RU170549U1 - DEVICE FOR PREVENTING UNAUTHORIZED ACCESS TO INFORMATION CONTAINED IN AN OBJECT FITTED WITH A TRANSPONDER - Google Patents

Abstract

Usage: to save personal data and confidential information from unauthorized contactless access to it. The essence of the utility model lies in the fact that the device is made in the form of a cover made of fabric, including material that shields electromagnetic radiation, the fabric is a metallized fabric of the Metacron type. Effect: ensuring the prevention of unauthorized access to information in a wide range of frequencies. 6 c.p. f-ly.

Description

The utility model relates to devices that allow you to save personal data and confidential information from unauthorized contactless access to it.

The rapid development of contactless technology is today one of the key trends that defines the scenarios for the further development of the global industry of identification systems, access control and cashless payments. Modern contactless information systems are widely used in industries such as:

- public transport: traffic control, fare collection and optimization of passenger flows;

- organization of toll roads, automatic collection of tolls and transit fees, paid parking lots;

- electronic payment systems;

- security (in conjunction with other technical means of audio and video monitoring);

- protection and signaling on vehicles.

Devices on integrated circuits (ICs) used for access control or in payment systems can be of any kind (card, sticker, key fob, etc.). In general terms, these are devices containing any form of transponder (i.e., RFID tag), which has several properties:

• always generates a response signal with the correct electronic request;

• has cryptographic protection when transmitting information from the reader to the tag and vice versa;

• has a small size.

They may have (active) or not (passive transponders) their own power source.

The integrated circuit contains the necessary information, for example, about the amount of money on the card - in the case of payment cards, or allowing you to identify something or someone in the case of access control.

An external device (scanner, reader, reader) generates an electromagnetic field that causes an electric current in the inductance coil of the contactless card, a capacitor charges, and he, in turn, feeds the chip with electricity. The earned microchip through the inductor transfers data from the memory card to an external reader.

Radio Frequency Identification (RFID) technology, Near Field Communication Technology (NFC) and Dedicated Short Range Communication Technology (DSRC) are currently used for contactless communication.

Near-field communication (NFC) and radio frequency (RFID) tags are used to mark many everyday products, credit and payment cards, driver’s licenses, ID cards, passports, travel tickets, etc. RFID-based transponders are used as a means of non-stop payment for travel to the USA, and DSRC (Dedicated Short Range Communication) protocol transponders are used in Europe and Russia.

Another type of device also used for such purposes is ordinary mobile phones, smartphones, tablets, which can serve as RFID tags. Contactless applications are actively integrating into smartphones. Many modern models support NFC technology, which allows you to read RFID tags at close range, that is, to perform the function of a reader.

The frequencies at which the readers work (LF - 135 kHz, HF - 13.56 MHz, microwave - more than 433 MHz, ultrasonic radiation - 2.45 GHz and 5.8 GHz) affect the data transfer speed, read range and determine the types of barriers that prevent communication reader and tags. The higher the frequency, the smaller the size of the receiver, the higher the data rate and the greater the distance.

Active tags use the energy of their own battery to transmit energy. They are programmed to emit a signal at intervals (for example, 1 time per second). The distance at which it is possible to read such marks reaches 100 meters. Passive tags use reader field energy to transmit. Having accumulated the necessary energy, the label begins to transmit. The distance of registration of such marks is less, it depends heavily on the reader power - within the range of 0.05 - 8 meters.

Simultaneously with the emergence of significant advantages provided by the introduction of contactless technologies, a number of specific problems arise in ensuring the safe functioning of systems built using transponders. The use of transponders with a long range is associated with the radiation of the protocol of information exchange on the air. The practice of unauthorized influences on various telecommunication systems shows that this leads to a number of additional opportunities for their implementation.

Example 1

Based on RFID technology, an Intelligent Car Access System has been built (trade names AdvancedKey, ComfortAccess, KeylessGo, KeylessEntry, AdvancedKeyless & StartSystem, FastKey, HandsFreeKeyCard, IntelligentKey, SmartKeySystem, KeylessDrive, etc.). This comfortable access system is very convenient. But, unfortunately, this system makes the machine more vulnerable to attackers. To break into a car equipped with a keyless entry system, you need a regular CB radio amplifier and a simple range extender.

As noted by experts of ADAC (Public Organization of Motorists of Germany), you can even catch a radio signal from a smart key through the door of an apartment or house, as well as by standing under a window of a house or apartment building (if the key is on the first or second floor). The range of such devices can be up to 500 meters. ADAC, a German public organization for motorists, has examined more than 20 cars for burglar resistance. As a result, it turned out that all tested vehicles are subject to easy hacking. All cars with a system of comfortable access to the car, using the simplest radio equipment, can be opened in a few seconds.

Example 2

Plastic cards with contactless RFID chips can be used just by attaching them to a PoS banking terminal. At the same time, such cards in the PoS terminal “do not roll” and are not inserted. At the same time, payment within a small amount (1 thousand rubles in Russia, 25 euros in Europe) does not require the holder to enter a PIN code, which, for example, allows you to use a contactless card as a ticket for city and suburban transport.

The way to steal money from cards equipped with PayWave and PayPass technologies is that criminals “intercept” the signals from such bank cards with the help of artificially made readers. The essence of the scheme is similar to intercepting the signals of electric locks by car thieves. PayPass and PayWave cards are debited by fraudsters using home-made readers that can scan bank cards with RFID chips. There are methods of withdrawing money from credit cards using the latest smartphones, in which there is a modification of a variation of RFID technology - the NFC device. To withdraw funds from a card, hackers only need to find out its full card number and the month / year of service end.

Example 3

Recently, technology related to both RFID and smart card technologies has begun to spread in the world at the same time. This is Near Field Communications (or NFC. An important difference between NFC is that it is a two-way technology, the chip, antenna frame and reader are included in one label. NFC devices operate in the 13.56 MHz band, and one of the signals is used for encoding versions of the so-called Manchester code. The energy of radio exchange is very small, the tag is read at a distance of no more than 10 cm (actually 2-3 cm), which, together with code protection provides a high level of security. In fact, the reader must be attached close to the card, which is quite difficult to do unnoticed. You can make a non-standard reader that works at a greater distance.For example, researchers from the British University of Surrey demonstrated the ability to read NFC data at a distance of up to 80 cm using a compact scanner (http://www.surrey.ac.uk/mediacentre/press /2013/l14636_contactless_payment_cards_research_highlights_security_concerns.htm)

Such a device may well quietly “interrogate” contactless cards in public transport, shopping centers, airports and similar crowded places. You can do without a scanner and personal presence. The solution to the distance problem was proposed by Spanish hackers who presented a report at the HackInTheBox conference. (http://www.idigitaltimes.com/new-android-nfc-attack-could-steal-money-credit-cards-anytime-your-phone-near-445497).

Most modern Android smartphones are equipped with an NFC module. At the same time, smartphones are often physically near the wallet - for example, in one bag. The concept of an Android Trojan was created, which turns the victim’s smartphone into something like an NFC signal repeater. As soon as the charged phone is near the contactless card, it sends to the attackers a signal about the availability of the transaction via the Internet. Fraudsters activate a regular payment terminal, bring their NFC-smartphone to it. Thus, a “bridge” is created over the Internet between the NFC card and the NFC terminal, remote from each other at any distance.

Through NFC, you can steal not “the transaction itself”, but bank card information. Until now, it was believed that this public information did not compromise the security of the card. However, the authoritative British consumer publication “Which?” Came up with an unexpected refutation of this thesis. Which? Experts have tested dozens of different contactless cards issued by UK banks. Using an accessible NFC reader and free software, they were able to decode the number and expiration date for all ten cards.

