Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mitigate Unauthorized Tracking in RFID Discovery Service Qiang Yan 1, Robert H. Deng 1, Zheng Yan 2, Yingjiu Li 1, Tieyan Li 3 1 Singapore Management University,

Published byNoelia Chambley Modified over 10 years ago

Similar presentations

Presentation on theme: "Mitigate Unauthorized Tracking in RFID Discovery Service Qiang Yan 1, Robert H. Deng 1, Zheng Yan 2, Yingjiu Li 1, Tieyan Li 3 1 Singapore Management University,"— Presentation transcript:

1 Mitigate Unauthorized Tracking in RFID Discovery Service Qiang Yan 1, Robert H. Deng 1, Zheng Yan 2, Yingjiu Li 1, Tieyan Li 3 1 Singapore Management University, Singapore 2 Nokia Research Center, Finland 3 Institute for Infocomm Research, Singapore September 2010

2 Outline Background & Motivation Discovery Service based Tracking Attack Pseudonym-based Design – Basic ideas – Scheme I: supporting flexible tag level tracking – Scheme II: supporting user revocation Conclusion

3 Anti-tracking problem in EPCglobal RFID architecture 1. Tag information (e.g. EPC code, …) 2. Location query by unique identifier e.g. EPC code 3. Location information of associated IS servers 4. Request for processing current tags 5. Response of processing request 6. Update tag if necessary Most of research works assume discovery service is trusted and focus on secure protocol design to defend unauthorized tracking at the physical level. It could be easier for an attacker to track information flow at the system level, e.g. from a compromised DS server. DS is designed to be a restricted-access search engine. But it is still possible to compromise a DS server deployed on the Internet.

4 RFID discovery service enables tag-level tracking in EPCglobal Network 4 Tags are transported from Partner A to Partner B Authorized User 1.Publish: (EPC1, L1, T1) … 2.Publish: (EPC1, L2, T2) … 3.Query: EPC1 4.Reply: (,, …) Supply Chain Partner A Supply Chain Partner B (EPC1, L1, T1) (EPC1, L2, T2) … Discovery Service Database Records on Discovery Service:

5 Unauthorized tracking by RFID discovery service through tag identifier grouping Tag ID LocationTime EPC1L1… EPC1L2… EPC2L1… The adversary knows: A tag with tag ID EPC1 was transported from L1 to L2. Database Table

6 Unauthorized tracking by RFID discovery service through timestamp correlating Tag ID LocationTime P1L1T1 P2L1T1 P3L2T2 P4L2T2 Database Table The adversary knows: A batch of two tags with pseudonyms P1, P2, P3, and P4 may have been transported from L1 to L2.

7 Threat Model – a semi-trusted RFID discovery service RFID discovery service will obey the regulations but try to learn the tracking information. It is always able to – understand the system design – read static contents of database

8 Threat Model – other roles Other outliers (weaker than RFID discovery service) – Only be able to eavesdrop network messages Supply chain partners and authorized users (Trusted) – Do not disclose the secret keys. – Do not collude with the adversaries.

9 Basic ideas to mitigate this threat For tag identifier grouping: – Minimize the correlation between records – by using different pseudonym to index multiple records of the same tag For timestamp correlating: – Hide plaintext timestamps – by storing the ciphertext timestamps

10 Pseudonym Indexing Location records of each individual tag indexed by multiple pseudonyms. Pseudonym = Func (original tag ID, secret key) Func is a pseudonym generation function – Deterministic – Unlinkable – e.g. HMAC

11 Timestamp Encryption Supply chain partner should publish the encrypted timestamps to RFID discovery service. – RFID discovery service should not log the record creation time. Timestamp is not a index field. – apply non-deterministic encryption algorithms., e.g. CPA-secure encryption algorithms, AES-CBC – Easy for key management.

12 Revised Operation Model (Publish and Query) Tags are transported from Partner A to Partner B Authorized Discovery Service User 1.Publish: (P1<-EPC1, L1, ET1) (P2<-EPC2, L1, ET1) 2.Publish: (P3<-EPC1, L2, ET2) (P4<-EPC2, L2, ET2) 3.Query: {P1, P3} 4.Reply: (,, …) Supply Chain Partner A Supply Chain Partner B Database Records on Discovery Service: (P1, L1, ET1) (P2, L1, ET1) (P3, L2, ET2) (P4, L2, ET2) … Discovery Service

13 Scheme I: Supporting flexible tag level tracking KeyAKeyBKeyCKeyDKeyE KeyA, KeyD, KeyE

14 Drawbacks of Scheme I Security manager has to be online – Who will be the security manager, after all? – Applies to static user group – User revocation is not supported To support user revocation – Assign new keys to supply chain partners – However, key update can not be handled well if user group is large with frequent revocations. – How about periodic updating? Not so good, either.

