MIXNET for Radio Frequency Identification Jaanus Uudmae, Harshitha Sunkara, Dale R. Thompson, Sean Bruce, and Jayamadhuri Penumarthi Dale R. Thompson, Ph.D., P.E. Associate Professor Computer Science and Computer Engineering Dept. University of Arkansas
Related Activities Member of GS1 EPCglobal Hardware Action Group Product Data Protection ad hoc Committee (Dec – present) Member of GS1 EPCglobal Hardware Action Group Product Data Protection ad hoc Committee (Dec – present) Affiliated with University of Arkansas RFID Research Center ( (Feb – present) Affiliated with University of Arkansas RFID Research Center ( (Feb – present) Lightweight Authentication for RFID (Aug – present) Lightweight Authentication for RFID (Aug – present) Categorizing RFID Privacy Threats with STRIDE (July 2006) Categorizing RFID Privacy Threats with STRIDE (July 2006) Taught RFID Communications class (May – June 2006) Taught RFID Communications class (May – June 2006) RFID Security Threat Model (Mar. 2006) RFID Security Threat Model (Mar. 2006) Brute Force Attack of EPCglobal UHF Class-1 Generation-2 RFID Tag (Jan. – May 2006) Brute Force Attack of EPCglobal UHF Class-1 Generation-2 RFID Tag (Jan. – May 2006) Attack Graphs for EPCglobal RFID (Jan. – May 2006) Attack Graphs for EPCglobal RFID (Jan. – May 2006) MIXNET Using Universal Re-encryption for Radio Frequency Identification (RFID) (Aug – Dec. 2006) MIXNET Using Universal Re-encryption for Radio Frequency Identification (RFID) (Aug – Dec. 2006) RFID Technical Tutorial and Threat Modeling Project (Jun. – Dec. 2005) RFID Technical Tutorial and Threat Modeling Project (Jun. – Dec. 2005)
University of Arkansas RFID Research Center Fully student staffed with 24 industry members, which recently became the first open laboratory to be accredited by EPCglobal Inc. Fully student staffed with 24 industry members, which recently became the first open laboratory to be accredited by EPCglobal Inc.
What is RFID? Stands for Radio Frequency Identification Stands for Radio Frequency Identification Uses radio waves for identification Uses radio waves for identification New frontier in the field of information technology New frontier in the field of information technology One form of Automatic Identification One form of Automatic Identification Provides unique identification or serial number of an object (pallets, cases, items, animals, humans) Provides unique identification or serial number of an object (pallets, cases, items, animals, humans)
RFID system
RFID reader Also known an interrogator Also known an interrogator Reader powers passive tags with RF energy Reader powers passive tags with RF energy Can be handheld or stationary Can be handheld or stationary Consists of: Consists of: –Transceiver –Antenna –Microprocessor –Network interface Reader Antenna
RFID tags Tag is a device used to transmit information such as a serial number to the reader in a contact less manner Tag is a device used to transmit information such as a serial number to the reader in a contact less manner Classified as : Classified as : –Passive – energy from reader –Active - battery –Semi-passive – battery and energy from reader
UHF passive tag
Supply Chain Management RFID adds visibility as the items flow through the supply chain from the manufacturer, shippers, distributors, and retailers. RFID adds visibility as the items flow through the supply chain from the manufacturer, shippers, distributors, and retailers. The added visibility can identify bottlenecks and save money. The added visibility can identify bottlenecks and save money. Wal-Mart requested in June 2003 that their top 100 suppliers use RFID at the pallet and case level by January Wal-Mart requested in June 2003 that their top 100 suppliers use RFID at the pallet and case level by January 2005.
Electronic Product Code (EPC) 96-bit Version Every product has unique identifier 96 bits can uniquely label all products for the next 1,000 years 2^96 = 79,228,162,514,264,337,593,543,950,336 Version EPC Manager (Manufacturer) Object Class (Product) Serial Number 8 bits 28 bits 24 bits 36 bits
Physical Tracking
MIXNET using Universal Re-encryption ElGamal: A conventional cryptosystem, permits re-encryption if the public key is known at each MIXNET A conventional cryptosystem, permits re-encryption if the public key is known at each MIXNET Ciphertext C’ represents re-encryption of C if both decrypt to the same plaintext. Ciphertext C’ represents re-encryption of C if both decrypt to the same plaintext. Privacy is because the ciphertext pair (C, C’) is Privacy is because the ciphertext pair (C, C’) is indistinguishable from (C, R) for a random cipher R. indistinguishable from (C, R) for a random cipher R. The tag pseudonym, a false name for the original identity is re-encrypted each time it passes a MIXNET. The tag pseudonym, a false name for the original identity is re-encrypted each time it passes a MIXNET.
ElGamal Key Generation: Alice: A random prime p, generator element g and private key x. Generate public key Generate public key Publicize (p, g, y) and x as the private key. Publicize (p, g, y) and x as the private key. Encryption: Bob: Chooses random k to send message m and computes a ciphertext pair (c1, c2): and and Decryption: To decrypt ciphertext (c1, c2), Alice computes
Universal Re-encryption Re-encrypts the ciphertext without the knowledge of the public key using a random encryption factor. Re-encrypts the ciphertext without the knowledge of the public key using a random encryption factor. Re-encryption is based on a homomorphic property, Re-encryption is based on a homomorphic property, Allows external anonymity which provides total privacy protection for data being transmitted Allows external anonymity which provides total privacy protection for data being transmitted Encrypts under the public key and random encryption factor Encrypts under the public key and random encryption factor Appends an identity element to the ciphertext encrypted based on ElGamal. Appends an identity element to the ciphertext encrypted based on ElGamal. First decrypts the identity element to confirm the intended message. First decrypts the identity element to confirm the intended message.
