rfid tags for critical jsf components/sub-assemblies alfio grasso deputy director auto-id lab,...
TRANSCRIPT
RFID Tags for Critical JSF Components/Sub-Assemblies
Alfio Grasso
Deputy Director
Auto-ID Lab, ADELAIDE
Australian JSF Advanced Technology and Innovation Conference
Authentication of JSF Components & Sub-Assemblies 2
AUTO-ID LABS Agenda
Background on Auto-ID Lab RFID RFID Security & Authentication Primitives
Project ActivitiesManagement
Timescale Risks Deliverables
Market OpportunitiesConclusions
Australian JSF Advanced Technology and Innovation Conference
Authentication of JSF Components & Sub-Assemblies 3
AUTO-ID LABS
Adelaide, Auto-ID Lab
Australian JSF Advanced Technology and Innovation Conference
Authentication of JSF Components & Sub-Assemblies 4
AUTO-ID LABS The Auto-ID Laboratories
Australian JSF Advanced Technology and Innovation Conference
Authentication of JSF Components & Sub-Assemblies 5
AUTO-ID LABS Auto-ID Labs
One of 7 Auto-ID Labs around the world MIT, USA Cambridge, UK Adelaide, Australia Keio, Japan Fudan, China St Gallen, Switzerland ICU, Korea
Australian JSF Advanced Technology and Innovation Conference
Authentication of JSF Components & Sub-Assemblies 6
AUTO-ID LABS Auto-ID Lab Advantage RFID Lab has been operating for more than 3 decades Commercial successes in RFID Commercialisation
RFID in Library, vehicle (toll, access), rail, waste management International Collaboration ASIC design, development and implementation
Collaboration with ChipTec Security & Authentication Design of compact metal mount tags
Beer kegs, wine closures, animal tags, Standards Experience
ISO and EPCglobal Intellectual Property
21 patents Know how
Australian JSF Advanced Technology and Innovation Conference
Authentication of JSF Components & Sub-Assemblies 7
AUTO-ID LABS RFID
Radio Frequency Identification Automatic Data Capture Uses RF to communicate
Basic Elements Tags Readers/Antennas Host CPU
Australian JSF Advanced Technology and Innovation Conference
Authentication of JSF Components & Sub-Assemblies 8
AUTO-ID LABS Host CPU
Application Do something with the tag information Potential to generate massive amounts of
data Once installed it costs virtually NOTHING
to read a tag! Real time data => real time decisions 0HIO (Zero Human Involvement
Operations)** Term defined by John Greaves, CHEP International
Australian JSF Advanced Technology and Innovation Conference
Authentication of JSF Components & Sub-Assemblies 9
AUTO-ID LABS Security Work
Elliptic Curve CryptographyOne Time CodesShrinking GeneratorsPhysically Unclonable Functions
Australian JSF Advanced Technology and Innovation Conference
Authentication of JSF Components & Sub-Assemblies 10
AUTO-ID LABS
Elliptic Curve Cryptography
Uses the discrete log problem but over a finite abelian group of points x, y on an elliptic curve y2 = x3 + a*x + b mod (p)
ECC keys can be shorter for the same security when compared with other systems
No mathematical proof of the difficulty has been published but the scheme is accepted as a standard by USA National Security Agency.
Keys must be large enough. A 109 bit key has been broken (roughly same security to RSA
640) 160 bits ECC - same security as RSA 1024 bits. 224 bits ECC - same security as RSA 2048 bits.
Australian JSF Advanced Technology and Innovation Conference
Authentication of JSF Components & Sub-Assemblies 11
AUTO-ID LABS One Time Codes
Have available a set of purely random numbers in the tag and matching tag dependent number in a secure data based
Need a large supply to cater for many authentications
Options Reserve a pair for final authentication by end user Recharge in a secure environment Assume an eavesdropper cannot be every where
and use old codes for identity change for fresh reader or tag authentications
Australian JSF Advanced Technology and Innovation Conference
Authentication of JSF Components & Sub-Assemblies 12
AUTO-ID LABS Shrinking Generators
Two linear shift registers, A (data) and S (sampling), with different seeds, clocked together.