15 Key Primitive Used in Scheme II Security manager could be offline, we use Proxy Re-encryption – Proxy re-encryption allows a proxy to transform a ciphertext computed under Alice's public key into one that can be decrypted using Bob's private key. During ciphertext transformation, referred to as re-encryption, the proxy learns nothing about the underlying plaintext. – A proxy re-encryption scheme is represented as a tuple of (possibly probabilistic) polynomial time algorithms (KG, RG, E, R, D):

16 Scheme II: Supporting user revocation without online TTP 1. Supply chain structure or access control policies change. 4. Get the session keys by decrypting the ciphertext using his own private key. 3. Retrieve the encrypted session keys after proxy re-encryption. 2. Send new access control policies and update re-encryption keys. Security Manager stays offline if no structure or policies changes. The only online service is discovery service that tells authorized users session keys by re-encrypting ciphertext of session keys. Use random session keys for pseudonym indexing and timestamp encryption. (generated by supply chain partners)

17 Scheme II: When a user is granted for certain privilege, 1. Generate a key pair. 2. Send pk u 3. Generate re-encryption key rk SM->u from pk u, pk SM, and sk SM. 4. Send rk SM->u and updates of granting involved access control policies. (If rk SM->u has been generated, Step 1~3 can be skipped.)

18 Scheme II: When a user is revoked for certain privilege, 1. Updates of revoking involved access control policies.

19 Other Privacy Issues Tracking information disclosure from access patterns – Split related pseudonyms into separate queries – Introduce delays or dummy data in publishing location records to Discovery Service Tracking information disclosure from collusion attack – Trusted Computing Technique (use TPMs) The accomplices can use the secrets with knowing them.

20 Conclusion This work – Identified the threat of unauthorized tracking by RFID discovery service. – Proposed pseudonym-based solutions to mitigate this threat.

Download ppt "Mitigate Unauthorized Tracking in RFID Discovery Service Qiang Yan 1, Robert H. Deng 1, Zheng Yan 2, Yingjiu Li 1, Tieyan Li 3 1 Singapore Management University,"

Similar presentations

Enabling New RFID Communication Opportunities with EPC Network Services Tony Rutkowski Vice President VeriSign Communication Services tel: +1 703.948.4305.

Enabling New RFID Communication Opportunities with EPC Network Services Tony Rutkowski Vice President VeriSign Communication Services tel:
Toward Practical Public Key Anti- Counterfeiting for Low-Cost EPC Tags Alex Arbit, Avishai Wool, Yossi Oren, IEEE RFID April 2011 1.

Toward Practical Public Key Anti- Counterfeiting for Low-Cost EPC Tags Alex Arbit, Avishai Wool, Yossi Oren, IEEE RFID April
Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.
SPATor: Improving Tor Bridges with Single Packet Authorization Paper Presentation by Carlos Salazar.

SPATor: Improving Tor Bridges with Single Packet Authorization Paper Presentation by Carlos Salazar.
1 Design of Key-Sharing System Based on a Unique Device Kenji Imamoto (Kyushu Univ.) Hiromi Fukaya (Pastel) Kouichi Sakurai (Kyushu Univ.)

1 Design of Key-Sharing System Based on a Unique Device Kenji Imamoto (Kyushu Univ.) Hiromi Fukaya (Pastel) Kouichi Sakurai (Kyushu Univ.)
Mobile RFID Service and Its Security in Korea 17 Nov. 2005 Keon Woo Kim.

Mobile RFID Service and Its Security in Korea 17 Nov Keon Woo Kim.
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
IT 221: Introduction to Information Security Principles Lecture 8:Authentication Applications For Educational Purposes Only Revised: October 20, 2002.

IT 221: Introduction to Information Security Principles Lecture 8:Authentication Applications For Educational Purposes Only Revised: October 20, 2002.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
TI: An Efficient Indexing Mechanism for Real-Time Search on Tweets Chun Chen 1, Feng Li 2, Beng Chin Ooi 2, and Sai Wu 2 1 Zhejiang University, 2 National.

TI: An Efficient Indexing Mechanism for Real-Time Search on Tweets Chun Chen 1, Feng Li 2, Beng Chin Ooi 2, and Sai Wu 2 1 Zhejiang University, 2 National.
Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.

Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme Divyan M. Konidala, Zeen Kim, Kwangjo Kim {divyan, zeenkim, International.

A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme Divyan M. Konidala, Zeen Kim, Kwangjo Kim {divyan, zeenkim, International.
Information Security Principles & Applications Topic 4: Message Authentication 虞慧群

Information Security Principles & Applications Topic 4: Message Authentication 虞慧群
11 Distributed Middleware for Container Transport: Lessons Learned (Klaas Thoelen, Sam Michiels, Wouter Joosen) 7th MiNEMA Workshop August 21, 2008 - Lappeenranta,

11 Distributed Middleware for Container Transport: Lessons Learned (Klaas Thoelen, Sam Michiels, Wouter Joosen) 7th MiNEMA Workshop August 21, Lappeenranta,

Similar presentations

Ads by Google