rfid security and privacy: a research survey
DESCRIPTION
Written by: Ari Juels Presented by Carlos A. Lopez. RFID Security and Privacy: A Research Survey. Outline. Introduction Basic RFID Tags Symetric-Key Tags RFID News. Definition. RFID: Is a technology for automated identification of objetcs and people RFID devices are called “RFID Tags” - PowerPoint PPT PresentationTRANSCRIPT
Written by: Ari Juels
Presented by Carlos A. Lopez
Outline
1. Introduction
2. Basic RFID Tags
3. Symetric-Key Tags
4. RFID News
Definition RFID: Is a technology for automated
identification of objetcs and people RFID devices are called “RFID Tags”
Small Microchip (Itachi Mu-chip 0.002x0.002in)
Transmit data over the airResponds to interrogationPossible successor of barcodesEPCGlobal Inc Oversees the development of
standards
RFID Overview
Tags (transponders)Attached to objects, “call out” identifying dataon a special radio frequency
ID:2342341456734
Credit Card #8163 3534 9234 9876
Reader (transceiver)Reads data off the tagswithout direct contact
Radio signal (contactless)Range: from 3-5 inches to 3 yards
DatabaseMatches tag IDs tophysical objects
Reading Tags The read process starts when an RFID reader sends
out a query message Invites all tags within range to respond More than one RFID tag may respond at the same time
○ This causes a collision Reader cannot accurately read information from more than
one tag at a time
Reader must engage in a special singulation protocol to talk to each tag separately
Barcode ReplacementUnique Identification
○ Type of Object Vs. Unique among millions○ Act as a pointer to a database
Automation○ Optically scanned
Line-of-sightContact with readersCareful physical positionRequires human intervention
RFID StandardsSome standards that have been made regarding RFID technology
include: ISO 14223/1 – RFID of Animals, advanced transponders ISO 14443: HF (13.56 MHz) RFID-enabled passports under
ICAO 9303. ISO 15693: HF (13.56 MHz) used for non-contact smart
payment and credit cards ISO/IEC 18000 - 7 different Parts ISO 18185: "e-seals" for tracking cargo containers using the
433 MHz and 2.4 GHz frequencies. EPCglobal - Most likely to undergo International
Standardization according to ISO rules as with all sound standards in the world.
Tag Types Passive:
All power comes from a reader’s signal Tags are inactive unless a reader activates them Cheaper and smaller, but shorter range
Semi-passive On-board battery, but cannot initiate communication Can serve as sensors, collect information from environment: for example, “smart
dust” for military applications Active:
On-board battery power Can record sensor readings or perform calculations in the absence of a reader Longer read range
LF HF UHF Microwave
Freq. Range 125 - 134KHz 13.56 MHz 866 - 915MHz 2.45 - 5.8 GHz
Read Range 10 cm 1M 2-7 M 1M
Application Smart Cards, Ticketing, animal tagging,
Access Control
Small item management, supply chain,
Anti-theft, library, transportation
Transportation vehicle ID, Access/Security, large item management, supply chain
Transportation vehicle ID (tolls), Access/Security, large item management, supply chain
Applications Supply-chain management
logistics, inventory control, retail check-out Payment systems
ExxonMobil SpeedPass I-Pass/EZ-Pas/Smart Tag toll systems Credit Cards
Access Control Passports
Library books Hospital and Health Centers Money - Yen and Euro banknoter anti-counterfeiting Animal Tracking - and Human???
Human-implantable RFID
1500 Eurosin wallet
Serial numbers:597387,389473
…
Wigmodel #4456
(cheap polyester)
30 items of lingerie
Das Kapital and Communist-
party handbook
Replacement hipmedical part #459382
The consumer privacy problem
Here’sMr. BOBin 2015…
Wig serial #A817TS8
…the tracking problem Mr. Bob pays with a credit card - his
RFID tags now linked to his identity determines level of customer service
Mr. Bob attends a political rally - law enforcement scans his RFID tags
Mr. Jones wins Award - physically tracked by paparazzi via RFID
Read ranges of a tag Nominal Range – Range intend to operate Rogue Scanning Range –Powerful antenna
amplifies the read range Tag-To-Reader Eavesdropping range – A
second reader can monitor the resulting tag emission
Reader-to-Tag eavesdropping range - Sometimes the reder send information with a greater power than the tags.
