on mitigating covert channels in rfid-enabled supply chains
DESCRIPTION
School of Engineering and Applied Science Department of Computer Science University of Virginia, Charlottesville Virginia, USA Web: www.cs.virginia.edu. On Mitigating Covert Channels in RFID-Enabled Supply Chains. Kirti Chawla, Gabriel Robins, and Westley Weimer - PowerPoint PPT PresentationTRANSCRIPT
On Mitigating Covert Channels in RFID-Enabled Supply Chains
Kirti Chawla, Gabriel Robins, and Westley Weimer
{kirti, robins, weimer}@cs.virginia.edu
School of Engineering and Applied ScienceDepartment of Computer Science
University of Virginia, CharlottesvilleVirginia, USA
Web: www.cs.virginia.edu
This work is supported by U.S. National Science Foundation (NSF) grant: CNS-0716635 (PI: Gabriel Robins)
For more details, visit: www.cs.virginia.edu\robins
RFID Technology Overview
01 / 21
RFID Technolo
gy
Parameters
Some Applications
Components
Tag/Transponder
Reader
Backend System
Frequency
Form Factor
Type
Aerospace
Chip Timing
Supply Chain
Motivating Example – Supply Chains
02 / 21
Factory
Warehouse
Store
Raw Materials
YOU
A Supply Chain
Reduce Cost
Enhance Competitiveness
Motivating Example – Supply Chains
03 / 21
Target Supply Chain
Adversary Supply Chain
Market
Passive Competitiveness
Active Competitiveness
How ?
Supply Chain Attacks – Tag Tracking
04 / 21
Adversary Supply Chain
Tracked tag serves dual-purpose and is a source of covert channel
Supply Chain Attacks – Tag Duplication
05 / 21
Injected duplicated tag as source of covert channel
Supply Chain Attacks – Tag Modification
06 / 21
Injected modified tag as source of covert channel
M
Supply Chain Attacks – Tag Modification
07 / 21
Writeable banks conceal information
Access Password
Kill Password
USER
TID
EPC
RESERVED
CRC-16
PC
EPC Number
XPC
ISO/IEC 15963 Class Identifier
Tag Capability
User Specific Data
EPC Length
UMI
XPC_W1I
NSI
TB
AFIVendor Specific Data
Memory Layout of the RFID Tag
EPC Compliant RFID Tag
#
Supply Chain Attacks – Reader Compromise
08 / 21
C
C
Compromised readers as source of covert channel
M
Evaluation I – Implications(1)
09 / 21
Pre-attack Scenario Post-attack scenario
Brand Loyalty Switch
Attacks subtly persuading consumers to switch brands
Evaluation I – Implications(2)
10 / 21
Brand Aversion
Attacks subtly persuading retailers to prefer brands
Pre-attack Scenario Post-attack scenario
Mitigating Approach – Model of Supply Chain
11 / 21
Supply Chain
Purchase Phase
Production Phase
Distribution Phase
1. Item flow = tag flow2. Multiple Phases3. Flow verification
A
P
Q
R
Purchase Phase: GUP
Production Phase: GPP
Distribution Phase: GDP
Mitigating Approach – Model of Supply Chain
12 / 21
1. Item flow = tag flow2. Multiple Phases3. Flow verification
Global Source Global Sink
Phase Sink
Phase Source
C(Q, R) > 0
C(P, Q) = 0
C2
C1
NMOF(A) = max(C1, C2)
C: E +
Mitigating Approach – Taint Checkpoints
13 / 21
GUPGPP GDP
1. Item flow = tag flow2. Multiple Phases3. Flow verification
Taint Checkpoint
Supply Chain Flow Graph: G = GUP GPP GDP
How ?
