Presentation of ePP eSeal Protection Protocol for ISO 181854

1
Presentation of ePP (eSeal Protection Protocol)
for ISO 18185-4
Presented for consideration to ISO TC104 SC4 WG2

• YouSung Kang
• (youskang_at_etri.re.kr)
• 2005. 10. 19.

2
Contents

• ePP (eSeal Protection Protocol)
• Motivation
• Terminology
• Effects
• Procedure
• Packet Structure
• Performance Analysis
• Appendix
• A. ePP Scenarios
• B. ePP Cryptographic Operation
• C. ePP Security Analysis

3
ePP (eSeal Protection Protocol)
4
Introduction

• Scope
• The purpose of this presentation is to explain an
  eSeal protection protocol (ePP)
• What is the ePP?
• ePP stands for eSeal Protection Protocol
• Security protocol for protecting confidential
  information between an eSeal and its associated
  reader
• Provides the mutual authentication, data
  confidentiality, data integrity, non-repudiation
  of stored data, immunity to DoS, and replay
  protection
• Developed by ETRI1) for protecting eSeal data
• Simulated in LIT2) at PNU3)

1) ETRI Electronics and Telecommunications
Research Institute 2) LIT Research Center for
Logistics Information Technology 3) PNU Pusan
National University
We are expecting this presentation to be
considered as the next generation version of ISO
18185-4
5
Motivation

• ISO 18185-4 Gen 1
• The first generation standard released in August
  31, 2005
• Did not satisfy requirements for the data
  protection and device authentication
• Comparing ePP with ISO 18185-4 Gen 1

1) CCMe Counter with CBC-MAC for eSeal, refer to
Appendix B.
6
Terminology

• eSeal (Electronic Seal)
• A read only, non-reusable freight container seal
  conforming to the high security seal defined in
  ISO 17712 and conforming to ISO 18185 or revision
  thereof that electronically evidences tampering
  or intrusion through the container doors
• ISO 18185-4 Gen 1
• The first generation standard distributed on
  August 31, 2005
• ePP (eSeal Protection Protocol)
• Security protocol for protecting confidential
  information between an eSeal and its associated
  reader
• SART (Secure Active RFID Tag)
• Conforms to eSeal
• Includes confidential information
• Supports ePP and keyed-write/keyed-read
• SARR (Secure Active RFID Reader)
• Conforms to eSeal reader
• Supports ePP and keyed-write/keyed-read

7
Terminology

• CCMe (CCM for eSeal)
• Based on the CCM of the AES encryption algorithm
• Supports both of confidentiality and integrity of
  eSeal data
• CCM (Counter mode with CBC-MAC)
• Defined in IETF RFC 3610
• Generic authenticated encryption block cipher
  mode
• Combines Counter mode for confidentiality and
  CBC-MAC for integrity
• CBC-MAC (CBC-Message Authentication Code)
• Defined in FIPS 113
• Message integrity mechanism
• CBC (Cipher Block Chaining)
• A kind of block cipher operation modes
• ECDSA (Elliptic Curve Digital Signature
  Algorithm)
• Defined in X9.62
• Digital signature mechanism providing
  non-repudiation of stored data

8
ePP Coverage

• ePP Example

ISO 18185-1 Coverage
? Collection Request
? Seal ID Response
1) i.e., pre-Shared Key
? eSeal Key Material1) Request
ePP Assumptions
? Reader Authentication Request

• SART and SARR have the same pre-Shared Key
• Information to be protected will be defined later
• One SARR performs keyed-action as much as
  reasonable frequency

? Reader Authentication Response
SART
? eSeal Key Material Response
SARR
Authentication Server
? ePP Operation Request
? ePP Operation Response
ePP Coverage

• ?, ? Collect Seal ID, defined in ISO 18185-1
• ?, ?, ?, ? Reader Authentication by
  authentication server and Get Key Material, out
  of scope of ePP
• ?, ? ePP Coverage

9
ePP Command

• ePP Command code

10
ePP Effects

• Performance Analysis
• Target environments
• TI MSP430
• A simple low power controller
• 8MHz, 16-bit RISC CPU
• Program memory 55 KB (max 120 KB)
• SRAM 5 KB (max 10 KB)
• User memory about 2KB
• Test code for AES (priority to computation speed)
• 14 KB Code
• 4 KB Data
• 10 KB CONST

11
ePP Effects

• Test Results

For example, the maximum length of the
information that will be encrypted is 176 Bytes
in the ePP.
12
ePP Write Information

