RFID Security and Privacy: A Research Survey
Download
Report
Transcript RFID Security and Privacy: A Research Survey
Written by: Ari Juels
Presented by Carlos A. Lopez
Outline
Introduction
2. Basic RFID Tags
3. Symetric-Key Tags
4. RFID News
1.
Definition
RFID: Is a technology for automated
identification of objetcs and people
RFID devices are called “RFID Tags”
Small Microchip (Itachi Mu-chip
0.002x0.002in)
Transmit data over the air
Responds to interrogation
Possible successor of barcodes
EPCGlobal Inc Oversees the development of
standards
RFID Overview
ID:2342341456734
Credit Card #8163 3534 9234 9876
Radio signal (contactless)
Range: from 3-5 inches to 3 yards
Tags (transponders)
Reader (transceiver)
Database
Attached to objects,
“call out” identifying data
on a special radio frequency
Reads data off the tags
without direct contact
Matches tag IDs to
physical objects
Reading Tags
The read process starts when an RFID reader sends
out a query message
Invites all tags within range to respond
More than one RFID tag may respond at the same time
○ This causes a collision
Reader cannot accurately read information from more than
one tag at a time
Reader must engage in a special singulation
protocol to talk to each tag separately
Barcode Replacement
Unique Identification
○ Type of Object Vs. Unique among millions
○ Act as a pointer to a database
Automation
○ Optically scanned
Line-of-sight
Contact with readers
Careful physical position
Requires human intervention
RFID Standards
Some standards that have been made regarding RFID technology
include:
ISO 14223/1 – RFID of Animals, advanced transponders
ISO 14443: HF (13.56 MHz) RFID-enabled passports under
ICAO 9303.
ISO 15693: HF (13.56 MHz) used for non-contact smart
payment and credit cards
ISO/IEC 18000 - 7 different Parts
ISO 18185: "e-seals" for tracking cargo containers using the
433 MHz and 2.4 GHz frequencies.
EPCglobal - Most likely to undergo International
Standardization according to ISO rules as with all sound
standards in the world.
Tag Types
Passive:
All power comes from a reader’s signal
Tags are inactive unless a reader activates them
Cheaper and smaller, but shorter range
Semi-passive
On-board battery, but cannot initiate communication
Can serve as sensors, collect information from environment: for example, “smart
dust” for military applications
Active:
On-board battery power
Can record sensor readings or perform calculations in the absence of a reader
Longer read range
LF
HF
UHF
Microwave
Freq. Range
125 - 134KHz
13.56 MHz
866 - 915MHz
2.45 - 5.8 GHz
Read Range
10 cm
1M
2-7 M
1M
Application
Smart Cards, Ticketing,
animal tagging,
Access Control
Small item management,
supply chain,
Anti-theft, library,
transportation
Transportation vehicle
ID, Access/Security,
large item management,
supply chain
Transportation vehicle ID
(tolls), Access/Security,
large item management,
supply chain
Applications
Supply-chain management
logistics, inventory control, retail check-out
Payment systems
ExxonMobil SpeedPass
I-Pass/EZ-Pas/Smart Tag toll systems
Credit Cards
Access Control
Passports
Library books
Human-implantable RFID
Hospital and Health Centers
Money - Yen and Euro banknoter anti-counterfeiting
Animal Tracking - and Human???
The consumer privacy problem
Here’s
Mr. BOB
in 2015…
Wig
Replacement hip
model #4456
medical part #459382
(cheap
polyester)
Das Kapital and
Communistparty handbook
1500 Euros
in wallet
30 items
of lingerie
Serial numbers:
597387,389473
…
…the tracking problem
Wig
serial #A817TS8
Mr. Bob pays with a credit card - his
RFID tags now linked to his identity
determines level of customer service
Mr. Bob attends a political rally - law
enforcement scans his RFID tags
Mr. Jones wins Award - physically
tracked by paparazzi via RFID
Read ranges of a tag
Nominal Range – Range intend to operate
Rogue Scanning Range –Powerful antenna
amplifies the read range
Tag-To-Reader Eavesdropping range – A second
reader can monitor the resulting tag emission
Reader-to-Tag eavesdropping range Sometimes the reder send information with a
greater power than the tags.
