rfid security network security - it653 deepti agrawal kresit, iit bombay
TRANSCRIPT
RFID SECURITY
Network Security - IT653
Deepti Agrawal
KReSIT, IIT Bombay
What is RFID?
Radio-Frequency Identification Tag
Chip
Antenna
Holds a small amount of unique data – a serial number or other unique attribute of the item
The data can be read from a distance – no contact or even line of sight necessary
How Does RFID Work?
Tags (transponders)Attached to objects, call out their (unique) name and/or static data on a special radio frequency
02.3DFEX4.78AF51
EasyToll card #816
Reader (transceiver)Reads data off the tagswithout direct contact
Radio signal (contactless)
Range: from 3-5 inches to 3 yards
DatabaseMatches tag IDs tophysical objects
RFID Tag Power Sources
Passive (this is what mostly used now)• Tags are inactive until the reader’s interrogation signal “wakes”
them up• Cheap, but short range only
Semi-passive• On-board battery, but cannot initiate communication
• Can serve as sensors, collect information from environment: for example, “smart dust” for military applications
• More expensive, longer range
Active• On-board battery, can initiate communication
The capabilities of a basic RFID tag
Little memory
• Static 64-to-128-bit identifier in current ultra-cheap generation
Little computational power
• A few thousand gates
• Static keys for read/write permission
Not enough resources to support public- or symmetric-key cryptography
• Cannot support modular arithmetic (RSA, DSS), elliptic curves, DES, AES;
• Hash functions barely feasible
• Recent progress on putting AES on RFID tag
RFID is the Barcode of the Future
Barcode RFID
Line-of-sight reading• Reader must be looking at the barcode
Specifies object type• E.g., “I am a pack of Juicy Fruit”
Reading by radio contact• Reader can be anywhere within range
Specifies unique object id• E.g., “I am a pack of Juicy Fruit #86715-A”
Fast, automated scanning(object doesn’t have to leave
pocket, shelf or container)
Can look up this objectin the database
Static Data•No cryptographic operations possible
“Write Capabilities” • Products carry updated info as they move through the supply chain
Commercial Applications of RFID
Physical-access cards Inventory control
• Gillette Mach3 razor blades, pet tracking Logistics and supply-chain management
• Track a product from manufacturing through shipping to the retail shelf
Gas station and highway toll payment Libraries Euro banknotes
The consumer privacy problem
…and the tracking problem
Mr. Jones pays with a credit card; his RFID tags now linked to his identity; determines level of customer service
• Think of car dealerships using drivers’ licenses to run credit checks… Mr. Jones attends a political rally; law enforcement scans his RFID tags Mr. Jones wins Turing Award; physically tracked by paparazzi via RFID
Wig serial #A817TS8
Risks
Personal privacy
• I’ll furtively scan your briefcase and learn how much cash you are carrying and which prescription medications you are taking …
Corporate espionage : Privacy is not just a consumer issue
• Track your competitor’s inventory Skimming: read your tag and make my own
• In February, JHU-RSA Labs team skimmed and cloned Texas Instruments’ RFID device used in car anti-theft protection and SpeedPass gas station tokens
Blocking Unwanted Scanning
FARADAY CAGE•Container made of foil or metal mesh, impenetrable by radio signals of certain frequencies
•Invitation to Shoplifters•Maybe works for a wallet, but huge hassle in general – locomotion difficult
Blocking Unwanted Scanning (Contd.)
“KILL” tag after purchase• Special command permanently de-activates tag after the product is purchased
•RFID tags are much too useful in “live” state… Disables many futuristic applications.
Futuristic Applications
Tagged products• Clothing, appliances, CDs, etc. tagged for store returns and locatable in
house “Smart” appliances
• Refrigerators that automatically create shopping lists and when milk expires• Closets that tell you what clothes you have available, and search the Web for
advice on current styles, etc. • Washing machines that detect improper wash cycle
“Smart” print• Airline tickets that indicate your location in the airport• Business cards
Recycling• Plastics that sort themselves
Consumers will not want their tags “killed,” but should still have a right to privacy!
