Smart Bottle

JW_Blue_Smart_Bottle_3Diageo and Thin Films have recently demonstrated a smart bottle.   The seal of the bottle contains a NFC tag.  This tag not only carries unique identity of the bottle, but it detects also whether the seal was opened or is still closed.  This smart tag allows interesting features:

  • As for traditional RFID tags, it enables the follow up of the bottle along the delivery chain.
  • As it uses NFC, the seal allows a mobile phone app to identify the bottle, and thus create a personalized experience (interesting features for privacy: it is possible to track who purchased the bottle (at the point of sale with the credit card) and see who actually drinks it (was it a gift?))
  • As it detects if the seal has been broken, it is a way to detect tampering of the bottle during the distribution chain.  This may thwart some forms of piracy and counterfeiting.
  • The tag is also a way to authenticate the origin of the product.  It may have interesting application for expensive rare bottles to verify counterfeiting.
  • It does not yet tell if you drank too much.  This will be the next application associated to the smart glass that will detect what you drink and how much 

See thinfilm brochure opensense

SHA-3 is born

In 2005, the first serious attacks on the widely use hash function SHA-1 were published.  Researchers were able to generate some collisions.   The new generation SHA-2 was also prone to these attacks.  In 2007, NIST launched a contest to select the future replacing algorithm.  At the first round, there were 63 submissions.  The second round kept only five algorithms.   On Tuesday, NIST published the winner: KECCAK

KECCAK was designed by researchers from STMicroelectronics and NXP.  According to NIST, KECCAK won because it was elegantly simple and had higher performance in hardware implementation than the other competitors.  As it is foreseen that SHA-3  may be used in many lite weight embedded devices (smart dust, intelligent captors, RFID…) , this was a strong asset.  No surprise that its implementation was optimized for hardware; Its four fathers are working for companies designing such chipset.  STMicroelectronics is one of the leaders in secure components for smart cards, whereas NXP is the leader in NFC.  Another interesting argument is as KECCAK uses totally different principles than SHA-2, attacks that would work on SHA-2, most likely will not work for SHA-3.

On September 24, 2012, Bruce Schneier, one of the five finalists with his Skein algorithm, called for a “no award”.  Currently, SHA-512 is still secure for many years.  Thus,according to him, there was no need to switch to another algorithm.

In its announcement of the winner, NIST confirmed that

SHA-2 has held up well and NIST considers SHA-2 to be secure and suitable for general use.

Thus, be not afraid when you will still find SHA-2 in designs for the coming years.  We’re safe.  It will take several years to tame this new algorithm.  Nevertheless, NIST estimates that having a successor to SHA-2, if ever it weakens, is a good insurance policy.

Wardriving RFID passports?

Wardriving is the game to wander in a location and build the cartography of the wireless networks. Of course, the most interesting ones are the ones which are not protected or WEP protected (The equivalent of not being protected. It is too easy to break WEP).

Chris Paget, a well known white hacker who plays with RFID, has demonstrated a new type of wardriving: collecting information from the new US passport or driving license using RFID. In a video, he shows how he retrieved data needed to clone these cards.

In US passport and RFID, I presented the risks associated to these new cards. Paget shows how to do it with not much cost. The range of reading depends on the emitting power of the antenna. Even without cloning, with this type of attack, it would be possible to spot a person, once you sniffed his/her RFID identification code.

It should be noted that this type of RFID is not the one used in the e-passport (the booklet passport). The e-passport is more secure.

Nevertheless, it is worrying to see administrations deploying such weak systems.

US passport and RFID

Once more, the use of RFID with ID cards raises many concerns. This time it is for the new US passport cards. These cards are only valid for sea and land travel. It seems that the design was only driven by cost consideration. There are two main characteristics

  • It uses off the shelf standard EPC chips (i.e., low cost tags as used for inventory tracking)
  •   The reading distance is 50 meters!

