Title: MIXNET for Radio Frequency Identification Jaanus Uudmae, Harshitha Sunkara, Dale R. Thompson, Sean Bruce, and Jayamadhuri Penumarthi
1MIXNET for Radio Frequency IdentificationJaanus
Uudmae, Harshitha Sunkara, Dale R. Thompson, Sean
Bruce, and Jayamadhuri Penumarthi
- Dale R. Thompson, Ph.D., P.E.
- Associate Professor
- Computer Science and Computer Engineering Dept.
- University of Arkansas
2Related Activities
- Member of GS1 EPCglobal Hardware Action Group
Product Data Protection ad hoc Committee (Dec.
2006 present) - Affiliated with University of Arkansas RFID
Research Center (http//itri.uark.edu/rfid/)
(Feb. 2005 present) - Lightweight Authentication for RFID (Aug. 2006
present) - Categorizing RFID Privacy Threats with STRIDE
(July 2006) - Taught RFID Communications class (May June
2006) - RFID Security Threat Model (Mar. 2006)
- Brute Force Attack of EPCglobal UHF Class-1
Generation-2 RFID Tag (Jan. May 2006) - Attack Graphs for EPCglobal RFID (Jan. May
2006) - MIXNET Using Universal Re-encryption for Radio
Frequency Identification (RFID) (Aug. 2005 Dec.
2006) - RFID Technical Tutorial and Threat Modeling
Project (Jun. Dec. 2005)
3University of Arkansas RFID Research Center
- Fully student staffed with 24 industry members,
which recently became the first open laboratory
to be accredited by EPCglobal Inc.
4What is RFID?
- Stands for Radio Frequency Identification
- Uses radio waves for identification
- New frontier in the field of information
technology - One form of Automatic Identification
- Provides unique identification or serial number
of an object (pallets, cases, items, animals,
humans)
5RFID system
6RFID reader
- Also known an interrogator
- Reader powers passive tags with RF energy
- Can be handheld or stationary
- Consists of
- Transceiver
- Antenna
- Microprocessor
- Network interface
Antenna
Reader
7RFID tags
- Tag is a device used to transmit information such
as a serial number to the reader in a contact
less manner - Classified as
- Passive energy from reader
- Active - battery
- Semi-passive battery and energy from reader
8UHF passive tag
9Supply Chain Management
- RFID adds visibility as the items flow through
the supply chain from the manufacturer, shippers,
distributors, and retailers. - The added visibility can identify bottlenecks and
save money. - Wal-Mart requested in June 2003 that their top
100 suppliers use RFID at the pallet and case
level by January 2005.
10Electronic Product Code (EPC) 96-bit Version
Version EPC Manager (Manufacturer) Object Class (Product) Serial Number
8 bits 28 bits 24 bits 36 bits
- Every product has unique identifier
- 96 bits can uniquely label all products for the
next 1,000 years - 296 79,228,162,514,264,337,593,543,950,336
11Physical Tracking
12(No Transcript)
13MIXNET using Universal Re-encryption
- ElGamal
- A conventional cryptosystem, permits
re-encryption if the public key is known at each
MIXNET - Ciphertext C represents re-encryption of C if
both decrypt to the same plaintext. - Privacy is because the ciphertext pair (C, C) is
- indistinguishable from (C, R) for a random
cipher R. - The tag pseudonym, a false name for the original
identity is re-encrypted each time it passes a
MIXNET.
14ElGamal
- Key Generation
- Alice
- A random prime p, generator element g and private
key x. - Generate public key
- Publicize (p, g, y) and x as the private key.
- Encryption
- Bob
- Chooses random k to send message m and computes a
ciphertext pair - (c1, c2)
- and
- Decryption
- To decrypt ciphertext (c1, c2), Alice computes
15Universal Re-encryption
- Re-encrypts the ciphertext without the knowledge
of the public key using a random encryption
factor. - Re-encryption is based on a homomorphic property,
- Allows external anonymity which provides total
privacy protection for data being transmitted - Encrypts under the public key and random
encryption factor - Appends an identity element to the ciphertext
encrypted based on ElGamal. - First decrypts the identity element to confirm
the intended message.
16Universal Re-encryption Example
- P 23, g 19, x 17
- Y 19 17 mod 23 21
- Publicize ( y, g) (21, 19)
- m 20 , random encryption factor
- Encryption
-
(20,2),(7,19) - Decryption
17Universal Re-encryption Example
- Re-encryption
- Input
- Random re-encryption factor
- Ciphertext
- (3,21), (19,21)
- To Verify decryption of
-
(Plaintext) -
18(No Transcript)
19(No Transcript)
20(No Transcript)
21Future Work
- Extend simulation to a system of security agents
- Add MIXNET agent to open source TagCentric
- Implement MIXNET on a reader
- Implement traditional MIXNET between readers and
databases to hide location of tags from the
database
22RFID-related publications
- M. Byers, A. Lofton, A. K. Vangari-Balraj, and D.
R. Thompson, Brute force attack of EPCglobal UHF
class-1 generation-2 RFID tag, in Proc. IEEE
Region 5 Technical Conf., Fayetteville, Arkansas,
April 20-21, 2007, to appear. - S. C. G. Periaswamy, S. Bharath, M. Chagarlamudi,
S. Estes, D. R. Thompson, Attack graphs for
EPCglobal RFID, in Proc. IEEE Region 5 Technical
Conf., Fayetteville, Arkansas, April 20-21, 2007,
to appear. - J. Uudmae, H. Sunkara, D. R. Thompson, S. Bruce,
and J. Penumarthi, MIXNET for radio frequency
identification, in Proc. IEEE Region 5 Technical
Conf., Fayetteville, Arkansas, April 20-21, 2007,
to appear. - D. R. Thompson, J. Di, H. Sunkara, and C.
Thompson, Categorizing RFID privacy threats with
STRIDE, in Proc. ACM Symposium on Usable Privacy
and Security (SOUPS), Carnegie Mellon University,
Pittsburgh, Pennsylvania, July 12-14, 2006. - D. R. Thompson, RFID technical tutorial, The
Journal of Computing Sciences in Colleges, vol.
21, no. 5, pp. 8-9, May, 2006. - D. R. Thompson, N. Chaudhry, and C. W. Thompson,
RFID security threat model, in Proc. Acxiom
Laboratory for Applied Research (ALAR) Conf. on
Applied Research in Information Technology,
Conway, Arkansas, Mar. 3, 2006. - N. Chaudhry, D. R. Thompson, and C. Thompson,
RFID Technical Tutorial and Threat Modeling, ver.
1.0, tech. report, Dept. of Computer Science and
Computer Engineering, University of Arkansas,
Fayetteville, Arkansas, Dec. 8, 2005. Available
http//csce.uark.edu/drt/rfid
23Contact Information
- Dale R. Thompson, Ph.D., P.E.
- Associate Professor
- Computer Science and Computer Engineering Dept.
- University of Arkansas
- 311 Engineering Hall
- Fayetteville, Arkansas 72701
- Phone 1 (479) 575-5090
- FAX 1 (479) 575-5339
- E-mail d.r.thompson_at_ieee.org
- WWW http//csce.uark.edu/drt/