Presentation is loading. Please wait.

Presentation is loading. Please wait.

RFID SECURITY.

Published byGarry Berry Modified over 8 years ago

Similar presentations

Presentation on theme: "RFID SECURITY."— Presentation transcript:

1 RFID SECURITY

2 How Does RFID Work? Tags (transponders) Reader (transceiver) Database
02.3DFEX4.78AF51 EasyToll card #816 Radio signal (contactless) Range: from 3-5 inches to 3 yards Tags (transponders) Attached to objects, call out their (unique) name and/or static data on a special radio frequency Reader (transceiver) Reads data off the tags without direct contact Database Matches tag IDs to physical objects

3 Asymmetric channels Range of Reader (Forward Channel) ~100 m
TAG EAVESDROPPER ~5 m Tag’s Range (Backward Channel)

4 Applications Tracking/Identification
Library Books Children Pets Auto Parts Inventory management in a Supply Chain Contactless Smart Cards

5 A Generic Supply Chain Retailers Wholesalers Manufacturers
Suppliers Manufacturers Wholesalers Retailers goods, invoices Purchase orders, payments Supply web (retail customers not shown)

6 Key Decisions When to order How much to order From whom to order
As order quantity increases, holding cost increases As order quantity decreases, stockout cost increases From whom to order

7 The Problem - Motivation
Basic problem with RFID tags Can be remotely scanned Respond to query by any reader This leads to security and privacy risk Resource constraints Limited power and computing resources Hence classical cryptographic mechanisms not feasible The RFID security challenge How to obtain maximum security with almost no resources?

8 The Problems of Privacy and Security
RFID privacy concerns the problem of misbehaving readers harvesting information from well-behaving tags. Risks : Leakage of personal information (prescriptions, brand/size of clothes etc.). Location privacy: Tracking the physical location of individuals by their RFID tags. RFID authentication concerns the problem of well behaving readers receiving information from misbehaving tags, particularly counterfeit ones. Risks: Forgery Sabotage

9 Cost and capability The strength and flavor of proposed security solutions will depend on the allowed tag cost for different applications 50+ cent tags. Low-end tags will be 10 cent, 5 cent and 2 cent in about 5 years

10 Challenge Tens of research ideas have been proposed in the past two years Propose improvements over the existing privacy enhancing protocols for the extremely resource constrained RFID systems

11 Security Attacks Spoofing Denial of Service Man in the middle attack
Imitating the behavior of a genuine tag Denial of Service Man in the middle attack Modify the response of the tag to the reader or vice versa Replay Attack Eavesdrop message from the tag (reader) & re-transmit the message to the legitimate reader (tag). Traffic Analysis Monitoring of comm. between reader & tag allows adversary to perform traffic analysis & generate statistical data.

12 Security and Privacy Requirements
Anonymity Tag output should not give idea about ID Untraceability Tag output should be varying Indistinguishibility Tag output should be truly random, i.e. variation should not be predictable Forward Security Adversary should not be able to associate the current output with past output Mutual Authentication Tag-to-reader and reader-to-tag authentication

13 Backend Requirements Efficiency and scalability Flexibility
Order of computation/precomputation required as a function of number of tags Flexibility Changes required with addition/removal of tags

14 Hash Lock Reader RFID tag Goal: Authenticate reader to the RFID tag
[Rivest, Weis, Sharma, Engels] Goal: Authenticate reader to the RFID tag Reader “Who are you?” RFID tag metaID key Compute hash(key) and compare with stored metaID “My real ID is…” Stores metaID=hash(key) Stores key; hash(key) for any tag Unique key for each tag

15 Hash Lock Analysis PROS CONS
Relatively cheap to implement : Tag has to store hash function implementation and metaID Security based on weak collision-resistance of hash function Scalable due to low key look-up overhead CONS Constant tag output – enables traceability Motivates Randomization Too many messages/rounds Requires reader to know all keys

16 Randomized Hash Lock Reader RFID tag
[Weis et al.] Goal: Authenticate reader to the RFID tag Reader RFID tag “Who are you?” Generate random R R, hash(R,IDk) Compute hash(R,IDi) for every known IDi and compare “You must be IDk” Stores its own IDk Stores all IDs: ID1, … ,IDn

17 Randomized Hash Lock Analysis
PROS Randomized response prevents tracking Tag needs to store hash implementation and pseudo-random number generator CONS Inefficient brute force key look-up No Forward security Motivates updating tag ID on each read Security Flaw - Adversary can impersonate tag by learning a valid tag response.

