1. RFID Security: In the Shoulder and on the Loading Dock
Ari Juels
RSA Laboratories
WiSec
31 March 2008
Joint work with
D. Boneh, E.-J. Goh, J. Halamka, A. Stubblefield, B. Parno, R. Pappu, and J. Westhues
All slides © 2008 RSA Laboratories

2. RFID (Radio-Frequency IDentication) takes many forms…

3. “RFID” really denotes a spectrum of devices
Automobile
ignition key
Mobile phone
Toll payment
plaque
Basic
“smart
label”
passive
semi-passive
no crypto
some crypto
few cm to
many meters
range
several meters
several cm
RFID: Any wireless device whose main function is identification of an object or person…

4. “Smart label” RFID tag Passive tag Ordinary range of several meters
Simply calls out (unique) name and static data
“74AB8”
“5F8KJ3”
“Evian bottle
# ”

5. Capabilities of “smart label” RFID tag
Cheap! (target of $0.05 apiece)
Little memory
Static 96-bit+ identifier in current ultra-cheap tags
Up to hundreds of writeable bits
Little computational power
At most a few thousand gates (mostly for basic functionality)
No real cryptographic functions possible

6. “Smart labels”: EPC (Electronic Product Code) tags
Barcode
EPC tag
Fast, automated
scanning
Line-of-sight
Radio contact
Provides pointer
to database entry
for every object,
i.e., unique,
detailed history
Specifies object type
Uniquely specifies object

7. 2030: Week in the life of a milk carton
30 April: RFID-tagged cow “Bessie” produces milk
30 April: Milk transferred to RFID-tagged tank
Cow identity and milking time recorded in tank-tag database
1 May: RFID portal on truck records loading of refrigeration tanks
(Truck also has active RFID (+GPS) to track geographical location and RFID transponder to pay tolls)
2 May: Chemical-treatment record written to database record for milk barrel
Bessie’s herd recorded to have consumed bitter grass; compensatory sugars added
3 May: Milk packaged in RFID-tagged carton; milk pedigree recorded in database associated with carton tag
4 May: RFID portal at supermarket loading dock records arrival of carton
5 May: “Smart” shelf records arrival of carton in customer area
5 May 0930h: “Smart” shelf records removal of milk
5 May 0953h: Point-of-sale terminal records sale of milk (to Alice)

8. 2030: Week in the life of a milk carton
6 May 0953h: Supermarket transfers tag ownership to Alice’s smart home
6 May 1103h: Alice’s refrigerator records arrival of milk
6 May 1405h: Alice’s refrigerator records removal of milk; refrigerator looks up database-recorded pedigree and displays: “Woodstock, Vermont, 1% fat, light pasturization, artisanal, USDA organic, breed: Jersey, genetic design #81726”
6 May 1807h: Alice’s “smart” home warns domestic robot that milk has been left out of refrigerator for more than four hours
6 May 1809h: Alice’s refrigerator records replacement of milk
7 May 0530h: Domestic robot uses RFID tag to locate milk in refrigerator; refills baby bottle

9. 2030: Week in the life of a milk carton
6 May 0953h: Supermarket transfers tag ownership to Alice’s smart home
6 May 1103h: Alice’s refrigerator records arrival of milk
6 May 1405h: Alice’s refrigerator records removal of milk; refrigerator looks up database-recorded pedigree and displays: “Woodstock, Vermont, Grade A, light pasturization, artisanal, USDA organic, breed: Jersey, genetic design #81726”
6 May 1807h: Alice’s “smart” home warns domestic robot that milk has been left out of refrigerator for more than four hours
6 May 1809h: Alice’s refrigerator records replacement of milk
7 May 0530h: Domestic robot uses RFID tag to locate milk in refrigerator; refills baby bottle
7 May 0531h: Robot discards carton; “Smart” refrigerator notes absence of milk; transfers order to Alice’s PDA/phone/portable server grocery list
7 May 2357h: Recycling center scans RFID tag on carton; directs carton to paper-brick recycling substation

10. RFID Today

11. PROXIMITY CARDS
Note: Often just emit static identifiers, i.e., they are just smart labels!

12. AUTOMOBILE IGNITION KEYS
RFID helps secure hundreds of millions of automobiles
Cryptographic challenge-response
Philips claims more than 90% reduction in car theft thanks to RFID!
Some devices, e.g., Texas Instruments DST, are weak [Bono et al. ’05])… f

