Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to RFID Security and Privacy Ari Juels Chief Scientist RSA, The Security Division of EMC RFIDSec 2011 Tutorial All slides © 2011, RSA Laboratories.

Published byAngelina Blair Modified over 8 years ago

Similar presentations

Presentation on theme: "Introduction to RFID Security and Privacy Ari Juels Chief Scientist RSA, The Security Division of EMC RFIDSec 2011 Tutorial All slides © 2011, RSA Laboratories."— Presentation transcript:

1 Introduction to RFID Security and Privacy Ari Juels Chief Scientist RSA, The Security Division of EMC RFIDSec 2011 Tutorial All slides © 2011, RSA Laboratories

2 Part II: RFID Privacy

3 There are two types of RFID privacy 1.Tracking privacy: Protection against physical tracking via unique identifiers 2.Content privacy: Protection against unauthorized scanning of data stored on tag

4 Why physical considerations say we should forget about tracking privacy…

5 Ms. Smith and her privacy-preserving RFID tag “87D6CAA7F” = “Ms. Smith”

6 Ms. Smith and her privacy-preserving RFID tag What about PET (Privacy Enhancing Technologies) for pets?

7 Ms. Smith and her privacy-preserving RFID tag What about Ms. Smith’s face?

8 Ms. Smith and her privacy-preserving RFID tag What about Ms. Smith’s mobile phone?

9 Ms. Smith and her privacy-preserving RFID tag Are we still worried about this circle???

10 Well, suppose we are still worried… We can change identifiers, right? “87D6CAA7F” “5ED6CF4C8” “9816F271BB” “D7612A873C”

11 Changing identifiers won’t work Physical-Layer Identification of RFID Devices –Danev, Heydt-Benjamin, and Capkun –USENIX Security ’09 Extract hardware “fingerprint” based on power modulation Show that it is possible to identify RFID tags over the air with > 2% at ERR –This will improve, of course Logical Layer (data, crypto protocols) Physical Layer (power modulation) r s, f x (r,s)

12 What does this mean for the dozens of paper on anti-tracking privacy? I’d argue that we should give up on anonymity –Not just in RFID Emphasis on content privacy makes more sense Logical Layer (data, crypto protocols) Physical Layer (power modulation) r s, f x (r,s) Serial #878SBE871 “Oxycontin, 160 mg” Changing identifiers won’t work

13 Content Privacy via “Blocker” Tags

14 The “Blocker” Tag

15 “Blocker” Tag Blocker simulates all (billions of) possible tag serial numbers!! 1,2,3, …, 2023 pairs of sneakers and… 1800 books and a washing machine and…(reading fails)…

16 “Tree-walking” anti-collision protocol for RFID tags 000 001 010 011100 101 110 111 00011011 01 ?

17 In a nutshell “Tree-walking” protocol for identifying tags recursively asks question: –“What is your next bit?” Blocker tag always says both ‘0’ and ‘1’! –Makes it seem like all possible tags are present –Reader cannot figure out which tags are actually present –Number of possible tags is huge (at least a billion billion), so reader stalls

18 Two bottles of Merlot #458790 Blocker tag system should protect privacy but still avoid blocking unpurchased items

19 Consumer privacy + commercial security Blocker tag can be selective: –Privacy zones: Only block certain ranges of RFID- tag serial numbers –Zone mobility: Allow shops to move items into privacy zone upon purchase Example: –Blocker blocks all identifiers with leading ‘1’ bit –Items in supermarket carry leading ‘0’ bit –On checkout, leading bit is flipped from ‘0’ to ‘1’ PIN required, as for “kill” operation

20 Blocking with privacy zones 000 001 010 011100 101 110 111 00011011 01 Transfer to privacy zone on purchase of item Privacy zone

21 Polite blocking We want reader to scan privacy zone when blocker is not present –Aim of blocker is to keep functionality active – when desired by owner But if reader attempts to scan when blocker is present, it will stall! Your humble servant requests that you not scan the privacy zone Polite blocking: Blocker informs reader of its presence

22 More about blocker tags Blocker tag can be cheap –Essentially just a “yes” tag and “no” tag with a little extra logic –Can be embedded in shopping bags, etc. With multiple privacy zones, sophisticated, e.g., graduated policies are possible

23 An Example: The R X A Pharmacy

24 RFID-tagged bottle + “Blocker” bag

25

26 “Soft” Blocking Idea: Implement polite blocking only – no hardware blocking –A little like P3P… External audit possible: Can detect if readers scanning privacy zone Advantages: –“Soft blocker” tag is an ordinary RFID tag –Flexible policy: “Opt-in” now possible e.g., “Medical deblocker” now possible Weaker privacy, but can combine with “hard” blocker

27 Smart blocking approach: Personal Simulator or Proxy for RFID Those phones with NFC could someday get more general-purpose radios… We might imagine a simulation lifecycle: –Mobile phone “acquires” tag when in proximity –Mobile phone simulates tags to readers, enforcing user privacy policy –Mobile phone “releases” tags when tags about to exit range

28 Content Privacy via Dispersion

29 Keeping the customer satisfied… “I want a rock-solid encryption algorithm… with 20-bit keys.” “I want my retail stores to be able to read RFID-tagged items… but I want tags to be unreadable after sale… and I don’t want to have to kill or rewrite or block them…

30 EPC tags and privacy Recall that EPC tags have no true cryptographic functionality One true, explicit EPC privacy feature: Kill –On receiving tag-specific PIN, tag self-destructs –Tag is “dead in the Biblical sense” (S. Sarma) But commercial RFID users say: –They do not want to manage kill PINs –They have no channel to communicate secret keys downstream in supply chain –Key transport is a big problem!!!

