1. Network Security - IT653 Deepti Agrawal KReSIT, IIT Bombay
RFID SECURITY
Network Security - IT653
Deepti Agrawal
KReSIT, IIT Bombay

2. What is RFID? Radio-Frequency Identification Tag Antenna Chip
Holds a small amount of unique data – a serial number or other unique attribute of the item
The data can be read from a distance – no contact or even line of sight necessary
Antenna
Chip

3. How Does RFID Work? Tags (transponders) Reader (transceiver) Database
02.3DFEX4.78AF51
EasyToll card #816
Radio signal (contactless)
Range: from 3-5 inches to 3 yards
Tags (transponders)
Attached to objects, call out their (unique) name and/or static data on a special radio frequency
Reader (transceiver)
Reads data off the tags
without direct contact
Database
Matches tag IDs to
physical objects

4. RFID Tag Power Sources Passive (this is what mostly used now)
Tags are inactive until the reader’s interrogation signal “wakes” them up
Cheap, but short range only
Semi-passive
On-board battery, but cannot initiate communication
Can serve as sensors, collect information from environment: for example, “smart dust” for military applications
More expensive, longer range
Active
On-board battery, can initiate communication

5. The capabilities of a basic RFID tag
Little memory
Static 64-to-128-bit identifier in current ultra-cheap generation
Little computational power
A few thousand gates
Static keys for read/write permission
Not enough resources to support public- or symmetric-key cryptography
Cannot support modular arithmetic (RSA, DSS), elliptic curves, DES, AES;
Hash functions barely feasible
Recent progress on putting AES on RFID tag

6. RFID is the Barcode of the Future
Fast, automated scanning
(object doesn’t have to leave
pocket, shelf or container)
Line-of-sight reading
Reader must be looking at the barcode
Reading by radio contact
Reader can be anywhere within range
“Write Capabilities”
Products carry updated info as they move through the supply chain
Static Data
No cryptographic operations possible
Specifies object type
E.g., “I am a pack of Juicy Fruit”
Specifies unique object id
E.g., “I am a pack of Juicy Fruit #86715-A”
Can look up this object
in the database

7. Commercial Applications of RFID
Physical-access cards
Inventory control
Gillette Mach3 razor blades, pet tracking
Logistics and supply-chain management
Track a product from manufacturing through shipping to the retail shelf
Gas station and highway toll payment
Libraries
Euro banknotes

8. The consumer privacy problem

9. …and the tracking problem
Wig serial #A817TS8
Mr. Jones pays with a credit card; his RFID tags now linked to his identity; determines level of customer service
Think of car dealerships using drivers’ licenses to run credit checks…
Mr. Jones attends a political rally; law enforcement scans his RFID tags
Mr. Jones wins Turing Award; physically tracked by paparazzi via RFID

10. Risks Personal privacy
I’ll furtively scan your briefcase and learn how much cash you are carrying and which prescription medications you are taking …
Corporate espionage : Privacy is not just a consumer issue
Track your competitor’s inventory
Skimming: read your tag and make my own
In February, JHU-RSA Labs team skimmed and cloned Texas Instruments’ RFID device used in car anti-theft protection and SpeedPass gas station tokens

11. Blocking Unwanted Scanning
FARADAY CAGE
Container made of foil or metal mesh, impenetrable by radio signals of certain frequencies
Invitation to Shoplifters
Maybe works for a wallet, but huge hassle in general – locomotion difficult

12. Blocking Unwanted Scanning (Contd.)
“KILL” tag after purchase
Special command permanently de-activates tag after the product is purchased
RFID tags are much too useful in “live” state… Disables many futuristic applications.

13. Futuristic Applications
Tagged products
Clothing, appliances, CDs, etc. tagged for store returns and locatable in house
“Smart” appliances
Refrigerators that automatically create shopping lists and when milk expires
Closets that tell you what clothes you have available, and search the Web for advice on current styles, etc.
Washing machines that detect improper wash cycle
“Smart” print
Airline tickets that indicate your location in the airport
Business cards
Recycling
Plastics that sort themselves
Consumers will not want their tags “killed,” but should still have a right to privacy!

