Jefferson's Wheel

Verayo is the second company to announce the "World’s first unclonable RFID tag" based on a physically unclonable function (PUF), after Veratag announced a similar product based on PUF technology. The security claims of these and other PUF-based products seem dubious since the current realization of PUFs defies basic principles of cryptography. The announcement states:

This new RFID chip is based on recently announced breakthrough technology called Physical Unclonable Functions (PUF). PUF technology is a type of electronic DNA or fingerprinting technology for silicon chips that makes each chip unclonable.

It might be besides the point that neither DNA, nor fingerprints are unclonable. The failure of proprietary security, which has been a constant theme on this blog, has led many to conclude that only well-reviewed security primitives can be strong. PUF technology tries to achieve security in exactly the opposite way: the PUF circuit is designed in a way so that not even the designer understands how outputs are derived from inputs. Security-by-obscurity par excellence.

Every circuit, including PUFs, is a deterministic function; the only difference in PUF circuits is that some inputs to the function vary across different tags. For a PUF to be cryptographically strong, one would hence need to show that

1. the fixed part of the circuit (the cipher) is strong by cryptographic metrics,
2. the number of device-dependent inputs (the secret key) is large and
3. the entropy of these inputs is high.

PUFs are a wonderful idea for using manufacturing variance constructively, but in their current realization, PUFs fail to convince that they are strong building blocks for security systems.

The Call for Papers for the 30^th IEEE Symposium on Security and Privacy, May 17-20 2009 is now available: http://oakland09.cs.virginia.edu/cfp.html (PDF for printing: http://oakland09.cs.virginia.edu/cfp.pdf.

Submissions of research papers, workshop proposals, and tutorial proposals are due Monday, 10 November 2008. Please consider submitting a paper and attending the conference!

NXP is suing Radboud University in the Netherlands to prevent them publishing a paper (in ESORICS 2008 in October) containing details on the Mifare classic encryption algorithm (and various flaws they have found in the algorithm). Perhaps the title of the paper, “Dismantling MIFARE Classic”, got NXP’s attention. A hearing is scheduled for July 10.

Articles:

• Dutch chipmaker sues to silence security researchers, c|new News, 9 July 2008.
• NXP sues academic research team – what are they afraid of?, The Tech Herald, 10 July 2008.
• NXP sues to prevent hackers from releasing MIFARE flaws, Secure ID News, 10 July 2008.
• Chipmaker sues to quash research on RFID smart card security flaws, Computer World, 10 July 2008.

[Update 18 July] The judge has denied NXP’s request for an injunction, ruling that “limitations to the freedom of speech are allowed only if there is urgent and obvious threat to society”: Judge denies NXP’s injunction against security researchers, Industry Standard, 18 July 2008.

[Update 21 July] Another article: Dutch court allows publication of Mifare security hole research, CNet News, 18 July 2008. This one includes a picture of Karsten Nohl’s presentation at the Last HOPE Conference.

KIRO TV (Seattle) has a story on RFID privacy issues: Credit Cards Stolen Without Leaving Wallet (it includes a video demonstration).

German-born Karsten Nohl is a security consultant and PhD student at the University of Virginia. He was in Seattle recently to speak at a technology conference and is known worldwide for hacking into transit systems.

He’s exposed significant security problems with transit cards commuters were told held their personal information secure, but Nohl showed, did not

“Is it all that inconvenient to swipe a card? Does it really have to be tapping? Would, for that perhaps tiny added benefit, now expose your data to everybody in your vicinity? Perhaps not. So, that is a discussion that has to be had. And not just by the companies introducing something new and fancy and forcing everybody to use it, but rather by the consumers, too,” said Nohl.

Electronic Design has an interview with me: Electronic Design Interviews U. of Virginia Computer Prof, Electronic Design, 21 May 2008. The interview focuses on the history of Splint, and the current state and future of program analysis tools.

Another XSS vulnerability has been discovered in Facebook, as reported by InformationWeek (George Hulme). The posting also links to Adrienne Felt’s Facebook security work.

Our upcoming USENIX Security Symposium paper is now available: Reverse-Engineering a Cryptographic RFID Tag by Karsten Nohl, David Evans, Starbug, and Henryk Plötz.