Outputs are combined as follows If S is 1, output is A If S is 0, there is no output and another clock is applied
This scheme has been resistant to cryptanalysis for 12 years.
No known attacks if feedback polynomials are secret and registers are too long for an exhaustive search.
Australian JSF Advanced Technology and Innovation Conference
Authentication of JSF Components & Sub-Assemblies 13
AUTO-ID LABS
Shrinking Generator
Shrinking Generator Minimal hardware complexity Shrink the output from LFSR R1 Produce irregular sequence K Practical alternative to a one time pads Known attacks have exp time complexity Keep connection polynomials secret Use maximum length LFSRs
LFSR R2
LFSR R1
Output (K)CE CLK
D QBuffer
Clock
Australian JSF Advanced Technology and Innovation Conference
Authentication of JSF Components & Sub-Assemblies 14
AUTO-ID LABS
Simple challenge-response protocol
Reader chooses a challenge, x, which is a random number and transmits it to the label.
The label computes and transmits the value y to the reader (here e is the encryption rule that is publicly known and K is a secret key known only to the reader and the particular label).
The reader then computes .
Then the reader verifies that .
)(' xey K
yy '
)( xey K
Australian JSF Advanced Technology and Innovation Conference
Authentication of JSF Components & Sub-Assemblies 15
AUTO-ID LABS
Physically Uncloneable Functions
Exploits gate and wire delay variations due to IC fabrication process
Use of PUFs on RFID tags to securely store keys
800 challenge-response pairs to uniquely identify over 109 chips
Australian JSF Advanced Technology and Innovation Conference
Authentication of JSF Components & Sub-Assemblies 16
AUTO-ID LABS Editor of Security Book
Prof. Peter Cole and Damith Ranasinghe Joint editors of a Springer-Verlag book, soon to
be published
Networked RFID Systems and Lightweight Cryptography: Raising Barriers to Product Counterfeiting.
Project Activities
Australian JSF Advanced Technology and Innovation Conference
Authentication of JSF Components & Sub-Assemblies 18
AUTO-ID LABS Project Activities Define User Requirements (Use Cases)
Investigate and document the uses of RFID in the JSF program manufacturer, supply chain, deployment, support and maintenance
Develop at least one authentication scheme using passive RFID tags, based on one or more use cases
Develop Vendor Extensions to EPCglobal’s Class 1, Generation 2 standard to implement the authentication scheme, ISO 18000 Part 6 Type C
Design, Fabricate and Test the proposed vendor extensions to commercially available C1G2 ASIC implementations
Design RFID Tag Antennas for one or more use cases
Develop Demonstration Software for authentication based on C1G2 Vendor extensions
Undertake and participate in field trials Provide documentation to JSF Industry Partners
Australian JSF Advanced Technology and Innovation Conference
Authentication of JSF Components & Sub-Assemblies 19
AUTO-ID LABS Theory of Operation
Commercial RFID C1G2 readers will be used to identify the tags
The unique identity (UID) stored on the tag is anticipated to be the DoD Identity Type as defined in EPCglobal’s Tag Data Standards V1.3
The DoD Construct identifier is defined by the United States Department of Defense. (http://www.dodrfid.org/supplierguide.htm)
Australian JSF Advanced Technology and Innovation Conference
Authentication of JSF Components & Sub-Assemblies 20
AUTO-ID LABS Secure Data
Once the reader identifies the UID (unique identifier), the reader passes the UID to the Application
The Application uses a secure connection to a secure database to determine the authentication codes applicable to the Tag.
The application then encrypts and sends the appropriate authentication code, via a C1G2 Vendor extension to the tag.
