[Message Prev][Message Next][Thread Prev][Thread Next][Message Index][Thread Index]

Re: RFID Flap Silences Security Researchers

Subject: Re: RFID Flap Silences Security Researchers
From: ddl@danlan.*com (Dan Lanciani)
Date: 17 Mar 2007 03:08:05 GMT
Newsgroups: comp.home.automation
References: <O4WdnaEHTIQ-6GTYnZ2dnUVZ_tijnZ2d@xxxxxxx> <jc6dndwh58OOv2bYnZ2dnUVZ_smonZ2d@xxxxxxxxxxx>

In article <jc6dndwh58OOv2bYnZ2dnUVZ_smonZ2d@xxxxxxxxxxx>, no-sales-spam@bassburglaralarms (Robert L Bass) writes:
| > I have always maintained that RFID devices
| > which simply transmit a fixed serial number
| > with no two-way interaction are not suitable
| > for security...
|
| Ideally, the system should employ rolling
| codes plus a lockout function.

Ideally the system should use a zero knowledge proof.  Rolling codes
are a clever hack to get some security in a one-way environment, but
there is really no need to resort to them here.

| In fact, a
| residential system often requires more
| features and flexibility than a conmmercial
| one.

Absolutely.  I wish more folks in the industry realized this.

| > ... a minimal handshake allows you to know
| > that the RFID device is trying (and perhaps
| > failing) to open *this* door...
|
| Even without a 2-way "conversation" the system
| will always know that someone is trying to
| access it.  RFID devices have such a short
| range that any signal which is reasonably close
| to a "request to enter" can be counted.  Even
| a rundimentary system can easily perform a
| lockout after a predetermined number of
| failed attempts within a given time period.

I was responding to the previous poster's unrealistic scenario of
millions of RFID devices wandering past the door daily.  Nevertheless...

| > If a manufacturer is bound and determined
| > to minimize cost by using a one-way
| > interaction (at least at normal read time)
| > you can still implement a lockout by allowing
| > some programmable bits in the RFID device
| > which are set to a house code...
|
| True but it's actually simpler than that.  Since
| the range is limited, any received transmission
| of the same protocol could be treated as an
| attempt.

This still leaves you open to denial of service attacks.  Not a big
problem now, you may say (as likely thought the developers of tcp/ip
about SYN floods), but why set yourself up for trouble if you don't
have to?  We should all take a lesson from the "broken is good enough"
design philosophy perfected by the WEP committee...

				Dan Lanciani
				ddl@danlan.*com

Follow-Ups:
- Re: RFID Flap Silences Security Researchers
  - From: Robert L Bass

References:
- RFID Flap Silences Security Researchers
  - From: Robert Green
- Re: RFID Flap Silences Security Researchers
  - From: Robert L Bass

Prev by Message: Re: Active home pro stopped working II
Next by Message: Re: RFID Flap Silences Security Researchers
Previous by thread: Re: RFID Flap Silences Security Researchers
Next by thread: Re: RFID Flap Silences Security Researchers
Index(es):
- Message
- Thread

comp.home.automation Main Index | comp.home.automation Thread Index | comp.home.automation Home | Archives Home