• Packet Structure

ePP Write Information - Request
(Max 234 B)
8
42
max 176 1)
8
0x51
D(encrypted I)
MIC
S
r
1) D has length of max 176 because of ePP Read
Information Response format and max multiple
number of 16 less than 182
Max 252 Byte x (about) 0.324 ms/B (about) Max
81.648 ms
ePP Write Information - Response
8
16 3)
8
0x51
0x2430 2)
D(encrypted DT)
MIC
r
3) D has length of 16 because of CCM encryption
feature
2) Seal type 110 (SART)
47 bytes in this case x 0.324 ms/B 15.228 ms
13
ePP Write Information

• Procedure

SARR
SART
Assume pre-Shared Key KE Generate Random number r
Prepare Information I Perform Digital Signature
S for I using ECDSA CCMe_ENCKE(r, S, I)1)
Assume pre-Shared Key KE
ePP Write Information - Request
ePP Packet Header
D(encrypted I)
MIC
CRC
S
r
Receive ePP Write Information - Request
1) refer to Appendix B.
CCMe_DECKE(r, S, D) If received r ? stored r ?
Failure
error handling (e.g., discard)
Success
Store r, S, and I Record Date/Time DT and Int. ID
IID CCMe_ENCKE(r, Null, DT)
ePP Write Information - Response
ePP Packet Header
D(encrypted DT)
MIC
CRC
r
Receive ePP Write Information - Response
CCMe_DECKE(r, Null, D)
Failure
error handling (e.g., request again)
Success
Record DT
14
ePP Write Information

• Performance Analysis

SART
SARR1)
ePP Write Information - Request
ePP Packet Header
D(encrypted I)
MIC
CRC
S
r
?
Max 252 Byte x (about) 0.324 ms/B (about) Max
81.648 msec
1)Computation speed depends on hardware
performance.
?
Analysis
?
?
?
?
?
Communication time(96.876 ms) Computation
time(29.573 ms) 76.6 23.4
2)MTK Mutual Transient Key. refer to Appendix C.
ePP Write Information - Response
ePP Packet Header
D(encrypted DT)
MIC
CRC
r
?
47 bytes in this case x 0.324 ms/B 15.228 msec
15
ePP Alert Message

• Packet Structure

ePP Alert Message
8
16
8
0x7F
0x1830 1)
D(encrypted A)
MIC
r
1) Seal type 110 (SART)
49 bytes ( 17 32) in this case x 0.324 ms/B
15.876 ms
16
ePP Alert Message

• Procedure

SARR
SART
Assume pre-Shared Key KE
Assume pre-Shared Key KE
Generate Random number r Prepare Alert message
A CCMe_ENCKE(r, Null, A)
ePP Alert
ePP Packet Header
D(encrypted A)
MIC
CRC
r
Receive ePP Alert
CCMe_DECKE(r, Null, D) If received r ? stored r ?
Failure
error handling (e.g., discard)
Success
Store r Report to manager
17
ePP Alert Message

• Performance Analysis

SART
SARR
Analysis
?
?
?
Communication time(15.876 ms) Computation
time(9.968 ms) 61.4 38.6
1)MTK Mutual Transient Key. refer to Appendix C.
ePP Alert
ePP Packet Header
D(encrypted A)
MIC
CRC
r
?
49 bytes ( 17 32) in this case x 0.324 ms/B
15.876 msec
18
ePP Read Information

• Packet Structure

ePP Read Information - Request
8
16 1)
8
0x53
MIC
r
D(encrypted DT)
1) D has length of 16 because of CCM encryption
feature
50 bytes in this case x 0.324 ms/B 16.2 ms
ePP Read Information - Response
(Max 234 B)
8
42
max 176 3)
8
0x28302)
0x53
D(encrypted I)
MIC
S
r
2) Seal type 110 (SART)
3) D has length of max 176 because of max
multiple number of 16 less than 182
Max 249 Byte x 0.324 ms/B Max 80.676 ms
19
ePP Read Information

• Procedure

SARR
SART
Assume pre-Shared Key KE Generate Random number
r Prepare Date/Time DT CCMe_ENCKE(r, r, DT)
Assume pre-Shared Key KE
ePP Read Information - Request
ePP Packet Header
MIC
CRC
r
D(encrypted DT)
Receive ePP Read Information - Request
CCMe_DECKE(r, r, D) If received r ? stored r ?
Failure
error handling (e.g., discard)
Success
Store r Record Date/Time DT and Int. ID
IID CCMe_ENCKE(r, S, I)
ePP Read Information - Response
D(encrypted I)
MIC
CRC
S
ePP Packet Header
r
Receive ePP Read Information - Response
Failure
CCMe_DECKE(r, S, D)
error handling (e.g., request again)
Success
Record DT Transmit S and I to upper layer
20
ePP Read Information

