“RFID” really denotes a spectrum of devices Automobile ignition key Mobile phone Toll payment plaque Basic “smart label”
“Smart label” RFID tag Passive device – receives power from reader Range of up to several meters Simply calls out (unique) name and static data “74AB8” “5F8KJ3” “Evian bottle #949837428”
Capabilities of “smart label” RFID tag Little memory –Static 96-bit+ identifier in current ultra-cheap tags –Hundreds of bits soon Little computational power –Several thousand gates (mostly for basic functionality) –No real cryptographic functions possible –Pricing pressure may keep it this way for a while, i.e., Moore’s Law will have delayed impact
The grand vision: EPC (Electronic Product Code) tags Barcode EPC tag Line-of-sight Radio contact Specifies object type Uniquely specifies object Fast, automated scanning Provides pointer to database entry for every object, i.e., unique, detailed history
Impending explosion in (EPC) RFID use EPCglobal –Joint venture of UCC and EAN –Wal-Mart, Procter & Gamble, DoD, etc. –Recently ratified new EPC-tag standard (Class 1 Gen 2) Pallet and case tagging first –Item-level retail tagging, automated tills, seem years away Estimated costs 2008: $0.05 per tag; hundreds of dollars per reader (?) Beyond: $0.01 per tag; several dollars per reader (?)
Other forms of RFID Automobile immobilizers Payment devices –Currency?
Other forms of RFID “Not Really Mad” Tracking cattle Passports
Other forms of RFID RFID readers in mobile handsets Showtimes: 16.00, 19.00 Medical compliance
Wig model #4456 (cheap polyester) Das Kapital and Communist- party handbook 1500 Euros in wallet Serial numbers: 597387,389473 … 30 items of lingerie Replacement hip medical part #459382 The privacy problem Bad readers, good tags Mr. Jones in 2015
1500 Euros in wallet Serial numbers: 597387,389473 … Replacement hip medical part #459382 The authentication problem Mad-cow hamburger lunch Counterfeit! Good readers, bad tags Mr. Jones’s car! Mr. Jones in 2015
RFID and sensors will underpin critical infrastructure Authentication therefore has many facets: –Physical security –Consumer goods and pharmaceuticals safety –Transaction security –Brand value …but it’s getting short shrift I’ll talk about three different projects on RFID authentication
The Digital Signature Transponder (DST) Joint work with S. Bono, M. Green, A. Stubblefield, A. Rubin, and M. Szydlo USENIX Security ‘05
“I’m tag #123” Car #123 40-bit challenge C 24-bit response R = f K (C) (simplified) Helps secure tens of millions of automobiles Philips claims more than 90% reduction in car theft thanks to RFID! (TI did at one point.) Also used in millions of payment transponders f The Digital Signature Transponder (DST)
“I’m tag #123” Car #123 40-bit challenge C 24-bit response R = f K (C) (simplified) The key K is only 40 bits in length! f
The Digital Signature Transponder (DST) “I’m tag #123” Car #123 40-bit challenge C 24-bit response R = f K (C) (simplified) f Our aim: Demonstrate security vulnerability by cloning real DSTs
The Digital Signature Transponder (DST) “I’m tag #123” Car #123 40-bit challenge C 24-bit response R = f K (C) (simplified) f But what is the cryptographic function f ??? f
Black-box cryptanalysis C R = f K (C) f?f? key K Programmable DST
f1f1 f2f2 f3f3 f4f4 f5f5 f6f6 f7f7 f8f8 f9f9 f 10 f 11 f 12 f 13 f 14 f 15 f 16 Routing Network f 17 f 18 f 19 f 20 f 21 Challenge register Key register 400 clocks / 3 cycles Texas Instruments DST40 cipher (not original schematic) ??? Not implemented this way!
Secret X Challenge A Response f(X,A) Hopper-Blum (HB) Human Identification Protocol
Secret X Challenge A R = (X A) + N η modular dot product noise w.p. η Hopper-Blum (HB) Human Identification Protocol
HB Protocol Example, mod 10 X = (3,2,1) (0, 4, 7) R = 5 7
Learning Parity in the presence of Noise (LPN) Given multiple rounds of protocol, find X (or other equally good secret) –Given q challenge-response pairs (A 1,R 1 )…(A q,R q ),, find X’ such that R i = X’ A i on at most ηq instances, for constant η > 0 –Binary values Note that noise is critical! LPN is NP-hard – even within approx. of 2 Theoretical and empirical evidence of average-case hardness Poly. adversarial advantage in HB protocol → LPN
HB Protocol X X C R Problem: Not secure against active adversaries!
