[16754] in cryptography@c2.net mail archive
Re: Cryptanalytic attack on an RFID chip
daemon@ATHENA.MIT.EDU (Ben Laurie)
Sun Jan 30 10:58:30 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sun, 30 Jan 2005 12:16:03 +0000
From: Ben Laurie <ben@algroup.co.uk>
To: "Steven M. Bellovin" <smb@cs.columbia.edu>
Cc: cryptography@metzdowd.com
In-Reply-To: <20050129180932.2BAD53C02A2@berkshire.machshav.com>
Steven M. Bellovin wrote:
> Steve Bono, Matthew Green, Adam Stubblefield, Ari Juels, Avi Rubin, and
> Michael Szydlo have successfully attacked a cryptographically-enabled
> RFID chip made by Texas Instruments. This chip is used in anti-theft
> automobile immobilizers and in the ExxonMobil SpeedPass. You can find
> details at http://www.rfidanalysis.org/ (and a link to the draft paper),
> and a New York Times article at http://www.nytimes.com/2005/01/29/national/29key.html
>
> The paper itself is very nice, and combines RF techniques,
> cryptanalysis, Internet sleuthing, space-time tradeoffs, and more.
> There are some points I'm sure we'll be discussing at length, such as
> the authors' decision to withhold some of the details of their attack,
> the actual effective range of an RFID transponder when the attacker
> uses a suitable antenna, and the practical significance of the work.
> But oddly enough, what struck me was TI's response: rather than
> attacking the researchers, they co-operated, to the extent of providing
> them with challenge keys to see if the technique was really that
> effective. TI is to be congratulated -- such a response is all too
> rare.
>
> Btw, the paper suggests carrying car keys or SpeedPasses in aluminum
> foil. I suspect that a more practical form factor is a spring-loaded
> conductive sleeve that normally surrounds the RFID chip, but is push
> back either manually or on key insertion.
It has been rumoured (in the UK) that car thieves can do this for
Mercedes - does anyone know what they use in their keys (they aren't
RFID for the relevant models, they're the more traditional infrared kind)?
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
