Randomized PRF Tree Walking Algorithm for Secure RFID

1
Randomized PRF Tree Walking Algorithm for Secure
RFID
Leonid Bolotnyy and Gabriel Robins Department
of Computer ScienceUniversity of Virginia
lb9xk_at_cs.virginia.edu, robins_at_cs.virginia.edu
2
Talk Outline

• Identification Problem
• Secure Binary-Tree Walking Algorithm
• Reader-tag Authentication Problem
• Multi-tag RFID Systems

3
Identification Problem
4
Secure Identification Problem
5
Passive vs. Active Adversary
Backward Range
Forward Range
6
Secure Binary-Tree Walking
R. Rivest, S. Weis, EPCglobal, Inc.

1. Each tag generates a random number
2. Reader tree-walks these random numbers
3. Selected tag transmits its real-ID

7
Algorithm Analysis
Major questions about the algorithm 1. How to
deal with collisions on real-IDs? 2. How to
choose optimal random number length? 3. How to
choose the threshold?
n number of tags, m random number length
Number of tags per random number will have a
Poisson distribution
(Expected number of random IDs with k tags)
(Expected total number of colliding tags)
(Cost function)
where t is the smallest exponent for which
8
Optimal random number length
Use average n over many traverse runs
9
Determining threshold
Pr
tags match in threshold number of bits
For n 2000, after about 11 bits, we expect
zero, one, or two bits per branch Still have a
long way to finish traversing the tree Costly
over all branches if we traverse every branch to
the end
Start the threshold at 2 Increase threshold by 1
if collision occurs Decrease threshold by 1 if
over the entire traverse no collisions occurred
10
Randomized PRF Tree Walking Algorithm

• Goal Efficiently solve reader-tag authentication
• problem in the presence of many tags

Steps of the algorithm 1. Each tag generates a
random number, and the reader performs a
tree-walk on these numbers 2. Once a tag is
selected, the reader and the tag engage in a
tree-waking private authentication protocol 3.
The reader moves the tag to a different position
in a tree.
11
Binary Tree of Secrets
D. Molnar and D. Wagner Privacy and Security in
Library RFID Issues, Practices, and Architecture
12
Step 1
Each tag generates a random number, and the
reader performs a tree-walk on these numbers
13
Step 2
Once a tag is selected, the reader and the tag
engage in a tree-waking private
authentication protocol
14
Step 3
The reader moves the tag to a different position
in a tree
15
Properties of the Algorithm

• Allows on-line addition and removal of tags
• Provides security against active eavesdroppers
• Offers security against foreign readers
• Enables dynamic tradeoff between security,
• privacy and singulation time
• Effective against active attacks
• stealing a tag
• tracking and hotlisting
• Requires a tag to be equipped with
• pseudo-random function, XOR unit
• random number generator
• writable memory

16
Space and Time Complexity Evolution
17
Random Number Generator
Will Ware http//willware.net/hw-rng.html
The voltage signal is amplified, disturbed,
stretched, and sampled, resulting in random bits.
18
New Idea Multi-Tags
Attach more than one tag to an object

• Redundant Tags
• Dual-Tags
• Own Memory Only
• Shared Memory Only
• Own and Shared Memory
• Triple-Tags
• n-Tags

19
Benefits of Multi-Tag Systems
New applications

• Increased expected voltage on a tag
• Increased expected communication range
• Increased availability
• Increased memory
• Increased reliability
• Increased durability
• Enhanced security

20
Our Current and Future Work
Find New and Improve Existing Algorithms
A. Juels, S. Weis
Authentication algorithms with human protocols
D. Molnar, D. Wagner
Tag identification with delegation, ownership
transfer
A. Juels
Efficient cloning-resistant identification
algorithms
New and emerging problems
Lets Collaborate!