New%20Directions%20in%20Detection,%20Security%20and%20Privacy%20for%20RFID

1
New Directions in Detection, Security and Privacy
for RFID

• Leonid Bolotnyy and Gabriel Robins
• Department of Computer Science, UVa

2
Thesis
Multi-tags, yoking-proofs, and physical
unclonable functions can improve reliability,
security, and privacy in radio frequency
identification (RFID) systems.
3
Progress

• L. Bolotnyy and G. Robins, Multi-Tag Radio
  Frequency Identification Systems, IEEE Workshop
  on Automatic Identification Advanced Technologies
  (AutoID), pp. 83-88, 2005
• L. Bolotnyy and G. Robins, Randomized
  Pseudo-Random Function Tree Walking Algorithm for
  Secure Radio Frequency Identification, IEEE
  Workshop on Automatic Identification Advanced
  Technologies (AutoID), pp. 43-48, 2005
• L. Bolotnyy and G. Robins, Generalized
  Yoking-Proofs for a Group of RFID Tags, IEEE
  International Conference on Mobile and Ubiquitous
  Systems (Mobiquitous), 2006
• L. Bolotnyy and G. Robins, PUF-Based Security and
  Privacy in RFID Systems, IEEE International
  Conference on Pervasive Computing (PerCom), 2007
• Several additional papers in progress
• NSF Cyber Trust proposal (submitted January 2007)
• Deutsche Telekom (largest in EU) offered to
  patent our multi-tags idea

4
Introduction

• RFID

• Tags types

• Frequencies Low (125KHz), High (13.56MHz), UHF
  (915MHz)

• Coupling methods

5
History
6
Thesis Proposal

• Improve tag detection

• Improve security and privacy

Auditing algorithms for RFID Yoking-Proofs
Inter-tag communication
Definition of privacy
PUF-based security Algorithms PUF design
7
Why Multi-Tag RFID?

• Bar-codes vs. RFID
• line-of-sight
• scanning rate

• Unreliability of tag detection
• radio noise is ubiquitous
• liquids and metals are opaque to RF
• milk, water, juice
• metal-foil wrappers
• Wal-Mart experiments (2005)
• 90 tag detection at case level
• 95 detection on conveyor belts
• 66 detection of individual items inside fully
  loaded pallets
• Our preliminary experiments support data above

8
Applications of Multi-Tags
9
The Power of an Angle

• Inductive coupling voltage sin(ß),
  distance (power)1/6
• Far-field propagation voltage sin2(ß),
  distance (power)1/2

10
Benefits and Costs of Multi-Tags

• PROS
• increases expected induced voltage on tag
• increases operational range of system
• increases memory per object
• improves availability
• improves reliability
• improves durability
• provides potential security enhancement
• new applications
• CONS
• increases system cost
• modestly complicates manufacturing
• potentially increases tags interrogation time

11
Experimental Apparatus and Experiments with
Multi-Tags

• Equipment

• Experiments
• Measure detection of 20 multi-tagged objects
• With/without metals and liquids
• Rotate multi-tagged object mixes
• 1, 2, 3, 4 tags per object
• Vary tag, reader, and antenna types
• Vary distances, geometry, power
• Multi-tags vs. multiple readers

12
Preliminary Experimental Results
1
0.9
0.8
0.7
0.6
Average Detection Probability
0.5
0.4
0.3
0.2
0.1
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Object Number
13
Security and Privacy in RFID

• Privacy

A
B
C
Alice was here A, B, C
14
Security and Privacy in RFID

• Privacy difficult to track tags
• Security
• Secure Identification

f(r, ID)
f(c)

• Tag Authentication

c

• Message Authentication

• Ownership Transfer

• Auditing

15
Yoking-Proofs

• Yoking joining together / simultaneous presence
  of multiple tags

• Key Observation Passive tags can communicate
• with each other through reader

• Problem Statement Generate proof that a group of
  passive tags were identified nearly-simultaneously
  

• Applications verify that
• medicine bottle sold together with instructions
• tools sold together with safety devices
• matching parts were delivered together
• several forms of ID were presented
• a group of people was present at a meeting

16
Assumptions and Goals

• Assumptions
• Tags are passive
• Tags have limited computational abilities
• Tags can compute a keyed hash function
• Tags can maintain some state
• Verifier is trusted and powerful

• Solution Goals
• Allow readers to be adversarial
• Make valid proofs improbable to forge
• Allow verifier to verify proofs off-line
• Detect replays of valid proofs

• Timer on-board a tag
• FCC regulations protocol termination lt 400ms
• Capacitor discharge can implement timeout

17
Generalized Yoking-Proof Protocol
Idea construct a chain of mutually dependent MACs
1
2
3
4
5
Anonymous Yoking tags keep their identities
private
Speedup yoking protocols by splitting chain into
arcs
18
Inter-Tag Communication in RFID

• Idea heterogeneity in ubiquitous computing
• Yoking proofs
• Battery-less sensing
• Tags as mailboxes
• Tags as proxies
• Location access control
• Tags partitioned into groups
• Group leader in charge of authentication and
  access control
• Subordinate reader-tag authentication

