116

Everywhere a question like this is asked, I see people responding that (in a scenario where a card is used) the card does some processing with the data it receives/generates some data when it receives a signal. How is this possible without power?

And even if that's the case, why can't every NFC tag in, let's say, credit cards just be cloned because there are no variables in them and only static data? You'd think those RFID tags could be copied and used for transactions.

schroeder
  • 123,438
  • 55
  • 284
  • 319
stenlan
  • 1,211
  • 2
  • 9
  • 6
  • 31
    Why do you think they have no power? Every article I can find on even passive RFID and NFC mentions how they obtain power from the radio signals. – schroeder Aug 01 '16 at 22:53
  • 5
    @schroeder: They have no power source. They do indeed use wireless power from the radio itself. – Mooing Duck Aug 02 '16 at 01:09
  • 21
    @MooingDuck So the power source is wireless power from the radio itself. They don't have no power source... – user253751 Aug 02 '16 at 04:38
  • 6
    There are RFID tags which can be cloned. Cheaper models always respond with the same number, so you can easily read that number and create an RFID tag which sends the same. Only the more expensive tags use a challenge/response protocol with actual encryption. – Philipp Aug 02 '16 at 11:31
  • 2
    Some RFID can be cloned. https://github.com/linklayer/BLEKey – Guntis Aug 09 '16 at 16:31

4 Answers4

223

Because the cards contain a chip which are powered by a coil. The coil is not really a antenna, but half of a transformer.

Think your regular mobile charger. This contains a transformer, that will transform the voltage from 230V or 120V AC to 5V DC. This is done by having a coil magnetize some iron, and this iron magnetizes the "receiving coil". If you draw current from the receiving coil, the primary coil will also draw more current.

Now, let's go to the "passive" card again.

The reader is one half of a transformer, and the card is one half of a transformer, but this transformer does create a magnetic field in the air instead of magnetizing iron. When you put the card close to the reader, the reader and card becomes a full transformer, and thus the card can be powered, like it was connected to a battery.

For the reader to transmit information to the card, the reader only needs to vary the frequency or amplitude of the AC voltage that powers the primary coil. The card can sense this and act on this information. For the card to send information back to the reader, the card simply short-circuits its own antenna via a transistor and a resistor. This will, like the mobile charger, cause the primary coil, i.e. the coil in the reader, to consume more current, and the reader can sense this (by having the primary reader coil via a resistor and then measure the voltage over the resistor) and read the data the chip sends to the reader.

This means that half-duplex bidirectional communication is possible with RFID, thus the chip can do anything, and work like a contact smart-card. And as you know, a contact smart card with a security chip, that can securely store a key, and only perform operations with the key, is impossible to "clone" or "copy" as the key cannot be extracted. That's the security of smart cards, they cannot be cloned, and that's why they are preferred over magnetic strip cards.

Thus, the same applies to wireless/contactless RFID card.