13. Credit CARDS
RFID now offered in all major credit cards in U.S. (“tap-and-go”)…
Some problems with first generation [Heydt-Benjamin et al. ’07]

14. Transit CARDS
K. Nohl and H. Plötz on Mifare, 2008

15. PAssports Dozens of countries issuing RFID-enabled passports
PASS card and “enhanced” drivers’ licenses (EPC tags)

16. Little EPC at item-level, mostly cases and pallets
Crate #123
(jet engines)

17. Supply-chain visibility
31 August 2007
22.19 UTC
Okinawa, Japan
Crate #123 arrived
Dock JHS1872H
25 August 2007
06.08 UTC
NYC, USA
Crate #123 loaded
Cargo ship UAYHQUE
22 August 2007
01.28 UTC
Kansas, USA
Crate #123 packed
Factory #18762

18. pharmaceuticals
Anti-counterfeiting: Better supply-chain visibility means less fraud
U.S. FDA urging RFID use to combat counterfeiting of drugs
Pharmaceutical companies doing item-level trials with EPC today

19. Security and Privacy Challenges

20. The consumer privacy problem
1500 Euros
in wallet
Serial numbers:
597387,389473…
Wig
model #4456 (cheap polyester)
30 items
of lingerie
Das Kapital and Communist-party handbook
Replacement hip
medical part #459382
Here’s
Mr. Jones…
© RSA Laboratories

21. Privacy approach 1: Cover RFID tags with protective mesh or foil
Problems:
(1) Makes locomotion
difficult
(2) Shops don’t like
distributing tools for
theft

22. Approach 2: EPC “kill” command for RFID tags
Long-term problem:
RFID tags are
very useful
in “live” state…
Short-term problem: How do
I get kill PINs to
point of sale?

23. The authentication problem
Good readers, bad tags
Mr. Jones’s car!
Mr. Jones in 2020
Counterfeit!
Replacement hip
medical part #459382
Counterfeit!
1500 Euros
in wallet
Serial numbers:
597387,389473…
Mad-cow
hamburger
lunch

24. Approach 3: Use cryptography
Side-channel countermeasures
But:
Not in cheap EPC for a while
The theme of today’s talk: The really hard part is key management…
AES

25. RFID on the Loading Dock

26. Keeping the customer satisfied…
“I want a rock-solid encryption algorithm…
with 20-bit keys.”
“I want a strong password-reset system…
with user-friendly challenge questions like, `What is your favorite color?’”
“I want my retail stores to be able to read RFID-tagged items…
but I want tag data to be unreadable after sale…
and I don’t want to have to kill or rewrite them…”

27. EPC tags and privacy
Again, EPC tags have no true cryptographic functionality
Only explicit EPC privacy feature: Kill
On receiving tag-specific PIN, tag self-destructs
But commercial RFID users say they:
Don’t want to manage kill PINs
Have no channel to communicate secret keys downstream in supply chain
Key transport is a big problem!!!

28. A new approach: Put secret keys on the tags
Encrypt tag data under secret key 
Apply secret sharing to spread key  across tags in case
E.g.,   (s1, s2,, s3)
E (m1) s1
E (m2) s2
E (m3) s3 

29. A new approach: Put secret keys on the tags
Supersteroids
500mg; 100 count
Serial #87263YHG
Mfg: ABC Inc.
Exp: 6 Mar 2010
Encrypt tag data under secret key 
Apply secret sharing to spread key  across tags in case
E.g.,   (s1, s2,, s3)
E (m1) s1
E (m2) s2
E (m3) s3 

30. Privacy through dispersion

31. Privacy through dispersion
(Super-
Steroids)
E (m2) s2
E (m1) s1
E (m3) s3
Individual shares / small sets reveal no information about medication!

