Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 4 RFID and Wireless Security

Published byFlorian Müller Modified over 6 years ago

Similar presentations

Presentation on theme: "Lecture 4 RFID and Wireless Security"— Presentation transcript:

1 Lecture 4 RFID and Wireless Security
Chen Qian UC Santa Cruz Some slides by Prof. Yunhao Liu and Zheng Yang

2 History and current status of RFID
RFID is short for radio frequency identification. It uses radio frequency signals to achieve non-contact information transmission through spatial coupling (alternating magnetic field or electromagnetic field). The transmitted information is then used for identification. It is an automatic identification technology that emerged in the 1990s. It was first used in the European market and later spread worldwide. The advantage of RFID over other technologies is that electronic tags can be identified by readers without touching. RFID has changed the "tangible" way that one-dimensional or two-dimensional barcodes rely on to provide information, stores a huge amount of "intangible" information on the chip.

3 History and current status of RFID
In recent days, RFID has become one of the most widely- discussed concepts. Especially for the IT industry, RFID technology is regarded as the next "gold mine". All major software and hardware manufacturers have shown strong interest in RFID and its applications. They have invested a large amount of R&D funds and launched their own software or hardware products. In terms of current applications, many companies such as Walmart, UPS, Gillette, etc. have begun to use RFID technology to transform their business systems to improve their work efficiency, management and provide various value-added services for their customers.

4 RFID technology analysis
The RFID system consists of five components: transmitters, receivers, microprocessors, antennas, tags. Transmitters, receivers, and microprocessors are often packaged together and referred as readers, so the industry often divides RFID systems into three major components: readers, antennas, and tags. Antenna Tag send Host recv Reader Output

5 RFID technology analysis: reader
A reader is the most important and complex component of an RFID system. Because it actively asks the tag for identification information, it is sometimes referred to as an interrogator. The reader can be connected to the host through a standard Ethernet port, an RS232 serial port, or a USB interface, and communicates with the RFID tag through the antenna. Sometimes for convenience, readers and antennas as well as smart terminal devices are integrated to form a mobile handheld reader.

6 RFID technology analysis: Antenna
The antenna is connected to the reader to transmit RF signals between the tag and the reader. The reader can connect more than one antennas. The RFID system operates from low frequencies to microwaves, which makes the matching between the antenna and the tag more complicated.

7 RFID technology analysis: tag
A tag is made of a coupling element, a chip, and a micro-antenna. Each tag has a unique electronic code and is attached to the object to be identified. When the tag is in the RFID reader's scanning field, it receives the RF signal from the reader, sends the electronic code energy stored in the chip using the energy obtained by the inductive current (passive tag), or actively sends a signal with a certain frequency (active tag ).

8 Classification of tags
Passive Tag: There is no internal power supply. An integrated circuit inside the passive tag drives the electromagnetic wave emitted by the reader and sends data to the reader. Active Tag: An active tag carries the power inside. Power devices and their associated circuitry determine that active tags are larger and more expensive than passive tags. However, the active label communicates farther and can reach hundreds of meters. Semi-active Tag: It has all the advantages of both passive tags and active tags. It carries internal batteries and can provide power for the internal calculation of tags. This tag can carry a sensor and can be used to detect environmental parameters such as temperature, humidity, and whether it is moving or not. Unlike active tags, their communication does not require batteries to provide energy. Instead, they use electromagnetic waves emitted by the reader like passive tags to obtain communication energy.

9 The advantages of RFID tags compared to bar codes
Small size and various shapes: RFID tags are not limited by size and shape, and do not need to match the fixed size and print quality of the paper for reading accuracy. Environmental Adaptability: Paper is easily contaminated which will affect identification. However, RFID can withstand water, oil and other substances. In addition, RFID tags can be read even in dark. Reusable: The tag has a read/write function, and the electronic data can be repeatedly written, so it can be recycled and reused. Penetration: Penetration communication is also possible when the tag is wrapped in non-metallic or non-transparent materials such as paper, wood and plastic. Data security: The tag ensures the accuracy of the transmitted data tag using the cyclic redundancy check method.

