matching electronic fingerprints of rfid tags using the hotelling’s algorithm
DESCRIPTION
Matching Electronic Fingerprints of RFID Tags Using the Hotelling’s Algorithm. Presented to: IEEE Sensors Applications Symposium, Feb. 17, 2009. Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Computer Science and Computer Engineering Dept. University of Arkansas. - PowerPoint PPT PresentationTRANSCRIPT
Nurbek Saparkhojayev and Dale R. Thompson, Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Ph.D., P.E.
Computer Science and Computer Engineering Computer Science and Computer Engineering Dept.Dept.
University of ArkansasUniversity of Arkansas
Matching Electronic Fingerprints Matching Electronic Fingerprints of RFID Tags Using the of RFID Tags Using the Hotelling’s AlgorithmHotelling’s Algorithm
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 11
This material is based upon work supported by the National Science Foundation, Cyber Trust area, under Grant No. CNS-0716578.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science
Foundation.
Presented to: IEEE Sensors Applications Symposium, Feb. 17, 2009
ProblemProblem
Counterfeiting travel documents such Counterfeiting travel documents such as ePassport, DHS PASS card, and as ePassport, DHS PASS card, and future drivers licensesfuture drivers licenses
Travel documents contain radio Travel documents contain radio frequency identification (RFID) tagsfrequency identification (RFID) tags
http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 22D. R. ThompsonD. R. Thompson
Threats to RFID tagsThreats to RFID tags
Cloning the tagCloning the tag– Copy contents of tag to another tagCopy contents of tag to another tag
Side-channel (non-invasive) attacksSide-channel (non-invasive) attacks– Monitor certain external parameters such as Monitor certain external parameters such as
power consumption, timing delay, or power consumption, timing delay, or electromagnetic emissionelectromagnetic emission
– Inject noise/faults to the target to cause Inject noise/faults to the target to cause irregular behaviorsirregular behaviors
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 33
Tag Counterfeiting/CloningTag Counterfeiting/Cloning(Spoofing Identity)(Spoofing Identity)
http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 44D. R. ThompsonD. R. Thompson
Manipulating Data on Manipulating Data on PassportPassport
The Hacker’s Choice (Oct. 2, The Hacker’s Choice (Oct. 2, 2008)2008)– Copied passportCopied passport– Replaced picture with Replaced picture with
Elvis’s pictureElvis’s picture– Turned off active Turned off active
verificationverification– Tested on boarding pass Tested on boarding pass
machinemachine– http://freeworld.thc.org/thc-http://freeworld.thc.org/thc-
epassport/epassport/– http://www.youtube.com/http://www.youtube.com/
watch?v=4HngStyEm4swatch?v=4HngStyEm4s Used Jeroen van Beek method Used Jeroen van Beek method
presented at Black Hat presented at Black Hat conferenceconference
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 55
Counterfeiting MitigationCounterfeiting Mitigation
Tag authentication using Tag authentication using cryptographycryptography– Store secrets on the tag that can be Store secrets on the tag that can be
verifiedverified– Secret keys, symmetric key and public Secret keys, symmetric key and public
key cryptographykey cryptography Physical unclonable functions (PUFs)Physical unclonable functions (PUFs) Electronic fingerprint (E-Fingerprint)Electronic fingerprint (E-Fingerprint)
http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 66D. R. ThompsonD. R. Thompson
ObjectiveObjective
Prevent counterfeiting of RFID tagsPrevent counterfeiting of RFID tags– Methods for creating electronic Methods for creating electronic
fingerprint based on physical fingerprint based on physical characteristics of tagcharacteristics of tag
– Digital integrated circuit (IC) design Digital integrated circuit (IC) design methodology that mitigates power- and methodology that mitigates power- and timing-based side-channel attackstiming-based side-channel attacks
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 77
ApproachApproach Electronic fingerprint
(e-fingerprint)– Authentication
becomes a function of what the device “is” in addition to a secret it “knows.”
Digital integrated circuit Digital integrated circuit (IC) design methodology (IC) design methodology that mitigates power- that mitigates power- and timing-based side-and timing-based side-channel attackschannel attacks
http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 88D. R. ThompsonD. R. Thompson
Two-layer securityTwo-layer security Authentication becomes a function of what the
device “is” in addition to a secret it “knows.” Two-layers
– Cryptography– Electronic fingerprint (E-fingerprint)
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 99
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 1010
Communication between Communication between reader and tagreader and tag
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 1111
Tag
FeaturesFeatures
Minimum power response at Minimum power response at multiple frequencies (MPRMF)multiple frequencies (MPRMF)
TimingTimingFrequencyFrequencyPhasePhaseTransientsTransients
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 1212
Minimum power response Minimum power response measured at multiple measured at multiple
frequenciesfrequencies
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 1313
What will the fingerprint What will the fingerprint look like?look like?
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 1414
FAR and FRRFAR and FRR
False acceptance rate (FAR)False acceptance rate (FAR)
Probability that a false Probability that a false identity claim will be identity claim will be acceptedaccepted
Type II errorType II error Like biometrics, Like biometrics,
most serious type most serious type of errorof error
False rejection rate (FRR)False rejection rate (FRR)
Probability that a true Probability that a true identity claim is falsely identity claim is falsely rejectedrejected
Type I errorType I error
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 1515
Hotelling’s Two-sample T^2 Hotelling’s Two-sample T^2 AlgorithmAlgorithm
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 1616
Create synthetic tag Create synthetic tag fingerprintsfingerprints
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 1717
ParametersParameters
p = 4 = number of featuresp = 4 = number of features n1 = n2 = 20 = number of samplesn1 = n2 = 20 = number of samples alpha = 0.025 (95% confidence level)alpha = 0.025 (95% confidence level) If T^2 > 13.81, assume fingerprints If T^2 > 13.81, assume fingerprints
are differentare different
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 1818
Case 1: Compare fingerprint of tag 0 with all Case 1: Compare fingerprint of tag 0 with all other fingerprints at varying noise levels other fingerprints at varying noise levels
(mean = 0)(mean = 0)
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 1919
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 2020
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 2121
Case 2: A single tag fingerprint with std. Case 2: A single tag fingerprint with std. dev. 1.50 compared against itself at noise dev. 1.50 compared against itself at noise
levels with different meanslevels with different means
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 2222
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 2323
ConclusionsConclusions
Hotelling’s performs well across a Hotelling’s performs well across a large range of standard deviations IF large range of standard deviations IF the noise has zero meanthe noise has zero mean
Modest computationsModest computations
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 2424
Future WorkFuture Work
Apply the algorithm to the measured Apply the algorithm to the measured features instead of the synthetic features instead of the synthetic featuresfeatures
Apply the algorithm across a much Apply the algorithm across a much larger set of parameterslarger set of parameters
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 2525
Contact InformationContact Information
Dale R. Thompson, Ph.D., P.E.Dale R. Thompson, Ph.D., P.E.Associate ProfessorAssociate ProfessorComputer Science and Computer Engineering Dept.Computer Science and Computer Engineering Dept.JBHT – CSCE 504JBHT – CSCE 5041 University of Arkansas1 University of ArkansasFayetteville, Arkansas 72701-1201Fayetteville, Arkansas 72701-1201
Phone: +1 (479) 575-5090Phone: +1 (479) 575-5090FAX: +1 (479) 575-5339FAX: +1 (479) 575-5339E-mail: [email protected]: [email protected]: http://comp.uark.edu/~drt/WWW: http://comp.uark.edu/~drt/
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 2626