RFID: Security and Privacy for Five-Cent Computers

1
RFID Security and Privacy for
Five-Cent Computers
5
Ari Juels Principal Research Scientist RSA
Laboratories USENIX Security 2004
2
What is a Radio-Frequency Identification (RFID)
tag?

• In terms of appearance

Chip (IC)
Antenna
3
What is an RFID tag?

• You may own a few RFID tags
• Proximity cards (contactless physical-access
  cards)
• ExxonMobil Speedpass
• EZ Pass
• RFID in fact denotes a spectrum of devices

4
What is an RFID tag?

• You may own a few RFID tags
• Proximity cards (contactless physical-access
  cards)
• ExxonMobil Speedpass
• EZ Pass
• RFID in fact denotes a spectrum of devices

Basic RFID Tag
EZ Pass
SpeedPass
Mobile phone
5
What is a basic RFID tag?

• Characteristics
• Passive device receives power from reader
• Range of up to several meters
• In effect a smart label simply calls out its
  (unique) name and/or static data

6
The capabilities of a basic RFID tag

• Little memory
• Static 64-to-128-bit identifier in current
  ultra-cheap generation (five cents / unit)
• Hundreds of bits soon
• Maybe writeable under good conditions
• Little computational power
• A few thousand gates
• Static keys for read/write permission
• No real cryptographic functions available

7
The grand vision RFID as
next-generation barcode
Barcode
RFID tag
8
Some applications

• Better supply-chain visibility -- 1 compelling
  application
• U.S. DHS Passports
• U.S. FDA Pharmaceuticals, anti-counterfeiting
• Libraries
• Housepets approx. 50 million

• Parenting logistics
• Water-park with tracking bracelet
• RFID in Euro banknotes (?)

9
There is an impending explosion in RFID-tag use

• EPCglobal
• Joint venture of UCC and EAN
• Wal-Mart, Gillette, Procter Gamble, etc.
• Spearheading EPC (electronic product code) data
  standard for tags
• Wal-Mart requiring top 100 suppliers to start
  deploying RFID in 2005
• Other retailers and DoD following Wal-Mart lead
• Pallet and case tagging first -- item-level
  retail tagging seems years away
• Estimated costs
• 2005 0.05 per tag hundreds of dollars per
  reader
• 2008 0.01 per tag several dollars per reader
  (?)
• A broader vision Extended Internet

10
The Problems of Privacy and Security
11
RFID means a world with billions of
ant-sized, five-cent computers

• Highly mobile
• Contain personal information
• Subject to surreptitious scanning
• Again, no cryptography
• Access control difficult to achieve
• Data privacy difficult to achieve

12
The consumer privacy problem
Heres Mr. Jones in 2020
13
and the tracking problem
Wig serial A817TS8

• Mr. Jones pays with a credit card his RFID tags
  now linked to his identity determines level of
  customer service
• Think of car dealerships using drivers licenses
  to run credit checks
• Mr. Jones attends a political rally law
  enforcement scans his RFID tags
• Mr. Jones wins Turing Award physically tracked
  by paparazzi via RFID

14
Early examples of consumer backlash

• 42 of Google results on RFID include word
  privacy
• CASPIAN (Consumers Against Supermarket Privacy
  Invasion and Numbering)
• Diatribes on RFID at
• Spychips.com
• BoycottGillette.com
• BoycottBenetton.com
• National news coverage NY Times, Time, etc.
• Wal-Mart smart-shelf project cancelled
• Benetton RFID plans (purportedly) withdrawn

15
Some problems you dont hear about

• Corporate espionage Privacy is not just a
  consumer issue
• Eavesdropping on warehouse transmissions
• Scanning of shelves for turnover rates
• Tag counterfeiting
• Automation means dependence!
• Think about RFID-enabled medicine cabinets
• Special demands of U.S. Department of Defense
• DoD would be like Wal-Mart if Christmas were a
  random event every five years, and a stockout
  meant that everyone in the store could die
  -Nicholas
  Tsougas, DoD

16
Some proposed solutionsto the privacy problem
17
Approach 1 Cover RFID tags with protective mesh
or foil
Problems (1) Makes locomotion difficult (2)
Shops dont like distributing tools for theft

18
Approach 2 Kill RFID tags
Problem RFID tags are much too useful in live
state
We already have SpeedPass, etc., and then
19
Tomorrows consumer applications

