Title: New%20Directions%20in%20Detection,%20Security%20and%20Privacy%20for%20RFID
1New Directions in Detection, Security and Privacy
for RFID
- Leonid Bolotnyy and Gabriel Robins
- Department of Computer Science, UVa
2Thesis
Multi-tags, yoking-proofs, and physical
unclonable functions can improve reliability,
security, and privacy in radio frequency
identification (RFID) systems.
3Progress
- L. Bolotnyy and G. Robins, Multi-Tag Radio
Frequency Identification Systems, IEEE Workshop
on Automatic Identification Advanced Technologies
(AutoID), pp. 83-88, 2005 - L. Bolotnyy and G. Robins, Randomized
Pseudo-Random Function Tree Walking Algorithm for
Secure Radio Frequency Identification, IEEE
Workshop on Automatic Identification Advanced
Technologies (AutoID), pp. 43-48, 2005 - L. Bolotnyy and G. Robins, Generalized
Yoking-Proofs for a Group of RFID Tags, IEEE
International Conference on Mobile and Ubiquitous
Systems (Mobiquitous), 2006 - L. Bolotnyy and G. Robins, PUF-Based Security and
Privacy in RFID Systems, IEEE International
Conference on Pervasive Computing (PerCom), 2007 - Several additional papers in progress
- NSF Cyber Trust proposal (submitted January 2007)
- Deutsche Telekom (largest in EU) offered to
patent our multi-tags idea
4Introduction
- Frequencies Low (125KHz), High (13.56MHz), UHF
(915MHz)
5History
6Thesis Proposal
- Improve security and privacy
Auditing algorithms for RFID Yoking-Proofs
Inter-tag communication
Definition of privacy
PUF-based security Algorithms PUF design
7Why Multi-Tag RFID?
- Bar-codes vs. RFID
- line-of-sight
- scanning rate
- Unreliability of tag detection
- radio noise is ubiquitous
- liquids and metals are opaque to RF
- milk, water, juice
- metal-foil wrappers
- Wal-Mart experiments (2005)
- 90 tag detection at case level
- 95 detection on conveyor belts
- 66 detection of individual items inside fully
loaded pallets - Our preliminary experiments support data above
8Applications of Multi-Tags
9The Power of an Angle
- Inductive coupling voltage sin(ß),
distance (power)1/6 - Far-field propagation voltage sin2(ß),
distance (power)1/2
10Benefits and Costs of Multi-Tags
- PROS
- increases expected induced voltage on tag
- increases operational range of system
- increases memory per object
- improves availability
- improves reliability
- improves durability
- provides potential security enhancement
- new applications
- CONS
- increases system cost
- modestly complicates manufacturing
- potentially increases tags interrogation time
11Experimental Apparatus and Experiments with
Multi-Tags
- Experiments
- Measure detection of 20 multi-tagged objects
- With/without metals and liquids
- Rotate multi-tagged object mixes
- 1, 2, 3, 4 tags per object
- Vary tag, reader, and antenna types
- Vary distances, geometry, power
- Multi-tags vs. multiple readers
12Preliminary Experimental Results
1
0.9
0.8
0.7
0.6
Average Detection Probability
0.5
0.4
0.3
0.2
0.1
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Object Number
13Security and Privacy in RFID
A
B
C
Alice was here A, B, C
14Security and Privacy in RFID
- Privacy difficult to track tags
- Security
- Secure Identification
f(r, ID)
f(c)
c
15Yoking-Proofs
- Yoking joining together / simultaneous presence
of multiple tags
- Key Observation Passive tags can communicate
- with each other through reader
- Problem Statement Generate proof that a group of
passive tags were identified nearly-simultaneously
- Applications verify that
- medicine bottle sold together with instructions
- tools sold together with safety devices
- matching parts were delivered together
- several forms of ID were presented
- a group of people was present at a meeting
16Assumptions and Goals
- Assumptions
- Tags are passive
- Tags have limited computational abilities
- Tags can compute a keyed hash function
- Tags can maintain some state
- Verifier is trusted and powerful
- Solution Goals
- Allow readers to be adversarial
- Make valid proofs improbable to forge
- Allow verifier to verify proofs off-line
- Detect replays of valid proofs
- Timer on-board a tag
- FCC regulations protocol termination lt 400ms
- Capacitor discharge can implement timeout
17Generalized Yoking-Proof Protocol
Idea construct a chain of mutually dependent MACs
1
2
3
4
5
Anonymous Yoking tags keep their identities
private
Speedup yoking protocols by splitting chain into
arcs
18Inter-Tag Communication in RFID
- Idea heterogeneity in ubiquitous computing
- Yoking proofs
- Battery-less sensing
- Tags as mailboxes
- Tags as proxies
- Location access control
- Tags partitioned into groups
- Group leader in charge of authentication and
access control - Subordinate reader-tag authentication
19PUF-Based Security and Privacy
- Digital crypto implementations require 1000s of
gates - Low-cost alternatives
- Pseudonyms / one-time pads
- Low complexity / power hash function designs
