Presentation is loading. Please wait.

Presentation is loading. Please wait.

RFID Security and Privacy: A Research Survey

Published byHugh Gray Modified over 6 years ago

Similar presentations

Presentation on theme: "RFID Security and Privacy: A Research Survey"— Presentation transcript:

1 RFID Security and Privacy: A Research Survey
Written by: Ari Juels Presented by Carlos A. Lopez

2 Outline Introduction Basic RFID Tags Symetric-Key Tags RFID News

3 Definition RFID: Is a technology for automated identification of objetcs and people RFID devices are called “RFID Tags” Small Microchip (Itachi Mu-chip 0.002x0.002in) Transmit data over the air Responds to interrogation Possible successor of barcodes EPCGlobal Inc Oversees the development of standards Has come to attention because Walmart Procter and Gamble Department of defense Are making and effort to deploy this tech as a tool for automated oversight of their supply chain. - Low costs and Standardization will create an explosion in RFID use

4 RFID Overview Tags (transponders) Reader (transceiver) Database
Credit Card # Radio signal (contactless) Range: from 3-5 inches to 3 yards Tags (transponders) Attached to objects, “call out” identifying data on a special radio frequency Reader (transceiver) Reads data off the tags without direct contact Database Matches tag IDs to physical objects

5 Reading Tags The read process starts when an RFID reader sends out a query message Invites all tags within range to respond More than one RFID tag may respond at the same time This causes a collision Reader cannot accurately read information from more than one tag at a time Reader must engage in a special singulation protocol to talk to each tag separately

6 Barcode Replacement Unique Identification Automation
Type of Object Vs. Unique among millions Act as a pointer to a database Automation Optically scanned Line-of-sight Contact with readers Careful physical position Requires human intervention Advocates of RFID see as a successor of bar codes EPC – Electronic Product Code tag – Main form of Barcode type RFID EPCGlobal is a Joint Venture of UCC and EAN the bodies that regulate barcode use in world EPC tags cost around 13cent in large quantities but their cost will drop dramatically in the next few years The code cant be up to 96bits. They develop a public object lookup database called ONS (Object name service) an acts as a DNS and the purpose is to route tag queries to the database of tags owners and managers

7 RFID Standards Some standards that have been made regarding RFID technology include: ISO 14223/1 – RFID of Animals, advanced transponders ISO 14443: HF (13.56 MHz) RFID-enabled passports under ICAO 9303. ISO 15693: HF (13.56 MHz) used for non-contact smart payment and credit cards ISO/IEC different Parts ISO 18185: "e-seals" for tracking cargo containers using the 433 MHz and 2.4 GHz frequencies. EPCglobal - Most likely to undergo International Standardization according to ISO rules as with all sound standards in the world. Currently the big distributors and governmental customers are pushing EPC heavily as a standard well accepted in their community, but not yet regarded as for salvation to the rest of the world.

8 Tag Types Passive: Semi-passive Active:
All power comes from a reader’s signal Tags are inactive unless a reader activates them Cheaper and smaller, but shorter range Semi-passive On-board battery, but cannot initiate communication Can serve as sensors, collect information from environment: for example, “smart dust” for military applications Active: On-board battery power Can record sensor readings or perform calculations in the absence of a reader Longer read range Passive tags There are 4 different ranges to consider: Nominal range: Read range at which the tag is consider to operate. Rogue scanning range: Sensitive reader with a very powerful antenna can exceeded the nominal range Tag-to-Reader Eavesdropping range: Once a reader has powered a tag, a second reader can monitor resulting tag emissions without itself outputting a signal. Reader-to-tag eavesdropping range: in some cases a reader transmits information to a tag. Because reader transmit at much higher power they are subject to eavesdropping. LF HF UHF Microwave Freq. Range KHz 13.56 MHz MHz GHz Read Range 10 cm 1M 2-7 M Application Smart Cards, Ticketing, animal tagging, Access Control Small item management, supply chain, Anti-theft, library, transportation Transportation vehicle ID, Access/Security, large item management, supply chain Transportation vehicle ID (tolls), Access/Security, large item management, supply chain

9 Applications Supply-chain management Payment systems Access Control
logistics, inventory control, retail check-out Payment systems ExxonMobil SpeedPass I-Pass/EZ-Pas/Smart Tag toll systems Credit Cards Access Control Passports Library books Hospital and Health Centers Money - Yen and Euro banknoter anti-counterfeiting Animal Tracking - and Human??? Human-implantable RFID

10 The consumer privacy problem
1500 Euros in wallet Serial numbers: 597387,389473… Wig model #4456 (cheap polyester) 30 items of lingerie Das Kapital and Communist-party handbook Replacement hip medical part #459382 Here’s Mr. BOB in 2015… Privacy and tracking problem

11 …the tracking problem Wig serial #A817TS8
Mr. Bob pays with a credit card - his RFID tags now linked to his identity determines level of customer service Mr. Bob attends a political rally - law enforcement scans his RFID tags Mr. Jones wins Award - physically tracked by paparazzi via RFID Read ranges of a tag Nominal Range – Range intend to operate Rogue Scanning Range –Powerful antenna amplifies the read range Tag-To-Reader Eavesdropping range – A second reader can monitor the resulting tag emission Reader-to-Tag eavesdropping range - Sometimes the reder send information with a greater power than the tags. Tracking Tracking: Serial number is combined with personal information such as the credit card EPC tags carries the Unique Serial Number, The manufacturer object and the product code (SKU Stock Keeping Unit) What types of medication therefore what illnesses he may suffer? Loyalty cards therefore where he shops?

