Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy...
Transcript of Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy...
![Page 1: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/1.jpg)
Security and privacy in RFID
Jihoon Cho
ISG PhD Student Seminar
8 November 2007
![Page 2: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/2.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Outline
1 RFID Primer
2 Passive RFID tags
3 Issues on Security and Privacy
4 Basic Tags
5 Symmetric-key Tags
6 Conclusion
![Page 3: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/3.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Outline
1 RFID Primer
2 Passive RFID tags
3 Issues on Security and Privacy
4 Basic Tags
5 Symmetric-key Tags
6 Conclusion
![Page 4: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/4.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Radio Frequency Identification
RFID is a family of emerging technologies for automated identification of objects andpeople, and the system components are
1 RFID tag
attached/embedded to/into items to be identifiedtransmits data over the air in response to interrogation by an RFID readerconsists of coupling element for communications (and also possibly powersupply) and microchip
2 RFID reader
forms the radio interface to tagsprovides high-level interface to a host computer system to transmit thecaptured tag data
3 Back-end Server
maintains relevant information for identification process
![Page 5: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/5.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Radio Frequency Identification
RFID is a family of emerging technologies for automated identification of objects andpeople, and the system components are
1 RFID tag
attached/embedded to/into items to be identifiedtransmits data over the air in response to interrogation by an RFID readerconsists of coupling element for communications (and also possibly powersupply) and microchip
2 RFID reader
forms the radio interface to tagsprovides high-level interface to a host computer system to transmit thecaptured tag data
3 Back-end Server
maintains relevant information for identification process
![Page 6: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/6.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
RFID tags
![Page 7: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/7.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Active vs. Passive
Active tags Passive tags
Power Source battery powered powered by radio waves
Life limited by battery unlimited
Range up to hundreds of meters up to 3-5m
Cost $ 10-100 $ 0.10-1
![Page 8: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/8.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Current RFID applications
1 Supply-chain/inventory managementElectronic Product Code (EPC) tags (under development)containers and crates/pallets tracking
2 Asset-tracking systemhealth-care information system (partly currently used)(drug/medicine identification and staff/patient tracking)e-passport (under development)children and animal (pet) trackinglibrarybaggage handling in airport
3 Access controlproximity cardcar immobiliser
4 Contactless payment systemSpeedPassTM, American Express ExpressPayTM, Mastercard PayPassTM
![Page 9: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/9.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
RFID becomes ubiquitous
Advantages of RFID
RFID has been originally suggested as a successor to the optical barcode1 Automation
- no line-of-sight contact with readers and no human intervention2 Unique identification
- not only a generic product identifier but an individual serial number
What’s behind RFID
1 Efforts of large organisations such as WalMart, US DoD, and etc2 Tag cost dropping and RFID standardisation3 Development of EPC technologies
![Page 10: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/10.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
RFID becomes ubiquitous
Advantages of RFID
RFID has been originally suggested as a successor to the optical barcode1 Automation
- no line-of-sight contact with readers and no human intervention2 Unique identification
- not only a generic product identifier but an individual serial number
What’s behind RFID
1 Efforts of large organisations such as WalMart, US DoD, and etc2 Tag cost dropping and RFID standardisation3 Development of EPC technologies
![Page 11: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/11.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
RFID becomes ubiquitous
Advantages of RFID
RFID has been originally suggested as a successor to the optical barcode1 Automation
- no line-of-sight contact with readers and no human intervention2 Unique identification
- not only a generic product identifier but an individual serial number
What’s behind RFID
1 Efforts of large organisations such as WalMart, US DoD, and etc2 Tag cost dropping and RFID standardisation3 Development of EPC technologies
![Page 12: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/12.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Electronic Product Code & EPCglobal
1 EPC tag is a Barcode-type RFID device
2 EPCgolbal : an organization set up to achieve world-wide adoption andstandardization of EPC technology
3 EPCglobal is currently working onreader and tag communication protocolsmiddleware between reader and enterprise systemsObject Name Service (ONS) with VeriSignEPC Information Service (EPC-IS) and EPC Discovery Service (EPC-DS)
![Page 13: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/13.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
RFID Standards
