Shanti Bramhacharya and Nick McCarty. This paper deals with the vulnerability of RFIDs A Radio Frequency Identifier or RFID is a small device used to.

Slides:

Advertisements

Similar presentations

Key Management Nick Feamster CS 6262 Spring 2009.

Advertisements

Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.

1 An Ultra-lightweight Authentication Protocol in RFID Speaker: 魏家惠.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

1 Security in Wireless Protocols Bluetooth, , ZigBee.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.

Digital Signatures and Hash Functions. Digital Signatures.

Serverless Search and Authentication Protocols for RFID Chiu C. Tan, Bo Sheng and Qun Li Department of Computer Science College of William and Mary.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.

Wired Equivalent Privacy (WEP)

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Quantum Key Distribution Yet another method of generating a key.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

RFID Security and Privacy Part 2: security example.

Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems Stephen A. Weis, Sanjay E. Sarma, Ronald L. Rivest and Daniel W. Engels.

ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

IEEE Wireless Local Area Networks (WLAN’s).

Chapter 2 Protocols Controlling communications of principals in systems.

YA-TRAP: Yet Another Trivial RFID Authentication Protocol Gene Tsudik International Conference on Pervasive Computing and Communications, PerCom 2006.

Georgy Melamed Eran Stiller

David Molnar, David Wagner - Authors Eric McCambridge - Presenter.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

- 1 - Secure and Serverless RFID Authentication and Search Protocols Chiu C. Tan, Bo Sheng, and Qun Li IEEE Transactions on Wireless Communication APRIL.

14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.

Panagiotis Rizomiliotis and Stefanos Gritzalis Dept. of Information and Communication Systems Engineering University of the Aegean, Greece GHB#: A Provably.

Wireless and Security CSCI 5857: Encoding and Encryption.

Guomin Yang et al. IEEE Transactions on Wireless Communication Vol. 6 No. 9 September

多媒體網路安全實驗室 An Efficient RFID Authentication Protocol for Low-cost Tags Date ： Reporter : Hong Ji Wei Authors : Yanfei Liu From : 2008 IEEE/IFIP.

Using ISO tags for Authentication Eddie LaCost Embedded RF.

EPCglobal Network Security: Research Challenges and Solutions Yingjiu Li Assistant Professor School of Information Systems Singapore Management University.

Key Agreement Guilin Wang School of Computer Science 12 Nov

WEP Protocol Weaknesses and Vulnerabilities

WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.

Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.

Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions Shaoying Cai 1 Yingjiu Li 1 Tieyan Li 2 Robert H. Deng 1 1 Singapore.

Giuseppe Bianchi Warm-up example 1 found on a real paper! Warm-up example 1 found on a real paper!

14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.

Cody Brookshear Andy Borman

Authentication Issues and Solutions CSCI 5857: Encoding and Encryption.

© copyright NTT Information Sharing Platform Laboratories Cryptographic Approach to “Privacy-Friendly” Tags Miyako Ohkubo, Koutarou Suzuki, and Shingo.

Secure Communication between Set-top Box and Smart Card in DTV Broadcasting Authors: T. Jiang, Y. Hou and S. Zheng Source: IEEE Transactions on Consumer.

Qinghan Xiao, Cam Boulet and Thomas Gibbons Second International Conference on Availability, Reliability and Security, 2007 Speaker : 黃韋綸 RFID Security.

ASIACCS 2007 Protecting RFID Communications in Supply Chains Yingjiu Li & Xuhua Ding School of Information Systems Singapore Management University.

Password-only Authenticated Key Agreement Protocols Based on Self-certified Approach Tzong-Chen Wu and Yen-Ching Lin Department of Information Management.

Focus On Bluetooth Security Presented by Kanij Fatema Sharme.

User authentication schemes with pseudonymity for ubiquitous sensor network in NGN Authors: Binod Vaidya, Joel J. Rodrigues and Jong Hyuk Park Source:

Establishing authenticated channels and secure identifiers in ad-hoc networks Authors: B. Sieka and A. D. Kshemkalyani (University of Illinois at Chicago)

Hoda Jannati School of Computer Science

Interleaving and Collusion Attacks on a Dynamic Group Key Agreement Scheme for Low-Power Mobile Devices * Junghyun Nam 1, Juryon Paik 2, Jeeyeon Kim 2,

Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Keyword search on encrypted data. Keyword search problem  Linux utility: grep  Information retrieval Basic operation Advanced operations – relevance.

