RFID Security and Privacy: A Research Survey - PowerPoint PPT Presentation

View by Category
About This Presentation

RFID Security and Privacy: A Research Survey


Title: RFID Security and Privacy: A Research Survey Author: Carlos Lopez Last modified by: fei Created Date: 4/23/2008 6:41:36 PM Document presentation format – PowerPoint PPT presentation

Number of Views:165
Avg rating:3.0/5.0
Slides: 28
Provided by: Carlos690
Learn more at: http://feihu.eng.ua.edu


Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: RFID Security and Privacy: A Research Survey

RFID Security and Privacy A Research Survey
  • Written by Ari Juels
  • Presented by Carlos A. Lopez

  1. Introduction
  2. Basic RFID Tags
  3. Symetric-Key Tags
  4. RFID News

  • RFID Is a technology for automated
    identification of objetcs and people
  • RFID devices are called RFID Tags
  • Small Microchip (Itachi Mu-chip 0.002x0.002in)
  • Transmit data over the air
  • Responds to interrogation
  • Possible successor of barcodes
  • EPCGlobal Inc Oversees the development of

RFID Overview
Credit Card 8163 3534 9234 9876
Radio signal (contactless) Range from 3-5 inches
to 3 yards
Tags (transponders) Attached to objects, call
out identifying data on a special radio frequency
Reader (transceiver) Reads data off the
tags without direct contact
Database Matches tag IDs to physical objects
Reading Tags
  • The read process starts when an RFID reader sends
    out a query message
  • Invites all tags within range to respond
  • More than one RFID tag may respond at the same
  • This causes a collision
  • Reader cannot accurately read information from
    more than one tag at a time
  • Reader must engage in a special singulation
    protocol to talk to each tag separately

Barcode Replacement
  • Unique Identification
  • Type of Object Vs. Unique among millions
  • Act as a pointer to a database
  • Automation
  • Optically scanned
  • Line-of-sight
  • Contact with readers
  • Careful physical position
  • Requires human intervention

RFID Standards
  • Some standards that have been made regarding RFID
    technology include
  • ISO 14223/1 RFID of Animals, advanced
  • ISO 14443 HF (13.56 MHz) RFID-enabled passports
    under ICAO 9303.
  • ISO 15693 HF (13.56 MHz) used for non-contact
    smart payment and credit cards
  • ISO/IEC 18000 - 7 different Parts
  • ISO 18185 "e-seals" for tracking cargo
    containers using the 433 MHz and 2.4 GHz
  • EPCglobal - Most likely to undergo International
    Standardization according to ISO rules as with
    all sound standards in the world.

Tag Types
  • Passive
  • All power comes from a readers signal
  • Tags are inactive unless a reader activates them
  • Cheaper and smaller, but shorter range
  • Semi-passive
  • On-board battery, but cannot initiate
  • Can serve as sensors, collect information from
    environment for example, smart dust for
    military applications
  • Active
  • On-board battery power
  • Can record sensor readings or perform
    calculations in the absence of a reader
  • Longer read range

LF HF UHF Microwave
Freq. Range 125 - 134KHz 13.56 MHz 866 - 915MHz 2.45 - 5.8 GHz
Read Range 10 cm 1M 2-7 M 1M
Application Smart Cards, Ticketing, animal tagging, Access Control Small item management, supply chain, Anti-theft, library, transportation Transportation vehicle ID, Access/Security, large item management, supply chain Transportation vehicle ID (tolls), Access/Security, large item management, supply chain
  • Supply-chain management
  • logistics, inventory control, retail check-out
  • Payment systems
  • ExxonMobil SpeedPass
  • I-Pass/EZ-Pas/Smart Tag toll systems
  • Credit Cards
  • Access Control
  • Passports
  • Library books
  • Hospital and Health Centers
  • Money - Yen and Euro banknoter anti-counterfeiting
  • Animal Tracking - and Human???

The consumer privacy problem
Heres Mr. BOB in 2015
the tracking problem
Wig serial A817TS8
  • Mr. Bob pays with a credit card - his RFID tags
    now linked to his identity determines level of
    customer service
  • Mr. Bob attends a political rally - law
    enforcement scans his RFID tags
  • Mr. Jones wins Award - physically tracked by
    paparazzi via RFID
  • Read ranges of a tag
  • Nominal Range Range intend to operate
  • Rogue Scanning Range Powerful antenna amplifies
    the read range
  • Tag-To-Reader Eavesdropping range A second
    reader can monitor the resulting tag emission
  • Reader-to-Tag eavesdropping range - Sometimes
    the reder send information with a greater power
    than the tags.

and the authentication problem
Wig serial A817TS8
  • Privacy Misbehaving readers harvesting
    information from well-behaving tags
  • Authentication Well-behaving readers harvesting
    information from misbehaving tags, particularly
    counterfeit ones