- Hardware-based solutions
- Definition of privacy that incorporates hardware
attacks - PUF definition
- Security is based on
- wire delays
- gate delays
- quantum mechanical fluctuations
- PUF characteristics
- uniqueness
- reliability
- unpredictability
20PUF-Based Algorithms
21PUF-Based Ownership Transfer
- To maintain privacy we need
- ownership privacy
- forward privacy
- Physical security is especially important
- Solutions
- public key cryptography
- knowledge of owners sequence
- trusted authority
- short period of privacy
22Comparison of PUF With Digital Hash Functions
- Reference PUF 545 gates for 64-bit input
- 6 to 8 gates for each input bit
- 33 gates to measure the delay
- Low gate count of PUF has a cost
- probabilistic outputs
- difficult to characterize analytically
- non-unique computation
- extra storage
- Different attack target for adversaries
- model building rather than key discovery
- Physical security
- hard to break tag and remain undetected
23PUF Design
- Attacks on PUF
- impersonation
- modeling
- hardware tampering
- side-channel
- Weaknesses of existing PUF
reliability
- New PUF design
- no oscillating circuit
- sub-threshold voltage
- Compare different non-linear delay approaches
24Conclusion and Research Plan
- Contributions
- Multi-Tags
- tag objects with multiple tags to improve
detection - Security and Privacy
- Yoking proofs
- Inter-tag communication
- Hardware-based security
- PUFs
- Plan for the next 5 months
- finish multi-tag experiments
- define privacy w.r.t. physical attacks
- design / evaluate improved PUF circuits
- publish more papers
25- Bolotnyy and Robins, Multi-Tag Radio Frequency
Identification Systems,IEEE Workshop on Automatic
Identification Advanced Technologies (AutoID),
pp. 83-88, 2005 - Bolotnyy and Robins, Randomized Tree Walking
Algorithm for Secure RFID, IEEE Workshop on
Automatic Identification Advanced Technologies
(AutoID), pp. 43-48, 2005 - Bolotnyy and Robins, Generalized Yoking-Proofs
for a Group of RFID Tags, IEEE International
Conference on Mobile and Ubiquitous Systems
(Mobiquitous), 2006 - Bolotnyy and Robins, PUF-Based Security and
Privacy in RFID Systems, IEEE International
Conference on Pervasive Computing (PerCom), 2007
26Back Up Slides
27Related Work on Multi-Tags
- Two-antennas per tag to determine location
- Four tags per object to determine movement
direction - Multiple tags to increase reliability (for
visually impaired) - Random placement of two tags on playing cards
- Splitting tag ID into Class ID and Pure ID
- Up to three tags to determine object-person
interaction
28Types of Multi-Tags
29Detection Distance with Multi-Tags
30Effects of Multi-Tags on Anti-Collision
Algorithms
Algorithm
Redundant Tags
Dual-Tags
Binary No Affect No Affect
Binary Variant No Affect No Affect
Randomized Doubles Time No Affect
STAC Causes DOS No Affect
Slotted Aloha Doubles Time No Affect
If Dual-Tags communicate to form a single
response Assuming an object is tagged with two
tags
31Related Work on Yoking-Proofs
- Juels 2004
- protocol is limited to two tags
- no timely timer update (minor/crucial omission)
- Saito and Sakurai 2005
- solution relies on timestamps generated by
trusted database - violates original problem statement
- one tag is assumed to be more powerful than the
others - vulnerable to future timestamp attack
- Piramuthu 2006
- discusses inapplicable replay-attack problem of
Juels protocol - independently observes the problem with
Saito/Sakurai protocol - proposed fix only works for a pair of tags
- violates original problem statement
32Speeding Up The Yoking Protocol
Idea split cycle into several sequences of
dependent MACs
starting / closing tags
- Requires
- multiple readers or multiple antennas
- anti-collision protocol
33Related Work on PUF
- Optical PUF Ravikanth 2001
- Silicon PUF Gassend et al 2002
- design, implementation, simulation, manufacturing
- authentication algorithm
- controlled PUF
- PUF in RFID
- off-line reader authentication using public key
cryptography Tuyls et al 2006
34PUF-Based Authentication
Reader
Tag
35PUF-Based Identification Algorithm
- Tag stores its identifier ID
- Database stores ID, p(ID), , pk(ID)
- Upon readers query, the tag
- responds with p(ID)
- updates its ID with p(ID)
- It is important to have
- a reliable PUF
- no loops in PUF chains
- no identical PUF outputs
- Assumptions
- passive adversaries (otherwise, denial of service
possible) - physical compromise of tags not possible
- reliable PUF
36PUF-Based MAC Algorithms
- Need to protect against replay attacks
- MAC based on PUF
- large keys
- cannot support arbitrary messages
- Motivational example buyer/seller
37Using PUF to Detect and Restore Privacy of
Compromised System
s1,0
s1,1
s2,0
s2,1
s2,2
s2,3
s3,1
s3,0
s3,4
s3,5
s3,2
s3,3
s3,7
s3,6
- Detect potential tag compromise
- Update secrets of affected tags