Universal Re-encryption Example P = 23, g = 19, x = 17 Y = 19 ^ 17 mod 23 = 21 Publicize ( y, g) = (21, 19) m = 20, random encryption factor Encryption: = [(20,2),(7,19)] = [(20,2),(7,19)]Decryption:
Universal Re-encryption Example Re-encryption:Input: Random re-encryption factor : Ciphertext = [(3,21), (19,21)] = [(3,21), (19,21)] To Verify decryption of : (Plaintext) (Plaintext)
Future Work Extend simulation to a system of security agents Extend simulation to a system of security agents Add MIXNET agent to open source TagCentric Add MIXNET agent to open source TagCentric Implement MIXNET on a reader Implement MIXNET on a reader Implement traditional MIXNET between readers and databases to hide location of tags from the database Implement traditional MIXNET between readers and databases to hide location of tags from the database
RFID-related publications M. Byers, A. Lofton, A. K. Vangari-Balraj, and D. R. Thompson, “Brute force attack of EPCglobal UHF class-1 generation-2 RFID tag,” in Proc. IEEE Region 5 Technical Conf., Fayetteville, Arkansas, April 20-21, 2007, to appear. M. Byers, A. Lofton, A. K. Vangari-Balraj, and D. R. Thompson, “Brute force attack of EPCglobal UHF class-1 generation-2 RFID tag,” in Proc. IEEE Region 5 Technical Conf., Fayetteville, Arkansas, April 20-21, 2007, to appear. S. C. G. Periaswamy, S. Bharath, M. Chagarlamudi, S. Estes, D. R. Thompson, “Attack graphs for EPCglobal RFID,” in Proc. IEEE Region 5 Technical Conf., Fayetteville, Arkansas, April 20-21, 2007, to appear. S. C. G. Periaswamy, S. Bharath, M. Chagarlamudi, S. Estes, D. R. Thompson, “Attack graphs for EPCglobal RFID,” in Proc. IEEE Region 5 Technical Conf., Fayetteville, Arkansas, April 20-21, 2007, to appear. J. Uudmae, H. Sunkara, D. R. Thompson, S. Bruce, and J. Penumarthi, “MIXNET for radio frequency identification,” in Proc. IEEE Region 5 Technical Conf., Fayetteville, Arkansas, April 20-21, 2007, to appear. J. Uudmae, H. Sunkara, D. R. Thompson, S. Bruce, and J. Penumarthi, “MIXNET for radio frequency identification,” in Proc. IEEE Region 5 Technical Conf., Fayetteville, Arkansas, April 20-21, 2007, to appear. D. R. Thompson, J. Di, H. Sunkara, and C. Thompson, “Categorizing RFID privacy threats with STRIDE,” in Proc. ACM Symposium on Usable Privacy and Security (SOUPS), Carnegie Mellon University, Pittsburgh, Pennsylvania, July 12-14, D. R. Thompson, J. Di, H. Sunkara, and C. Thompson, “Categorizing RFID privacy threats with STRIDE,” in Proc. ACM Symposium on Usable Privacy and Security (SOUPS), Carnegie Mellon University, Pittsburgh, Pennsylvania, July 12-14, D. R. Thompson, “RFID technical tutorial,” The Journal of Computing Sciences in Colleges, vol. 21, no. 5, pp. 8-9, May, D. R. Thompson, “RFID technical tutorial,” The Journal of Computing Sciences in Colleges, vol. 21, no. 5, pp. 8-9, May, D. R. Thompson, N. Chaudhry, and C. W. Thompson, “RFID security threat model,” in Proc. Acxiom Laboratory for Applied Research (ALAR) Conf. on Applied Research in Information Technology, Conway, Arkansas, Mar. 3, D. R. Thompson, N. Chaudhry, and C. W. Thompson, “RFID security threat model,” in Proc. Acxiom Laboratory for Applied Research (ALAR) Conf. on Applied Research in Information Technology, Conway, Arkansas, Mar. 3, N. Chaudhry, D. R. Thompson, and C. Thompson, RFID Technical Tutorial and Threat Modeling, ver. 1.0, tech. report, Dept. of Computer Science and Computer Engineering, University of Arkansas, Fayetteville, Arkansas, Dec. 8, Available: N. Chaudhry, D. R. Thompson, and C. Thompson, RFID Technical Tutorial and Threat Modeling, ver. 1.0, tech. report, Dept. of Computer Science and Computer Engineering, University of Arkansas, Fayetteville, Arkansas, Dec. 8, Available:
Contact Information Dale R. Thompson, Ph.D., P.E. Associate Professor Computer Science and Computer Engineering Dept. University of Arkansas 311 Engineering Hall Fayetteville, Arkansas Phone: +1 (479) FAX: +1 (479) WWW: