[Noisebridge-discuss] RFID tokens
h.zeller at acm.org
Thu Aug 27 09:56:53 UTC 2015
On 26 August 2015 at 21:16, Torrie Fischer <tdfischer at hackerbots.net> wrote:
> hi, noisebridge.
> i've been super duper busy the last few weeks so I haven't had an opportunity
> to show up to a tuesday, but jeez, the meeting notes are way too sparse:
> There's also this line:
> > Leveling up the RFID tag and potentially adding anonymity would be
> importnat. Some people care about anonymity, and this doesn't offer that. Also
> the RFID is hackable, somebody can listen in.
> What are folks concerns about the anonymity of the RFID system? This gets
> brought up from time to time, and here are the known attributes of the system:
> * Only capital-M members can add new users to the system
> * New tokens that are added are anonymous and have a 30 day expiration
> * That expiration can be dropped by filling in some data file with a chosen
> nym and e-mail address
> * nym is short for pseudonym, which means you don't need to give a "legal"
> name or anything, which is also why I ask people "how would you like to be
> identified in the system?" instead of asking for a name.
> * The only people with SSH access to earl, and thus the ability to modify
> membership/philanthropist/user/fulltimeuser status are Rubin, Henner, nthmost,
> Patrick, and myself.
Also one important aspect: Which token is entering the space is
**never** logged. It is impossible to figure out who entered any door
when from logs. As long as I am responsible for the application, that
in particular will not happen.
I am happy to improve the deployment of the system in a way that there
are two or more people that have to inspect and sign the source code
before it is compiled and executed on the Pi to make sure that it is
not possible to leak user identifiable information.
Kevin started making it possible to have a web-frontend to change
users, which will make it possible to reduce or even eliminate ssh
access (then only login access with a physical access to the machine
Technically it would be possible to eavesdrop on the communication
between the reader and earl - it is just a serial interface. The
reader tells earl the ID of the card it has seen (it does not read any
So there is no defense in-depth against someone logging accesses,
because there is a brief moment in which the ID of the token is in
RAM. While in Germany, I've discussed with Leif ways to do a
cryptographically sound way to establish deniable entry that would
rely on keys for groups of people and some medium-heavy crypto that
has to happen in the tokens; electronic tokens that we have to design,
the radio, cryptoprocessing on the tokens etc. I'll have to explore if
maybe Mifaire DESFire has features that can be used.
Having said that: while I am interested to implement the above from an
academic point of view and to satisfy my (our) personal paranoia, I
also know that the RFID system this is by far not the weak point. If
NSA/CIA/other evil wants to know who enters the space when, there are
much more low hanging fruit for them to do that.
> If folks are still worried about anonymity, I'd love to talk about it afk in
> the space. That has alleviated the fears of everyone who has had them before.
> There's also some small concern in the notes about how hackable RFID is, and
> yeah, sure. Its hackable. FWIW, if someone wanted to break into the space, the
> RFID system is not the weak point.
Yes, the RFID is hackable: if someone reads someones' token, they can
re-enact that person to get into the space if they know a bit how the
RFID air-protocol works and build some hardware to do so. However, I
would not see this as a threat at this point; I'd even say that if
someone hacks themselve into the space that way, they are more than
welcome in a hacker space (as long as they are excellent enough to
then get their own token and not to abuse their hack).
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
More information about the Noisebridge-discuss