32. Example application: Privacy protection on medications
Data
Step 1: Receive case
at pharmacy
Step 2: Pharmacy reads
tags, gets keys, decrypts
data for its database
Step 3: Tags and data
are dispersed

33. Some challenges
Storage is at a premium in EPC, but no secret-sharing literature on “tiny” shares
“Short” shares are 128 bits, but we may want 16 bits or less!
We needed to create new definitions and constructions
Scanning errors
We need robustness in our secret-sharing scheme

34.  Some challenges In-store key harvesting
Preventive idea: Add “chaff,” i.e., bogus or “noise” shares
If secret-sharing scheme for case can tolerate d errors, then add 2d/3 bogus shares per case
Can recover from <d/3 errors in single case, since 2d/3 + d/3 = d
Hard to reconstruct secrets for two cases mixed together, as we have 4d/3 > d errors
“Overinformed” adversary 

35. Some challenges 4. We don’t solve tracking problem Wig serial #A817TS8
You’ve already got credit cards, car keys, proximity cards, mobile phones, and so forth

36. Another twist: Secret-sharing for authentication
A key  is useful not just for consumer privacy, but for authentication:
Read / write “unlock” codes for EPC tags
Anti-cloning for EPC tags [Juels ’05]
Symmetric key for challenge-response tag authentication (again, anti-cloning)
But putting  on case is bad if case is diverted
Attacker can read / rewrite tags and re-inject goods
Attacker can clone tags

37. Secret-sharing across cases ’

38. Secret-sharing across cases ’

39. But “windows” are not always neat…
Warehouse A
Warehouse B
receivers cannot reconstruct  and ’ !

40. SWISS (Sliding Window Information Secret-Sharing)1 2 3 4 5 6 s1 s2 s3 s4 s5 s6
Given  2 out of 4 si, get corresponding i
Given  2 out of 4 si, get corresponding i
Given  2 out of 4 si, get corresponding i

41. SWISS (Sliding Window Information Secret-Sharing)1 2 3 4 5 6 s1 s2 s3 s4 s5 s6
Warehouse B 1 3 5

42. SWISS (Sliding Window Information Secret-Sharing)1 2 3 4 5 6 s1 s2 s3 s4 s5 s6
????
Adversary with more sporadic case access

43. SWISS (Sliding Window Information Secret-Sharing)
A k-out-of-n-SWISS scheme is straightforward with share size si linear in n
It’s not obvious how to get more compact si
That’s what our paper [JPP ’08] addresses…
Tricks using bilinear maps, i.e., pairings
Size of si is constant(!) in k,n
Access structure not perfect

44. RFID in the Shoulder

45. Other RFID applications today:
Animal tagging…
“Not Really Mad”
Livestock
Housepets
The cat came back,
the very next day…
50 million+

46. Human location tracking
Schools
Amusement parks
Hospitals

47. A riddle… + =
???

48. Human-implantable RFID
VeriChipTM + =
???

49. Human-implantable RFID
Excellent test bed for privacy and security concepts!
Proposed for medical-patient identification
Also proposed and used as an authenticator for physical access control, a “prosthetic biometric”
E.g., Mexican attorney general purportedly used for access to secure facility
What kind of cryptography does it have?
None: It can be easily cloned [Halamka et al. ’06]
So shouldn’t we add a challenge-response protocol?
Cloning may actually be a good thing + =
VeriChipTM

50. Human-implantable RFID
Physical coercion and attack
In 2005, a man in Malaysia had his fingertip cut off by thieves stealing his biometric-enabled Mercedes
What would happen if the VeriChip were used to access ATM machines and secure facilities?
Perhaps better if tags can be cloned!
Tags should not be used for authentication—only for identification

51. Cloneability + privacy
Privacy means no linkability or information about identities
If a tag can be cloned, does that mean it can’t provide privacy?
Surprisingly, no!
A very simple scheme allows for simultaneous cloneability and privacy

52. Cloneability + privacy
Homomorphic public-key cryptosystem (e.g., El Gamal)
Private / public key pair (SK, PK)
Randomized scheme: C = EPK,r [m]
Semantic security: Adversary cannot distinguish C = EPK,r [“Alice”] from C’*= EPK,s [“Bob”]
Re-encryption property: Given C only, can produce randomized C* = EPK,s [m], without knowing m

53. Cloneability + privacy
The scheme: When read, tag chooses fresh r and outputs C = EPK,r [“name”]
Then:
Reader with SK can decrypt name
Semantic Security: Adversary cannot distinguish among tags, i.e., infringe privacy
Re-encryption property: Adversary can clone a tag: records C and outputs randomized C*

54. The covert-channel problem
Suppose there is an identification / authentication system…
It’s Alice!
Who’s there?
Authorized
Employees
Only
E[“Alice”]

55. The covert-channel problem
Suppose there is an identification / authentication system…
Alice recently
passed a casino’s
RFID reader.
Mercury switch
indicates that
Alice napped on
job
Alice has low blood
pressure and
high blood-alcohol
Who’s there?
Authorized
Employees
Only
E[“Alice” + ?]