14. Blocking Unwanted Scanning (Contd.)
The “BLOCKER TAG”
Blocker simulates
all (billions of) possible tag serial numbers!!
1,2,3, …, 2023 pairs
of sneakers and…
(reading fails)…

15. How does blocker tag work?
When the reader sends a signal, more than one RFID tag may respond: this is a collision
Reader cannot accurately read information from more than one tag at a time
Example: every tagged item in a supermarket cart responds to the cashier’s RFID reader
“Tree-walking” protocol for identifying tags recursively asks question:
“What is your next bit?”
Blocker tag always says both ‘0’ and ‘1’!
Guarantees collision no matter what tags are present
To talk to a tag, reader must traverse every tree path
With 128-bit IDs, reader must try 2128 values – infeasible!
To prevent illegitimate blocking, make blocker tag selective (block only certain ID ranges)
E.g., blocker tag blocks all IDs with first bit=1
Items on supermarket shelves have first bit=0
Can’t block tags on unpurchased items (anti-shoplifting)
After purchase, flip first bit on the tag from 0 to 1

16. “Tree-walking” anti-collision protocol for RFID tags1 ? 00 01 10 11
000
001
010
011
100
101
110
111

17. Example: Supermarket Cart
1. Prefix=“empty”
Next=0
Next=1
Collision!
prefix=0
prefix=1
No collision
Next=1
1a. Prefix=0
1b. Prefix=1
Next=0
No collision
2. Prefix=00
2. Prefix=11
prefix=00
prefix=01
No collision
Next=1
Collision!
Next=1
Next=0
3. ID=001
Talk to tag 001
3a. ID=110
Talk to tag 110
prefix=10
prefix=11
3b. ID=111
Talk to tag 111
000
001
010
011
100
101
110
111

18. Pseudonym rotation
Set of pseudonyms known only by trusted verifier
Pseudonyms stored on tag
Limited storage means at most, e.g., 10 pseudonyms
Tag cycles through pseudonyms
“74AB8”
“MMW91” = ?

19. Hash Locks Reader RFID tag Why is this not a perfect solution?
[Rivest, Weis, Sharma, Engels]
Goal: authenticate reader to the RFID tag
Reader
“Who are you?”
RFID tag
metaID
key
Compute hash(key) and
compare with stored metaID
“My real ID is…”
Stores metaID=hash(key)
Stores key; hash(key) for any tag
Unique key for each tag
Why is this not a perfect solution?

20. Analysis of Hash Locks Relatively cheap to implement
Tag has to store hash implementation and metaID
Security based on weak collision-resistance of hash function
metaID looks random
Problem: tag always responds with the same value
Attacker can track the same tag from place to place even if he cannot learn its real ID

21. Randomized Hash Locks Reader RFID tag
[Weis et al.]
Goal: authenticate reader to the RFID tag
Reader
RFID tag
“Who are you?”
Generate random R
R, hash(R,IDk)
Compute hash(R,IDi) for every
known IDi and compare
“You must be IDk”
Stores its own IDk
Stores all IDs:
ID1, … ,IDn

22. Analysis of Randomized Hash Locks
Tag must store hash implementation and pseudo-random number generator
Secure against tracking because tag response is different each time
Reader must perform brute-force ID search
Effectively, reader must stage a mini-dictionary attack to unlock the tag
Alternative: use a block cipher
Need a very efficient implementation of AES

23. External re-encryption approach
Suggested for RFID-embedded banknotes privacy protection
Banknote tag serial numbers are encrypted with a law enforcement public key
Periodic re-encryption to reduce the linkability of different appearances of a given tag.
Resources limited on tag, so re-encryption done by external agents, usually the reader

24. References The material covered in the slides has been taken from :
RFID Security and Privacy :
RFID: Security and Privacy for Five-Cent Computers :

25. Questions ?