[OWASP-Ireland] Say hello to the RFID virus - Hype, who knows?

eoin.keary at ritsgroup.com eoin.keary at ritsgroup.com
Thu Mar 16 06:27:59 EST 2006


Now that would be interesting. But is the RFID systems ran on TDM (Time 
division Multiplexing) you may need a very big bag?
**********************************
Eoin Keary CISSP
Senior Consultant
Rits Information Security
2052  Castle  Drive
Citywest Business Campus
Co. Dublin

Tel:  353 (01) 642 0500
Fax: 353 (01) 466 0468
Email: eoin.keary at ritsgroup.com
Web: www.ritsgroup.com
**********************************
This email contains information which may be confidential or privileged. 
The information is intended solely for the use of the individual or entity 
named above.  If you are not the intended recipient, be aware that any 
disclosure, copying, distribution or use of the contents of this 
information is prohibited.  If you have received this electronic 
transmission in error, please notify me by telephone or by electronic mail 
immediately. Any opinions expressed are those of the author, not Rits. 
This email does not constitute either offer or acceptance of any 
contractually binding agreement. Such offer or acceptance must be 
communicated in writing. 




"Tony Palmer" <tony.palmer at vordel.com>
Sent by: owasp-ireland-admin at lists.sourceforge.net
16/03/2006 11:19

 
        To:     <owasp-ireland at lists.sourceforge.net>
        cc: 
        Subject:        RE: [OWASP-Ireland] Say hello to the RFID virus - Hype, who knows?


What about DOS attack on RFID enabled systems either by carrying a bagfull
of rfid tags (through a shop!) or have a device that emits a huge stream 
of
RFID radio data?
T

-----Original Message-----
From: owasp-ireland-admin at lists.sourceforge.net
[mailto:owasp-ireland-admin at lists.sourceforge.net] On Behalf Of Chris 
Madden
Sent: 16 March 2006 11:11
To: 'brian.honan at bhconsulting.ie'; eoin.keary at ritsgroup.com;
owasp-ireland at lists.sourceforge.net
Subject: RE: [OWASP-Ireland] Say hello to the RFID virus - Hype, who 
knows?


Interesting article (with equally sensationalist title) and paper on RFID
tags.

"Cellphone could crack RFID tags, says cryptographer"
http://www.eetimes.com/news/semi/showArticle.jhtml?articleID=180201688

Shamir (who put the S in RSA) used power analysis attacks to determine 
RFID
passwords. Power analysis attacks became more mainstream in 1998 when used
to attack smartcards. There's a seminal paper on this by Paul Kocher.
Fault attacks would probably be successful against RFID tags also.

The easiest way to increase RFID tag security would be to borrow 
technology
from smartcard security. However, given that RFID tags are generally very
low cost items, it may not make financial sense to increase their 
security. 
So, RFID tags should be recognized as low/no security items and treated as
such.



"RFID Systems and Security and Privacy Implications"
http://www.eicar.org/rfid/kickoffcd/04%20-%20Hintergrundinformationen/09%20-
%20RFID%20Systems%20and%20Security%20and%20Privacy%20Implications.pdf

Chris

> -----Original Message-----
> From: Brian Honan [mailto:brian.honan at bhconsulting.ie]
> Sent: 16 March 2006 10:29
> To: eoin.keary at ritsgroup.com; owasp-ireland-admin at lists.sourceforge.net;
> owasp-ireland at lists.sourceforge.net
> Subject: Re: [OWASP-Ireland] Say hello to the RFID virus - Hype, who
> knows?
> 
> Hype? Perhaps
> 
> Experts unconcerned by RFID virus
> 
> http://www.vnunet.com/vnunet/news/2152020/experts-unconcerned-rfid-vir
> 
> Brian
> 
> -----Original Message-----
> From: eoin.keary at ritsgroup.com
> Date: Thu, 16 Mar 2006 10:24:22
> To:owasp-ireland at lists.sourceforge.net
> Subject: [OWASP-Ireland] Say hello to the RFID virus - Hype, who knows?
> 
> http://news.bbc.co.uk/2/hi/technology/4810576.stm
> 
> **********************************
>  Eoin Keary CISSP
>  Senior Consultant
>  Rits Information Security
>  2052  Castle  Drive
>  Citywest Business Campus
>  Co. Dublin
> 
>  Tel:  353 (01) 642 0500
>  Fax: 353 (01) 466 0468
>  Email: eoin.keary at ritsgroup.com
>  Web: www.ritsgroup.com
>  **********************************
>  This email contains information which may be confidential or 
privileged.
> The information is intended solely for the use of the individual or 
entity
> named above.  If you are not the intended recipient, be aware that any
> disclosure, copying, distribution or use of the contents of this
> information is prohibited.  If you have received this electronic
> transmission in error, please notify me by telephone or by electronic 
mail
> immediately. Any opinions expressed are those of the author, not Rits.
> This email does not constitute either offer or acceptance of any
> contractually binding agreement. Such offer or acceptance must be
> communicated in writing.
> ---
> Brian Honan
> BH Consulting
> Helping You Piece IT Together
> Tel:         +353-1-8243846
> Mob:      +353-86-8114066
> Email:      brian.honan at bhconsulting.ie
> www:      http://www.bhconsulting.ie
> Support Global Security Week http://www.globalsecurityweek.com
> 
> This message is for the named person's use only. If you received this
> message in error, please immediately delete it and all copies and notify
> the sender. You must not, directly or indirectly, use, disclose,
> distribute, print, or copy any part of this message if you are not the
> intended recipient. Any views expressed in this message are those of the
> individual sender and not of BH Consulting
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by xPML, a groundbreaking scripting
> language
> that extends applications into web and mobile media. Attend the live
> webcast
> and join the prime developer group breaking into this new coding
> territory!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
> _______________________________________________
> OWASP-Ireland mailing list
> OWASP-Ireland at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-ireland


-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting 
language
that extends applications into web and mobile media. Attend the live 
webcast
and join the prime developer group breaking into this new coding 
territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
OWASP-Ireland mailing list
OWASP-Ireland at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/owasp-ireland


This e-mail is business-confidential and may be privileged. If you are not
the intended recipient, please notify us immediately and delete it. If the
email does not relate to Vordel's business then it is neither from nor
authorized by Vordel. Thank you.




-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting 
language
that extends applications into web and mobile media. Attend the live 
webcast
and join the prime developer group breaking into this new coding 
territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
_______________________________________________
OWASP-Ireland mailing list
OWASP-Ireland at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/owasp-ireland


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-ireland/attachments/20060316/8ac740aa/attachment.html 


More information about the Owasp-ireland mailing list