• Prada, Soho NYC
• Personalization / accessorization

• Tagged products
• Clothing, appliances, CDs, etc. tagged for store
  returns and locatable in house
• Smart appliances
• Refrigerators that automatically create shopping
  lists and when milk expires
• Closets that tell you what clothes you have
  available, and search the Web for advice on
  current styles, etc.
• Washing machines that detect improper wash cycle
• Smart print
• Airline tickets that indicate your location in
  the airport
• Business cards
• Aids for cognitively impaired, e.g., smart
  medicine cabinets
• Project at Intel
• Recovery of stolen goods (?)
• Recycling
• Plastics that sort themselves

Consumers will not want their tags killed, but
should still have a right to privacy!
20
Approach 3 Policy and legislation

• Undoutedly helpful if thought through well, but

• Good Housekeeping seal

• Retailers guarantee means little since tags may
  be read by anyone!
• FTC Section 5 (Deceptive practices) and the
  like are similarly limited

21
Another possible use of RFID

• More efficient mugging

Whom will the FTC prosecute now?
22
Three take-home messages ofthis talk

1. Deployed naïvely, embedding of RFID tags in
   consumer items can present a serious danger to
   privacy and security of consumers and enterprises
   alike in the future.
2. RFID is a technology with high promise. It would
   be unfortunate if security problems scotched it.
3. As technologists we must help to achieve a good
   balance of PRIVACY/SECURITY
   and UTILITY.

23
Technical Approaches to Enhancing RFID Privacy
24
Cryptographers view of device security
emphasis on oracle access
25
A basic RFID tag cannot survive
26
For RFID, we can consider different and weakened
adversarial assumptions

• Adversary is not present 24 hours a day
• Adversary must be physically close to tag to scan
  it
• We can deploy security protocols on physical
  channels not just logical ones
• External, higher-capability devices can help
  protect tags

27
First approach Juels, SCN 04
Minimalist cryptography

• Key observation Adversary must have physical
  proximity to tag to interact with it
• Key assumption Adversary can query tag only
  limited number of times in a given attack session

• Example Passive eavesdropping
• Adversary only hears queries made by legitimate
  readers
• Example Building access
• Adversary has limited time to query tags in
  parking lot before employees authenticate to door
  readers
• Example Readers scattered around city
• Pedestrians within range of reader for limited
  time

28
Killing and Sleeping

• Reader sends a kill message protected by a pin
• Eliminates all of the post-purchase benefits of
  RFID for the consumer
• Receiptless item returns, etc
• Put the tags to sleep difficult to manage in
  practice since needs pin per tag.
• How to wake up?

29
Pseudonym rotation

• Set of pseudonyms known only by trusted verifier
• Pseudonyms stored on tag
• Limited storage means at most, e.g., 10
  pseudonyms
• Tag cycles through pseudonyms

30
Strengthening the approach

• Strengthen restriction on adversarial queries
  using throttling
• Tag enforces pattern of query delays via, e.g.,
  capacitor-discharge timing
• Pseudonym refresh
• Trusted reader provides new pseudonyms
• Pseudonyms must be protected against
  eavesdropping and tampering using encryption, but
  tags cannot do standard cryptography!
• Can load up tag with one-time pads assuming
  adversary is not always present, some pads will
  be secret!
• Not for retail items, which must include basic
  item information. Perhaps for prox. cards,
  tickets, etc.?

31
Second Approach Juels, Rivest, Szydlo CCS
03 The Blocker Tag
32
Blocker Tag
Blocker simulates all (billions of) possible tag
serial numbers!!
33
Tree-walking anti-collision protocol for RFID
tags
0
1
00
01
10
11
000
010
111
101
001
011
100
110
34
In a nutshell

• Tree-walking protocol for identifying tags
  recursively asks question
• What is your next bit?
• Blocker tag always says both 0 and 1!
• Makes it seem like all possible tags are present
• Reader cannot figure out which tags are actually
  present
• Number of possible tags is huge (at least a
  billion billion), so reader stalls

35
Privateway Supermarkets
Blocker tag system should protect privacy but
still avoid blocking unpurchased items
36
Consumer privacy commercial security

• Blocker tag can be selective
• Privacy zones Only block certain ranges of
  RFID-tag serial numbers
• Zone mobility Allow shops to move items into
  privacy zone upon purchase
• Example
• Tags might carry a privacy bit
• Blocker blocks all identifiers with privacy bit
  on
• Items in supermarket have privacy bit off
• On checkout, leading bit is flipped from off to
  on
• PIN required, as for kill operation

37
Polite blocking

• We want reader to scan privacy zone when blocker
  is not present
• Aim of blocker is to keep functionality active
  when desired by owner
• But if reader attempts to scan when blocker is
  present, it will stall!