56. How can we assure Alice of no covert channels?
Outputs must be deterministic
Randomness always leaves room for covert emissions
Could give Alice a secret key to check that outputs are formatted correctly
E.g., pseudorandom-generator seed for device
But we don’t want Alice (or a third party) to have to manage sensitive keying material. Again, key management is the problem!
Can we enable Alice (or anyone else) to verify covert-freeness publicly, i.e., without exposing secret keys?
Simultaneous publicly verifiable covert-freeness and privacy are impossible!

57. Here’s why… Suppose there were a public CC detector… A1 No CC A2
X18 Ultra CC-DetectorTM A1 A2
No CC
Yes, CC!

58. Here’s a covert channel!
Create identity for user “Bob”
Bob could be fictitious
Just need output sequence B1, B2, …
Alice’s chip does following:
If no nap, output A1, A2, A3, etc. with Alice’s identity
If Alice has taken a nap, then flip to Bob’s identity, i.e., output A1, A2… B1, B2

59. Suppose we detect this covert channel
X18 Ultra CC-DetectorTM A1 A2
No CC
Yes, CC B1

60. Now if there really is a user Bob, we have a problem...
X18 Ultra CC-DetectorTM
No CC A2

61. Alice followed by Bob yields “Yes”
X18 Ultra CC-DetectorTM
Yes, CC B1

62. Privacy is broken: We can distinguish between identities!
Alice
X18 Ultra CC-DetectorTM No
Bob
Alice
X18 Ultra CC-DetectorTM
Yes

63. So public CC-verifiability + privacy is impossible
But we can achieve it anyway…
Idea: change the definition of privacy
Weaken localized privacy, e.g., eliminate privacy across pairwise values
Allow localized CC-checking, e.g., pairwise
Localized privacy is least important type of privacy
Now we can do spot CC-checking…
X18 Ultra CC-DetectorTM
yes / no A1 A2 A3 A4 A5 A6 A7 A8 A9

64. So public CC-verifiability + privacy is impossible
But we can achieve it anyway…
Idea: change the definition of privacy
Weaken localized privacy, e.g., eliminate privacy across pairwise values
Allow localized CC-checking, e.g., pairwise
Localized privacy is least important type of privacy
Now we can do spot CC-checking…
X18 Ultra CC-DetectorTM
yes / no A1 A2 A3 A4 A5 A6 A7 B1 B2

65. So public CC-verifiability + privacy is impossible
Now let’s show how to achieve it anyway…
Idea:
Weaken privacy definition to exclude localized privacy, e.g., privacy across pairwise values
Allow localized CC-checking, e.g., pairwise
Localized privacy is least important type of privacy
Now we can do spot CC-checking…
??? A1 A2 A3 A4 A5 A6 A7 A8 A9

66. Still a difficult problem
Constructing a deterministic sequence whose values are:
Publicly, pairwise verifiable
Otherwise unlinkable
Again, use bilinear maps (with non-standard hardness assumption…)
We have only solved the problem of covert channels in explicit logical-layer problem
Timing or power side-channel?

67. The message of this talk: Crypto is not always the hard part!
With crypto, we can do:
Challenge-response for authentication
Mutual authentication and/or encryption for privacy
Side-channel countermeasures
AES
Again, crypto is hard, but really hard part is key management…

68. The key-management problem
Kansas, USA
Okinawa, Japan
The key poses its own “transport” problems:
It must be tag-specific (usually)
It must be highly available
It must be secured at all times
Like managing 10,000,000,000 passwords!
crypto key
“Top secret:
X-32 cone”
“Top secret:
X-32 cone”

69. The RFID key-management problem
Body passwords?

70. To learn more
Papers available at RFID CUSP Web site:
J. Halamka, A. Juels, A. Stubblefield, and J. Westhues. “The Security Implications of VeriChip Cloning.” Journal of the American Medical Informatics Association (JAMIA), 2006.
D. Bailey, D. Boneh, E.-J. Goh, and A. Juels. “Covert Channels in Privacy-Preserving Identification Systems.” In ACM CCS, 2007.
A. Juels, R. Pappu, and B. Parno. “Key Transport in Unidirectional Channels with Applications to RFID Security.” In submission.
J. Westhues’s RFID cloning page: