoming increasin... more Radio-Frequency Identifier (RFID) technology, using the ISO-14443 standard, is becoming increasingly popular, with applications like credit-cards, national-ID cards, Epassports, and physical access control. The security of such applications is clearly critical. A key feature of RFID-based systems is their very short range: Typical systems are designed to operate at a range of 5-10cm. Despite this very short nominal range, Kfir and Wool predicted that a rogue device can communicate with an ISO-14443 RFID tag from a distance of 40-50cm, based on modeling and simulations. Moreover, they claimed that such a device can be made portable, with low power requirements, and can be built very cheaply. Such a device can be used as a stand-alone RFID skimmer, to surreptitiously read the contents of simple RFID tags. The same device can be as the "leech" part of a relay-attack system, by which an attacker can make purchases using a victim's RFID-enhanced credit card-despite any cryptographic protocols that may be used.
Uploads
Papers by Ilan Kirschenbaum