10 RFID technology analysis: frequency
The frequency is a very important parameter of the RFID system, which determines the system working principle, communication distance, cost, antenna shape and application field and other factors. The typical working frequency of RFID is 125KHz, 133KHz, 13.56MHz, MHz, 433MHz, MHz, 2.45GHz, 5.8GHz and so on, which are summarized to three ranges: low frequency, high frequency, and ultra-high frequency。

11 RFID frequency: low frequency
The low frequency (LF) is 30 kHz-300 kHz, and the typical RFID low frequency is 125 kHz and 133 kHz. The wavelength of this band is approximately 2500 m. Low- frequency tags are usually passive tags, and their working energy is obtained from the radiation field of the reader- coupled coil through inductive coupling. The communication range is less than 1 meter. Except metallic materials, low- frequency signals can pass through objects of any material without reducing its reading distance.

12 RFID frequency: high frequency
The high frequency (HF) is 3 MHz -30 MHz, and the typical RFID frequency is MHz. The wavelength of this frequency is approximately 22 meters, and the communication distance is usually less than 1 meter. The tag for this frequency do not need to be made by winding the coil. The antenna in the tag can be made using etching movable type printing, which could obtain energy from the radiating field of the reader through inductive coupling.

13 RFID frequency: UHF The Ultra High Frequency (UHF) is 300 MHz-3 GHz, and the microwave range is above 3 GHz. UHF and microwave- based RFID systems are referred to as UHF RFID systems. Typical operating frequencies are: 433MHz, MHz, 2.45GHz, 5.8GHz, and the frequency and wavelength are about 30cm. Strictly speaking , 2.45 GHz and 5.8 GHz belong to the microwave range. UHF tags can be either active tags or passive tags and communicate with the reader through electromagnetic coupling. The communication distance is greater than 1 meter, typically 4-6 meters, and can exceed 10 meters.

14 RFID and IoT The unique object identification of RFID tags has promoted the research on the Internet of Things. By placing RFID tags on things, the Internet of Things can build an information network for commodity circulation based on Internet. The establishment of the Internet of Things will have a profound impact on all aspects of the circulation of goods such as manufacturing, sales, transportation, utilization, and recycling, as well as government, corporate, and individual behavior. Through the Internet of Things, anything in the world can be identified, tracked and monitored on demand, anywhere, anytime. The Internet of Things is seen as another revolution in the IT industry following the Internet.

15 Wireless Security Network Security

16 Symmetric key cryptography
encryption algorithm plaintext message, m ciphertext decryption algorithm plaintext K (m) m = KS(KS(m)) S symmetric key crypto: Bob and Alice share same (symmetric) key: K e.g., key is knowing substitution pattern in mono alphabetic substitution cipher Q: how do Bob and Alice agree on key value? S Network Security

17 AES: Advanced Encryption Standard
symmetric-key NIST standard, replacied DES (Nov 2001) processes data in 128 bit blocks 128, 192, or 256 bit keys brute force decryption (try each key) taking 1 sec on DES, takes 149 trillion years for AES Network Security

18 Public Key Cryptography
radically different approach [Diffie-Hellman76, RSA78] sender, receiver do not share secret key public encryption key known to all private decryption key known only to receiver symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if never “met”)? Network Security

19 Public key cryptography
+ K Bob’s public key B - Bob’s private key K B plaintext message, m encryption algorithm ciphertext decryption algorithm plaintext message K (m) B + m = K (K (m)) B + - Network Security

20 Public key encryption algorithms
requirements: . . + - 1 need K ( ) and K ( ) such that B B K (K (m)) = m B - + + 2 given public key K , it should be impossible to compute private key K B - B RSA: Rivest, Shamir, Adelman algorithm Network Security

21 Protocol ap1.0: Alice says “I am Alice”
Authentication Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0: Alice says “I am Alice” “I am Alice” Failure scenario?? Network Security

22 Authentication Goal: Bob wants Alice to “prove” her identity to him
Protocol ap1.0: Alice says “I am Alice” in a network, Bob can not “see” Alice, so Trudy simply declares herself to be Alice “I am Alice” Network Security

23 Authentication: another try
Protocol ap2.0: Alice says “I am Alice” in an IP packet containing her source IP address “I am Alice” Alice’s IP address Failure scenario?? Network Security

24 Authentication: another try
Protocol ap2.0: Alice says “I am Alice” in an IP packet containing her source IP address Trudy can create a packet “spoofing” Alice’s address “I am Alice” Alice’s IP address Network Security

25 Authentication: another try
Protocol ap3.0: Alice says “I am Alice” and sends her secret password to “prove” it. “I’m Alice” Alice’s IP addr password Failure scenario?? OK Alice’s IP addr Network Security

26 Authentication: another try
Protocol ap3.0: Alice says “I am Alice” and sends her secret password to “prove” it. Alice’s IP addr Alice’s password “I’m Alice” playback attack: Trudy records Alice’s packet and later plays it back to Bob OK Alice’s IP addr “I’m Alice” Alice’s IP addr password Network Security

27 Authentication: yet another try
Protocol ap3.1: Alice says “I am Alice” and sends her encrypted secret password to “prove” it. “I’m Alice” Alice’s IP addr encrypted password Failure scenario?? OK Alice’s IP addr Network Security

28 Authentication: yet another try
Protocol ap3.1: Alice says “I am Alice” and sends her encrypted secret password to “prove” it. Alice’s IP addr encrypted password “I’m Alice” record and playback still works! OK Alice’s IP addr “I’m Alice” Alice’s IP addr encrypted password Network Security

29 Authentication: yet another try
Goal: avoid playback attack nonce: number (R) used only once-in-a-lifetime ap4.0: to prove Alice “live”, Bob sends Alice nonce, R. Alice must return R, encrypted with shared secret key “I am Alice” R K (R) A-B Alice is live, and only Alice knows key to encrypt nonce, so it must be Alice! Failures, drawbacks? Network Security

30 “send me your public key”
Authentication: ap5.0 ap4.0 requires shared symmetric key can we authenticate using public key techniques? ap5.0: use nonce, public key cryptography “I am Alice” Bob computes R (K (R)) = R A - K + K (R) A - and knows only Alice could have the private key, that encrypted R such that “send me your public key” K A + (K (R)) = R A - K + Network Security

31 sends m to Alice encrypted with Alice’s public key
ap5.0: security hole man (or woman) in the middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice) I am Alice I am Alice R T K (R) - R A K (R) - Send me your public key T K + Send me your public key A K + T K (m) + Trudy gets T m = K (K (m)) + - A K (m) + sends m to Alice encrypted with Alice’s public key A m = K (K (m)) + - Network Security

32 ap5.0: security hole difficult to detect:
man (or woman) in the middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice) difficult to detect: Bob receives everything that Alice sends, and vice versa. (e.g., so Bob, Alice can meet one week later and recall conversation!) problem is that Trudy receives all messages as well! Network Security

33 WEP design goals symmetric key crypto
confidentiality end host authorization data integrity self-synchronizing: each packet separately encrypted given encrypted packet and key, can decrypt; can continue to decrypt packets when preceding packet was lost (unlike Cipher Block Chaining (CBC) in block ciphers) Efficient implementable in hardware or software Network Security

34 symmetric stream ciphers
keystream generator key combine each byte of keystream with byte of plaintext to get ciphertext: m(i) = ith unit of message ks(i) = ith unit of keystream c(i) = ith unit of ciphertext c(i) = ks(i)  m(i) ( = exclusive or) m(i) = ks(i)  c(i) WEP uses RC4 Network Security

35 Stream cipher and packet independence
recall design goal: each packet separately encrypted if for frame n+1, use keystream from where we left off for frame n, then each frame is not separately encrypted need to know where we left off for packet n WEP approach: initialize keystream with key + new initialization vector (IV) for each packet: keystream generator Key+IVpacket keystreampacket Network Security

36 WEP encryption (1) sender calculates Integrity Check Value (ICV) over data four-byte hash/CRC for data integrity each side has 104-bit shared key sender creates 24-bit initialization vector (IV), appends to key: gives 128-bit key sender also appends keyID (in 8-bit field) 128-bit key inputted into pseudo random number generator to get keystream data in frame + ICV is encrypted with RC4: B\bytes of keystream are XORed with bytes of data & ICV IV & keyID are appended to encrypted data to create payload payload inserted into frame encrypted data ICV IV MAC payload Key ID Network Security

37 WEP encryption (2) new IV for each frame Network Security

38 WEP decryption overview
encrypted data ICV IV MAC payload Key ID receiver extracts IV inputs IV, shared secret key into pseudo random generator, gets keystream XORs keystream with encrypted data to decrypt data + ICV verifies integrity of data with ICV note: message integrity approach used here is different from MAC (message authentication code) and signatures (using PKI). Network Security

39 End-point authentication w/ nonce
Nonce: number (R) used only once –in-a-lifetime How to prove Alice “live”: Bob sends Alice nonce, R. Alice must return R, encrypted with shared secret key “I am Alice” R K (R) A-B Alice is live, and only Alice knows key to encrypt nonce, so it must be Alice! Network Security

40 WEP authentication Notes: not all APs do it, even if WEP is being used
authentication request nonce (128 bytes) nonce encrypted shared key success if decrypted value equals nonce Notes: not all APs do it, even if WEP is being used AP indicates if authentication is necessary in beacon frame done before association Network Security

Download ppt "Lecture 4 RFID and Wireless Security"

Similar presentations

Cryptography. 8: Network Security8-2 The language of cryptography symmetric key crypto: sender, receiver keys identical public-key crypto: encryption.

Cryptography. 8: Network Security8-2 The language of cryptography symmetric key crypto: sender, receiver keys identical public-key crypto: encryption.
IPsec Internet Headquarters Branch Office SA R1 R2

IPsec Internet Headquarters Branch Office SA R1 R2
8: Network Security8-1 21 - Security. 8: Network Security8-2 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides.

8: Network Security Security. 8: Network Security8-2 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides.
CSE401n:Computer Networks

CSE401n:Computer Networks
Network Security understand principles of network security:

Network Security understand principles of network security:
8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,

8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,
Review and Announcement r Ethernet m Ethernet CSMA/CD algorithm r Hubs, bridges, and switches m Hub: physical layer Can’t interconnect 10BaseT & 100BaseT.

Review and Announcement r Ethernet m Ethernet CSMA/CD algorithm r Hubs, bridges, and switches m Hub: physical layer Can’t interconnect 10BaseT & 100BaseT.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Lecture 24 Cryptography CPE 401 / 601 Computer Network Systems slides are modified from Jim Kurose and Keith Ross and Dave Hollinger.

Lecture 24 Cryptography CPE 401 / 601 Computer Network Systems slides are modified from Jim Kurose and Keith Ross and Dave Hollinger.
Chip tag A radio-frequency identification system uses tags readers send a signal to the tag and read its response RFID tags can be either passive active.

Chip tag A radio-frequency identification system uses tags readers send a signal to the tag and read its response RFID tags can be either passive active.
Lecture 23 Cryptography CPE 401 / 601 Computer Network Systems Slides are modified from Jim Kurose & Keith Ross.

Lecture 23 Cryptography CPE 401 / 601 Computer Network Systems Slides are modified from Jim Kurose & Keith Ross.
Radio Frequency Identification By Bhagyesh Lodha Vinit Mahedia Vishnu Saran Mitesh Bhawsar.

Radio Frequency Identification By Bhagyesh Lodha Vinit Mahedia Vishnu Saran Mitesh Bhawsar.
Investigators have published numerous reports of birds taking turns vocalizing; the bird spoken to gave its full attention to the speaker and never vocalized.

Investigators have published numerous reports of birds taking turns vocalizing; the bird spoken to gave its full attention to the speaker and never vocalized.
8-1Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication.

8-1Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication.
1 WEP Design Goals r Symmetric key crypto m Confidentiality m Station authorization m Data integrity r Self synchronizing: each packet separately encrypted.

1 WEP Design Goals r Symmetric key crypto m Confidentiality m Station authorization m Data integrity r Self synchronizing: each packet separately encrypted.
Chapter 20 Symmetric Encryption and Message Confidentiality.

Chapter 20 Symmetric Encryption and Message Confidentiality.
Day 37 8: Network Security8-1. 8: Network Security8-2 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key:

Day 37 8: Network Security8-1. 8: Network Security8-2 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key:
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!

Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!

Similar presentations

Ads by Google