WMATA Smart Trip RFID
CURRENT BALANCE
Travel history: visited stations and dates
Wig serial #A817TS8
…and the authentication problem Privacy: Misbehaving readers
harvesting information from well-behaving tags
Authentication: Well-behaving readers harvesting information from misbehaving tags, particularly counterfeit ones
Basic RFID tags Vs. Symmetric Key tags
Cannot:Execute standards cryptographic operationsStrong Pseudorandom number generationHashing
Low-cost tagsEPC tagsUsed in most gates
Privacy Killing and Sleeping Re-naming approach
Relabeling Minimalist cryptography Encryption
The proxy approach Watchdog Tag RFID Guardian
Distance Measurement Blocking
Soft-blocking Trusted Computing
Returning to basic issue of privacy:Kill codes EPC tags have a “kill” function
○ On receiving password, tag self-destructs○ Tag is permanently inoperative○ No post-purchase benefits
Developed for EPC to protect consumers after point of sale
○ “Dead tags tell no tales”○ Privacy is preserve
Why not sleep them?○ Would be difficult to manage in practice –
Users might have to manage her PIN for her tags
Privacy (Cont 2) Re-naming approach
Even if the tag has no intrinsic meaning it can still enable tracking (Solution: Change over time)○ Relabeling
Consumer are equipped to re-label tags with new identifier, but able to reactive old information
○ Minimalist cryptographyChange names each time is interrogated
○ EncryptionRe-Encryption
- Public Key cryptosystem- Periodically re-encrypted by law enforcement
Universal Re-encryption
Privacy (Cont 3)
The proxy approachWatchdog TagRFID Guardian
So what might solve our problems? Higher-powered intermediaries like
mobile phonesRFID “Guardian” and RFID REP (RFID
Enhancer Proxy)
Please show reader certificate and privileges
Privacy (Cont 4)
Distance MeasurementDistance as a measure of trust
○ A tag might release general information “I’m attached to a bottle of water” when scanned at a distance, but release more specific information, like unique identifier at a close range.
Privacy (Cont 5)
BlockingScheme depends on the incorporation of a
modifiable bit called a privacy bitIt uses a blocking tag which prevents
unwanted scanning of tag on a private zoneSoft-blocking -On the reader “Do not scan
tags whose privacy is on”
Trusted Computing
Authentication
ECP tags Class-1 Gen-2 have no explicit anti-counterfeiting featuresYoking: Is a protocol that provides
cryptographic proof that 2 tags have been scanned simultaneously to try to solve that the reader actually reads what is trying to scan.
Symmetric-Key Tags (capable of computing symmetric key) Cloning
With a simple challenge-response protocol a tag T, can authenticate itself to a reader that shares the key Ki1. The tag transmit Ti2. The reader generates a random bit string R3. The tag computes H=h(Ki,R) and transmits H4. The reader verifies H =h(Ki,R)
Digital Signature Transponders ( created by Texas Instrument and used by Speedpass)○ Based on the secrecy of the algorithm “Security through obscurity” was
crack by student at Johns Hopkins Reverse-Engineering Key cracking Simulation
Reverse - Engineering and side channels Relay Attacks
○ Man-in-the-middle attacks can bypass any cryptographic protocol
Privacy Symmetric-Key Management Problem Leads to a paradox
○ A tag identifies itself before authenticating the readers○ The tag emits it identifier Ti○ So the reader can learn the identity of the tag○ Privacy unachievable
Tag emits where P is a input value
Once receiving E, the reader searches all the spaces of tags keys, trying to decrypt E under every key K until its obtains P (The reader has all the tag’s key on it)
E fkTi [P]
Privacy Literature
Tree approach○ Proposed approach where a tag contains more than one
symmetric key in a hierarchical structure define by a tree S.Every node has a unique keyEach tag is assigned to a unique leafIt contains the key defined by the path from the root S to the leaf
○ Can be useful for:A tag holder can transfer ownership of an RFID tag to another party,
while history remains privateA centralized authority with full tag information can provision readers
to scan particular tags over limited windows timeSynchronization approachSymmetric-key primitiveThe European network for excellence in cryptographic is
evaluating 21 candidates stream ciphers
So what might solve our problems? Cryptography!
Urgent need for cheaper hardware for primitives and better side-channel defenses
Some of talk really in outer limits, but basic caveats are important: Pressure to build a smaller, cheaper tags without cryptography RFID tags are close and personal, giving privacy a special
dimension RFID tags change ownership frequently Key management will be a major problem
○ Think for a moment after this talk about distribution of kill passwords…
Are you ready for the Verichip?
RFDI News RFID Passports cracked -
http://blog.wired.com/sterling/2006/11/arphid_watch_fi.html
Can Aluminum Shield RFID Chips? - http://www.rfid-shield.com/info_doesitwork.php
RFID chips can carry viruses - http://arstechnica.com/news.ars/post/20060315-6386.html
Nightclub allows entry by RFID’ - http://www.prisonplanet.com/articles/april2004/040704bajabeachclub.htm
Demo: Cloning a Verichip - http://cq.cx/verichip.pl