12 CURRENT BALANCE WMATA Smart Trip RFID
Travel history: visited stations and dates Tracking example… WMATA Smart Trip RFID

13 …and the authentication problem
Wig serial #A817TS8 Privacy: Misbehaving readers harvesting information from well-behaving tags Authentication: Well-behaving readers harvesting information from misbehaving tags, particularly counterfeit ones The food and drugs administration FDA, has called the pharmaceutical industry to apply RFID to pallets and cases by 2007, with the aim of combating counterfeit pharmaceuticals. Texas Instruments and Verisign has proposed a digital signing of data to provide integrity. If a reader detects 2 or more tags with the same serial number it is clear that a problem has arisen

14 Basic RFID tags Vs. Symmetric Key tags
Cannot: Execute standards cryptographic operations Strong Pseudorandom number generation Hashing Low-cost tags EPC tags Used in most gates This caterorization is rought, because they can uses other features such as Memory Communication Speed Random-number generation Power However it serves their purpose of in demarcating available security tools.

15 Privacy Killing and Sleeping Re-naming approach The proxy approach
Relabeling Minimalist cryptography Encryption The proxy approach Watchdog Tag RFID Guardian Distance Measurement Blocking Soft-blocking Trusted Computing The lack of cryptography in basic RFID is a big impediment to security design Privacy has focused on the consumer privacy.

16 Returning to basic issue of privacy: Kill codes
EPC tags have a “kill” function On receiving password, tag self-destructs Tag is permanently inoperative No post-purchase benefits Developed for EPC to protect consumers after point of sale “Dead tags tell no tales” Privacy is preserve Why not sleep them? Would be difficult to manage in practice – Users might have to manage her PIN for her tags

17 Privacy (Cont 2) Re-naming approach
Even if the tag has no intrinsic meaning it can still enable tracking (Solution: Change over time) Relabeling Consumer are equipped to re-label tags with new identifier, but able to reactive old information Minimalist cryptography Change names each time is interrogated Encryption Re-Encryption Public Key cryptosystem Periodically re-encrypted by law enforcement Universal Re-encryption The tags carries a unique identifier S PK Public Key and law-enforcement have the Secret Key SK Shops and banks possess re-encryption readers program with PK S encrypted with the Key emits C an only decrypted by SK

18 Privacy (Cont 3) The proxy approach Watchdog Tag RFID Guardian
Privacy has focused on the consumer privacy.

19 So what might solve our problems?
Higher-powered intermediaries like mobile phones RFID “Guardian” and RFID REP (RFID Enhancer Proxy) Please show reader certificate and privileges The guardian might implement a policy like “My tags should only be subject to scanning with 30meter of my home”

20 Privacy (Cont 4) Distance Measurement Distance as a measure of trust
A tag might release general information “I’m attached to a bottle of water” when scanned at a distance, but release more specific information, like unique identifier at a close range. Privacy has focused on the consumer privacy.

21 Privacy (Cont 5) Blocking Trusted Computing
Scheme depends on the incorporation of a modifiable bit called a privacy bit It uses a blocking tag which prevents unwanted scanning of tag on a private zone Soft-blocking -On the reader “Do not scan tags whose privacy is on” Trusted Computing Privacy has focused on the consumer privacy.

22 Authentication ECP tags Class-1 Gen-2 have no explicit anti-counterfeiting features Yoking: Is a protocol that provides cryptographic proof that 2 tags have been scanned simultaneously to try to solve that the reader actually reads what is trying to scan.

23 Symmetric-Key Tags (capable of computing symmetric key)
Cloning With a simple challenge-response protocol a tag T, can authenticate itself to a reader that shares the key Ki The tag transmit Ti The reader generates a random bit string R The tag computes H=h(Ki,R) and transmits H The reader verifies H =h(Ki,R) Digital Signature Transponders ( created by Texas Instrument and used by Speedpass) Based on the secrecy of the algorithm “Security through obscurity” was crack by student at Johns Hopkins Reverse-Engineering Key cracking Simulation Reverse - Engineering and side channels Relay Attacks Man-in-the-middle attacks can bypass any cryptographic protocol

24 Privacy Symmetric-Key Management Problem Leads to a paradox
A tag identifies itself before authenticating the readers The tag emits it identifier Ti So the reader can learn the identity of the tag Privacy unachievable Tag emits where P is a input value Once receiving E, the reader searches all the spaces of tags keys, trying to decrypt E under every key K until its obtains P (The reader has all the tag’s key on it)

25 Privacy Literature Tree approach Synchronization approach
Proposed approach where a tag contains more than one symmetric key in a hierarchical structure define by a tree S. Every node has a unique key Each tag is assigned to a unique leaf It contains the key defined by the path from the root S to the leaf Can be useful for: A tag holder can transfer ownership of an RFID tag to another party, while history remains private A centralized authority with full tag information can provision readers to scan particular tags over limited windows time Synchronization approach Symmetric-key primitive The European network for excellence in cryptographic is evaluating 21 candidates stream ciphers

26 So what might solve our problems?
Cryptography! Urgent need for cheaper hardware for primitives and better side-channel defenses Some of talk really in outer limits, but basic caveats are important: Pressure to build a smaller, cheaper tags without cryptography RFID tags are close and personal, giving privacy a special dimension RFID tags change ownership frequently Key management will be a major problem Think for a moment after this talk about distribution of kill passwords… Are you ready for the Verichip?

27 RFDI News RFID Passports cracked - Can Aluminum Shield RFID Chips? - RFID chips can carry viruses - Nightclub allows entry by RFID’ - Demo: Cloning a Verichip -

Download ppt "RFID Security and Privacy: A Research Survey"

Similar presentations

SMUCSE 7349 RFID Security. SMUCSE 7349 Current Applications Logistics –Military supply logistics Gulf War I: Double orders to ensure arrival Gulf War.

SMUCSE 7349 RFID Security. SMUCSE 7349 Current Applications Logistics –Military supply logistics Gulf War I: Double orders to ensure arrival Gulf War.
RFID: OPPORTUNITIES and CHALLENGES Yize Chen. History In 1969, Mario Cardullo presented a RFID business plan to investors. The application areas include:

RFID: OPPORTUNITIES and CHALLENGES Yize Chen. History In 1969, Mario Cardullo presented a RFID business plan to investors. The application areas include:
Radiofrequency Identification for movable heritage management Central International Archive of Art Objects Member of Albert Canals – General Director AICOA.

Radiofrequency Identification for movable heritage management Central International Archive of Art Objects Member of Albert Canals – General Director AICOA.
Security for RFID Department of Information Management, ChaoYang University of Technology. Speaker : Che-Hao Chen ( 陳哲豪 ) Date:2006/01/18.

Security for RFID Department of Information Management, ChaoYang University of Technology. Speaker : Che-Hao Chen ( 陳哲豪 ) Date:2006/01/18.
Groups 23 & 24. What is it? Radio frequency identification Small electronic device consisting of a microchip or antenna containing up to 2 KB of data.

Groups 23 & 24. What is it? Radio frequency identification Small electronic device consisting of a microchip or antenna containing up to 2 KB of data.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
RFID Security and Privacy A Research Survey Shruti Pathak CS 585 Spring ‘09.

RFID Security and Privacy A Research Survey Shruti Pathak CS 585 Spring ‘09.
RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.

RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.
RFID (Radio Frequency Identification) Jonathan Green, Kevin Thornberg, Erica Jennings May 16, 2007.

RFID (Radio Frequency Identification) Jonathan Green, Kevin Thornberg, Erica Jennings May 16, 2007.
Security in RFID Presented By… NetSecurity-Spring07

Security in RFID Presented By… NetSecurity-Spring07
J.J. Faxon Andy Vu Dustin Beck Jessica Bentz Mandi Ellis

J.J. Faxon Andy Vu Dustin Beck Jessica Bentz Mandi Ellis
Risk of Using RFID chips in Passports Oscar Mendez.

Risk of Using RFID chips in Passports Oscar Mendez.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
#1 Privacy in pervasive computing What can technologists do? David Wagner U.C. Berkeley In collaboration with David Molnar, Andrea Soppera, Ari Juels.

#1 Privacy in pervasive computing What can technologists do? David Wagner U.C. Berkeley In collaboration with David Molnar, Andrea Soppera, Ari Juels.
563.9.2 RFID Security & Privacy Matt Hansen University of Illinois Fall 2007.

RFID Security & Privacy Matt Hansen University of Illinois Fall 2007.
RFID Technologies Master seminar : Tangible User Interfaces Bruno Dumas – DIVA Group University of Fribourg 9.12.2005.

RFID Technologies Master seminar : Tangible User Interfaces Bruno Dumas – DIVA Group University of Fribourg
RADIO FREQUENCY IDENTIFICATION By Basia Korel. Automatic Identification Technology for identifying items Three step process 1) Identify people/objects.

RADIO FREQUENCY IDENTIFICATION By Basia Korel. Automatic Identification Technology for identifying items Three step process 1) Identify people/objects.
October 05 Standards. October 05 - 2 My own lesson in RFID standardization.

October 05 Standards. October My own lesson in RFID standardization.
RFID in Mobile Commerce and Security Concerns Chassica Braynen April 25, 2007.

RFID in Mobile Commerce and Security Concerns Chassica Braynen April 25, 2007.
Abstract Radio-frequency identification (RFID) is an emerging technology, which promises to advance the modern industrial practices in object identification.

Abstract Radio-frequency identification (RFID) is an emerging technology, which promises to advance the modern industrial practices in object identification.

Similar presentations

Ads by Google