MIXNET for Radio Frequency Identification Jaanus Uudmae, Harshitha Sunkara, Dale R. Thompson, Sean Bruce, and Jayamadhuri Penumarthi

1
MIXNET for Radio Frequency IdentificationJaanus
Uudmae, Harshitha Sunkara, Dale R. Thompson, Sean
Bruce, and Jayamadhuri Penumarthi

• Dale R. Thompson, Ph.D., P.E.
• Associate Professor
• Computer Science and Computer Engineering Dept.
• University of Arkansas

2
Related Activities

• Member of GS1 EPCglobal Hardware Action Group
  Product Data Protection ad hoc Committee (Dec.
  2006 present)
• Affiliated with University of Arkansas RFID
  Research Center (http//itri.uark.edu/rfid/)
  (Feb. 2005 present)
• Lightweight Authentication for RFID (Aug. 2006
  present)
• Categorizing RFID Privacy Threats with STRIDE
  (July 2006)
• Taught RFID Communications class (May June
  2006)
• RFID Security Threat Model (Mar. 2006)
• Brute Force Attack of EPCglobal UHF Class-1
  Generation-2 RFID Tag (Jan. May 2006)
• Attack Graphs for EPCglobal RFID (Jan. May
  2006)
• MIXNET Using Universal Re-encryption for Radio
  Frequency Identification (RFID) (Aug. 2005 Dec.
  2006)
• RFID Technical Tutorial and Threat Modeling
  Project (Jun. Dec. 2005)

3
University of Arkansas RFID Research Center

• Fully student staffed with 24 industry members,
  which recently became the first open laboratory
  to be accredited by EPCglobal Inc.

4
What is RFID?

• Stands for Radio Frequency Identification
• Uses radio waves for identification
• New frontier in the field of information
  technology
• One form of Automatic Identification
• Provides unique identification or serial number
  of an object (pallets, cases, items, animals,
  humans)

5
RFID system
6
RFID reader

• Also known an interrogator
• Reader powers passive tags with RF energy
• Can be handheld or stationary
• Consists of
• Transceiver
• Antenna
• Microprocessor
• Network interface

Antenna
Reader
7
RFID tags

• Tag is a device used to transmit information such
  as a serial number to the reader in a contact
  less manner
• Classified as
• Passive energy from reader
• Active - battery
• Semi-passive battery and energy from reader

8
UHF passive tag
9
Supply Chain Management

• RFID adds visibility as the items flow through
  the supply chain from the manufacturer, shippers,
  distributors, and retailers.
• The added visibility can identify bottlenecks and
  save money.
• Wal-Mart requested in June 2003 that their top
  100 suppliers use RFID at the pallet and case
  level by January 2005.

10
Electronic Product Code (EPC) 96-bit Version
Version EPC Manager (Manufacturer) Object Class (Product) Serial Number
8 bits 28 bits 24 bits 36 bits

• Every product has unique identifier
• 96 bits can uniquely label all products for the
  next 1,000 years
• 296 79,228,162,514,264,337,593,543,950,336

11
Physical Tracking
12
(No Transcript)
13
MIXNET using Universal Re-encryption

• ElGamal
• A conventional cryptosystem, permits
  re-encryption if the public key is known at each
  MIXNET
• Ciphertext C represents re-encryption of C if
  both decrypt to the same plaintext.
• Privacy is because the ciphertext pair (C, C) is
  
• indistinguishable from (C, R) for a random
  cipher R.
• The tag pseudonym, a false name for the original
  identity is re-encrypted each time it passes a
  MIXNET.

14
ElGamal

• Key Generation
• Alice
• A random prime p, generator element g and private
  key x.
• Generate public key
• Publicize (p, g, y) and x as the private key.
• Encryption
• Bob
• Chooses random k to send message m and computes a
  ciphertext pair
• (c1, c2)
• and
• Decryption
• To decrypt ciphertext (c1, c2), Alice computes

15
Universal Re-encryption

• Re-encrypts the ciphertext without the knowledge
  of the public key using a random encryption
  factor.
• Re-encryption is based on a homomorphic property,
• Allows external anonymity which provides total
  privacy protection for data being transmitted
• Encrypts under the public key and random
  encryption factor
• Appends an identity element to the ciphertext
  encrypted based on ElGamal.
• First decrypts the identity element to confirm
  the intended message.

16
Universal Re-encryption Example

• P 23, g 19, x 17
• Y 19 17 mod 23 21
• Publicize ( y, g) (21, 19)
• m 20 , random encryption factor
• Encryption
• 
  (20,2),(7,19)
• Decryption

17
Universal Re-encryption Example

• Re-encryption
• Input
• Random re-encryption factor
  
• Ciphertext
  
• (3,21), (19,21)
• To Verify decryption of
• 
  (Plaintext)
• 
  
  
  
  

18
(No Transcript)
19
(No Transcript)
20
(No Transcript)
21
Future Work

• Extend simulation to a system of security agents
• Add MIXNET agent to open source TagCentric
• Implement MIXNET on a reader
• Implement traditional MIXNET between readers and
  databases to hide location of tags from the
  database

22
RFID-related publications

• M. Byers, A. Lofton, A. K. Vangari-Balraj, and D.
  R. Thompson, Brute force attack of EPCglobal UHF
  class-1 generation-2 RFID tag, in Proc. IEEE
  Region 5 Technical Conf., Fayetteville, Arkansas,
  April 20-21, 2007, to appear.
• S. C. G. Periaswamy, S. Bharath, M. Chagarlamudi,
  S. Estes, D. R. Thompson, Attack graphs for
  EPCglobal RFID, in Proc. IEEE Region 5 Technical
  Conf., Fayetteville, Arkansas, April 20-21, 2007,
  to appear.
• J. Uudmae, H. Sunkara, D. R. Thompson, S. Bruce,
  and J. Penumarthi, MIXNET for radio frequency
  identification, in Proc. IEEE Region 5 Technical
  Conf., Fayetteville, Arkansas, April 20-21, 2007,
  to appear.
• D. R. Thompson, J. Di, H. Sunkara, and C.
  Thompson, Categorizing RFID privacy threats with
  STRIDE, in Proc. ACM Symposium on Usable Privacy
  and Security (SOUPS), Carnegie Mellon University,
  Pittsburgh, Pennsylvania, July 12-14, 2006.
• D. R. Thompson, RFID technical tutorial, The
  Journal of Computing Sciences in Colleges, vol.
  21, no. 5, pp. 8-9, May, 2006.
• D. R. Thompson, N. Chaudhry, and C. W. Thompson,
  RFID security threat model, in Proc. Acxiom
  Laboratory for Applied Research (ALAR) Conf. on
  Applied Research in Information Technology,
  Conway, Arkansas, Mar. 3, 2006.
• N. Chaudhry, D. R. Thompson, and C. Thompson,
  RFID Technical Tutorial and Threat Modeling, ver.
  1.0, tech. report, Dept. of Computer Science and
  Computer Engineering, University of Arkansas,
  Fayetteville, Arkansas, Dec. 8, 2005. Available
  http//csce.uark.edu/drt/rfid

23
Contact Information

• Dale R. Thompson, Ph.D., P.E.
• Associate Professor
• Computer Science and Computer Engineering Dept.
• University of Arkansas
• 311 Engineering Hall
• Fayetteville, Arkansas 72701
• Phone 1 (479) 575-5090
• FAX 1 (479) 575-5339
• E-mail d.r.thompson_at_ieee.org
• WWW http//csce.uark.edu/drt/