18 OSK Scheme [Ohkubo, Suzuki and Kinoshita] Goal: Enable reader to identify the RFID tag, change tag identifier on each read Database Reader Tag Query Ai=G(Si) Ai=G(Si) Compute Hash Chain Si+1=H(Si) Tag ID

19 OSK Analysis Motivates reducing computation time at reader/backend
PROS Different random like values on every read operation prevents tracking Forward Security ensured due to one way hash property Tag needs to store only 2 hash implementations, hence low cost Minimal number of transmissions CONS Not scalable for large scale applications due to brute force search Motivates reducing computation time at reader/backend Susceptible to DoS attacks May lead to problem due to hash collisions.

20 Summary RFIDs have many useful applications related to tracking and identification But there are some important issues of security and privacy Small number of gates for S/P makes the design of such protocols challenging Tens of schemes proposed for security/privacy but subtle drawbacks with many of them. Much more work needed in this area

Download ppt "RFID SECURITY."

Similar presentations

SMUCSE 7349 RFID Security. SMUCSE 7349 Current Applications Logistics –Military supply logistics Gulf War I: Double orders to ensure arrival Gulf War.

SMUCSE 7349 RFID Security. SMUCSE 7349 Current Applications Logistics –Military supply logistics Gulf War I: Double orders to ensure arrival Gulf War.
1 Security in Wireless Protocols Bluetooth, 802.11, ZigBee.

1 Security in Wireless Protocols Bluetooth, , ZigBee.
Queensland University of Technology CRICOS No. 00213J Mitigating Sandwich Attacks against a Secure Key Management in WSNs for PCS/SCADA Hani Alzaid, DongGook.

Queensland University of Technology CRICOS No J Mitigating Sandwich Attacks against a Secure Key Management in WSNs for PCS/SCADA Hani Alzaid, DongGook.
A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme Divyan M. Konidala, Zeen Kim, Kwangjo Kim {divyan, zeenkim, International.

A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme Divyan M. Konidala, Zeen Kim, Kwangjo Kim {divyan, zeenkim, International.
Serverless Search and Authentication Protocols for RFID Chiu C. Tan, Bo Sheng and Qun Li Department of Computer Science College of William and Mary.

Serverless Search and Authentication Protocols for RFID Chiu C. Tan, Bo Sheng and Qun Li Department of Computer Science College of William and Mary.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
Security for RFID Department of Information Management, ChaoYang University of Technology. Speaker : Che-Hao Chen ( 陳哲豪 ) Date:2006/01/18.

Security for RFID Department of Information Management, ChaoYang University of Technology. Speaker : Che-Hao Chen ( 陳哲豪 ) Date:2006/01/18.
TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P Systems Aameek Singh and Ling Liu Presented by: Korporn Panyim.

TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P Systems Aameek Singh and Ling Liu Presented by: Korporn Panyim.
A lightweight mutual authentication protocol for RFID networks 2005 IEEE Authors : Zongwei Luo, Terry Chan, Jenny S. Li Date : 2006/3/21 Presented by Hung.

A lightweight mutual authentication protocol for RFID networks 2005 IEEE Authors : Zongwei Luo, Terry Chan, Jenny S. Li Date : 2006/3/21 Presented by Hung.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Slide 1 Vitaly Shmatikov CS 378 RFID Security and Privacy.

Slide 1 Vitaly Shmatikov CS 378 RFID Security and Privacy.
1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.

1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.
RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.

RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.
Security in RFID Presented By… NetSecurity-Spring07

Security in RFID Presented By… NetSecurity-Spring07
Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.

Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.
RFID Chris Harris Carey Mears Rebecca Silvers Alex Carper.

RFID Chris Harris Carey Mears Rebecca Silvers Alex Carper.
INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.

INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.
Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems Stephen A. Weis, Sanjay E. Sarma, Ronald L. Rivest and Daniel W. Engels.

Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems Stephen A. Weis, Sanjay E. Sarma, Ronald L. Rivest and Daniel W. Engels.
Slide 1 Vitaly Shmatikov CS 378 RFID Security and Privacy.

Slide 1 Vitaly Shmatikov CS 378 RFID Security and Privacy.
1 電子商務代理人與無線射頻系統上安全設計之研究 The Study of Secure Schemes on Agent-based Electronic Commerce Transaction and RFID system 指導教授 : 詹進科 教授 (Prof. Jinn-Ke Jan) 陳育毅.

1 電子商務代理人與無線射頻系統上安全設計之研究 The Study of Secure Schemes on Agent-based Electronic Commerce Transaction and RFID system 指導教授 : 詹進科 教授 (Prof. Jinn-Ke Jan) 陳育毅.

Similar presentations

Ads by Google