Title: Randomized PRF Tree Walking Algorithm for Secure RFID
1Randomized PRF Tree Walking Algorithm for Secure
RFID
Leonid Bolotnyy and Gabriel Robins Department
of Computer ScienceUniversity of Virginia
lb9xk_at_cs.virginia.edu, robins_at_cs.virginia.edu
2Talk Outline
- Identification Problem
- Secure Binary-Tree Walking Algorithm
- Reader-tag Authentication Problem
- Multi-tag RFID Systems
3Identification Problem
4Secure Identification Problem
5Passive vs. Active Adversary
Backward Range
Forward Range
6Secure Binary-Tree Walking
R. Rivest, S. Weis, EPCglobal, Inc.
- Each tag generates a random number
- Reader tree-walks these random numbers
- Selected tag transmits its real-ID
7Algorithm Analysis
Major questions about the algorithm 1. How to
deal with collisions on real-IDs? 2. How to
choose optimal random number length? 3. How to
choose the threshold?
n number of tags, m random number length
Number of tags per random number will have a
Poisson distribution
(Expected number of random IDs with k tags)
(Expected total number of colliding tags)
(Cost function)
where t is the smallest exponent for which
8Optimal random number length
Use average n over many traverse runs
9Determining threshold
Pr
tags match in threshold number of bits
For n 2000, after about 11 bits, we expect
zero, one, or two bits per branch Still have a
long way to finish traversing the tree Costly
over all branches if we traverse every branch to
the end
Start the threshold at 2 Increase threshold by 1
if collision occurs Decrease threshold by 1 if
over the entire traverse no collisions occurred
10Randomized PRF Tree Walking Algorithm
- Goal Efficiently solve reader-tag authentication
- problem in the presence of many tags
Steps of the algorithm 1. Each tag generates a
random number, and the reader performs a
tree-walk on these numbers 2. Once a tag is
selected, the reader and the tag engage in a
tree-waking private authentication protocol 3.
The reader moves the tag to a different position
in a tree.
11Binary Tree of Secrets
D. Molnar and D. Wagner Privacy and Security in
Library RFID Issues, Practices, and Architecture
12Step 1
Each tag generates a random number, and the
reader performs a tree-walk on these numbers
13Step 2
Once a tag is selected, the reader and the tag
engage in a tree-waking private
authentication protocol
14Step 3
The reader moves the tag to a different position
in a tree
15Properties of the Algorithm
- Allows on-line addition and removal of tags
- Provides security against active eavesdroppers
- Offers security against foreign readers
- Enables dynamic tradeoff between security,
- privacy and singulation time
- Effective against active attacks
- stealing a tag
- tracking and hotlisting
- Requires a tag to be equipped with
- pseudo-random function, XOR unit
- random number generator
- writable memory
16Space and Time Complexity Evolution
17Random Number Generator
Will Ware http//willware.net/hw-rng.html
The voltage signal is amplified, disturbed,
stretched, and sampled, resulting in random bits.
18New Idea Multi-Tags
Attach more than one tag to an object
- Redundant Tags
- Dual-Tags
- Own Memory Only
- Shared Memory Only
- Own and Shared Memory
- Triple-Tags
- n-Tags
19Benefits of Multi-Tag Systems
New applications
- Increased expected voltage on a tag
- Increased expected communication range
- Increased availability
- Increased memory
- Increased reliability
- Increased durability
- Enhanced security
20Our Current and Future Work
Find New and Improve Existing Algorithms
A. Juels, S. Weis
Authentication algorithms with human protocols
D. Molnar, D. Wagner
Tag identification with delegation, ownership
transfer
A. Juels
Efficient cloning-resistant identification
algorithms
New and emerging problems
Lets Collaborate!