The paper describes the methods used to reverse engineering the encryption on the Mifare Classic RFID tag and some of the things we learned by doing it. Karsten Nohl will present the paper at the USENIX Security Symposium in San Jose on July 31.

Abstract

The security of embedded devices often relies on the secrecy of proprietary cryptographic algorithms. These algorithms and their weaknesses are frequently disclosed through reverse-engineering software, but it is commonly thought to be too expensive to reconstruct designs from a hardware implementation alone. This paper challenges that belief by presenting an approach to reverse-engineering a cipher from a silicon implementation. Using this mostly automated approach, we reveal a cipher from an RFID tag that is not known to have a software or micro-code implementation. We reconstruct the cipher from the widely used Mifare Classic RFID tag by using a combination of image analysis of circuits and protocol analysis. Our analysis reveals that the security of the tag is even below the level that its 48-bit key length suggests due to a number of design flaws. Weak random numbers and a weakness in the authentication protocol allow for pre-computed rainbow tables to be used to find any key in a matter of seconds. Our approach of deducing functionality from circuit images is mostly automated, hence it is also feasible for large chips. The assumption that algorithms can be kept secret should therefore to be avoided for any type of silicon chip.

Full paper (9 pages): [PDF] [HTML]

Nathanael Paul’s PhD dissertation has been approved! He will graduate this Sunday.

The dissertation is available here: Disk-Level Malware Detection [Abstract] [Full text: PDF, 155 pages].

Congratulations, Nate! (That is, “Dr. Paul”.) Nate is currently a post-doctoral fellow at Vrije Universiteit, Amsterdam working with Andrew Tanenbaum.

Our paper, Privacy Protection for Social Networking Platforms by Adrienne Felt and David Evans is now available [PDF]. Adrienne Felt will present the paper at the Web 2.0 Security and Privacy 2008 (in conjunction with 2008 IEEE Symposium on Security and Privacy) in Oakland, CA on May 22, 2008.

Abstract

Social networking platforms integrate third-party content into social networking sites and give third-party developers access to user data. These open interfaces enable popular site enhancements but pose serious privacy risks by exposing user data to third-party developers. We address the privacy risks associated with social networking APIs by presenting a privacy-by-proxy design for a privacy-preserving API. Our design is motivated by an analysis of the data needs and uses of Facebook applications. We studied 150 popular Facebook applications and found that nearly all applications could maintain their functionality using a limited interface that only provides access to an anonymized social graph and placeholders for user data. Since the platform host can control the third party applications’ output, privacy-by-proxy can be accomplished by using new tags and data transformations without major changes to either the platform architecture or applications.

Full paper (8 pages): [PDF]
Project Website

[Added 25 May]: Talk slides (by Adrienne Felt): [PDF]

The Associated Press has an article by Martha Irvine, Social networking applications can pose security risks, that is based on Adrienne Felt’s analysis of Facebook platform privacy.

Still, it’s an honor system, says Adrienne Felt, a computer science major at the University of Virginia. A Facebook user herself, she decided to research the site’s applications and even created her own so she could see how it worked.

Most of the developers Felt polled said they either didn’t need or use the information available to them and, if they did, accessed it only for advertising purposes.

But, in the end, Felt says there’s really nothing stopping them from matching profile information with public records. It also could be sold or stolen. And all of that could lead to serious matters such as identity theft.

“People seem to have this idea that, when you put something on the Internet, there should be some privacy model out there — that there’s somebody out there that’s enforcing good manners. But that’s not true,” Felt says.

(Note: there wasn’t actually any “polling” of developers, just examining what applications do to determine how they appeared to use information.)

The story has been picked up by some other places including BusinessWeek, CNNMoney (From games to virtual gifts, social networking applications popular — but at what risk?), Forbes, International Herald Tribune, National Public Radio, San Jose Mercury News, Philadelphia Inquirer, Las Vegas Sun, Fort Worth Star-Telegram, Houston Chronicle, San Francisco Chronicle, Seattle Post-Intelligencer, MyFOX, and The Sydney Morning Herald.

The Colorado Daily wins the best title award for MySpace is your space (and yours, and yours…) (but its the same story).

Pantagraph (Central Illinois) has it currently as their top article and includes a picture their front page.

[Added 13 May] Pew Internet and American Life Project has a post on this: Securing Private Data from Network ‘Zombies’ by Mary Madden.