Toby Speight
  • 1,214
  • 9
  • 17
sebastian nielsen
  • 8,779
  • 1
  • 19
  • 33
  • 52
    I like how this answer also explains the low-level stuff like how the card actually gets powered and talks to the reader. – André Borie Aug 02 '16 at 02:48
  • 37
    I forgot i wasn't on the electronics stackexchange for a second.. good answer. – James T Aug 02 '16 at 07:35
  • 2
    Thanks, I think I understand now. "The card can sense this and act on this information." This means that RFID chips can in fact do more than just reflect static information, right? – stenlan Aug 02 '16 at 10:04
  • 1
    @stenlan Yes, they can do s much as regular contact smartcards. In fact, for many dual interface cards (contact/contactless) the RFID coil is directlly connected to the smartcard chip. – sebastian nielsen Aug 02 '16 at 10:29
  • @JamesTrotter The reason I had to go on these low-level stuff is because the OP is presumably aware that smartcards (with a contact chip) cannot be cloned, eg I had to describe why a contactless card is more similiar to a smartcard with active communication, rather than for example a barcode or magstripe card that mere stores something static and can be easily cloned. – sebastian nielsen Aug 02 '16 at 10:57
  • 3
    Disagree on the part of `impossible to "clone" or "copy"` . Anything that store digitally can be clone, just depends on difficulties and tech availability. http://security.stackexchange.com/questions/46319/why-emv-cards-cannot-be-cloned – mootmoot Aug 02 '16 at 11:11
  • 4
    @mootmoot Most smartcards do have special "tamper-resistant" circuity, that makes it impossible to "clone" or "copy" them. Some cards however, do have possibility to "clone" or "copy" with advanced microscopy and tampering, but if the card is a secure one, its impossible. – sebastian nielsen Aug 02 '16 at 11:32
  • 4
    About the attack you referred to in the link, thats another thing. If the challenges issued is predictable, you can simply store a copy of these challenges and their replies. That does not mean the card is cloned, it just means that the reader asked for something you can know in-future and thus be able to "fool" the reader with a fraudulent card. But the card is still unclonable such as when vulnerable readers are updated to use sufficently unpredictable challenges, its really impossible to clone the card. – sebastian nielsen Aug 02 '16 at 11:36
  • Well, I agree on the added security. Anyway, I just take the card cloning issue as a teaser for the time being. Since this issue largely depends on the card features and the technology to exploit the vulnerabilities. :-) – mootmoot Aug 02 '16 at 13:29
  • Perhaps some details the capabilities of an *actual* chip might help further understanding. The chip I have implanted in my hand is an NTAG216. This chip has two security-related functions: I can set a 32-bit passcode on it and lock certain sections of its memory so that they can only be read and/or written by readers with the passcode, I can also set a 16-bit acknowledgement code that is given as a response to the passcode so that the reader knows the device is genuine. It therefore cannot be cloned unless somebody snoops on a genuine authentication (which would be very difficult ... – Jules Aug 03 '16 at 10:23
  • ... due to the limited range of the communication system, but is at least theoretically possible). This chip is typical of the lower-cost end of NFC chips; higher chips provide more advanced facilities, including I understand on the latest ones the ability to sign a request via a hidden private key. – Jules Aug 03 '16 at 10:23
  • just for reference here is a [Datasheet] (http://www.nxp.com/documents/user_manual/141520.pdf) for one common NFC Controller ICs. The communication with the card is indeed HalfDuplex but the host interface may be full duplex. – knechtrootrecht Aug 04 '16 at 07:27
  • Can suddenly jerking a card out of the slot damage the chip like unplugging a turned on computer would? – jkd Dec 05 '16 at 09:46
  • @jakekimds No. Unplugging a turned on computer can "damage" it because writes to the drive are not completed, thus old and new data will be mixed. A card, which is designed to be taken out or in, and especially RFID cards where the field strenght may fall below the card's operating threshold, have systems like write and commit, to ensure data is completely received before written to the actual flash memory, to avoid power loss corruption. There might be a risk that the transaction counter is advanced without commiting to a transaction, but the bank will auto-"repair" that next use of card. – sebastian nielsen Dec 05 '16 at 23:37
  • Literally my only criticism of this answer is that a typical mobile phone charger would use a switched mode power supply and not a transformer, but this has nothing to do with information security. :) – Keeley Hoek Oct 31 '20 at 20:07
52

NFC (Near Field Communications) cards are not passive. NFC readers constantly transmit RF (radio frequency) energy; this is called a carrier signal. Very close to the reader (within about one wavelength, putting the "Near" in Near Field Communications,) the RF transmission is strong enough to induce enough energy into the receiving antenna to power the circuit in the card. The card contains a computer chip that has a CPU that can process received data, a small amount of static memory, and the ability to "transmit" a response (transmission is achieved by attenuating the carrier signal.)

Mag stripe cards (those that have no embedded chip) are passive. They have only "static" authentication data, which is probably what you're thinking of. The data is encoded on the stripe at the bank when it's issued, and it's always the same data, read after read after read. The mag stripe is technically very limited, and contains only a few pieces of information. They are the PAN (Primary Account Number), cardholder name, expiration date, service code, and a secret value called the CVV (Cardholder Verification Value). In total, no more than 79 characters can be encoded on the first track of a mag stripe.

NFC chip cards used for payments are programmed to emulate the same 79 characters that you might find on a mag stripe card, with a couple of exceptions: they can listen for variable data transmitted by the reader, they can respond with whatever the chip is programmed to send, and each card contains a secret key that is known only to the bank that issued the card.

To communicate, the reader sends the chip some data about the transaction including a random "challenge" number. The chip then encrypts the challenge value (and other transaction data) using the secret key stored in the card. The chip then emits this computed value in place of the CVV. This is called "dynamic" authentication data, because the number is different with every transaction and challenge.

The reason these cards are not easily clonable is that nobody but the bank knows the secret key hidden in the chip, so nobody else can produce a card that will react the same way to the challenge that came from the reader, thus the cloned card cannot produce the correct CVV. The bank is responsible for detecting the incorrect CVV and rejecting the request from the cloned card.