19
PUF-Based Security and Privacy

• Digital crypto implementations require 1000s of
  gates
• Low-cost alternatives
• Pseudonyms / one-time pads
• Low complexity / power hash function designs
• Hardware-based solutions
• Definition of privacy that incorporates hardware
  attacks
• PUF definition
• Security is based on
• wire delays
• gate delays
• quantum mechanical fluctuations
• PUF characteristics
• uniqueness
• reliability
• unpredictability

20
PUF-Based Algorithms
21
PUF-Based Ownership Transfer

• Ownership Transfer

• To maintain privacy we need
• ownership privacy
• forward privacy

• Physical security is especially important

• Solutions
• public key cryptography
• knowledge of owners sequence
• trusted authority
• short period of privacy

22
Comparison of PUF With Digital Hash Functions

• Reference PUF 545 gates for 64-bit input
• 6 to 8 gates for each input bit
• 33 gates to measure the delay
• Low gate count of PUF has a cost
• probabilistic outputs
• difficult to characterize analytically
• non-unique computation
• extra storage
• Different attack target for adversaries
• model building rather than key discovery
• Physical security
• hard to break tag and remain undetected

23
PUF Design

• Attacks on PUF
• impersonation
• modeling
• hardware tampering
• side-channel

• Weaknesses of existing PUF

reliability

• New PUF design
• no oscillating circuit
• sub-threshold voltage

• Compare different non-linear delay approaches

24
Conclusion and Research Plan

• Contributions
• Multi-Tags
• tag objects with multiple tags to improve
  detection
• Security and Privacy
• Yoking proofs
• Inter-tag communication
• Hardware-based security
• PUFs

• Plan for the next 5 months
• finish multi-tag experiments
• define privacy w.r.t. physical attacks
• design / evaluate improved PUF circuits
• publish more papers

25

• Bolotnyy and Robins, Multi-Tag Radio Frequency
  Identification Systems,IEEE Workshop on Automatic
  Identification Advanced Technologies (AutoID),
  pp. 83-88, 2005
• Bolotnyy and Robins, Randomized Tree Walking
  Algorithm for Secure RFID, IEEE Workshop on
  Automatic Identification Advanced Technologies
  (AutoID), pp. 43-48, 2005
• Bolotnyy and Robins, Generalized Yoking-Proofs
  for a Group of RFID Tags, IEEE International
  Conference on Mobile and Ubiquitous Systems
  (Mobiquitous), 2006
• Bolotnyy and Robins, PUF-Based Security and
  Privacy in RFID Systems, IEEE International
  Conference on Pervasive Computing (PerCom), 2007

26
Back Up Slides
27
Related Work on Multi-Tags

• Two-antennas per tag to determine location
• Four tags per object to determine movement
  direction
• Multiple tags to increase reliability (for
  visually impaired)
• Random placement of two tags on playing cards
• Splitting tag ID into Class ID and Pure ID
• Up to three tags to determine object-person
  interaction

28
Types of Multi-Tags
29
Detection Distance with Multi-Tags
30
Effects of Multi-Tags on Anti-Collision
Algorithms
Algorithm
Redundant Tags
Dual-Tags
Binary No Affect No Affect
Binary Variant No Affect No Affect
Randomized Doubles Time No Affect
STAC Causes DOS No Affect
Slotted Aloha Doubles Time No Affect
If Dual-Tags communicate to form a single
response Assuming an object is tagged with two
tags
31
Related Work on Yoking-Proofs

• Juels 2004
• protocol is limited to two tags
• no timely timer update (minor/crucial omission)

• Saito and Sakurai 2005
• solution relies on timestamps generated by
  trusted database
• violates original problem statement
• one tag is assumed to be more powerful than the
  others
• vulnerable to future timestamp attack

• Piramuthu 2006
• discusses inapplicable replay-attack problem of
  Juels protocol
• independently observes the problem with
  Saito/Sakurai protocol
• proposed fix only works for a pair of tags
• violates original problem statement

32
Speeding Up The Yoking Protocol
Idea split cycle into several sequences of
dependent MACs
starting / closing tags

• Requires
• multiple readers or multiple antennas
• anti-collision protocol

33
Related Work on PUF

• Optical PUF Ravikanth 2001
• Silicon PUF Gassend et al 2002
• design, implementation, simulation, manufacturing
• authentication algorithm
• controlled PUF
• PUF in RFID
• off-line reader authentication using public key
  cryptography Tuyls et al 2006

34
PUF-Based Authentication
Reader
Tag
35
PUF-Based Identification Algorithm

• Tag stores its identifier ID
• Database stores ID, p(ID), , pk(ID)
• Upon readers query, the tag
• responds with p(ID)
• updates its ID with p(ID)

• It is important to have
• a reliable PUF
• no loops in PUF chains
• no identical PUF outputs

• Assumptions
• passive adversaries (otherwise, denial of service
  possible)
• physical compromise of tags not possible
• reliable PUF

36
PUF-Based MAC Algorithms

• MAC (K, t, ?)

• Need to protect against replay attacks

• MAC based on PUF
• large keys
• cannot support arbitrary messages
• Motivational example buyer/seller

37
Using PUF to Detect and Restore Privacy of
Compromised System
s1,0
s1,1
s2,0
s2,1
s2,2
s2,3
s3,1
s3,0
s3,4
s3,5
s3,2
s3,3
s3,7
s3,6

1. Detect potential tag compromise
2. Update secrets of affected tags