Australian JSF Advanced Technology and Innovation Conference
Authentication of JSF Components & Sub-Assemblies 21
AUTO-ID LABS Tag Confirms Legitimate Reader
Once the tag receives the encrypted authentication code via the vendor extension, if valid it will respond with its authentication code, also encrypted.
If not valid it will respond with a random number
In both cases care will be taken to prevent side channel attacks e.g. by monitoring Power Supply
Australian JSF Advanced Technology and Innovation Conference
Authentication of JSF Components & Sub-Assemblies 22
AUTO-ID LABS Verification by Reader
Once the encrypted response is received and verified The Tag has authenticated the RFID
Reader, and The RFID Reader has authenticated the
Tag
Management
Australian JSF Advanced Technology and Innovation Conference
Authentication of JSF Components & Sub-Assemblies 24
AUTO-ID LABS Project Plan
Australian JSF Advanced Technology and Innovation Conference
Authentication of JSF Components & Sub-Assemblies 25
AUTO-ID LABS Timescale
Use cases developed in the first yearASIC implementation in the second yearTesting, Field Work and Documentation in the
third yearSeeking Industry Partner
Assist in use case definitions Application Software Commercialisation Tag Rollout
First products in 2010 Ongoing and through life support
Australian JSF Advanced Technology and Innovation Conference
Authentication of JSF Components & Sub-Assemblies 26
AUTO-ID LABS Risk Management
18 Risks Identified Likelihoods Low to Medium
Commercial Participation (Medium) Technical Risks (Low) Schedule Risks (Low)
Impact Low to High Commercial Participation (High) Technical Risks (Low) Schedule Risks (Low)
Australian JSF Advanced Technology and Innovation Conference
Authentication of JSF Components & Sub-Assemblies 27
AUTO-ID LABS Deliverables
Use Case ReportASIC Implementation PlanASIC DesignField Trial ReportDesign Package
Market Opportunities
Australian JSF Advanced Technology and Innovation Conference
Authentication of JSF Components & Sub-Assemblies 29
AUTO-ID LABS JSF Block Development
Assuming a 2007 start, JSF Block 4 is the earliest possible deployment
Australian JSF Advanced Technology and Innovation Conference
Authentication of JSF Components & Sub-Assemblies 30
AUTO-ID LABS Industrial Partnerships Assist in the research in developing use cases Develop systems for the deployment of RFID tags for JSF
components and sub-assemblies. Develop, possibly with further collaboration with the Auto-ID Lab
Adelaide other use case solutions. Develop, possibly with further collaboration with the Auto-ID Lab,
Adelaide other RFID antenna form factors. Develop and commercialise the prototype software, which was used
to demonstrate one or more use cases, into system software for the deployment of the technology into JSF programs.
Develop commercial applications of the RFID tags for non-military applications.
Develop commercial applications of the System Software for non-military applications.
Provide operational support, needs analysis and logistics, to manage the deployment of the technology into JSF programs, throughout the JSF life span.
Australian JSF Advanced Technology and Innovation Conference
Authentication of JSF Components & Sub-Assemblies 31
AUTO-ID LABS Commercial Market
Authentication and anti-counterfeiting a world problem, OECD reports that counterfeits are 50% of motion pictures 40% of business software 33% of music 10% of clothing 10% of automobile spares 10% of the world’s pharmaceuticals
US and others mandating Pedigree Laws
Solutions developed have huge commercial opportunities
Conclusions
Australian JSF Advanced Technology and Innovation Conference
Authentication of JSF Components & Sub-Assemblies 33
AUTO-ID LABS Conclusions
RFID has low to moderate technical riskAuto-ID Lab commercial success in RFID
developmentsSignificant research already undertaken in
RFID and security/authenticationLooking NOW for Industrial PartnersSignificant opportunity for JSF
Australia & InternationalSignificant JSF and Commercial opportunities
for Industrial Partner(s)