Basic RFID tags Vs. Symmetric Key tags
  • Cannot
  • Execute standards cryptographic operations
  • Strong Pseudorandom number generation
  • Hashing
  • Low-cost tags
  • EPC tags
  • Used in most gates

  • Killing and Sleeping
  • Re-naming approach
  • Relabeling
  • Minimalist cryptography
  • Encryption
  • The proxy approach
  • Watchdog Tag
  • RFID Guardian
  • Distance Measurement
  • Blocking
  • Soft-blocking
  • Trusted Computing

Returning to basic issue of privacy Kill codes
  • EPC tags have a kill function
  • On receiving password, tag self-destructs
  • Tag is permanently inoperative
  • No post-purchase benefits
  • Developed for EPC to protect consumers after
    point of sale
  • Dead tags tell no tales
  • Privacy is preserve
  • Why not sleep them?
  • Would be difficult to manage in practice Users
    might have to manage her PIN for her tags

Privacy (Cont 2)
  • Re-naming approach
  • Even if the tag has no intrinsic meaning it can
    still enable tracking (Solution Change over
  • Relabeling
  • Consumer are equipped to re-label tags with new
    identifier, but able to reactive old information
  • Minimalist cryptography
  • Change names each time is interrogated
  • Encryption
  • Re-Encryption
  • Public Key cryptosystem
  • Periodically re-encrypted by law enforcement
  • Universal Re-encryption

Privacy (Cont 3)
  • The proxy approach
  • Watchdog Tag
  • RFID Guardian

So what might solve our problems?
  • Higher-powered intermediaries like mobile phones
  • RFID Guardian and RFID REP (RFID Enhancer Proxy)

Privacy (Cont 4)
  • Distance Measurement
  • Distance as a measure of trust
  • A tag might release general information Im
    attached to a bottle of water when scanned at a
    distance, but release more specific information,
    like unique identifier at a close range.

Privacy (Cont 5)
  • Blocking
  • Scheme depends on the incorporation of a
    modifiable bit called a privacy bit
  • It uses a blocking tag which prevents unwanted
    scanning of tag on a private zone
  • Soft-blocking -On the reader Do not scan tags
    whose privacy is on
  • Trusted Computing

  • ECP tags Class-1 Gen-2 have no explicit
    anti-counterfeiting features
  • Yoking Is a protocol that provides cryptographic
    proof that 2 tags have been scanned
    simultaneously to try to solve that the reader
    actually reads what is trying to scan.

Symmetric-Key Tags (capable of computing
symmetric key)
  • Cloning
  • With a simple challenge-response protocol a tag
    T, can authenticate itself to a reader that
    shares the key Ki
  • The tag transmit Ti
  • The reader generates a random bit string R
  • The tag computes Hh(Ki,R) and transmits H
  • The reader verifies H h(Ki,R)
  • Digital Signature Transponders ( created by Texas
    Instrument and used by Speedpass)
  • Based on the secrecy of the algorithm Security
    through obscurity was crack by student at Johns
  • Reverse-Engineering
  • Key cracking
  • Simulation
  • Reverse - Engineering and side channels
  • Relay Attacks
  • Man-in-the-middle attacks can bypass any
    cryptographic protocol

  • Symmetric-Key Management Problem
  • Leads to a paradox
  • A tag identifies itself before authenticating the
  • The tag emits it identifier Ti
  • So the reader can learn the identity of the tag
  • Privacy unachievable
  • Tag emits where P is a input
  • Once receiving E, the reader searches all the
    spaces of tags keys, trying to decrypt E under
    every key K until its obtains P (The reader has
    all the tags key on it)

  • Literature
  • Tree approach
  • Proposed approach where a tag contains more than
    one symmetric key in a hierarchical structure
    define by a tree S.
  • Every node has a unique key
  • Each tag is assigned to a unique leaf
  • It contains the key defined by the path from the
    root S to the leaf
  • Can be useful for
  • A tag holder can transfer ownership of an RFID
    tag to another party, while history remains
  • A centralized authority with full tag information
    can provision readers to scan particular tags
    over limited windows time
  • Synchronization approach
  • Symmetric-key primitive
  • The European network for excellence in
    cryptographic is evaluating 21 candidates stream

So what might solve our problems?
  • Cryptography!
  • Urgent need for cheaper hardware for primitives
    and better side-channel defenses
  • Some of talk really in outer limits, but basic
    caveats are important
  • Pressure to build a smaller, cheaper tags without
  • RFID tags are close and personal, giving privacy
    a special dimension
  • RFID tags change ownership frequently
  • Key management will be a major problem
  • Think for a moment after this talk about
    distribution of kill passwords
  • Are you ready for the Verichip?

  • RFID Passports cracked - http//blog.wired.com/ste
  • Can Aluminum Shield RFID Chips? -
  • RFID chips can carry viruses - http//arstechnica.
  • Nightclub allows entry by RFID -
  • Demo Cloning a Verichip - http//cq.cx/verichip.p
About PowerShow.com