His brief bio is below. Please join me in welcoming Randolph to the group!

I was born in a small city in southeast of China, and traveled from south to north during my high school, undergraduate, half-graduate study. I’m very happy to travel to the other half of the planet for my PhD study here in the end.

I was an EE major and love to deal with various aspects of embedded system. I’ve worked on the RoboCup, which forms a robot team to play “football”; the Mobile Satellite Communication Vehicle, which essentially control the attitude of antenna in dynamic circumstance; the Multi-Agent Cooperation via wireless communication etc. I didn’t realize before that the security issues of the embedded system are very challenge problems and becomes a bottleneck for their ubiquitous deployments, no matter for sensor networks or RFID. My ultimate goal is to enable these smart embedded systems acceptable by common people and put into daily service without concern about the security and reliability in the face of expanding network connection.

I also like sports such as swimming, traveling, exploration, basketball, hiking but no running which I think too boring. I enjoy the weather, the blue sky and fresh air here.

Excerpt: (bolding is mine)

Meanwhile, although experts say that some RFID technologies are quite secure, a University of Virginia security researcher’s analysis of the NXP Mifare Classic (see Hack, November/December 2008), an RFID chip used in fare cards for the public-­transit systems of ­Boston, London, and other cities, has shown that the security of smart cards can’t be taken for granted. “I think we are in the growing-pains phase,” says Johns Hopkins University computer science professor Avi Rubin, a security and privacy researcher. “This happens with a lot of technologies when they are first developed.”

…
As long as the remaining problems are ignored, though, it’s unlikely that the technology will become good enough to protect international borders without compromising the privacy of thousands or millions of people. Tadayoshi Kohno, for one, says that at this point, he is not convinced that RFID even offers security advantages over the old IDs. Technology used on this scale, and for purposes this important, should be clearly better than what it’s replacing: the U.S. experience with electronic voting systems shows what can happen when it’s not. If officials continue to advocate band-aids such as privacy sleeves rather than working to address the full extent of critics’ concerns, they will ultimately undermine the very technology that they hope to promote. While new ID technology seems likely to stay, it could become a fiasco if officials don’t pay attention to the work of hackers and security researchers. These people try to expose weaknesses before they can be exploited maliciously. It’s much less painful to swallow the news from them than to wait until a problem becomes embarrassing–or devastating.

…
“Animal law is a growing area that is in much discussion,” Riley said. “It is a good way even for a student who has no interest in practicing animal law to enlarge their interest and to understand different ways the law works.”

A recent of example is Leona Helmsley’s will, Riley said.

When the hotelier, dubbed the “queen of mean,” died at 87 in August 2007, she spurred a legal debate by leaving behind a $12 million trust for the care of her dog.

Riley said a group of students at UVa have shown interest in animal law.

Elsewhere at UVa, the National Science Foundation’s grant will enable a team of engineers to create a more secure design for RFID chips, which are commonly found in remote car-locking systems and touchless debit cards.

These tiny chips, which send information over short distances using weak radio waves, are an increasingly popular way to monitor potentially sensitive information.

UVa researchers have been working to create a stronger encryption scheme that would keep information on RFID chips secure while keeping costs low.

[Added: 14 Jan] NetworkWorld has also picked up this story: NSF gives University of Virginia researchers a million good reasons to improve RFID security, privacy, by Alpha Doggs, NetworkWorld, 14 Jan 2009.

Some excerpts:

To address the problematic use of custom cryptography, the U.Va. research team will develop an encryption scheme that is relatively strong — providing some measure of privacy and security — but that can be implemented at almost zero cost by repurposing the meager hardware resources already available on common RFID tags. Providing a solution that adds virtually no cost is crucial, because these RFIDs are made by the billions, at such low costs (5 cents or less apiece) that there is no margin for any added expense.

…

The team is breaking new ground by using a holistic design approach that considers how all the various levels of the design — the hardware, the encryption algorithm and how it is used — work together, mindful of how an attacker will target the single weakest link in the design.

…

The research team hopes their research will forestall that possibility, enabling RFIDs to be used in countless ingenious applications not yet dreamt of, without sacrificing privacy and security in a Faustian bargain.

They are published in Appendix A of Henryk Plötz’s thesis report: Mifare Classic – Eine Analyse der Implementierung. The thesis is in German, but the algorithm is published as a C program (by Karsten Nohl, Henryk Plötz and Sean O’Neil), so should be understandable to non-German code readers.

Also yesterday, the paper, Dismantling MIFARE Classic, by Flavio D. Garcia, Gerhard de Koning Gans, Ruben Muijrers, Peter van Rossum, Roel Verdult, Ronny Wichers Schreur, and Bart Jacobs of Radboud University Nijmegen, The Netherlands, appeared at ESORICS 2008. This is the paper that was the subject of NXP’s failed lawsuit.

The publication of these details remove any remaining doubts about the insecurity of the Mifare Classic.

News articles:

D-Day for RFID-based transit card systems, c|net News, 6 October 2008.

“Combining these two pieces of information, attacks can now be implemented by anyone,” RFID researcher Karsten Nohl told CNET News. “All it takes is a $100 (card) reader and a little software.”
…
Security systems like the Mifare Classic that are not peer reviewed are not as trustworthy as systems that can be openly analyzed by researchers looking for flaws, Johanson and Nohl said.