CURRENT BALANCE
Travel history: visited
stations and dates
WMATA Smart Trip
RFID
…and the authentication problem
Privacy: Misbehaving readers
harvesting information from wellbehaving tags
Authentication: Well-behaving
readers harvesting information
from misbehaving tags,
particularly counterfeit ones
Wig
serial #A817TS8
Basic RFID tags Vs. Symmetric Key tags
Cannot:
Execute standards cryptographic operations
Strong Pseudorandom number generation
Hashing
Low-cost tags
EPC tags
Used in most gates
Privacy
Killing and Sleeping
Re-naming approach
Relabeling
Minimalist cryptography
Encryption
The proxy approach
Watchdog Tag
RFID Guardian
Distance Measurement
Blocking
Soft-blocking
Trusted Computing
Returning to basic issue of privacy:
Kill codes
EPC tags have a “kill” function
○
○
○
Developed for EPC to protect consumers
after point of sale
○
○
On receiving password, tag self-destructs
Tag is permanently inoperative
No post-purchase benefits
“Dead tags tell no tales”
Privacy is preserve
Why not sleep them?
○
Would be difficult to manage in practice –
Users might have to manage her PIN for her
tags
Privacy (Cont 2)
Re-naming approach
Even if the tag has no intrinsic meaning it can still
enable tracking (Solution: Change over time)
○ Relabeling
Consumer are equipped to re-label tags with new identifier,
but able to reactive old information
○ Minimalist cryptography
Change names each time is interrogated
○ Encryption
Re-Encryption
- Public Key cryptosystem
- Periodically re-encrypted by law enforcement
Universal Re-encryption
Privacy (Cont 3)
The proxy approach
Watchdog Tag
RFID Guardian
So what might solve our problems?
Higher-powered intermediaries like
mobile phones
RFID “Guardian” and RFID REP (RFID
Enhancer Proxy)
Please show reader
certificate and
privileges
Privacy (Cont 4)
Distance Measurement
Distance as a measure of trust
○ A tag might release general information “I’m
attached to a bottle of water” when scanned at
a distance, but release more specific
information, like unique identifier at a close
range.
Privacy (Cont 5)
Blocking
Scheme depends on the incorporation of a
modifiable bit called a privacy bit
It uses a blocking tag which prevents
unwanted scanning of tag on a private zone
Soft-blocking -On the reader “Do not scan
tags whose privacy is on”
Trusted Computing
Authentication
ECP tags Class-1 Gen-2 have no
explicit anti-counterfeiting features
Yoking: Is a protocol that provides
cryptographic proof that 2 tags have been
scanned simultaneously to try to solve that
the reader actually reads what is trying to
scan.
Symmetric-Key Tags
(capable of computing symmetric key)
Cloning
With a simple challenge-response protocol a tag T, can authenticate
itself to a reader that shares the key Ki
1.
2.
3.
4.
The tag transmit Ti
The reader generates a random bit string R
The tag computes H=h(Ki,R) and transmits H
The reader verifies H =h(Ki,R)
Digital Signature Transponders ( created by Texas Instrument and used
by Speedpass)
○
Based on the secrecy of the algorithm “Security through obscurity” was
crack by student at Johns Hopkins
Reverse-Engineering
Key cracking
Simulation
Reverse - Engineering and side channels
Relay Attacks
○
Man-in-the-middle attacks can bypass any cryptographic protocol
Privacy
Symmetric-Key Management Problem
Leads to a paradox
○ A tag identifies itself before authenticating the
readers
○ The tag emits it identifier Ti
○ So the reader can learn the identity of the tag
○ Privacy unachievable
Tag emits
E f kTi [P] where P is a input value
Once receiving E, the reader searches all the
spaces of tags keys, trying to decrypt E under
every key K until its obtains P (The reader has
all the tag’s key on it)
Privacy
Literature
Tree approach
○ Proposed approach where a tag contains more than one
symmetric key in a hierarchical structure define by a tree S.
Every node has a unique key
Each tag is assigned to a unique leaf
It contains the key defined by the path from the root S to the leaf
○ Can be useful for:
A tag holder can transfer ownership of an RFID tag to another party,
while history remains private
A centralized authority with full tag information can provision readers
to scan particular tags over limited windows time
Synchronization approach
Symmetric-key primitive
The European network for excellence in cryptographic is
evaluating 21 candidates stream ciphers
So what might solve our problems?
Cryptography!
Urgent need for cheaper hardware for primitives and better side-
channel defenses
Some of talk really in outer limits, but basic caveats are
important:
Pressure to build a smaller, cheaper tags without cryptography
RFID tags are close and personal, giving privacy a special
dimension
RFID tags change ownership frequently
Key management will be a major problem
○ Think for a moment after this talk about distribution of kill passwords…
Are you ready for the Verichip?
RFDI News
RFID Passports cracked http://blog.wired.com/sterling/2006/11/arphid_w
atch_fi.html
Can Aluminum Shield RFID Chips? http://www.rfid-shield.com/info_doesitwork.php
RFID chips can carry viruses http://arstechnica.com/news.ars/post/20060315
-6386.html
Nightclub allows entry by RFID’ http://www.prisonplanet.com/articles/april2004/0
40704bajabeachclub.htm
Demo: Cloning a Verichip http://cq.cx/verichip.pl