31 Our approach: Put the secret keys on the tags Encrypt tag data under secret key  Apply secret sharing to spread key  across tags in crate –E.g.,   ( s 1, s 2,, s 3 ) E  (m 1 ) s 1 E (m2)s2E (m2)s2 E (m3)s3E (m3)s3 

32 Encrypt tag data under secret key  Apply secret sharing to spread key  across tags in crate –E.g.,   ( s 1, s 2,, s 3 ) E  (m 1 ) s 1 E (m2)s2E (m2)s2 E (m3)s3E (m3)s3  Our approach: Put the secret keys on the tags Supersteroids 500mg; 100 count Serial #87263YHG Mfg: ABC Inc. Exp: 6 Mar 2010

33 Privacy through dispersion

34 E  (m 1 ) s 1 E (m2)s2E (m2)s2 E (m3)s3E (m3)s3 Individual shares / small sets reveal no information about medication! ( Super- Steroids) (Super- Steroids) (Super- Steroids)

35 Use case: Privacy protection on medications Step 1: Receive crate at pharmacy Step 2: Pharmacy reads tags, gets keys, decrypts data Step 3: Tags and data are dispersed Data

36 Some challenges 1.Storage is at a premium in EPC, but no secret-sharing literature on “tiny” shares “Short” shares are 128 bits, but we may want 16 bits or less! 2.Scanning errors We need robustness in our secret-sharing scheme

37 Some challenges 3.In-store key harvesting  Preventive idea: Add “chaff,” i.e., bogus or “noise” shares If secret-sharing scheme for crate can tolerate d errors, then add 2d/3 bogus shares per crate Can recover from d/3 errors in single crate Hard to reconstruct secrets for two crates mixed together, as we have 4d/3 > d errors “Overinformed” adversary

Download ppt "Introduction to RFID Security and Privacy Ari Juels Chief Scientist RSA, The Security Division of EMC RFIDSec 2011 Tutorial All slides © 2011, RSA Laboratories."

Similar presentations

SMUCSE 7349 RFID Security. SMUCSE 7349 Current Applications Logistics –Military supply logistics Gulf War I: Double orders to ensure arrival Gulf War.

SMUCSE 7349 RFID Security. SMUCSE 7349 Current Applications Logistics –Military supply logistics Gulf War I: Double orders to ensure arrival Gulf War.
Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
RFID: OPPORTUNITIES and CHALLENGES Yize Chen. History In 1969, Mario Cardullo presented a RFID business plan to investors. The application areas include:

RFID: OPPORTUNITIES and CHALLENGES Yize Chen. History In 1969, Mario Cardullo presented a RFID business plan to investors. The application areas include:
NFC Devices: Security and Privacy

NFC Devices: Security and Privacy
 Physical Logical Access  Physical and Logical Access  Total SSO and Password Automation  Disk/Data Encryption  Centralized management system  Biometric.

 Physical Logical Access  Physical and Logical Access  Total SSO and Password Automation  Disk/Data Encryption  Centralized management system  Biometric.
Fuzzy Vaults: Toward Secure Client-Side Matching Ari Juels RSA Laboratories 10th CACR Information Security Workshop 8 May 2002 LABORATORIES.

Fuzzy Vaults: Toward Secure Client-Side Matching Ari Juels RSA Laboratories 10th CACR Information Security Workshop 8 May 2002 LABORATORIES.
RFID and SECURITY All slides © 2008 RSA Laboratories.

RFID and SECURITY All slides © 2008 RSA Laboratories.
The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy A. Juels, R. L. Rivest, and M. Szydlo 8th ACM Conference on Computer and Communications.

The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy A. Juels, R. L. Rivest, and M. Szydlo 8th ACM Conference on Computer and Communications.
Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.

Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.
11/15/2003 Fishkin/Roy - MIT RFID Privacy Workshop1 Enhancing RFID Privacy via Antenna Energy Analysis Ken Fishkin: Intel Research Seattle Sumit Roy: U.

11/15/2003 Fishkin/Roy - MIT RFID Privacy Workshop1 Enhancing RFID Privacy via Antenna Energy Analysis Ken Fishkin: Intel Research Seattle Sumit Roy: U.
RFID: Security and Privacy for Five-Cent Computers Ari Juels Principal Research Scientist RSA Laboratories USENIX Security 2004 5¢5¢

RFID: Security and Privacy for Five-Cent Computers Ari Juels Principal Research Scientist RSA Laboratories USENIX Security ¢5¢
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
High-Power Proxies for Enhancing RFID Privacy and Utility PETs Workshop June 1, 2005 Paul Syverson Naval Research Laboratory Joint work with Ari Juels,

High-Power Proxies for Enhancing RFID Privacy and Utility PETs Workshop June 1, 2005 Paul Syverson Naval Research Laboratory Joint work with Ari Juels,
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
RFID Security and Privacy A Research Survey Shruti Pathak CS 585 Spring ‘09.

RFID Security and Privacy A Research Survey Shruti Pathak CS 585 Spring ‘09.
Security in RFID Presented By… NetSecurity-Spring07

Security in RFID Presented By… NetSecurity-Spring07
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Asmt. 10: ID chips in product Pro RFID chips in product Group 3. Team A Ivan Augustino Andres Crucitti.

Asmt. 10: ID chips in product Pro RFID chips in product Group 3. Team A Ivan Augustino Andres Crucitti.
#1 Privacy in pervasive computing What can technologists do? David Wagner U.C. Berkeley In collaboration with David Molnar, Andrea Soppera, Ari Juels.

#1 Privacy in pervasive computing What can technologists do? David Wagner U.C. Berkeley In collaboration with David Molnar, Andrea Soppera, Ari Juels.
RFID Cardinality Estimation with Blocker Tags

RFID Cardinality Estimation with Blocker Tags

Similar presentations

Ads by Google