HB + Protocol X,Y D C (D Y) + + N η R = (C X) Intuition: Add extra HB protocol with prover-generated challenge Adversary effectively cannot choose challenge here
In the paper Most of paper elaborates security reduction from HB + to LPN Implementation of algorithm seems very practical – just linear number of ANDs and XORs and a little noise! –Looks like EPC might be amenable, but…
Further work Security reduction is concrete, but very loose What concrete security parameters – key length and communications complexity – yield adequate security? Limited model: “We win if counterfeiter detected” –Assume counterfeiter aims to duplicate tag without alerting verifier, i.e., detection model –Appropriate for centralized verifier (with DoS controls), e.g., prox cards, casino chips, etc. –Gilbert, Robshaw, and Sibert demonstrate man-in-the- middle attack in stronger prevention model –Can HB techniques be extended to prevention model?
Drug tracing / anti-counterfeiting Inevitable reliance on EPC tags for anti-counterfeiting Made in Canada EPC (Class-1 Gen-2) is easy to countefeit: It’s basically just a wireless barcode! Tight tracking is useful per se in combating counterfeiting, e.g., via duplicate detection But integrity of tag is needed where data coordination is loose What can we do today to prevent cloning of EPC tags? We can use the “kill” feature!
The kill function Kill PIN K “morituri te salutamus” “Kill” + 32-bit PIN K’ K = K’ Only mandatory EPC security feature is for privacy! Idea: Cause tags on consumer items to self-destruct before they leave shop
The kill function Kill PIN K Bad PIN; [Reset] “Kill” + 32-bit PIN K’ K ≠ K’ “Kill” authenticates reader, but not very useful for tag authentication since it kills tags!
Low signal strength Kill PIN K Bad PIN; [Reset] K ≠ K’ “Kill” + 32-bit PIN K’
Low signal strength Kill PIN K Tag achieves accept/reject function for PINs: –“Good PIN” is accept –“Bad PIN” is reject Good PIN; insufficient power! “Kill” + 32-bit PIN K’ K = K’
How to authenticate a tag with low signal strength Kill PIN K If tag accepts K and rejects K’, then tag is good; otherwise bad Counterfeit EPC tag will fail with high probability “Intelligent” counterfeit tag succeeds with probability at most ½! –(Can boost detection probability with more bogus PINs, but expensive) “Kill” + PIN K “Kill” + random PIN K’
Implementing this Scheme Calibrating signal strength from reader would be hard Manufacturer can exchange privacy kill feature for authentication kill feature –Just set tag power threshold required for “kill” very high –Tag always thinks signal strength is too low –Still complies with EPC standard, which does not specify power threshold –Does not comply with conformance specifications Prob. ½ detection not high for individual clone, but very high for broad supply chain –A little like scheme for detecting fraudulent ballots Shortcomings: –Vulnerable to short-range eavesdropping –Limited execution on untrusted readers But much better than no authentication!
Welcome to Hell IT Department Moral 1: Standard crypto modeling fails for cheap RFID 011001010010
Welcome to Hell IT Department A cheap RFID tag cannot survive here… but worst case often isn’t reality for RFID 011001010010
We need new primitives and flexible modeling Low-cost tags will probably not be able to do full-blown crypto for some time –Moore’s Law opposed by pricing pressure… Crypto community should not take black and white view, e.g., abandon crypto-challenged tags to wolves (EPC Class-1 type) We need new primitives: –E.g., can we build good PRFs with really low gate count, e.g., hundreds of gates? And new modeling: –What special characteristics do RFID tags present to attackers? E.g., physical and radio layers –What security properties can we sacrifice in the real world? Learning to cut the right corners…
Moral 2 “We have not received one reported incident of fraud in the eight years [the DST] has been used by consumers and we are confident the systems remain secure.” - Texas Instruments, 10 February 2005 1980: Not one reported incident of a computer virus in the wild 1999: Not one reported incident of a major DDoS attack on the Internet “This year TI will begin ramping [up] production of its 128-bit encrypted RFID chips first introduced in early 2003…”
Moral 2 “We have not received one reported incident of fraud in the eight years [the DST] has been used by consumers and we are confident the systems remain secure.” - Texas Instruments, 10 February 2005 1980: Not one reported incident of a computer virus in the wild 1999: Not one reported incident of a multi-pronged DDoS attack on the Internet RFID is a new critical infrastructure in the making We should learn from the history of the Internet, where phishing, spam, etc. are crippling e-commerce Security community must promote and address security in RFID systems before problems become costly and pervasive “This year TI will begin ramping [up] production of its 128-bit encrypted RFID chips first introduced in early 2003…”
To learn more Primers and current RFID news: –www.rfidjournal.com RSA Labs RFID Web site: –www.rsasecurity.com/go/rfid –www.rfid-security.com (unofficial) JHU/RSA RFID Web site: –www.rfidanalysis.org New survey (and all papers described here) at www.ari-juels.com