Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 RFID Technology and Threat Modeling Presented by: Neeraj Chaudhry University of Arkansas.

Published bySuzanna Stephens Modified over 8 years ago

Similar presentations

Presentation on theme: "1 RFID Technology and Threat Modeling Presented by: Neeraj Chaudhry University of Arkansas."— Presentation transcript:

1 1 RFID Technology and Threat Modeling Presented by: Neeraj Chaudhry University of Arkansas

2 2 Presentation layout Introduction of RFID Application of RFID RFID System Classification of RFID tags RFID frequencies RFID interms of EPC – EPC code format –Communication Link Inductive Coupling Backscatter Coupling –Encoding and modulation –Anti-collision Protocols Tag Anti-collision Protocol Reader Anti-collision protocol

3 3 Presentation Layout Standardization ( EPCglobal and ISO) Comparison of EPC and UPC EPC tags EPCglobal UHF class 0 tag –Reader to tag Link –Reader to tag symbols –Tag to reader Link –Binary tree Scanning Anti-collision Protocol EPCglobal UHF class 1 Gen. 1 EPCglobal UHF class 1 Gen. 2 EPCglobal Network RFID Threats based on STRIDE model –Spoofing Identity –Tampering data –Repudiation –Information disclosure –Denial of service –Elevation of Privilege

4 4 What is RFID? Stands for Radio Frequency Identification Uses radio waves for identification New frontier in the field of information technology One of Automatic Identification Provides unique identification of an object

5 5 Applications Mobil Speedpass systems Automobile Immobilizer systems Fast-lane and E-Zpass road toll system Animal Identification Secure Entry cards Humans Supply chain management

6 6 RFID System Tags consists of antenna and a microchip Readers consists of a transmitter, receiver, and one or more antennas Management system Communication protocol Computer Networks

7 7 RFID system

8 8 RFID Tag Tag is a device used to transmit information such as a serial number to the reader in a contact less manner Classified as : –Passive –Active –Semi-passive

9 9 Classification of Passive and Active tag Characteristics Passive RFID tag Active RFID tag Power SourceProvided by a readerInbuilt Availability of powerWithin the field of readerContinuous Signal Strength (Reader to Tag) HighLow Signal Strength (Tag to Reader) LowHigh Communication range< 3meters>100 meters Tag reads< 20 moving tags @ 3mph in few seconds >1000 moving tags @ 100mph in 1 sec Memory128 bytes128 Kbytes Applicability in supply chain Applicable where tagged items movement is constrained Applicable where tagged items movement is variable and unconstrained

10 10 RFID Reader Also known an interrogator Can be handheld or stationary Consists of: –Transmitter –Receiver –Antenna –Microprocessor –Memory –Controller or Firmware –Communication channels –Power

11 11 Communication Link Inductive Coupling Backscatter Coupling

12 12 Modulation Process of changing the characteristics of radio waves to encode data and to transmit it to the other end Techniques used depends on the power consumption, reliability and available bandwidth. –Amplitude Shift Keying (ASK) –Frequency Shift keying (FSK) –Phase Shift Keying (PSK)

13 13 Encoding

14 14 Anti-Collision Protocol Tag Anti-Collision protocol – Aloha/Slotted Aloha – Deterministic binary tree walking – Query tree walking Reader Anti-Collision protocol – TDM/FDM

15 15 RFID Frequency range Frequency BandDescription < 135 KHzLow frequency 6.765 – 6.795 MHzMedium frequency 7.4 – 8.8 MHzMedium frequency 13.553 – 13.567 MHzMedium frequency 26.957 – 27. 283 MHzMedium frequency 433 MHzUHF 868 – 870 MHzUHF 902 – 928 MHzUHF 2.4 – 2.483 GHzSHF 5.725 – 5.875 GHzSHF

16 16 Standarization ISO –18000–1: Generic air interfaces for globally accepted frequencies –18000–2: Air interface for 135 KHz –18000–3: Air interface for 13.56 MHz –18000–4: Air interface for 2.45 GHz –18000–5: Air interface for 5.8 GHz –18000–6: Air interface for 860 MHz to 930 MHz –18000–7: Air interface at 433.92 MHz EPCglobal –UHF Class-0 –UHF Class-1 Generation-1 (Class-1 Gen-1) –UHF Class-1 Generation-2 (Class-1 Gen-2)

17 17 Electronic Product Code Global (EPCglobal) Network EPCglobal Network consists of five component –Electronic Product Code (EPC) number –ID system (tags and readers) –EPC middleware –Discovery Service (ONS) –Information service

18 18 Electronic Product Code (EPC)

19 19 Comparison of EPC and UPC (Barcodes) Both are forms of Automatic identification technologies UPC require line of sight and manual scanning whereas EPC do not UPC require optical reader to read whereas EPC reader reads via radio waves EPC tags possess a memory and can be written while UPC do not