38
More about blocker tags

• Blocker tag can be cheap
• Essentially just a yes tag and no tag with a
  little extra logic
• Can be embedded in shopping bags, etc.
• With multiple privacy zones, sophisticated, e.g.,
  graduated policies are possible
• Works for ALOHA anti-collision too

39
Soft Blocking
Juels and Brainard WPES 03

• Idea Implement polite blocking only no
  hardware blocking
• A little like P3P
• External audit possible Can detect if readers
  scanning privacy zone
• Advantages
• Soft blocker tag is an ordinary RFID tag
• Flexible policy
• Opt-in now possible
• e.g., Medical deblocker now possible
• Weaker privacy, but can combine with hard
  blocker

40
Third approach Personal Simulator or Proxy for
RFID

• Nokia mobile-phone RFID kit available in 2004
• Readers will be compact, available in personal
  devices
• We might imagine a simulation lifecycle
• Mobile phone acquires tag when in proximity
• Mobile phone deactivates tags or imbues with
  changing pseudonyms
• Mobile phone simulates tags to readers, enforcing
  user privacy policy
• Mobile phone releases tags when tags about to
  exit range

41
The Privacy Debate
VeriChip
Paying for drinks with wave of the
hand Club-goers in Spain get implanted chips for
ID, payment purposes WorldNetDaily,
14 April 2004
42
www.rapturechrist.com/666.htm
NEW Subdermal Biochip Implant for Cashless
Transactions - is it the Mark?
The mark is a microchip assembly which will be
implanted under the skin of the right hand. 
Later on, the mark will be implanted under the
forehead, so people who have no right hand could
also have the mark. The microchip assembly,
called radio frequency identification (RFID) is
already used in animals.  In dogs,  the RFID is
placed between the shoulder blades, and in birds
it is implanted under the wing.  Now there is a
one for humans called VeriChip.
43
www.spychips.com, www.stoprfid.com

• Unlike a bar code, an RFID tag can be read
  from a distance, right through your clothes,
  wallet, backpack or purse -- without your
  knowledge or consent -- by anybody with the right
  reader device. In a way, it gives strangers x-ray
  vision powers to spy on you, to identify both you
  and the things you're wearing and carrying.

44
RFID realities

• Deployers can scarcely get RFID working at all!
• UHF tags hard to read near liquids, like water
• You are salt water so
• If youre worried about your sweater being
  scanned, wear it!
• And even when range is good
• In NCR automated point-of-sale trials,
  participants paid for groceries of people behind
  them
• Consumer goods manufacturers and retailers dont
  want to drive customers away
• Corporations and governments dont make very
  effective use of data anyway

45

• Given the potentially huge benefits to
  consumers from wide-scale deployment of RFID,
  including higher productivity and lower prices,
  the privacy community knows that the only way
  they can stop RFID at the consumer level is to
  make all sorts of outlandish claims about the
  Orwellian uses of RFID, which either cant happen
  or are so unlikely as to be a non-issue.

Robert Atkinson, Progressive Policy Institute
46
Admonitions to privacy naysayers

• The technology will improve in ways we may not
  expect
• Industry has an incentive to overcome obstacles
• Tag power, reader sensitivity, antenna
• Standards and legacy systems stick around for
  years we should try to build flexibility and
  safeguards in early
• An RFID tag is not like a cookie
  psychologically more potent
• If people think theres a privacy problem, then
  theres a problem
• Security and privacy are enabling

• Let us not forget the salutary warning of the
  9/11 Commission Failure of imagination

47
Open avenues of research

• PIN distribution
• Cross-enterprise data flows
• Broken crypto
• Shrinking generators analyzed in weaker
  adversarial model
• Adversarial models
• Anti-cloning
• Sports memorabilia, FDA, etc.

48
for more information
www.rfid-security.com
(unofficial URL)