How to Build a Low-Cost, Extended-Range RFID Skimmer - PowerPoint PPT Presentation

About This Presentation
Title:

How to Build a Low-Cost, Extended-Range RFID Skimmer

Description:

... Halfway towards full implementation of ... Goals Build extended-range RFID skimmer Collects mass info from RFID devices Outline RFID System design ... – PowerPoint PPT presentation

Number of Views:137
Avg rating:3.0/5.0
Slides: 34
Provided by: csUcfEdu67
Learn more at: http://www.cs.ucf.edu
Category:

less

Transcript and Presenter's Notes

Title: How to Build a Low-Cost, Extended-Range RFID Skimmer


1
How to Build a Low-Cost, Extended-Range RFID
Skimmer
  • Ilan Kirschenbaum Avishai Wool
  • 15th Usenix Security Symposium, 2006
  • Presented by Justin Miller on 4/5/07

2
Overview
3
Background
  • RFID uses ISO-14443 standard
  • Increased security
  • Very short range (5-10cm)
  • Goals
  • Build extended-range RFID skimmer
  • Collects mass info from RFID devices

4
Outline
  • RFID
  • System design
  • Building
  • Tuning methods
  • Results
  • Conclusions

5
RFID Technology
  • Many applications
  • Contactless credit-cards
  • National ID cards
  • E-passports
  • Other access cards
  • Very short range
  • Security vulnerabilities

6
Attacks on RFID
  • Relay Attack

7
Attacks on RFID
  • Relay Attack

8
Attacks on RFID
  • German Hacker
  • PDA and RFID read/write device
  • Changed shampoo prices from 7 to 3
  • Johns Hopkins Univ.
  • Sniffs info from RFID-based car keys
  • Purchased gasoline for free

9
ISO-14443
  • Proximity card used for identification
  • Very short range (5-10 cm)
  • Embedded microcontroller
  • Magnetic loop antenna (13.56 MHz)
  • Security
  • Cryptographically-signed file format

10
RFID Skimmer
  • Collect info from RFID tags
  • Signal/query RFID tags close by
  • Record responses
  • Some uses
  • Retrieve info from remote car keys
  • Obtain credit card numbers

11
System Design Goals
  • Low power
  • Low noise
  • Large read range
  • Simple design
  • Cheap

12
System Design
13
Part 1 - RFID Reader
  • TI S4100 Multi-Function reader
  • Cost 60
  • Built in RF power amplifier
  • Sends approx. 200mW into small antenna

14
Part 2 - RFID Antenna
  • Antenna range length
  • 39 cm copper tube loop
  • Antenna inductance 1 µH

15
Part 3 - Power amplifier
  • Amplifier interfaced directly to modules output
    stage
  • Powered by FET voltag
  • Field-effect transistor
  • Did not match impedances between amp and output

16
Part 4 - Receiver Buffer
  • Load Modulation Receive Buffer
  • HF reader system
  • Receiver input directly connected to readers
    antenna
  • Attenuate signals before feeding them back to the
    TI module
  • Avoid potential reader damage
  • Still deliver input signals to receiver

17
Part 5 - Power Supply
  • Powers the large loop antenna
  • Maintain smooth DC supply
  • Clean power supply
  • Low ripples (power variance)
  • Improves detection range

18
System Building
  • Copper Tube Loop Antenna
  • Ideal 40x40 cm
  • Copper-tube
  • Constructed their own
  • Cheaper copper tube, used for cooking gas
  • Pre-made in circular coils

19
System Building
  • Copper-tube loop and PCB antennas

20
System Building
  • RFID Base Board
  • Decon DALO 33 Blue PC Etch pen
  • Protected ink used to draw leads on tablet

21
System Building
  • RFID Base Board and power amp

22
System Building
  • Power Amplifier
  • Based on Melexis application note
  • Input driven from reader output
  • Ideal high voltage rating capacitors
  • Used cheaper, but low voltage

23
System Building
  • Load Modulation Receive Path Buffer
  • Signals are looped back
  • Buffer needed to hold correct signals

24
System Tuning
  • RF Network Analyzer
  • Measure magnitude and phase of input
  • Measure Voltage Standing Wave Radio
  • Adjust antennas impedance to match amplifier
    output
  • RF power meter
  • Measures power reception
  • Ideal measure actual amplification

25
Experiment Notes
  • Power supply affects skimmer mobility
  • Clean increases RFID detection range
  • System tuning finds maximal power transfer
    between circuits

26
Results
  • Increased RFID Scan Ranges
  • 12-V battery
  • 16.9 cm (PCB), 23.2 cm (copper tube)
  • With power amp
  • 17.3 cm (PCB), 25.2 cm (copper tube)

27
Results
28
Results
  • Close to theoretical predictions

29
Contributions
  • Built RFID skimmer ? validated basic concept of
    an RFID Leech
  • RFID tags can be read from greater distances (25
    cm)
  • Halfway towards full implementation of a
    relay-attack

30
Strengths
  • Created a portable, RFID skimmer
  • Step-by-step instructions
  • Low system cost (60)

31
Weaknesses
  • Not developed for large scale production
  • Cheap design less efficient results
  • Expensive system tuning methods

32
Improvements
  • Better equipment
  • Use copper-tube loop antenna
  • Power amp with higher voltage rating capacitors
  • RF Tuning measure actual amplification instead
    of power
  • High rating components
  • More powerful RF test equipment

33
Questions?
  • Ask me!
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "How to Build a Low-Cost, Extended-Range RFID Skimmer" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!