Mitigating Approach – Taint Check Cover
14 / 21
GD
Given a graph G and no. of taint checkpoints T, determine the existence of taint check cover: TCC G, T
GU
Polynomial Time ReductionVC P TCC
Taint Check Cover
Vertex Cover
NP-Complete
TCC NP
Mitigating Approach – Heuristics(1)
15 / 21
GD
Use approximate algorithm of VC for TCC
From the set of edges E, pick an arbitrary edge , save its endpoints and remove all edges from E that are covered by those endpoints
Time complexity: O(V+E)
Solution size: 2OPT
Mitigating Approach – Heuristics(2)
16 / 21
Use cuts to partition graph
GUP
GPPGDP
1. Cuts based on topology2. Cuts based on flow
properties3. Random cuts
Algorithm dependent time-complexity
Solution size: OPT to |V|
Mitigating Approach – Heuristics(3)
17 / 21
GUP
GPPGDP
Use underlying business requirements
1. No. of taint checkpoints2. Coverage Vs Efficiency
Tradeoff
(1) TNR = |VT| |V|
(2) CER =
TNR, CER +, |V| 0
Algorithm dependent time-complexity
Solution size: OPT to |V|
Mitigating Approach – Local Verification Algorithm
18 / 21
GUPGPP GDP
Verifying flow locally at every taint checkpoints
1. Check flag enables check for duplicate tags
2. Tag data verification enables check for modified tags
Mitigating Approach – Global Verification Algorithm
19 / 21
GUPGPP GDP
Verifying flow globally along a path or at central site
Heuristics combined with global verification enables check for compromised readers
Evaluation II – Cost
20 / 21
Local verification time cost as a function of no. of taint
checkpoints
Cost of solution
Local, and global (with constant and variable link cost)
verification time cost as a function of no. of taint
checkpoints
1. Supply Chain flow graph nodes = 20002. No. of taint checkpoints = 10 to 10003. Workload = 100 items per case 1000 cases
per time interval
Countermeasures to Covert Channels
21 / 21
Suggested Countermeasures
Re-encryptionPseudonyms Direct mitigation PUFPasswords
References Hokey Min and Gengui Zhou, Supply Chain Modeling: Past, Present and Future,
Journal of Computer and Industrial Engineering, Elsevier Science Direct, Volume 43, Issue 1-2, pp. 231-249, July 2002.
Rebecca Angeles, RFID Technologies: Supply-Chain Applications and Implementation Issues, Information Systems Management, 22:1, pp. 51-65, 2005.
David Molnar, Andrea Soppera and David Wagner, A Scalable, Delegatable Pseudonym Protocol Enabling Ownership Transfer of RFID Tags, Selected Areas in Cryptography, Ontario, Canada, 2005.
Daniel V. Bailey, Dan Boneh, Eu-Jin Goh and Ari Juels, Covert Channels in Privacy-Preserving Identification Systems, 14th ACM International Conference on Computer and Communication Security, Alexandria, Virginia, pp. 297-306, 2007.
Simson L. Garfinkel, Ari Juels and Ravi Pappu, RFID Privacy: An Overview of Problems and proposed Solutions, IEEE Security and Privacy, Volume 3, Issue 3, pp. 34-43, May 2005.
Aikaterini Mitrokotsa, Melanie R. Rieback and Andrew S. Tanenbaum, Classification of RFID Attacks, International Workshop on RFID Technology, Barcelona, Spain, pp. 73-86, June 2008.
Melanie R. Rieback, Bruno Crispo and Andrew S. Tanenbaum, RFID Guardian: A Battery-Powered Mobile Device for RFID Privacy Management, Lecture Notes in Computer Science, Springer, Volume 3574, pp. 184-194, July 2005.
Ira S. Moskowitz and Myong H. Kang, Covert Channels - Here to Stay, In 9th IEEE International Conference on Computer Assurance, pp. 235-243, July 1994.
Leonid Bolotnyy and Gabriel Robins, Physically Unclonable Function-Based Security and Privacy in RFID System, 5th International Conference on Pervasive Computing and Communications, New York, USA, pp. 211-128, March 2007.
Thomas H. Cormen, Charles E. Leiserson, Ronald L. Rivest and Clifford Stein, Introduction to Algorithms – Third Edition, MIT Press, Cambridge, 2009.
EPCGlobal, UHF C1 G2 Air Interface Protocol Standard, http://www.epcglobalinc.org/standards/uhfc1g2/uhfc1g2_1_1_0-standard-20071017.pdf
EPCGlobal, Tag Data Standards Version 1.4, Revision June 11, 2008, http://www.epcglobalinc.org/standards/tds/tds_1_4-standard- 20080611.pdf
Anylogic Professional 6, AB-SD Supply Chain Model Simulator, http://www.xjtek.com
Gildas Avoine, Cedric Lauradoux, and Tania Martin, When Compromised Readers Meet RFID, Workshop on RFID Security, Leuven, Belgium, 2009.
Mike Burmester and Jorge Munilla, A Flyweight RFID Authentication Protocol, Workshop on RFID Security, Leuven, Belgium, 2009.
Khaled Oua, and Serge Vaudenay, Pathchecker: A RFID Application for Tracing Products in Supply-Chains, Workshop on RFID Security, Leuven, Belgium, 2009.
A. Karygiannis, T. Phillips, and A. Tsibertzopoulos, RFID Security: A taxonomy of Risks, Conference on Communications and Networking in China (ChinaCom), Beijing, China, pp. 1-8, 2006.
References
Questions