Not all the systems in use today are perfect. Researchers (and criminals) have figured out several attacks. Some cards are inherently insecure because they use weak encryption (such as the MiFare cards often used in transit systems.) Some cards have had their secret keys read by using side channel attacks, such as power analysis or timing analysis. Some have been examined using ion beam microscopy, revealing the bits containing the secret keys. And some banks did a poor job initially implementing their secret keys such that they didn't validate the CVVs correctly.

Once a system is properly implemented, chip cards are very very difficult to clone, whether they be NFC read or inserted into a chip reader.

John Deters
  • 33,650
  • 3
  • 57
  • 110
  • I thought I had read somewhere that the billing address is also stored on the mag stripe? – Dan Henderson Aug 03 '16 at 15:40
  • 1
    @DanHenderson, no, the ANSI/ISO standards for the mag stripe do not include any address info. Track 2 has a 4-bit numeric character set, and includes PAN, exp date, service code, and discretionary data, and can be a max of 40 characters. Track 1 has a 6-bit alphanumeric character set and adds the cardholder name to the data, but that's basically the only difference between tracks 1 and 2. Track 3 is not normally used for financial cards. Non-standard cards (gift cards, loyalty cards, etc.) are free to encode whatever they want, of course, but they won't work in anyone else's readers. – John Deters Aug 03 '16 at 20:46
  • Upon reflection, I think the context was that of a warning that a compromised reader could extract your personal info from the card; perhaps at one point, some issuers had put birth date and/or ZIP into the "discretionary data"? – Dan Henderson Aug 03 '16 at 20:57
  • It's possible that certain issuers have placed that kind of information in the discretionary data, but that would be for their own use. The contents of that field are not well defined, so a regular payment terminal such as you might find at a gas pump wouldn't know to look in that field for a ZIP code. And if you're sticking ZIP on the mag stripe for your own store's credit card, why not just look it up from your own database when you authorize their credit? Such a thing would likely be a historical leftover from the days before the PCI Data Security Standards. – John Deters Aug 03 '16 at 21:53
  • 1
    @DanHenderson, I just remembered that most state IDs and Driver's Licenses have mag stripes that contain address and birthdate information. If you're using a mag stripe reader to check IDs at a liquor store to prevent underage purchases), that data is at risk. But those are not payment cards and don't follow the payment card standards. – John Deters Aug 03 '16 at 22:44
  • it was quite a few years ago that I heard about it, so predating the current PCI standards is the most likely context (my state has never used mag stripes on DLs; we just got a barcode matrix in the last 10-20 years). – Dan Henderson Aug 04 '16 at 12:24
  • "Some have been examined using ion beam microscopy, revealing the bits containing the secret keys." That's not really a security risk though, right? If a thief is able to do that, they already have the card pretty safe in their possession. At that point, having them clone the card wouldn't really make the situation any worse; the card's already been stolen. All that cloning would do would make it more convenient for the thief (like to keep it in more than one place) or enable him to share it, which isn't an additional security risk. Again, it's already been stolen. – flarn2006 Aug 08 '16 at 10:01
  • (continued from my last comment) Also, in that situation, it's much more likely that the person cloning the card is the person who actually owns the card, in which case they're obviously authorized to do so. The bank simply neglected to give them the key, probably figuring more people would be careless with it than actually have a use for it. So if there's a method of cloning cards that requires that level of access to the card, I'd say it's a good thing. May be very difficult and expensive, but it's still better than nothing, even if just barely. – flarn2006 Aug 08 '16 at 10:08
  • @flarn2006, you're correct that it requires possession. The advantage to cloners might come from exploiting a card system that uses a common key, such as a transit system. It would not help break a payment card system where every card has a unique private key. – John Deters Aug 08 '16 at 12:03
  • @JohnDeters If you give a device to someone for them to own, and they do something you don't like with a key stored on that device, that's your own problem. You basically gave them the private key. A system that relies on security through obscurity is fundamentally insecure. – flarn2006 Aug 09 '16 at 22:17
  • @flarn2006 if a transit system embeds a common key in all their cards, they are risk of having the key stolen from one of them, and then being cloned and abused by criminals. They have to decide how that risk measures to the high cost of deploying, storing, and using individual keys in each card. A PKI can do it, but the costs are higher than profit margins. Issuing cards with a common key might cost about $0.50 each, issuing a card with an individual certificate could cost $1.50 each. It’s not as simple as “Security through obscurity==bad”, it’s a business decision between two hard choices. – John Deters Jul 12 '19 at 16:31
  • Plus, no bus company is run by cryptographers. They buy these solutions from vendors, and are completely at their mercy when it comes to the technical security of the systems; yet it’s the bus company exposed to the risks if the security is violated. The bus company doesn’t even have the information needed to make a good choice; all they have are vendor sales and marketing brochures. – John Deters Jul 12 '19 at 16:37
21

How can RFID/NFC tags not be cloned when they are passive technology?

