A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme

A Simple and Cost-effective RFID Tag-Reader Mutual Authentication SchemeDivyan M. Konidala, Zeen Kim, Kwangjo Kim{divyan, zeenkim, kkj}@icu.ac.krInternational Research Center for Information SecurityCONFERENCE ON RFID SECURITY-07

A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme

A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme*Introduction - EPCglobalEPCglobal Inc Industry-driven standards RFID in supply chain managementWe considerEPCglobal Architecture FrameworkEPCglobal Class 1 Gen 2 UHF RFID Protocol


A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme*ContentsIntroductionRFID-based supply chain management systemEPCglobal Architecture FrameworkSecurity Threats and RequirementsSecurity Assessment of Class 1 Gen 2 UHF RFID Protocol Proposed Tag-Reader Mutual Authentication Scheme SchemeAnalysisConclusion and Future Work


A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme*EPCglobal Architecture FrameworkEPC-IS


A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme*Introduction - Tags 4 Memory Blocks**We Focus on RESERVED memory Block**RESERVED memory Block has.Access Password (APwd)Kill Password (KPwd)


A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme*Introduction - RESERVED Memory BlockManufacturer of the product stores APwd and KPwd in the Reserved Memory BankReserved Memory Bank is R/W LOCKED,Cannot be ReadCannot be Re-Written


A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme*Security Threats and RequirementsTag-Reader Mutual AuthenticationMalicious RFID ReadersSnoop, corrupt, manipulateCloned Fake RFID TagsCounterfeit productsMan-in-the-Middle AttackEavesdrop and impersonateTamperproof TagsRFID Tag Snatching


A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme*One-Way Reader to Tag Authentication Proposed by EPCglobal Proposed by EPCglobal Class 1 Gen 2 UHF RFID Protocol Not Secure Un-encrypted openly sent random numbers used as pads to cover-code tags APwd Tags Access Password easily exposed to disgruntled employee managing hand-held reader


RFID Tag

RFID Reader

9. If (4 & 8) = Yes: Reader Authentic; No: End Communication with Reader

A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme*Security Weakness EPCglobal Schheme Exposed APwdManufacturerReaderTagUnauthorized AccessFake Cloned TagsAPwdAPwdApwd (Exposed)Only one-way Reader-to-Tag AuthenticationMalicious, Compromised ReaderDisgruntled Employee


A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme*GoalsTag-Reader mutual authenticationsimple, light-weight, practically secure (supply chain)A better cover-code or obscure tag APwdSecure distribution of obscured tags' APwd to stakeholder's RFID readersThe manufacturer: implicitly keep track on the whereabouts of its products.Our scheme adheres to EPCglobal standards


A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme*GoalsNO cryptographic (hash) functions/keys within the tag NO tag - reader synchronization security keys/hash values.We improve scheme proposed by EPCglobal to accommodate tag-reader mutual authentication.Our scheme utilizes tag's already existing, 16-bit random number generator,XOR function, Access & Kill Passwords.


A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme*Proposed Tag-Reader Mutual Authentication SchemeEmphasis on Tags Access & Kill PasswordManufacturer of the product is involved in the mutual authentication processScenario:A pallet has reached the distributorDistributors reader query tag on palletReader and Tag must authenticate each otherReader does not know tags ApwdReader contact manufacturer and follow this procedure


A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme*Proposed Tag-Reader Mutual Authentication


STEP 1: ReqR

STEP 2: {EPC, RT1, RT2}


STEP 4: {EPC, CCPwdM1, CCPwdL1, RM1, RM2, RM3, RM4}

STEP 5: {CCPwdM1, CCPwdL1, RM1, RM2, RM3, RM4}

Step 5.2: ExecutePAD3 = PadGen(RT1,RM1)PAD4 = PadGen(RT2,RM2)

Step 5.3: Verify IFAPwdM = = CCPwdM1 PAD3APwdL = = CCPwdL1 PAD4Y: Reader AuthenticN: Stop Comm. With Reader

STEP 7: {EPC, CCPwdM2, CCPwdL2, RT3, RT4}

Step 6.1: Generate{RT3, RT4}

Step 3.2: Generate & Store{RM1, RM2, RM3, RM4}


Step 3.4: ComputeCCPwdM1 = APwdM PAD1CCPwdL1 = APwdL PAD2

Step 3.1: Store{RT1, RT2}




Tag Already Has:EPC; Apwd(32)=ApwdM (16) || APwdL (16) ;KPwd(32)=KPwdM (16) || KPwdL (16) ;16it-Random No. Genarator: RTx ;PadGen(.) function

Manufacturer Already Has:EPC; Apwd(32)=ApwdM (16) || APwdL (16) ;KPwd(32)=KPwdM (16) || KPwdL (16) ;16it-Random No. Genarator: RMx ;PadGen(.) function

STEP 9: {EPC, AUTHENTIC: Y/N}

Step 5.1: Temporarily Store {RM1, RM2, RM3, RM4}


Step 8.3: Verify IFAPwdM = = CCPwdM1 PAD7APwdL = = CCPwdL1 PAD8Y: Tag AuthenticN: Tag is Fake

Step 8.1: Store {RT3, RT4}

RFID Tag

Step 1.1: Generate & Temporarily Store{RT1, RT2}

Secure Channel

Insecure Channel

Reader Authentiction Process

Tag Authentiction Process

RFID Reader

Manufacturer

A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme*


STEP 1: ReqR



STEP 4: {EPC, CCPwdM1, CCPwdL1, RM1, RM2, RM3, RM4}

STEP 5: {CCPwdM1, CCPwdL1, RM1, RM2, RM3, RM4}


Step 5.3: Verify IFAPwdM = = CCPwdM1 PAD3APwdL = = CCPwdL1 PAD4Y: Reader AuthenticN: Stop Comm. With Reader