“Developing your own proprietary security mechanisms and not getting public scrutiny on it does not work,” Nohl said.

Boffins (finally) publish hack for world’s most popular smartcard, The Register, 6 October 2008.

Two research papers published Monday have finally made it official: The world’s most widely deployed radio frequency identification (RFID) smartcard – used to control access to transportation systems, military installations, and other restricted areas – can be cracked in a matter of minutes using inexpensive tools.

The two documents combined mean that virtually anyone with the time and determination can carry out the attacks, said Karsten Nohl, a PhD candidate at the University of Virginia and one of the cryptographers who first warned of the weakness in December.

“Now the weakness that we and others have been talking about for months can be verified independently by really anybody,” he said. “The flip side is that everybody can now attack Mifare-based security systems.”

Over the past six months, many organizations that rely on the Mifare Classic have upgraded their systems, but Nohl said he is personally aware of a “handful” of systems used by government agencies or large multinational companies that have been unable to make the necessary changes because of the logistical challenges of issuing new badges to employees.

“One hopes that just based on the announcement, most operators of critical security systems have adopted other technologies besides Mifare,” Nohl said.

Update: (10 Oct) Another article from the CBC: Security flaw in smart cards poses risk for transit, building access, CBC News, 10 October, 2008.

This new RFID chip is based on recently announced breakthrough technology called Physical Unclonable Functions (PUF). PUF technology is a type of electronic DNA or fingerprinting technology for silicon chips that makes each chip unclonable.

It might be besides the point that neither DNA, nor fingerprints are unclonable. The failure of proprietary security, which has been a constant theme on this blog, has led many to conclude that only well-reviewed security primitives can be strong. PUF technology tries to achieve security in exactly the opposite way: the PUF circuit is designed in a way so that not even the designer understands how outputs are derived from inputs. Security-by-obscurity par excellence.

Every circuit, including PUFs, is a deterministic function; the only difference in PUF circuits is that some inputs to the function vary across different tags. For a PUF to be cryptographically strong, one would hence need to show that

1. the fixed part of the circuit (the cipher) is strong by cryptographic metrics,
2. the number of device-dependent inputs (the secret key) is large and
3. the entropy of these inputs is high.

PUFs are a wonderful idea for using manufacturing variance constructively, but in their current realization, PUFs fail to convince that they are strong building blocks for security systems.

Articles:

• Dutch chipmaker sues to silence security researchers, c|new News, 9 July 2008.
• NXP sues academic research team – what are they afraid of?, The Tech Herald, 10 July 2008.
• NXP sues to prevent hackers from releasing MIFARE flaws, Secure ID News, 10 July 2008.
• Chipmaker sues to quash research on RFID smart card security flaws, Computer World, 10 July 2008.

[Update 18 July] The judge has denied NXP’s request for an injunction, ruling that “limitations to the freedom of speech are allowed only if there is urgent and obvious threat to society”: Judge denies NXP’s injunction against security researchers, Industry Standard, 18 July 2008.

[Update 21 July] Another article: Dutch court allows publication of Mifare security hole research, CNet News, 18 July 2008. This one includes a picture of Karsten Nohl’s presentation at the Last HOPE Conference.

German-born Karsten Nohl is a security consultant and PhD student at the University of Virginia. He was in Seattle recently to speak at a technology conference and is known worldwide for hacking into transit systems.

He’s exposed significant security problems with transit cards commuters were told held their personal information secure, but Nohl showed, did not

“Is it all that inconvenient to swipe a card? Does it really have to be tapping? Would, for that perhaps tiny added benefit, now expose your data to everybody in your vicinity? Perhaps not. So, that is a discussion that has to be had. And not just by the companies introducing something new and fancy and forcing everybody to use it, but rather by the consumers, too,” said Nohl.

The paper describes the methods used to reverse engineering the encryption on the Mifare Classic RFID tag and some of the things we learned by doing it. Karsten Nohl will present the paper at the USENIX Security Symposium in San Jose on July 31.

Abstract

The security of embedded devices often relies on the secrecy of proprietary cryptographic algorithms. These algorithms and their weaknesses are frequently disclosed through reverse-engineering software, but it is commonly thought to be too expensive to reconstruct designs from a hardware implementation alone. This paper challenges that belief by presenting an approach to reverse-engineering a cipher from a silicon implementation. Using this mostly automated approach, we reveal a cipher from an RFID tag that is not known to have a software or micro-code implementation. We reconstruct the cipher from the widely used Mifare Classic RFID tag by using a combination of image analysis of circuits and protocol analysis. Our analysis reveals that the security of the tag is even below the level that its 48-bit key length suggests due to a number of design flaws. Weak random numbers and a weakness in the authentication protocol allow for pre-computed rainbow tables to be used to find any key in a matter of seconds. Our approach of deducing functionality from circuit images is mostly automated, hence it is also feasible for large chips. The assumption that algorithms can be kept secret should therefore to be avoided for any type of silicon chip.

Full paper (9 pages): [PDF] [HTML]