Fall 2006CS 395: Computer Security1 Key Management.

1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.

1 Security problems on RFID tags (short introduction) Sakurai Lab., Kyushu Univ. Junichiro SAITO

Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.

Fourth Edition by William Stallings Lecture slides by Lawrie Brown

Revisting Unpredictability-Based RFID Privacy Models

Security and Privacy in Pervasive/Ubiquitous Computing Systems

Randomized PRF Tree Walking Algorithm for Secure RFID

An Improved Novel Key Management Protocol for RFID Systems

Presentation transcript:

Shanti Bramhacharya and Nick McCarty

This paper deals with the vulnerability of RFIDs A Radio Frequency Identifier or RFID is a small device used to claim ownership and keep track of many things, including livestock, credit cards, luggage tags, and libraries, even your Hiram ID. The entire system is comprised of the tags themselves, a reader whose type depends on the application of the tag, and a server.

Since these devices need to operate rapidly and wirelessly they aren't very secure. Some possible techniques of these attacks include interception, de-synchronization, impersonation, tracking, and replaying. These techniques can result in a wide variety of issues ranging from denial of service to outright theft.

Song and Mitchell’s Mutual Authentication Protocol Song’s Ownership Transfer Protocol

Reader sends a random bit string message to a tag Tag uses its own hidden value (secret ti is how they refer to it in the paper) to compute two separate return strings. These return strings (M1, M2) are computed in significantly different ways from one another but they both utilize Ti and the initial random string bit

The value (M1, M2) is then sent to the reader Reader sends along the message (r, M1, M2) to the database server with r being the reader’s randomly created string. The Server then searches its database for a match and if it is found it tells the reader that yes the current tag is valid and sends all the information it has on it.

In addition, the server also creates a new message(M3) with the random number generator r2 that the tag used to create M1 and M2. The reader then forwards M3 to the tag which uses the message to create a new secret ti so that each time a tag is identified it will mutate.

Comprised of two parts Ownership Sharing Protocol Works the same as SM except for one thing When a server finds a match it sends the confirm and new secret ti to two readers (Sj and Sj+1) so that two “owners” are updated.

Secret Update Protocol Sj+1, in order to hide its identify from Sj, then creates a new secret ti that it updates the previously (no longer) shared tag with. Sj+1 still not anonymous because Sj could derive the new ti by eavesdropping. Sj+1 needs to successfully identify the tag one more time after this in order to apply a ti that was created solely within its system

SM Tag information privacy Tag location privacy Resistance to tag impersonation attack Resistant to replay attack Resistance to denial of service attack Forward and backward security Resistance to server impersonation attack Song Old owner privacy New owner privacy Authorization recovery

Attacks that work against SM and Song as they exist: Server Impersonation(SM) User impersonates a server and gains information on both readers and tags Tag Impersonation(SM) User impersonates a tag within a system and gains access to the algorithms that generate ti, and a platform from which many other attacks may be launched. De-Synchronization(Song) User intercepts the reader to server message of (r1, M1, M2) so that it does not receive the message. It then impersonates reader and sends a fake (r1, M1, M2) message so that the tags ti is updated to a value that will not be recognized by the server to which it rightfully belongs.

The authors of this paper claim that the main security weaknesses in these protocols exist in their use of circular bit shifting, and xor gates. SM Solution M2 on the tag side utilizes a concatenation of r1 and r2 rather than an xor gate. M2 on the server side utilizes a concatenation of r1 and M1 rather than an xor gate. M3 uses an xor gate instead of a circular shift of k bits

Song Solution Takes place in the creation of a new ti by Sj+1 Rather than simply shifting bits to create a new server side M2, it uses a dynamic hash function Instead of M2 on the tag side using a shift bit it uses an xor gate and the same hash function as prior.

SMRevised SMSecret Update Revised SU Server Tag (k+1)F 3F (K+2)F 4F 3F 4F F denotes a computationally complex function such as hash and key hash K denotes integer between 1 and 2N Reducing hash tables to reduce cost increases level of vulnerabilities Investigation of lower bound remains interesting

Proof Two protocols with desired security properties Vulnerable to series of active attacks Proposed revised protocols to eliminate vulnerabilities without violation of any other security properties Whose storage and computational requirements are comparable to existing solutions Future work Give formal proof their proposed revised protocol Finding the lower bounds for tags computational requirements for secure RFID communications