1. 563.9.2 RFID Security & Privacy Matt Hansen University of Illinois Fall 2007

2. 2 Outline RFID Overview –Tags, Readers, and Applications –Tag Singulation Security & Privacy Threats Proposed Solutions Public Concerns 2

3. 3 RFID Overview Tags (transponders) Attached to objects, “call out” identifying data on a special radio frequency 02.3DFEX4.78AF51 EasyToll card #816 Reader (transceiver) Reads data off the tags without direct contact Radio signal (contactless) Range: from 3-5 inches to 3 yards Database Matches tag IDs to physical objects Shmatikov 05

4. 4 Tag Types Passive: –All power comes from a reader’s signal –Tags are inactive unless a reader activates them –Cheaper and smaller, but shorter range Semi-passive –On-board battery, but cannot initiate communication –Can serve as sensors, collect information from environment: for example, “smart dust” for military applications Active: –On-board battery power –Can record sensor readings or perform calculations in the absence of a reader –Longer read range LFHFUHFMicrowave Freq. Range125 - 134KHz13.56 MHz866 - 915MHz2.45 - 5.8 GHz Read Range10 cm1M2-7 M1M ApplicationSmart Cards, Ticketing, animal tagging, Access Control Small item management, supply chain, Anti-theft, library, transportation Transportation vehicle ID, Access/Security, large item management, supply chain Transportation vehicle ID (tolls), Access/Security, large item management, supply chain Fong 05

5. 5 Security Challenge Low cost RFID tags have very limited resources –Typically have only 500-5,000 gates –May have up to a few hundred bits of storage –Tags cannot perform complex computations Most tags simply emit a static identifier when prompted Tags do not have the resources to allow for public-key or symmetric-key encryption systems EPC tags: $0.05, 250 – 1000 gates AES requires 20,000 – 30,000 gates Fong 05

6. 6 Applications Supply-chain management –logistics, inventory control, retail check-out Payment systems –ExxonMobil SpeedPass –I-Pass/EZ-Pass toll systems –Credit Cards Access Control –Passports Library books Animal Tracking Fong 05

7. 7 Reading Tags The read process starts when an RFID reader sends out a query message –Invites all tags within range to respond –More than one RFID tag may respond at the same time Tags cannot generally hear one another This causes a collision –Reader cannot accurately read information from more than one tag at a time Reader must engage in a special singulation protocol to talk to each tag separately Shmatikov 05

8. 8 Singulation Algorithms Deterministic –Binary tree-walking scheme Reader sorts through tags based on tag ID Reader performs a depth-first search of the tag ID space Probabilistic –Slotted Aloha scheme Time is divided into discrete intervals Tags respond in randomly generated times Process does not depend on tag ID Sarma, Weis, Engels 02

9. 9 Tree Walking 000001010011100101110111 Every tag has a k-bit identifier prefix=0 prefix=00prefix=01 prefix=10prefix=11 prefix=1 Reader broadcasts current prefix Each tag with this prefix responds with its next bit If responses don’t collide, reader adds 1 bit to current prefix, otherwise tries both possibilities This takes O(k  number of tags) Shmatikov 05

10. 10 Threats ReaderTagEavesdropper Forward Channel Range (~100m) Backward Channel Range (~5m) Anti-collision scheme Fong 05 Eavesdropping

11. 11 Threats Tracking –Unauthorized use of a tag’s ID in order to gain information about the location of a person or object –In a retail environment, a user can be associated with an item at purchase time Cloning/Replay –Tags that emit static identifiers are very vulnerable –A thief could replace/rewrite a tag on an expensive item Denial-of-service –Conflicting RF signals can prevent legitimate tag communication Physical attacks –Probing a tag to determine private data Fong 05

12. 12 Security Goals Tags should not compromise privacy of holders –Information should not be leaked to unauthorized readers –Should not be possible to build long-term tracking associations Holders should be able to detect and disable tags they carry Private tag contents should be protected by access control and encryption Spoofing tags or readers should be difficult Sarma, Weis, Engels 02

13. 13 Potential Solutions Disable tags permanently –Kill bit/sleeping –Blocker/privacy tag Prevent tags from being read –Shielding –Jamming Prevent unauthorized parties from listening to tag communication –Cryptography –Distance/Power Level measurements Enact laws governing RFID use –Policy and Legislation

14. 14 Kill bit, Shielding, and Jamming Kill tag after purchase –Special command permanently de-activates tag after the product is purchased –Disables many futuristic applications –Alternative: set tag to “sleep” Shielding - Faraday cage –Container made of foil or metal mesh, impenetrable by radio signals of certain frequencies Shoplifters are already known to use foil-lined bags –Maybe works for a wallet, but huge hassle in general Active jamming –Disables all RFID, including legitimate applications Shmatikov 05

15. 15 Blocker Tag A form of jamming: broadcast both “0” and “1” in response to any request from an RFID reader –Guarantees collision no matter what tags are present –To talk to a tag, reader must traverse every tree path With 128-bit IDs, reader must try 2 128 values Privacy tag – a special case of the blocker tag –Blocks reading of protected tags, but does not disrupt normal RFID communication –Blocks only certain ID ranges and prevents illegitimate blocking –E.g., blocker tag blocks all IDs with first bit=1 Items on supermarket shelves have first bit=0 Can’t block tags on unpurchased items (anti-shoplifting) After purchase, flip first bit on the tag from 0 to 1 Juels, Rivest, Szydlo 03; Shmatikov 05

16. 16 More Possible Security Measures Distance/Power Level measurements –Majority of hostile reads occur when attacker is physically distant –Signal strength measurements and noise analysis can be used to estimate distance to the reader Cryptography –Required hardware not feasible on low-cost tags –Other methods use one-way hash functions and pseudo-random number generation Physical Protection –A combination of means (security cameras, sensors, etc.) to prevent tampering of RFID devices Policy and Legislation –Legal requirements on RFID use –Does not prevent attackers from unauthorized use Fishkin, Roy, Jiang 04

17. 17 Public Privacy Concerns Tracking –Libraries, retail, auto –Even if unique serial numbers are disabled at purchase time, tracking is still possible by associating “constellations” of tags –“Intelligent” theft –Human Tagging Baja Beach Club, Spain RFID Watchdog Groups –CASPIAN - (Consumers Against Supermarket Privacy Invasion and Numbering) –Spychips.com –Electronic Privacy Information Center Consumer Backlash –Gillette Razors –Benetton Clothing Shmatikov 05

18. 18 References & Recommended Readings Papers: K. P. Fishkin, S. Roy, and B. Jiang, Some Methods for Privacy in RFID Communication, In 1st European Workshop on Security in Ad-Hoc and Sensor Networks (ESAS 2004), 2004. A. Juels, RFID Security and Privacy: A Research Survey, Condensed version to appear in 2006 in the IEEE Journal on Selected Areas in Communication, 2006. A. Juels, R. L. Rivest, and M. Szydlo, The Blocker Tag: Selective Blocking of RFIDTags for Consumer Privacy, 8th ACM Conference on Computer and Communications Security, pp. 103-111, ACM Press, 2003. S. Sarma, S. Weis, and D. Engels, RFID Systems and Security and Privacy Implications, Workshop on Cryptographic Hardware and Embedded Systems, 2002. S. A. Weis, S. E. Sarma, R. L. Rivest, and D. W. Engels, Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems, Security in Pervasive Computing, 2003. Presentations: Vitaly Shmatikov, RFID Security and Privacy, University of Texas Lecture, 2005. Kenny Fong, RFID Security, Southern Illinois University Lecture, 2005. 18