• Performance Analysis

SART
SARR1)
ePP Read Information - Request
ePP Packet Header
MIC
CRC
r
D(encrypted DT)
?
50 bytes in this case x 0.324 ms/B 16.2 msec
1)Computation speed depends on hardware
performance.
?
Analysis
?
?
?
?
?
Communication time(96.876 ms) Computation
time(29.992 ms) 76.4 23.6
2)MTK Mutual Transient Key. refer to Appendix C.
ePP Read Information - Response
D(encrypted I)
MIC
CRC
S
ePP Packet Header
r
?
Max 249 Byte x 0.324 ms/B Max 80.676 msec
21
ePP Summary

• Features
• Security services for eSeals confidential
  information
• Mutual authentication between eSeal and its
  associated reader
• Data confidentiality
• Data integrity
• Non-repudiation of stored data
• Immunity to DoS
• Replay protection
• Implementation with software upgrade
• We can accommodate the ePP program to the current
  hardware component
• The dominant portion of data read/write operation
  is not data encryption/decryption time, but data
  communication time
• Concealing of Seal ID is out of scope of the ePP

22
Discussion

• Any Questions or Comments?

Thank you for your attention !
23
Appendix
24
Appendix A. ePP Scenario

• ePP Write
• 1. Initial status
• - SART status Open and unSealed
• - SARR condition Law enforcement agent(e.g.,
  customs police) reader
• 2. Get Seal ID and SART status
• - SARR ? SARTs, broadcast, plaintext Wake-up
  signal
• - SARR ? SARTs, broadcast, plaintext Send
  Collection command
• - SARTs ? SARR, broadcast, plaintext Respond
  Seal ID
• - SARR ? SART, point-to-point, plaintext Send
  Get seal Status command
• - SART ? SARR, point-to-point, plaintext
  Respond Open and unSealed
• 3. ePP Write Information
• - SARR ? SART, point-to-point, ciphertext Send
  ePP Write Information - Request command
• - SART ? SARR, point-to-point, ciphertext
  Respond ePP Write Information - Response
• 4. Transition SART status
• - SART external Physically closed and
  sealed(e.g., cable connected, bolt inserted)
• - SART internal Record Event Date and Time on
  Sealed Event Record, then, transition to
  Closed and Sealed

25
Appendix A. ePP Scenario

• ePP Alert
• 1. ePP Alert
• - SART ? SARR, point-to-point, ciphertext Send
  ePP Alert

26
Appendix A. ePP Scenario

• ePP Read
• 1. Status
• - SART status Closed and Sealed
• - SARR condition Authorized(e.g., the owner of
  goods, customs police) reader
• 2. Get Seal ID
• - SARR ? SARTs, broadcast, plaintext Wake-up
  signal
• - SARR ? SARTs, broadcast, plaintext Send
  Collection command or Collection Seal IDs with
  Event Record command
• - SARTs ? SARR, broadcast, plaintext Respond
  Seal ID or Seal ID Event Record
• 3. ePP Read Information
• - SARR ? SART, point-to-point, ciphertext Send
  ePP Read Information - Request command
• - SART ? SARR, point-to-point, ciphertext
  Respond ePP Read Information - Response
• 4. Transition SART status
• - SART external Physically open and seal broken
  (e.g., cable disconnected, bolt removed)
• - SART internal Record Event Date and Time on
  Seal open Event Record, then, transition to
  Opened

27
Appendix B. ePP Cryptographic Operation

• PRNG (Pseudo Random Number Generation)
• Used for selection of slot time
• Out of scope
• PRF (Pseudo Random Function)
• MTK(Mutual Transient Key) derivation function
• Uses the pre-Shared Key as a secret information
• Assume that SART and SARR have the same
  pre-Shared Key, securely.
• CBC-MAC (FIPS 113) using AES

pre-Shared Key (128 bits)
CBC-MAC(pre-Shared Key, Random number Seal ID
Int. ID)
Int. ID is omitted in case of ePP Alert
MTK (CCM Enc/Decryption Key, 128 bits)
28
Appendix B. ePP Cryptographic Operation

• Confidentiality Integrity
• CCMe (Counter with CBC-MAC Protocol for eSeal)
• Counter mode for message confidentiality
• CBC-MAC for message authentication
• Expanded by 8 bytes (additional MIC 8 bytes)
• Digital Signature
• ECDSA-163 (Elliptic Curve Digital Signature
  Algorithm)
• Small size (about 42 bytes) relatively to RSA
  Signature

29
Appendix B. ePP Cryptographic Operation

• CCMe Encapsulation

before
ePP Packet Header
Data to be encrypted
S
r
ePP Packet Header (16B) r (8B) S(42B)