20 20 EPC Tag Classes Class 0PassiveRead only Class 1PassiveRead only write once Class 2Passive65 KB read-write Class 3Semi-passive 65 KB read-write with built-in battery Class 4ActiveBuilt-in battery Class 5Active Communicates with other class 5 tags and devices

21 21 EPCglobal UHF Class-0 Tag Describes physical layer reader-to-tag link, tag-to-reader link and data link anti- collision protocol Reader to tag link use 100% or 20% modulation amplitude modulated (AM) carrier signal Use binary tree anti-collision protocol

22 22 Class-0 Reader-to-Tag Symbols

23 23 Binary tree anti-collision protocol for Class-0

24 24 EPCglobal UHF Class-1 Gen-1 Employs same modulation and encoding techniques as UHF Class-0 Use query tree walking anti-collision protocol –Reader queries by using group of bits, matching tags responds with an 8-bit response during one of eight time slots. Eight time slot for tags response

25 25 Query Tree Protocol for Class-1 Gen-1 and first step of Gen-2

26 26 EPCglobal UHF Class-1 Gen-2 Use one of ASK, FSK or PSK modulation with PWM encoding referred as pulse- interval encoding (PIE) format. Reader chooses the encoding format for tag-to-reader link. –FM0 –Miller Use Aloha based random anti-collision protocol called Q protocol

27 27 Q Protocol anti-collision protocol Reader cycle through the select, inventory and access phase to mange population. Select phase is used to single out particular tag population like query tree protocol. Inventory phase identifies individual tag using Q protocol, which is slotted Aloha-based protocol. Reader creates slot in which all tags backscatter at the beginning of the slot. Query contains the parameter Q and session number. Tags belong to requested session pick a random number in the range [0,2^Q-1]. Tags that pick zero backscatter a 16 bit random number. Remaining tags decrease their slot number depending upon readers command and when reaches zero backscatters. Reader acknowledges by sending 16-bit random number. Then the chosen tag backscatters its EPC In this way, the reader queries multiple tags in a session and can vary parameter Q which is in the range [0,15].

28 28 RFID Threats Categorized with STRIDE Spoofing identity Tampering with data Repudiation Information disclosure Denial of service Elevation of privilege

29 29 Spoofing Threats A competitor or thief performs an unauthorized inventory. An attacker determines what organization is assigned an EPC number by posing as an authorized ONS user. An attacker determines the complete information about an object by posing as an authorized user of the database referenced by ONS. An attacker posing as an ONS server.

30 30 Tampering with Data Threats An attacker modifies the EPC of a read/write tag. An attacker adds a tag to an object. An attacker physically removes or destroys a tag.  An attacker erases a tag.  An attacker “kills” a tag.  An attacker switches a high-priced item’s EPC number with the lower price item’s EPC number.  An attacker reorders the data on a tag. An attacker modifies the return signal from the tag to the reader. An attacker poses as an ONS server and responds with the incorrect URL in response to an ONS query from a manager. An attacker modifies, adds, deletes, or reorders data in a database.

31 31 Repudiation Threats A retailer denies receiving a certain pallet, case, or item. The owner of the EPC number denies having information about the item to which the tag is attached.

32 32 Information Disclosure Threats An unauthorized inventory of a store by scanning RFID EPC tags with a reader to determine the types and quantities of items. A thief could query a warehouse, truck, or store to help locate high-priced items.  A thief could create a duplicate RFID tag with the same EPC number and return a forged item for an unauthorized refund.  A fixed reader at any retail counter could identify the tags of a person and show the similar products on the nearby screen to a person to provide individualized marketing.  A mugger marks a potential victim by querying the tags in possession of an individual to determine if they are carrying valuable or wanted items.  An attacker blackmails an individual for having certain merchandise in their possession.

33 33 Denial of Service Threats A shoplifter carries a blocker tag that disrupts reader communication to conceal the stolen item. An attacker can simulate many RFID tags simultaneously causing the anti-collision to perform singulation on a large number of tags making the system unavailable to authorized use. An attacker disables all RFID EPC tags in a store or warehouse disrupting business operations and causing a loss of revenue. An attacker destroys or damages tag so that it will not respond to a query from a reader. An attacker sends a special “kill” command to the tag if the tag supports it to disable it. An attacker shields the tag from being read with a Faraday Cage. An attacker with powerful reader jams the reader by creating a more powerful return signal.  An attacker performs a traditional Internet denial-of-service attack against the servers gathering EPC numbers from the readers. An attacker performs a traditional Internet denial-of-service attack against ONS. An attacker sends URL queries to a database causing it to do database queries and therefore denying access to authorized users.

34 34 Elevation of Privilege Threats A user logging on to the database to know the product’s information can become an attacker by raising his/her status in the information system from a user to a root server administrator and write or add malicious data into the system.