1 Standards for logistic applicationsISO/IEC 18000ISO/IEC 15961-15963ISO/IEC 15418
2 Standards for automatic livestock identificationISO 11784-11785ISO14223
3 Standards for vicinity coupling cardsISO/IEC 10373ISO/IEC 10536ISO/IEC 14443ISO/IEC 15693
4 Supply-chain managementEPC (under development)
![Page 14: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/14.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Outline
1 RFID Primer
2 Passive RFID tags
3 Issues on Security and Privacy
4 Basic Tags
5 Symmetric-key Tags
6 Conclusion
![Page 15: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/15.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Issues on passive tags
1 Passive tags with very limited memory and logical gates will be mostly deployedin mass market
2 Most of current privacy concerns focus on applications using passive tags, andthose include
smart check-out in supermarketRFID-enabled banknotemedical drugs and luxury goodshuman identification through tag injection under skin
3 Active tags are assumed to provide strong security and privacy protection withstrong cryptographic primitives
![Page 16: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/16.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Coupling and Frequencies
1 Frequency bandsLF (Low Frequency): 124-135 kHzHF (High Frequency): 13.56 MHzUHF (Ultra High Frequency): 868/915 MHzMW (Microwave): 2.45 and 5.8 GHz
2 Due to process known couplingInductive coupling within the near field regionElectromagnetic coupling in the far field
![Page 17: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/17.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Outline
1 RFID Primer
2 Passive RFID tags
3 Issues on Security and Privacy
4 Basic Tags
5 Symmetric-key Tags
6 Conclusion
![Page 18: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/18.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Read range issues
1 Nominal read rangemaximum distance at which a normally operating reader (with ordinaryantenna and ordinary power output) can reliably scan tag dataex. ISO 14443 : 10cm
2 Rogue read rangea determined attacker might still achieve longer distances using largerantenna and/or higher signal transmission powerex. ISO 14443 : 50cm
3 Tag-to-reader eavesdropping read rangeonce a tag is powered, a second reader can monitor resulting tag emissionswithout itself outputting signalmight be longer than rogue read range
4 Reader-to-tag eavesdropping read rangethis signal can be received hundreds of meters away
![Page 19: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/19.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Privacy
![Page 20: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/20.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Privacy (I)
Tags respond to reader interrogation without alerting their owners or bears, andmost tags emit unique identifiers
1 Location privacy
pooled several clandestine scans reveals a tag bearer’s whereabout along atag reading infrastructure
2 Data privacy
certain tags such as EPC tags carry information about itemsEPC tag bearers are subject to clandestine inventorying
Privacy, however, is not just consumer concerns - ex. military or company supply-chainmanagement
![Page 21: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/21.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Privacy (I)
Tags respond to reader interrogation without alerting their owners or bears, andmost tags emit unique identifiers
1 Location privacy
pooled several clandestine scans reveals a tag bearer’s whereabout along atag reading infrastructure
2 Data privacy
certain tags such as EPC tags carry information about itemsEPC tag bearers are subject to clandestine inventorying
Privacy, however, is not just consumer concerns - ex. military or company supply-chainmanagement
![Page 22: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/22.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Privacy (I)
Tags respond to reader interrogation without alerting their owners or bears, andmost tags emit unique identifiers
1 Location privacy
pooled several clandestine scans reveals a tag bearer’s whereabout along atag reading infrastructure
2 Data privacy
certain tags such as EPC tags carry information about itemsEPC tag bearers are subject to clandestine inventorying
Privacy, however, is not just consumer concerns - ex. military or company supply-chainmanagement
![Page 23: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/23.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Privacy (II)
1 Euro banknotein 2001, European Central Bank planed to embed RFID tags into banknoteas anti-counterfeiting measureit seems increasingly implausible due to technical difficulties
2 Human-implantable chipsVeriChipTM for health-care information systemflamed the passion of privacy advocates
3 E-passportICAO (International Civil Aviation Organisation) promulgated the guidelinefor RFID-enabled passportthe US has mandated the adoption of these standards by ‘VISA-waiver’countriesdelayed due to technical challenges
![Page 24: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/24.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Authentication
1 Privacy concerns that bad readers harvest information from good tags, butauthentication concerns that good readers detect bad tags
2 EPC tags are vulnerable to simple counterfeiting attacks
3 Detect cloning by consistent and centralised data collection, but not alwayspossible
4 Various countermeasures but permit limited solutions
![Page 25: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/25.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Adversary Model