CCM encryption
AAD (42B)
AAD Additional Authentication Data
Plaintext ePP Packet
Data (max 176B)
Seal ID(6B), Int. ID(2B)
PRF (CBC-MAC)
(C) ePP Packet
(A)
(B)
Random number (8B)
pre-Shared key (16B)
MTK (16B)
Construct Nonce
CRC
Nonce (13B)
(C)
(B)
(A)
after
ePP Packet Header
encrypted Data
MIC
CRC
S
r
30
Appendix B. ePP Cryptographic Operation

• CCMe Decapsulation

before
ePP Packet Header
encrypted Data
MIC
CRC
S
r
ePP Packet Header (16B) r (8B) S(42B)

AAD (42B)
CCM decryption
AAD Additional Authentication Data
Data (max 176B)
ePP Packet
MIC (8B)
after CRC check
MIC Message Integrity Code
PRF (CBC-MAC)
Seal ID(6B), Int. ID(2B)
Plaintext ePP Packet
(A)
(B)
Random number (8B)
pre-Shared key (16B)
MTK (16B)
Construct Nonce
Nonce (13B)
(B)
(A)
ePP Packet Header
decrypted Data
after
S
r
31
Appendix B. ePP Cryptographic Operation

• CCMe Notation
• Encapsulation
• CCMe_ENCKE(r, AAD, D)
• where, CCMe_ENC means CCMe encryption operation.
• KE is a secret key for CCMe, for example,
  pre-Shared Key.
• r is a random number which becomes a part of
  Nonce.
• AAD is an additional authentication data, for
  example, digital signature value S.
• D is data to be encrypted, for example,
  confidential information I.
• Decapsulation
• CCMe_DECKE(r, AAD, D)
• where, CCMe_DEC means CCMe decryption operation.
• KE is a secret key for CCMe, for example,
  pre-Shared Key.
• r is a random number which becomes a part of
  Nonce.
• AAD is an additional authentication data, for
  example, digital signature value S.
• D is data to be decrypted.

32
Appendix C. ePP Security Analysis

• Mutual Authentication
• Security service for ePP Write Information and
  ePP Read Information
• Both of SARR and SART can be authenticated by
  proving each to have the same pre-Shared Key
• SART authenticates SARR by verifying the
  integrity of received data
• Only SARR having pre-Shared Key can derive
  MTK(CCMe Encryption Key)
• In SART, if the integrity of received data is
  confirmed, SART admits SARR to be lawful
• So does SARR, too.

33
Appendix C. ePP Security Analysis

• Key Establishment
• MTK(Mutual Transient Key CCMe Enc/Decryption
  Key) is derived from pre-Shared Key
• MTK is generated from each internal PRF block of
  SART and SARR
• MTK PRF-128(pre-Shared Key, Random number
  Seal ID Interrogator ID)
• (Exception) MTK for ePP Alert
  PRF-128(pre-Shared Key, Random number Seal ID)
• MTK is not transmitted through wireless channel
• Construct Nonce
• Nonce (13 bytes) Seal IDs MSB (3 bytes)
  Int. ID (2 bytee) Random number (8 bytes)

34
Appendix C. ePP Security Analysis

• Data Confidentiality and Data Integrity
• Default cipher algorithm is CCMe (Counter with
  CBC-MAC for eSeal)
• CCM supports message encryption and message
  authentication
• Confidential information is encrypted using MTK
• MIC for the confidential information and the
  digital signature value is calculated using MTK
• Data confidentiality and integrity is guaranteed
  by CCM using MTK
• Non-Repudiation of Stored Data
• Information(I) must be guaranteed
• Law enforcement agent performs Digital
  Signature(S) for Information(I) using its own
  private key
• SART conserves Information(I) and Digital
  Signature(S)
• SARR verifies the Digital Signature(S) using law
  enforcement agents public key

35
Appendix C. ePP Security Analysis

• Immunity to DoS(Denial of Service)
• Request of Information Read/Write from illegal
  reader
• Only SARR having pre-Shared Key can derive MTK
• In SART, if the integrity check of received data
  fails, the request message may be discarded
• Alert message from illegal tag
• Illegal alert messages give burden to backbone
  network, so it is important to suspend illegal
  messages
• Alert message must be encrypted using MTK
• In SARR, if the integrity check of received data
  fails, the request message may be discarded

36
Appendix C. ePP Security Analysis

• Replay Protection
• A kind of resource exhaustion attack
• SART holds a list of the previous Random
  numbers(r) up to reasonable size
• SART compares the received Random number(r) with
  the list
• In SART, if the same Random number(r) is found,
  the request message is discarded