Example 4

In older models of phones and smartphones, or in models that do not support the NFC standard, a tag that allows remote payments is placed directly on the SIM card. Due to the fact that the device is very small and thin (it even fits on micro-SIM), it is not possible to successfully integrate an antenna in it that would operate at a frequency of 13.56 MHz (NFC standard), since this requires a large area. Such a device will either be ergonomically inconvenient, or it will be unstable in a number of phones (depending on their design, case material, proximity of the battery), so they place a 2.4 GHz antenna there. The signal at this frequency breaks through any phone and goes up to a distance of 10 meters. Data theft scheme, as in examples 1 and 2.

Example 5

RFID-based transponders (mainly in the USA) and DSRC protocol transponders (in Europe and Russia) are used as a device that allows you to pay for a vehicle on toll roads. The device allows you to comfortably navigate on toll roads without stopping at checkpoints to pay for travel. This technology also has a significant drawback - to control traffic and calculate the tariff, it is necessary to install additional readers on the highway and at all exits from the highway. That is, during movement, the transponder of the non-stop payment device can be activated at any time. A similar case was examined in detail by the American company Root Labs (https://www.technologyreview.com/s/410743/road-tolls-hacked/).

Example 6

Recently, the discussion of the implantation of RFID tags (transponders) under human skin is gaining momentum. Indeed, in terms of comfort, this is a unique solution. It is enough to have a hand and you can make a payment, open the door, confirm your identity for access, etc. A person will no longer need other means of identification, such as passports, bank cards, keys. You will not need to carry all this with you all the time. So far, implantation is voluntary, although there are already organizations that implant such implants to all their employees. But questions of implantation are posed at the state level. For example, in the current Order of the Ministry of Industry and Energy No. 311 of August 7, 2007, “On Approving the Strategy for the Development of the Russian Electronics Industry for the Period until 2025” and the Strategy for the Development of the Russian Electronics Industry for the Period Until 2025 attached thereto, it is said that “there must be constant communication each individual with global information management networks such as the Internet. Nanoelectronics will integrate with bio-objects. Built-in wireless nanoelectronic devices that ensure constant human contact with the surrounding intellectual environment will be widely used, and means of direct wireless contact of a person with surrounding objects, vehicles and other people will be distributed.

Obviously, in the case of the spread of such practices, you should already think about protecting each individual individual from unauthorized access.

As shown in the examples above, contactless reading technologies have a number of vulnerabilities that, in the absence of the necessary security measures, make it easy for fraudsters to steal valuable information. Electronic theft (e-pickpocketing) is a new term for the theft of information from a card without any contact with it. Since the technology is based on contactless communication, signals can be read even when they are out of sight. Information using a portable reader can be taken by anyone located at a relatively short distance. Since the information is read by electronic scanning (in non-contact mode), the reader perceives the copied cards as the original.

Contactless readers that can read information from a credit card at a distance of three inches can be easily purchased on the eBay website for about $ 50, and long-range readers for only $ 100. In connection with the foregoing, there is an acute question of protecting existing and proposed products using transponders from false or unauthorized activation that allows you to read, use, damage or modify the data contained in them. Since the transponder, as a rule, is a portable or wearable product, stationary methods of protection against electromagnetic interference are unacceptable. For these purposes, it is advisable to use removable coatings, shells, covers, etc., the radiophysical characteristics of which would provide the necessary shielding from external electromagnetic influences on the product, and consumer qualities corresponded to ease of use.

There are many materials with shielding, radiation shielding, radio absorbing, etc. properties. However, all these materials and coatings were developed either to protect the environment from harmful radiation, or as a way to protect information, or as a means of electronic warfare. The protection of the product from external influences in the properties of materials and the purpose of their use, as a rule, was not supposed and was not considered. Except perhaps the anti-radar coatings of aircraft and ships. At the same time, the studied radio-shielding properties allow the use of already known materials in order to develop devices for protecting products equipped with a transponder from unauthorized access.

The simplest and most obvious material that can reliably protect against electromagnetic radiation is a metal foil (usually aluminum). With a thickness of 0.08 mm, the shielding coefficient of aluminum foil as a material is 80 dB. Pure aluminum foil has the most uniform and integral oxide film without defects, which provides better resistance, but insufficient mechanical strength. The lack of strength leads to tensile or bending ruptures, as well as to the inability to create a mechanical connection of the individual parts of the protective product, and the inability to solder the oxidized aluminum foil leads to the inability to provide reliable galvanic contact at the joints. The first drawback is eliminated by the manufacture of metallized films based on polyethylene, polypropylene, polyamide. In the future, such films are used in the manufacture of combined materials (in this case, the metallized surface is between the layers). In the general case, ceteris paribus, the efficiency of shielding with a metallized layer is lower than with a continuous metal sheet. This is because the conductivity of the deposited layer is less than the conductivity of the starting material (metal). The screening coefficient of one film layer is on average 40 dB. A two-layer film can already reach 70 dB, but is rarely used. It is from these materials that almost all currently existing products are made to block unauthorized access to cards or phones (see, for example, “What is RFID?” Http://www.tatonka.ru/articles/chto-takoe-rfid. html

It should be noted that manufacturers usually do not indicate the degree of protection of products or indicate the protective properties of the material from which the products are made. That is, it is assumed that the material itself, and not the product from it, does not allow the standard reader (from 0.01 to 1 W) to activate the transponder. However, in the manufacture of products there is a problem of cutting blanks of elements and their subsequent connection into a whole. As already noted, when using metal (foil) it is mechanically difficult, and when using metallized polymers, galvanic contact at the junction is not ensured. A situation arises in which even when a shell for a payment card is manufactured, at least a cell with a length of 80 mm and a width of double the thickness of the material is formed. It is known that the cell size of a Faraday cell must be significantly smaller than the wavelength. That is, if the cell size is larger, for example, a quarter of the wavelength, the cell will skip such a wave. In our case, all radiation with a frequency of over 900 MHz freely pass into the product. Frequency shielding coefficient below 900 MHz, obviously also significantly lower than stated for the material. In addition, a kind of waveguide is formed in the gap between the two metallized surfaces, i.e. a line with distributed parameters, the protective properties of which were also not checked by anyone.

Closest to the proposed device is a cover to prevent unauthorized access to information contained in products equipped with RFID tags (credit cards, personal identification cards, etc.) made of material shielded from electromagnetic radiation (US 2007/0040653 A1 , publ. 02.22.2007). The cover is made of fabric or polymer into which the material shielding electromagnetic radiation is embedded. The specific characteristics of the cover material are not disclosed.

The technical problem solved by the proposed utility model is the need to expand the arsenal of technical means to prevent unauthorized access to information contained in objects equipped with transponders.

Microminiaturization of electronic equipment leads to a constant increase in operating frequencies (the gigahertz range is already being actively mastered), as well as to an increase in the power of reading devices, including by intruders.

All of the above leads to the need to manufacture products with good shielding properties and technological characteristics, namely:

- allowing to reliably prevent the penetration of electromagnetic radiation in the widest frequency range;

- providing reliable galvanic contact during assembly and manufacturing;

- possessing the necessary consumer qualities (ease of use, weight, the possibility of repeated use, etc.).

The technical problem is solved by a device for preventing unauthorized access to information contained in an object equipped with a transponder, made in the form of a cover made of a fabric that includes a material that shields electromagnetic radiation, a feature of which is that the fabric that includes a material that shields electromagnetic radiation is metallized fabric like "Metacron".

The best characteristics of the device are provided by the Metacron-type metallized fabric, which is additionally impregnated with a radio-absorbing composition, including a polymer binder and a filler, which is a powdery ferrite, or C60 fullerene, or C70 fullerene, or a mixture thereof in any combination.