Step 6.1: Generate{RT3, RT4}

Step 3.2: Generate & Store{RM1, RM2, RM3, RM4}



Step 3.1: Store{RT1, RT2}




Tag Already Has:EPC; Apwd(32)=ApwdM (16) || APwdL (16) ;KPwd(32)=KPwdM (16) || KPwdL (16) ;16it-Random No. Genarator: RTx ;PadGen(.) function

Manufacturer Already Has:EPC; Apwd(32)=ApwdM (16) || APwdL (16) ;KPwd(32)=KPwdM (16) || KPwdL (16) ;16it-Random No. Genarator: RMx ;PadGen(.) function

STEP 9: {EPC, AUTHENTIC: Y/N}

Step 5.1: Temporarily Store {RM1, RM2, RM3, RM4}


Step 8.3: Verify IFAPwdM = = CCPwdM1 PAD7APwdL = = CCPwdL1 PAD8Y: Tag AuthenticN: Tag is Fake

Step 8.1: Store {RT3, RT4}

RFID Tag

Step 1.1: Generate & Temporarily Store{RT1, RT2}

Secure Channel

Insecure Channel

Reader Authentiction Process

Tag Authentiction Process

RFID Reader

Manufacturer

A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme*Pad Generation Function: PadGen(.) [1/3]


A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme*Pad Generation Function: PadGen(.) [2/3]Random Numbers from Tag and Manufacturer


A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme*Pad Generation Function: PadGen(.) [3/3]


A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme*Tags Logical Memory & Access Password Map


0

3Fh

1

15

3Eh

14

1

3Dh

13

0

3Ch

12

1

3Bh

11

0

3Ah

10

1

39h

9

1

38h

8

1

37h

7

0

36h

6

1

35h

5

0

34h

4

0

33h

3

0

32h

2

1

31h

1

1

30h

0

0

2Fh

15

1

2Eh

14

1

2Dh

13

1

2Ch

12

1

2Bh

11

0

2Ah

10

0

29h

9

1

28h

8

0

27h

7

0

26h

6

1

25h

5

1

24h

4

0

23h

3

1

22h

2

0

21h

1

1

20h

0

Bit

Addr.

Locn.

Bit

Addr.

Locn.

LSBsC5D6h

MSBsAC9Eh

A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme*Security Analysis [1/4]Possible AttacksAPwd & KPwd are only 32-bitsBrute-force attack or ciphertext-only attackPractically SecureAn enclosure (warehouse) that is sealed from external noise and radio signals from malicious readers. RFID supply chain processing environmentExtremely fast pacedNot feasible to continuously eavesdrop on one particular tag-reader communication channel Several bulks of items pass through several readers with in a very short interval of time.


A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme*Security Analysis [2/4]Reader Impersonation Attack: Reader to authenticate first to tagA malicious reader Does not posses both the APwd and KPwdcannot access manufacturer (EPC-IS) due to lack credentials.Cloned Fake Tags and Tag Impersonation Attack: Tag to authenticate to the manufacturer. A malicious tag or a cloned fake tagDo not posses both the APwd and KPwd,Manufacturer must detect and terminate the communication, if a tag emulator using the same or weak random numbersif tag is not moving through the supply chain processing


A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme*Security Analysis [3/4]Tag's Access Password Never Exposed:Does not use random numbers sent in an un-encrypted form as pads Generated pads are known only to tag and manufacturerSecure against Insider Attacks:Does not deliver the tag's APwd to any of the stakeholder's reader. The reader relays only the cover-coded APwdRFID system level check", A compromised reader is continuously trying to interrogate only one particular tag


A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme*Security Analysis [4/4]Secure against Replay Attacks:We use two random numbers each, generated by both the tag and the manufacturer. As unique random numbers generate unique padsPassword Scalability:We adhered to the 32-bit passwordsOur scheme can still be applicable, and more strengthened, when the length of the APwd and KPwd is extended


A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme*Implementation Analysis [1/2]Overhead AnalysisSecure channel between tag and manufacturerPKI-based certificate, encryption and signature schemes may be expensive Reader communicate with manufacturer to authenticate every tagTo reduce this overhead, The manufacturer can setup a secure server at every stakeholder's supply chain processing facilityOnly, the manufacturer can remotely access, monitor, and manage this server and also update the server with tags' Access & Kill passwordsWe can also assume that the manufacturer's EPC-IS is a highly resource rich entity, which is designed to take heavy computational and storage load. Secure channel with only Keyed-Message Authentication Code (MAC)


A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme*Implementation Analysis [2/2]Light-Weight Tag-Reader Mutual Authentication:Our scheme does not use any special cryptographic functions. Tag already has capabilityXOR operations, Generate random numbers, Temporarily store random numbers Fetch the APwd and KPwdOur scheme just needs an additionalFive 16-bit temporary storage memory slots four random numbers from the manufacturer and one for PadGen(.) function. Class-1 Gen-2 tags can have a 512-bit memory capacity or more (depending on the manufacturer)


A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme*Conclusion Our scheme Not fully secure Simple, cost-effective, light-weight to be implemented on tag Practically secure, Highly suitable to the RFID-based supply chain processing scenarioAdhere to EPCglobal standard Our scheme provides considerable challenges to thwart Cloned fake tagsMalicious readersDisgruntled employees or compromised readersTags APwd leakageMan-in-the-middle attacks


Thank you!Q&AInternational Research Center for Information Security


***************************

A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme

Documents

Transcript of A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme