Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security in RFID Presented By… NetSecurity-Spring07

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Security in RFID Presented By… NetSecurity-Spring07"— Presentation transcript:

1 Security in RFID Presented By… NetSecurity-Spring07
Vamsikrishna Ambati Kokil Bhalerao Chandra S.Cheruku HariPriya Chintalapati NagaKalyani Padakanti Shveta Shahi

2 Presentation Objectives
What is RFID?? RFID System Components Architecture Applications Security Issues and Challenges …… Conclusion

3 What is RFID ?? RFID (Radio Frequency Identification) uses a micro-chip in a tag to transmit stored data when the tag is exposed to radio waves of the correct frequency. System of tags, readers, antennas, and software. Tag wirelessly sends bits of data when it is triggered by a reader. Reader transmits radio frequency energy Provides power for the tag. Enables communications to and from the tag. Different operating frequencies are possible.

4 RFID System Architecture…
RFID systems are composed of three key components.. The RFID tag, or transponder, carries object identifying data. The RFID tag reader, or transceiver, reads and writes tag data. • The back-end database stores records associated with tag contents.

5 RFID Tags.. Antenna Active Passive Tags can be active or passive.
Passive RFID Active RFID Tag Battery No Yes Availability of power Only in field of reader Continuous Signal Strength Very High Very Low Range Up to 3-5m Up to 100m Antenna Active Passive

6 RFID Applications.. Personal Productivity Automatic toll collection
Ticketing and event access Library checkout Other Applications Automobile Keyless entry E-Passport

7 RFID Challenges.. The Privacy Problem Security Reader Collision
Wig model # 143 (cheap polyester) The Privacy Problem Hacking BOA $ 1000 in wallet 30 Items of candies Security Reader Collision Tag Collision Signal Interference in noise Inconsistent data

8 RFID Security Issues User Privacy Replay Attack Virus Injection
Denial of service Tag Cloning

9 User Privacy Replay Attack Security Concern with replay attack:
Few concerns related to user privacy Products labeled with insecure tags may reveal sensitive information. Location privacy violation which may lead to tracking of individual by the tags they carry. Replay Attack RFID passport have signed biometric stored in RFID chip. When there read request it just return the stored value. This signal can be captured and a device can be made to replay the same signal which may seem to come from valid RFID passport. Security Concern with replay attack:

10 Virus Injection Denial Of Service Concerns with virus injection:
Virus can be injected while data is in transit Concerns with virus injection: Tags scanned after the database is infected can also be infected with the virus. A malicious activity like dropping database tables is possible. Denial Of Service Concerns with denial of service: Thieves could remove tags or put in foil-lined booster bag that will block RFID reader’s request and temporarily deactivate the tag. An attacker could attach RFID on other items causing RFID system to record useless data which will flood an RFID system with more data then it can handle.

11 Tag Cloning Few security concerns
Ability to spoof tags to overwrite the data in tags, overwrite the tag ID. A data integrity attack. Few security concerns Replace the tag for an expensive item with the tag of cheaper item. Switching two books’ RFID data or changing the security status of the tags.

12 Solutions to security issues
Kill Tag Smart RFID Tag Blocker Tag DST Tag Authentication Protocol Simplified Authentication protocol Enhanced Authentication protocol

13 The Kill Tag Approach…. Used to protect consumer privacy.
The RFID tag of the object is killed by sending a special ‘kill’ command to the tag. A killed tag can never be reactivated. Example: An RFID tag is killed by check out clerk before the object is given to customer. Drawback: It is undesirable in many environments. Many applications require the tag to be active even after purchase.

14 Hash Lock: Locking protocol
Smart RFID Tags Protect consumer privacy while RFID tag remains active. Types of smart RFID tag: Hash Lock Approach…. Simple access control mechanism based on one way hash function. Randomization Hash Lock Approach…. Similar to hash lock but a random number generator is also embedded along with one way hash function. Hash Lock: Locking protocol Reader R selects a random key and computes metaID = hash(key). R writes metaID to tag T. T enters the locked state. R stores the pair(metaID, key) locally.

15 Hash Lock Approach: unlock
database query Reader Tag metaID metaID (key,metaID) Key ID Strength of Hash lock Approach Prevent unauthorized reader from reading the tag because of one-wayness of hash Weakness of Hash lock Approach The unauthorized reader can keep track of tag using metaID.

16 Randomized Hash lock: unlock
database query Reader Tag Get all ID’s R,h(IDk||R) ID1, ID2….IDk IDk Strength of Randomized Hash lock Approach Address the problem of tracking tags by their metaID Weakness of Randomized Hash lock Approach Impractical for reader with large number of ID’s

17 Digital Signature Transponder
Blocker Tag.. A blocker tag prevents RFID tags from being read RFID reader can read one tag at a time Reader will unable to read information if more than one tag responses A blocker tag takes advantage of this technique to block the reader When a reader try to read a tag belonging to a privacy zone, then the blocker tag confuses the reader by always responding This way, blocker tag blocks any tag from being read. Weakness of Blocker tag It can be used as malicious tool. Digital Signature Transponder It uses cryptographic mechanism in wireless authentication applications It acts as a passive transponder and implements a challenge-response authentication using block cipher A DST tag contains non-volatile RAM to store 40-bit encryption key.

18 DST algorithm Reader (40-bit encrypt. Key) 1.40-bit challenge Tag
2. Encipher to 40-bit Cipher text 3. Truncates to 24-bit response 4. 24-bit response 5. Calculates expected challenge 6. Compares calculated challenge with tag response

19 Simplified Authentication Protocol
ID h(ID) XXX yyy aaa bbb Request h(IDi), N, hIDi (N) Tag Reader Strength of Simplified Authentication Protocol Provides protection against tracking, tag cloning and it also provides forward security. Weakness of Simplified Authentication Protocol Replay Attack Database De-synchronization

20 Enhanced Authentication Protocol
Request,NR ID h(ID) XXX yyy aaa bbb H(Idi),NT,hIDi(NT,NR) hIDi+1(NT,NR) Tag Strength of Enhanced Authentication Protocol Reader Tag cannot be attacked because if attacker is masquerading as reader then he will not know the shared secret which is ID of the tag. Reader cannot be attacked because of the shared secret. Which protects against replay and database de-synchronization attack. The communication between tag and reader cannot be attacked because of one-way of hash. User privacy cannot be attacked because no identity is released by the tag. Location privacy cannot be attacked because ID value changes with every read.

21 Conclusion RFID definitely has some security issues that need to be addressed. According to latest report from Texas Instruments there is no fraud reported with DST approach in last eight years. In enhanced authentication protocol, both reader and tag are authenticated by each other. Enhanced authentication protocol is most secure solution and uptill now we didn’t identify any weakness associated with this protocol.

22 References http://www.rfidjournal.com/article/articleview/549/1/1/
Stephens August Weis, " Security and Privacy in Radio-Frequency Identification Devices” Ari Juels and Ronald L. Rivest and Michael Szydlo, "The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy”

23 Any Questions Thank U………..

Download ppt "Security in RFID Presented By… NetSecurity-Spring07"

Similar presentations

RFID: OPPORTUNITIES and CHALLENGES Yize Chen. History In 1969, Mario Cardullo presented a RFID business plan to investors. The application areas include:

RFID: OPPORTUNITIES and CHALLENGES Yize Chen. History In 1969, Mario Cardullo presented a RFID business plan to investors. The application areas include:
The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy A. Juels, R. L. Rivest, and M. Szydlo 8th ACM Conference on Computer and Communications.

The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy A. Juels, R. L. Rivest, and M. Szydlo 8th ACM Conference on Computer and Communications.
A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme Divyan M. Konidala, Zeen Kim, Kwangjo Kim {divyan, zeenkim, International.

A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme Divyan M. Konidala, Zeen Kim, Kwangjo Kim {divyan, zeenkim, International.
A lightweight mutual authentication protocol for RFID networks 2005 IEEE Authors : Zongwei Luo, Terry Chan, Jenny S. Li Date : 2006/3/21 Presented by Hung.

A lightweight mutual authentication protocol for RFID networks 2005 IEEE Authors : Zongwei Luo, Terry Chan, Jenny S. Li Date : 2006/3/21 Presented by Hung.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) Sriram Gopinath(1203800749)

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.

1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.
RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.

RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.
Risk of Using RFID chips in Passports Oscar Mendez.

Risk of Using RFID chips in Passports Oscar Mendez.
Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems Stephen A. Weis, Sanjay E. Sarma, Ronald L. Rivest and Daniel W. Engels.

Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems Stephen A. Weis, Sanjay E. Sarma, Ronald L. Rivest and Daniel W. Engels.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
#1 Privacy in pervasive computing What can technologists do? David Wagner U.C. Berkeley In collaboration with David Molnar, Andrea Soppera, Ari Juels.

#1 Privacy in pervasive computing What can technologists do? David Wagner U.C. Berkeley In collaboration with David Molnar, Andrea Soppera, Ari Juels.
YA-TRAP: Yet Another Trivial RFID Authentication Protocol Gene Tsudik International Conference on Pervasive Computing and Communications, PerCom 2006.

YA-TRAP: Yet Another Trivial RFID Authentication Protocol Gene Tsudik International Conference on Pervasive Computing and Communications, PerCom 2006.
RFID in Mobile Commerce and Security Concerns Chassica Braynen April 25, 2007.

RFID in Mobile Commerce and Security Concerns Chassica Braynen April 25, 2007.
EPC for Security Applications By Jacob Ammons & Joe D’Amato.

EPC for Security Applications By Jacob Ammons & Joe D’Amato.
Foundations of Privacy 2010 Guy Katz.  Introduction to RFID  How does it work  Threats to user privacy  Possible solutions.

Foundations of Privacy 2010 Guy Katz.  Introduction to RFID  How does it work  Threats to user privacy  Possible solutions.
Physical-layer Identification of RFID Devices Authors: Boris Danev, Thomas S. Heyde-Benjamin, and Srdjan Capkun Presented by Zhitao Yang 1.

Physical-layer Identification of RFID Devices Authors: Boris Danev, Thomas S. Heyde-Benjamin, and Srdjan Capkun Presented by Zhitao Yang 1.
RFID Inventory System Shaun Duncan, Thomas Keaten, Auroop Roy.

RFID Inventory System Shaun Duncan, Thomas Keaten, Auroop Roy.

Similar presentations

Ads by Google