The cover can be made with the possibility of placing an object in it in the form of a contactless key fob for access to a car, or in the form of a mobile phone, or smartphone, or tablet, or in the form of a bank card, or a payment card, or a transport travel card, or an access card, or in the form of a non-stop payment device for traveling on highways, or the cover can be made in the form of a glove with the ability to place hands with an implanted transponder in it, including a radio tag.

The technical result achieved by the proposed utility model is to prevent unauthorized access to information contained in objects equipped with transponders. This ensures the prevention of penetration into the object of electromagnetic radiation in a wide range of frequencies, including all possible frequencies at which the currently available readers. In addition, when stitching the fabric, good electrical contact is provided at the stitching sites.

Metallized fabric "Metacron" (TU 8388-008-17310584-04) (http://www.radiostrim.ru/120-metacron.htm) is protected by patent RU 2102801 C1, designed to protect objects from electromagnetic radiation of a wide frequency range from 50 Hz to 30 GHz, has a high reflectivity of wide-range radio frequencies at the level of 99% and provides the possibility of stitching, soldering, gluing.

The shape of the cover is determined by the dimensions and shape of the object for which it is intended.

Devices made in the form of metallized fabric in the form of covers for various products containing transponders have shown consistently high results when exposed to electromagnetic radiation. The best results were obtained using fabric grade 1P16-H10.

The frequencies used were 125 kHz, 13.56 MHz, 900 MHz, 2.45 GHz, 5.8 GHz. The radiating elements were located at distances from the object from 0.3 cm (cover thickness) to 30 cm.

The resulting shielding factors, dB:

Payment Card Covers over 80 Smartphone Cases 55-60 Keyless Key Covers 60-70 Covers for non-stop devices road toll payment 50-70

It can be seen that the degree of attenuation of the acting signal is 10 ³ -10 ⁴ times, which allows us to state that devices in the form of covers made of metallized fabric of the Metacron type allow almost completely eliminating the possibility of unauthorized access to products without the participation of the owner.

If necessary, to further enhance the shielding effect and / or expand the frequency spectrum, metallized fabric can be impregnated with a radio-absorbing composition consisting of a polymer binder, a filler in the form of powdered ferrite, or C60 or C70 fullerenes, or a mixture of any combination (see RU 2300832, RU 2482149).

It is worth noting that the degree of protection against external radiation is very dependent on the configuration of the product equipped with a transponder, and accordingly on the configuration of the protective device (case). The simpler the geometric shape of the product (an example is a bank card), the less seams, glues, etc. in it. the greater the shielding coefficient can be achieved. That is, a lot depends on the thoroughness of the manufacture of the device itself.

Claims (7)

1. A device for preventing unauthorized access to information contained in an object equipped with a transponder, made in the form of a cover made of a fabric that includes a material that shields electromagnetic radiation, characterized in that the fabric that includes a material that shields electromagnetic radiation, is a metallized fabric of the type " Metacron. " 2. The device according to p. 1, characterized in that the cover is made with the possibility of placing in it an object in the form of a contactless key fob access to the car. 3. The device according to p. 1, characterized in that the cover is made with the possibility of placing an object in it in the form of a mobile phone, or smartphone, or tablet. 4. The device according to p. 1, characterized in that the cover is made with the possibility of placing an object in it in the form of a bank card, or a payment card, or a transport travel card, or an access card. 5. The device according to p. 1, characterized in that the cover is made with the possibility of placing an object in it in the form of a non-stop payment device for traveling on roads. 6. The device according to p. 1, characterized in that the cover is made in the form of a glove with the possibility of placing hands with an implanted transponder, including a radio tag. 7. The device according to paragraphs. 1-6, characterized in that the metallized fabric of the type "Metacron" is impregnated with a radar absorbing composition, including a polymer binder and a filler, which is a powdered ferrite, or fullerene C60, or fullerene C70, or a mixture thereof in any combination.