Your question assumes 2 things:

  1. That RFID tags cannot be cloned
  2. And they are passive, not active.

Both points are incorrect:

  1. RFID tags can be cloned. Tags which do not make use of password-protection or over-the-air (OTA) encryption can have their data banks copied into new tags.
  2. RFID tags (at least Class 1 Generation 2 tags, aka UHF RFID tags) are computationally active, not passive. Their "passive" nature refers to their not needing an attached power source.

RFID tags (at least "Class 1 Generation 2" tags) are transponders and they're powered by the very RF wave sent to query them.

The majority of RFID tags are not encrypted or have any secrets - they act like a barcode does and merely repeat the same information every time they're queried, in which case they can very easily be cloned.

However the Class 1 Gen 2 tags (at least) support features like passwords (the scanner includes a password in the RF signal sent to query the tags) and over-the-air encryption, though this is not a mandatory feature and not every Class 1 Gen 2 chip supports it.

Research has been done into the security of RFID, here is one such recent paper: The security of EPC Gen2 compliant RFID protocols.

techraf
  • 9,141
  • 11
  • 44
  • 62
Dai
  • 1,686
  • 1
  • 13
  • 20
  • This says you don't even need Class 2 for password protection: https://skyrfid.com/Mid-Range_RFID.php – Nakilon Jan 27 '20 at 06:18
6

I'll try to make it rather short and try to answer every question.

How is this possible without power?

There is power like usual. It works by the same electromagnetical principle as a transformer (which is contactless as well). Or like one of those modern(ish) contactless smartphone chargers where you just lay your phone on a plate instead of plugging it in anywhere. Or like an induction cooker (just with less power).

The fact that you do not need touch is just a technical detail; you can ignore it and treat it just like any other electrical connection.

there are no variables in them and only static data?

This is not necessarily the case. For example there are building access cards which have to be "loaded" (over the air) with the codes for the day each day to get access to certain locks. Or money cards which can be loaded up and "emptied" by paying stuff.

why can't every NFC tag ... just be cloned because

First, there is no reason to assume that the NFC tag behaves like a RAM module or USB stick, just presenting itself as a data storage device. That's not how it works.

There may be very simple NFC tags which are used as actual identification tags only; those can be made so they simply transmit their ID to whoever asks. This may be what a store can use to quickly scan some items (or to avoid theft). No secrecy is needed here, only identification. This likely the majority of all RFID tags produced.

If you want secrecy: things like money cards or building access cards with daily rotation of codes need onboard computing as well as some kind of encryption. Without going into details, this kind of encryption can be done in a way that the actual "secret" is safe inside the chip and not visible on the air at all. At no point do they allow to access the actual "secret", nor do they need to, similarly in the way that the secret keys in HTTPS/TLS never go in the clear over the insecure channel.

EDIT: replaced the last paragraph which could be read as TLS being used in RFID chips.

AnoE
  • 2,370
  • 1
  • 8
  • 12
  • Compared to just passing data back and forth, TLS is *very* computationally intensive and needs quite a bit of storage space just for the crypto keys. I doubt a RFID or NFC tag or card has the processing power to do a full TLS-style encryption setup just for key exchange. That said, though, it's almost never needed; no need to use asymmetric encryption if symmetric crypto will do just as well. Which it does whenever both sides can store the key. – user Aug 02 '16 at 19:07
  • How would you use symmetric cryptography? The card cannot trust the reader (any reader can be used for tampering) and the reader can certainly not trust the card. You could even perform a man-in-the-middle attack with specialist devices. Please correct me if I'm wrong, but symmetric cryptography can only be used when both parties already trust each other (i.e. when they have already exchanged the key over a known secure channel, like one secured with asymmetric cryptography). But at that point, identity is already established, which is the main purpose of RFID. – sanderd17 Sep 08 '20 at 07:43