Blocking Unwanted Scanning (Contd.)
The “BLOCKER TAG”Blocker simulates all (billions of) possible tag serial numbers!!
1,2,3, …, 2023 pairs of sneakers and…(reading fails)…
How does blocker tag work?
When the reader sends a signal, more than one RFID tag may respond: this is a collision• Reader cannot accurately read information from more than one tag at a time• Example: every tagged item in a supermarket cart responds to the cashier’s
RFID reader
“Tree-walking” protocol for identifying tags recursively asks question:• “What is your next bit?”
Blocker tag always says both ‘0’ and ‘1’! • Guarantees collision no matter what tags are present• To talk to a tag, reader must traverse every tree path
• With 128-bit IDs, reader must try 2128 values – infeasible!
To prevent illegitimate blocking, make blocker tag selective (block only certain ID ranges)• E.g., blocker tag blocks all IDs with first bit=1• Items on supermarket shelves have first bit=0
• Can’t block tags on unpurchased items (anti-shoplifting)• After purchase, flip first bit on the tag from 0 to 1
“Tree-walking” anti-collision protocol for RFID tags
000 001 010 011 100 101 110 111
00 01 10 11
0 1
?
Example: Supermarket Cart
000 001 010 011 100 101 110 111
prefix=0
prefix=00 prefix=01
prefix=10 prefix=11
prefix=1
1. Prefix=“empty”
Next=0Next=1
Next=1
Collision!
1a. Prefix=0
Next=0
No collision
2. Prefix=00
1b. Prefix=1
2. Prefix=11
No collision
Next=1
3. ID=001
Talk to tag 001
No collision
Next=1
Next=1
Collision!
Next=1
Next=0
3a. ID=110
Talk to tag 110
3b. ID=111
Talk to tag 111
Pseudonym rotation
Set of pseudonyms known only by trusted verifier Pseudonyms stored on tag
• Limited storage means at most, e.g., 10 pseudonyms
Tag cycles through pseudonyms
“74AB8” “MMW91”
=?
Hash Locks
Reader RFID tag
Stores key; hash(key) for any tagUnique key for each tag
Stores metaID=hash(key)
Goal: authenticate reader to the RFID tag
[Rivest, Weis, Sharma, Engels]
“Who are you?”
metaID
key
“My real ID is…”
Compute hash(key) andcompare with stored metaID
Why is this not a perfect solution?
Analysis of Hash Locks
Relatively cheap to implement
• Tag has to store hash implementation and metaID Security based on weak collision-resistance of hash
function metaID looks random Problem: tag always responds with the same value
• Attacker can track the same tag from place to place even if he cannot learn its real ID
Randomized Hash Locks
Reader RFID tag
Stores its own IDk
[Weis et al.]
“Who are you?”
R, hash(R,IDk)
“You must be IDk”
Compute hash(R,IDi) for every
known IDi and compare
Stores all IDs:ID1, … ,IDn
Generate random R
Goal: authenticate reader to the RFID tag
Analysis of Randomized Hash Locks
Tag must store hash implementation and pseudo-random number generator
Secure against tracking because tag response is different each time
Reader must perform brute-force ID search
• Effectively, reader must stage a mini-dictionary attack to unlock the tag
Alternative: use a block cipher
• Need a very efficient implementation of AES
External re-encryption approach
Suggested for RFID-embedded banknotes privacy protection
Banknote tag serial numbers are encrypted with a law enforcement public key
Periodic re-encryption to reduce the linkability of different appearances of a given tag.
Resources limited on tag, so re-encryption done by external agents, usually the reader
References
The material covered in the slides hasbeen taken from : RFID Security and Privacy :
http://www.google.co.in/url?sa=U&start=1&q=http://www.cs.utexas.edu/~shmat/courses/cs378_spring05/&e=9797
RFID: Security and Privacy for Five-Cent Computers : http://www.rsasecurity.com/rsalabs/staff/bios/ajuels/publications/five_cent/RFID_five%20cent.ppt
Questions ?