Being a standard EPC, the card just delivers a unique ID. This unique ID can be eavesdropped and reprogrammed in a blank EPC. Of course, the security relies on the guard who should check that the corresponding record points to the right owner. But we all know that vigilance decreases with time.
The long range of reading is an obvious privacy issue. With such a distance, it is easy to trace somebody. The solution proposed by the Administration is a privacy sleeve! This would never work with me. I would sooner or later forget it or loose it.
But the nicest is the “Kill” command. For privacy issue, EPC have a kill command that mutes definitively the chip. EPC are used for inventory tracking. Once the item sold, it must be possible to desactivate the chip. This command is legitimate for its initial use but not for this one. In a March post, I described a Denial Of Service attack to pass a border. With this type of card, it is extremely easy to mount it.
As usually, Administration downgrades the risks. According to them, the risks are improbable! When security design is driven by money, the result is often a catastrophe.

US passport and RFID

Once more, the use of RFID with ID cards raises many concerns. This time it is for the new US passport cards. These cards are only valid for sea and land travel. It seems that the design was only driven by cost consideration. There are two main characteristics
– It uses off the shelf standard EPC chips (i.e., low cost tags as used for inventory tracking)
– The reading distance is 50 meters!
Being a standard EPC, the card just delivers a unique ID. This unique ID can be eavesdropped and reprogrammed in a blank EPC. Of course, the security relies on the guard who should check that the corresponding record points to the right owner. But we all know that vigilance decreases with time.
The long range of reading is an obvious privacy issue. With such a distance, it is easy to trace somebody. The solution proposed by the Administration is a privacy sleeve! This would never work with me. I would sooner or later forget it or loose it.
But the nicest is the “Kill” command. For privacy issue, EPC have a kill command that mutes definitively the chip. EPC are used for inventory tracking. Once the item sold, it must be possible to desactivate the chip. This command is legitimate for its initial use but not for this one. In a March post, I described a Denial Of Service attack to pass a border. With this type of card, it is extremely easy to mount it.
As usually, Administration downgrades the risks. According to them, the risks are improbable! When security design is driven by money, the result is often a catastrophe.

Blocking theft of cycles using RFID

In UK, an interesting experiment, called WASP, uses RFID against theft of bicycles. Kryptonite designed a lock equipped with RFID and a motion sensor. The concept combines several elements:

  • The lock
  • A detector of RFID that covers a zone
  • A CCTV system that covers the same zone.

If ever the lock is moved, it activates the RFID. This is detected by the RFID readers which trigger a signal in the CCTV central. It is then possible to visualize who is trying to steal the bike.

The more constraining part of the system is the activation of the system. When the user stores his bike, he has to phone to a central system to indicate the identification of the area of protection. This starts the protection phase. When the user wants to take back his cycle, he has to phone back to the central system before unlocking the bike. WASP system is currently being tested at the University of Portsmouth.

Law 6 is once more interesting. As could have been expected, many people are already not anymore activating the phone call. The lock being blinking, they expect it to be deterrent enough. The activation phase seems to me very constraining. You will have two types of false positive: people who inadvertently move the bike, thus the lock, and of course the owner who forgot to call back to trigger deactivation.

In any case, an interesting combination.

To learn more, a presentation and the operator SOS Response

RFID to stop theft

SimplyRFID provides a system NOX to detect theft that is not simple at all. It is the combination of three techniques:

  • RFID tags are glued on items to be protected. The RFID tag provides the identity of the item, and through readers its location.
  • Optically charged dust is spread on restricted area, for instance in secure vaults.
  • Video surveillance has two roles. First it monitors the people. Second it detects presence of dust that is illuminated by a laser. The dust glows. It is thus possible to detect intrusion in sensitive area. Automatic software may detect the glowing dust and trigger an alarm.

The interesting part is that the RFID readers are hidden to the users. They are not aware of their existence. This is perhaps the “smarter” part of the concept.

How does it work? When a RFID tag passes near a hidden detector, it is triggered. It is then easy to discover the potential thief using the video surveillance. Of course, if the thief is aware of the location (or even of the presence) of hidden RFID tags, then he will be more cautious. The system targets insiders. Thus, the thief has time; He will first shield the tag. Then, he will pass through the detectors without triggering them. We assume that he hides the stolen device from the spying cameras. It is even better if there are several days between the shielding and the actual theft. It will require many hours to visually monitor the video tapes and if several people meanwhile handled the item, it is even better.

Interestingly, these hidden readers are violating privacy because employees are not informed of their presence.