1 RFID system is secure and private for what?
formal model that characterises the capabilities of potential adversaries - asform of a game in cryptography
2 We need formulation of weakened security models that accurately reflectsreal-world threat and real-world tag capabilities
3 Multiple communication layers in RFID systems
cryptographic security models captures top-layer communication protocolsbetween tags and readersneed to consider low layer and physical levels of communications
4 Security models in literatures
Okubo, Szuki, and Kinoshita (’03) (symmetric-tags)Juels (’04) - Minimalist security model (basic tags)Juels and Weis (’06) - Strong privacy model (symmetric-key tags)Avoine (’05)Zhang and King (’08)
![Page 26: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/26.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Outline
1 RFID Primer
2 Passive RFID tags
3 Issues on Security and Privacy
4 Basic Tags
5 Symmetric-key Tags
6 Conclusion
![Page 27: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/27.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Killing
1 “Dead tags cannot talk” - Kill the TAG
2 Currently in EPC Class-1 Gen-2 tags
3 When an EPC tag receives a kill command from a reader, it renders itselfpermanently inoperative
4 Kill command is PIN-protected
5 It eliminates all of the post-purchase benefits of RFID
![Page 28: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/28.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Re-naming approaches : Minimalist
1 Tags contain small collection of pseudonyms and release a different one uponeach reader inquiry
2 Throttle tag repliesto prevent rogue readers rapidly reading out all available pseudonyms oftags in a single sweep, it slows down response for quick interrogations
![Page 29: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/29.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Re-naming approaches : re-encryption (I)
1 Juels and Pappu (’03) proposed public key re-encryption scheme to enhanceconsumer privacy for RFID-enabled banknote
2 Schemelaw enforcement holds private/public key pair (x , y) of ElGamal encryptionschemebanknote serial number s encrypted to c = Ey (s)to prevent malicious tracing, c is periodically re-encrypted to c′
to prevent malicious writing, keyed writing by optical-scanning the banknote
3 They introduced the principle that cryptography can enhance tag privacy, evenwhen tags themselves cannot perform cryptographic operations
![Page 30: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/30.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Re-naming approaches : re-encryption (II)
