Wednesday, 25 August 2010
Secure PIN entry and cheap RFID readers
The German government will start issuing national ID cards equipped with RFID chips later on this year. One of the proclaimed scenarios is to use it with a RFID reader for identification and/or age verification on the Internet. To promote adoption the government will distribute one million USB reader devices for free upon request. One catch is that these reader devices are simple RFID reader devices - they lack essential security features like a build-in keypad for secure PIN entry. Rather, the PIN is entered into a software running on the computer via computer's keyboard and relayed into the RFID card reader. Any computer security expert will tell you that this is a fairly risky endeavour: the PIN might be intercepted during entry on the computer if malware is present on the computer.
Obviously, the question to ask is how can such reader devices be designed to be more secure and still be manufactured cheaply? Here's an idea: embed a USB host port and a simple microcontroller on the RFID reader device and connect your USB keyboard (assuming a non-laptop computer) to the reader device (instead of the computer's USB port). In normal operation mode, the reader device would relay all input from its attached keyboard to the computer's USB port; thus, the reader will act as a simple data relay. However, any time an application issues a request to the ID card and the user is asked to authenticate by entering their PIN than the reader device could choose to not relay key input to the computer but rather re-route (for lack of a better term) it to the RFID interface for authentication to the ID card.
I'm not going to delve into technical details right now, but I'm sure such a design would be resistant against PIN interception if implemented correctly. Leave some comments and I'll detail this idea further (multiple USB device classes, driver implementation aspects, etc) - I won't bother otherwise.