35 35 Contact Information NEERAJ CHAUDHRY 705 West Putman Street, Apt # R-2, Fayetteville, AR-72701 Email: nchaudh@uark.edu Phone: (479) 599-9107 Dale R. Thompson, P.E., Ph.D. Department of Computer Science and Computer Engineering University of Arkansas 311 Engineering Hall Fayetteville, Arkansas 72701 Phone: +1 (479) 575-5090 FAX: +1 (479) 575-5339 E-mail: d.r.thompson@ieee.org WWW: http://csce.uark.edu/~drt/

Download ppt "1 RFID Technology and Threat Modeling Presented by: Neeraj Chaudhry University of Arkansas."

Similar presentations

Victor K. Y. Wu Department of Electrical Engineering

Victor K. Y. Wu Department of Electrical Engineering
PROF. MAULIK PATEL CED, GPERI Mobile Computing Gujarat Power Engineering and Research Institute 1 Prepared By: Prof. Maulik Patel Mobile Technologies.

PROF. MAULIK PATEL CED, GPERI Mobile Computing Gujarat Power Engineering and Research Institute 1 Prepared By: Prof. Maulik Patel Mobile Technologies.
Lesson Title: RFID Modulation, Encoding, and Data Rates Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: RFID Modulation, Encoding, and Data Rates Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Overview of new technologies Jørgen Bach Andersen, Aalborg University, Denmark Sven Kuhn, Rasmus Krigslund, Troels B. Sørensen.

Overview of new technologies Jørgen Bach Andersen, Aalborg University, Denmark Sven Kuhn, Rasmus Krigslund, Troels B. Sørensen.
Lesson Title: Tag Threats, Risks, and Mitigation Dale R. Thompson and Jia Di Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Tag Threats, Risks, and Mitigation Dale R. Thompson and Jia Di Computer Science and Computer Engineering Dept. University of Arkansas
RFID I System and Features. 2 Communication Technology Laboratory Wireless Communication Group Outline Introduction RFID Main Components Fundamental Operating.

RFID I System and Features. 2 Communication Technology Laboratory Wireless Communication Group Outline Introduction RFID Main Components Fundamental Operating.
Fast and Reliable Estimation Schemes in RFID Systems Murali Kodialam and Thyaga Nandagopal Bell Labs, Lucent Technologies.

Fast and Reliable Estimation Schemes in RFID Systems Murali Kodialam and Thyaga Nandagopal Bell Labs, Lucent Technologies.
1 FCC RFID Workshop RFID Discussions September 7, 2004 Kevin Powell, Symbol Technologies.

1 FCC RFID Workshop RFID Discussions September 7, 2004 Kevin Powell, Symbol Technologies.
An Empirical Study of UHF RFID Performance Michael Buettner and David Wetherall Presented by Qian (Steve) He CS 577 - Prof. Bob Kinicki.

An Empirical Study of UHF RFID Performance Michael Buettner and David Wetherall Presented by Qian (Steve) He CS Prof. Bob Kinicki.
Security for RFID Department of Information Management, ChaoYang University of Technology. Speaker : Che-Hao Chen ( 陳哲豪 ) Date:2006/01/18.

Security for RFID Department of Information Management, ChaoYang University of Technology. Speaker : Che-Hao Chen ( 陳哲豪 ) Date:2006/01/18.
EPC Radio Frequency Identify Protocols Class1 Generation-2 UHF RFID 860 MHZ – 960 MHZ EPCglobal.

EPC Radio Frequency Identify Protocols Class1 Generation-2 UHF RFID 860 MHZ – 960 MHZ EPCglobal.
Lesson Title: Threats to and by an RFID system Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Threats to and by an RFID system Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.

RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.
University of Kansas | School of Engineering Department of Electrical Engineering and Computer Science Milagros FigueroaApril 2008 1 Access Methods for.

University of Kansas | School of Engineering Department of Electrical Engineering and Computer Science Milagros FigueroaApril Access Methods for.
Topic 3: Sensor Networks and RFIDs Part 3 Instructor: Randall Berry Northwestern University MITP 491: Selected Topics.

Topic 3: Sensor Networks and RFIDs Part 3 Instructor: Randall Berry Northwestern University MITP 491: Selected Topics.
AutoID Automatic Identification Technologies at the MIT Media Lab Gregory Chittim – ES 112 – 03S.

AutoID Automatic Identification Technologies at the MIT Media Lab Gregory Chittim – ES 112 – 03S.
1 EPCglobal Training Suite. 2 Introduction Tag Protocol - UHF Class 1 Gen 2 Ultra High Frequency (UHF) Generation 2 (Generation 1 is deprecated) Class.

1 EPCglobal Training Suite. 2 Introduction Tag Protocol - UHF Class 1 Gen 2 Ultra High Frequency (UHF) Generation 2 (Generation 1 is deprecated) Class.
Lesson Title: Singulation Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas 1 This material.

Lesson Title: Singulation Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas 1 This material.
RFID in Mobile Commerce and Security Concerns Chassica Braynen April 25, 2007.

RFID in Mobile Commerce and Security Concerns Chassica Braynen April 25, 2007.
RFID Cow Jewelry – or – Revolution Travis Sparks

RFID Cow Jewelry – or – Revolution Travis Sparks

Similar presentations

Ads by Google