1 What about if we have multiple key pairs?
2 Including a public key in tags, however, permits certain degree of malicioustracking and profiling
3 Universal re-encryption permits re-encryption without knowledge of thecorresponding public key in public-key encryption schemes
4 Golle et al. (’04) proposed ElGamal-based universal re-encryption
5 It suffers from serious attacks, since it does not preserve integrity
![Page 31: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/31.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Re-naming approaches: re-encryption (III)
1 Ateniese, Camenisch, and de Medeiros (’05)
2 Insubvertible encryption scheme which also permits universal re-encrpytion
3 Ciphertext is digitally singed by a CA and permits anyone to verify the authenticityof the ciphertext
4 To prevent malicious tracing, the ciphertext as well as signature can berandomisable by any entity
![Page 32: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/32.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Proxy approach
Consumers carry their own privacy-enforcing devices (proxies)
1 Watchdog tags
audit system for RFID privacymonitor ambient scanning of tags and collect information form readers
2 RFID Guardian or RFID Enhancer Proxy (REP)
batter-powered personal RFID firewallintermediates reader request to tags and selectively simulates tags underits controlcan implement sophisticated privacy policiesfurther research includes how a Guardian or REP should acquire andrelease control of tags and associated PINs and keys
![Page 33: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/33.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Proxy approach
Consumers carry their own privacy-enforcing devices (proxies)
1 Watchdog tags
audit system for RFID privacymonitor ambient scanning of tags and collect information form readers
2 RFID Guardian or RFID Enhancer Proxy (REP)
batter-powered personal RFID firewallintermediates reader request to tags and selectively simulates tags underits controlcan implement sophisticated privacy policiesfurther research includes how a Guardian or REP should acquire andrelease control of tags and associated PINs and keys
![Page 34: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/34.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Distant measurement
1 The distance between tags and readers serve as a metric for trust
2 Fishkin, Roy, and Jiang (’04)signal-to-noise ratio of reader signal provides rough metric of distancewhen scanned in a distance, expose little informationrelease its unique identifier only at close range
![Page 35: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/35.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Blocking tags
1 It jams tree-based anti-collision protocols, thus making impossible to read outtags nearby
2 As cheap to manufacture, it could be integrated into paper bags3 To prevent jamming of legitimate readers, a privacy bit is set during check-out
![Page 36: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/36.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Outline
1 RFID Primer
2 Passive RFID tags
3 Issues on Security and Privacy
4 Basic Tags
5 Symmetric-key Tags
6 Conclusion
![Page 37: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/37.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Assumptions
1 Tags are assumed to perform keyed hash function or hardware efficientsymmetric encryption scheme (and also often assumed to have a pseudorandom number generator)
2 We assume a centralised system, where readers have constant access to theirback-end server
3 Notationswe have n tagseach tag Ti contains in memory a shared secret key ki with the server
![Page 38: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/38.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Authentication
1 Simple challenge-response protocol prevents cloningTi → R : IDTiTi ← R : PTi → R : h(ki , P) or eki
(P)
In practice, resource constraints in commercial tags sometimes leads todeployment of weak cryptographic primitives
2 Digital Signature Transponder (DST)currently a theft-deterrent in automobiles and SpeedPassTM
use the protocol described abovebroken since they expect security through obscurity to overcome shortkey-length
![Page 39: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/39.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Authentication
1 Simple challenge-response protocol prevents cloningTi → R : IDTiTi ← R : PTi → R : h(ki , P) or eki
(P)
In practice, resource constraints in commercial tags sometimes leads todeployment of weak cryptographic primitives
2 Digital Signature Transponder (DST)currently a theft-deterrent in automobiles and SpeedPassTM
use the protocol described abovebroken since they expect security through obscurity to overcome shortkey-length
![Page 40: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/40.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Authentication
1 Simple challenge-response protocol prevents cloningTi → R : IDTiTi ← R : PTi → R : h(ki , P) or eki
(P)
In practice, resource constraints in commercial tags sometimes leads todeployment of weak cryptographic primitives
2 Digital Signature Transponder (DST)currently a theft-deterrent in automobiles and SpeedPassTM
use the protocol described abovebroken since they expect security through obscurity to overcome shortkey-length
![Page 41: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/41.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Reverse-engineering & Side channels
1 Reverse engineeringphysical invasive attacks possibletags are too inexpensive to include temper-resistance mechanism
2 Side channels - potentially serious threat in RFIDTiming attacks- extract information based on variations in the rate of computation of targetdevices
- over-the-air timing attacks against tags : open research topicPower analysis attacks- measure electromagnetic emanation- exploit measurable variations in power consumption
![Page 42: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/42.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Reverse-engineering & Side channels
1 Reverse engineeringphysical invasive attacks possibletags are too inexpensive to include temper-resistance mechanism
2 Side channels - potentially serious threat in RFIDTiming attacks- extract information based on variations in the rate of computation of targetdevices
- over-the-air timing attacks against tags : open research topicPower analysis attacks- measure electromagnetic emanation- exploit measurable variations in power consumption
![Page 43: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/43.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Relay attacks
1 Relay attack is always possible no matter how well designed cryptographicprotocols in RFID systems and no matter how strong cryptographic primitives areused
2 Often security based on assumption - limited read range of tags3 Attack allows proximity cards to open a door or RFID-based credit cards to effect
payment from a kilometer away
RFID TAG ! Leech L9999K Ghost ! RFID Reader
Figure of Relay attack in RFID systems
![Page 44: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/44.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Privacy
1 Paradoxif a tag emits identifier in challenge-response protocol, no privacyif a reader does not know which tag it is interrogating, it cannot determinewhich key to use
2 Key search: straightforward but heavy solutiontag emits E = fki
(P)reader searches from the space of all keys K = {kj}j for a key k ∈ K suchthat fk (P) = E
3 Weis, Sarma, Rivest, and Engel (’03)
4 The computational cost of key-search for the reader is linear in the number oftags, thus key search is prohibitively costly in large systems
5 More efficient solutions?
![Page 45: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/45.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Privacy
1 Paradoxif a tag emits identifier in challenge-response protocol, no privacyif a reader does not know which tag it is interrogating, it cannot determinewhich key to use
2 Key search: straightforward but heavy solutiontag emits E = fki
(P)reader searches from the space of all keys K = {kj}j for a key k ∈ K suchthat fk (P) = E
3 Weis, Sarma, Rivest, and Engel (’03)
4 The computational cost of key-search for the reader is linear in the number oftags, thus key search is prohibitively costly in large systems
5 More efficient solutions?
![Page 46: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/46.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Privacy
1 Paradoxif a tag emits identifier in challenge-response protocol, no privacyif a reader does not know which tag it is interrogating, it cannot determinewhich key to use
2 Key search: straightforward but heavy solutiontag emits E = fki
(P)reader searches from the space of all keys K = {kj}j for a key k ∈ K suchthat fk (P) = E
3 Weis, Sarma, Rivest, and Engel (’03)
4 The computational cost of key-search for the reader is linear in the number oftags, thus key search is prohibitively costly in large systems
5 More efficient solutions?
![Page 47: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/47.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Tree approach
1 Molnar and Wagner (’04)each node (or edge) is associated with a keyeach tag is assigned to a unique leaftag contains the keys defined from a root to the leafif we have a depth d and branching factor b, each tag contains d keys andthe scheme accommodates db tags in total
2 Efficiencyreader can identify a tag by means of a depth-first search of the treesearch through at most db keys rather than db keys
3 Securitycompromise of the secrets in one tag compromise of secrets in other tags
![Page 48: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/48.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Synchronisation approach
1 Suppose that every tag Ti maintains a counter ci and the tag outputs E = fki(ci )
on interrogation
2 Provided that a reader knows the approximate value of ci , it can store asearchable table of tag output values, i.e., reader maintains the output values
fki(c′
i ), fki(c′
i + 1), · · · , fki(c′
i + d), for ci ∈ [c′i , c′
i + d ]
3 Literatures with stronger security (such as forward security) and more efficiency
![Page 49: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/49.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
Outline
1 RFID Primer
2 Passive RFID tags
3 Issues on Security and Privacy
4 Basic Tags
5 Symmetric-key Tags
6 Conclusion
![Page 50: Security and privacy in RFIDprai175/ISGStudentSem07/RFID... · 2007-11-17 · Security and privacy in RFID Jihoon Cho ISG PhD Student Seminar ... people, and the system components](https://reader034.fdocuments.net/reader034/viewer/2022042314/5f01f72a7e708231d401e8d8/html5/thumbnails/50.jpg)
RFID Primer Passive RFID tags Issues on Security and Privacy Basic Tags Symmetric-key Tags Conclusion
RFID becomes ubiquitous