Transcript RFID Security and Privacy: A Research Survey

Written by: Ari Juels
Presented by Carlos A. Lopez
Outline
Introduction
2. Basic RFID Tags
3. Symetric-Key Tags
4. RFID News
1.
Definition
RFID: Is a technology for automated
identification of objetcs and people
 RFID devices are called “RFID Tags”

 Small Microchip (Itachi Mu-chip




0.002x0.002in)
Transmit data over the air
Responds to interrogation
Possible successor of barcodes
EPCGlobal Inc Oversees the development of
standards
RFID Overview
ID:2342341456734
Credit Card #8163 3534 9234 9876
Radio signal (contactless)
Range: from 3-5 inches to 3 yards
Tags (transponders)
Reader (transceiver)
Database
Attached to objects,
“call out” identifying data
on a special radio frequency
Reads data off the tags
without direct contact
Matches tag IDs to
physical objects
Reading Tags

The read process starts when an RFID reader sends
out a query message
 Invites all tags within range to respond
 More than one RFID tag may respond at the same time
○ This causes a collision
 Reader cannot accurately read information from more than
one tag at a time

Reader must engage in a special singulation
protocol to talk to each tag separately
Barcode Replacement
 Unique Identification
○ Type of Object Vs. Unique among millions
○ Act as a pointer to a database
 Automation
○ Optically scanned
 Line-of-sight
 Contact with readers
 Careful physical position
 Requires human intervention
RFID Standards
Some standards that have been made regarding RFID technology
include:
 ISO 14223/1 – RFID of Animals, advanced transponders
 ISO 14443: HF (13.56 MHz) RFID-enabled passports under
ICAO 9303.
 ISO 15693: HF (13.56 MHz) used for non-contact smart
payment and credit cards
 ISO/IEC 18000 - 7 different Parts
 ISO 18185: "e-seals" for tracking cargo containers using the
433 MHz and 2.4 GHz frequencies.
 EPCglobal - Most likely to undergo International
Standardization according to ISO rules as with all sound
standards in the world.
Tag Types

Passive:
 All power comes from a reader’s signal
 Tags are inactive unless a reader activates them
 Cheaper and smaller, but shorter range

Semi-passive
 On-board battery, but cannot initiate communication
 Can serve as sensors, collect information from environment: for example, “smart
dust” for military applications

Active:
 On-board battery power
 Can record sensor readings or perform calculations in the absence of a reader
 Longer read range
LF
HF
UHF
Microwave
Freq. Range
125 - 134KHz
13.56 MHz
866 - 915MHz
2.45 - 5.8 GHz
Read Range
10 cm
1M
2-7 M
1M
Application
Smart Cards, Ticketing,
animal tagging,
Access Control
Small item management,
supply chain,
Anti-theft, library,
transportation
Transportation vehicle
ID, Access/Security,
large item management,
supply chain
Transportation vehicle ID
(tolls), Access/Security,
large item management,
supply chain
Applications

Supply-chain management
 logistics, inventory control, retail check-out

Payment systems
 ExxonMobil SpeedPass
 I-Pass/EZ-Pas/Smart Tag toll systems
 Credit Cards

Access Control
 Passports




Library books
Human-implantable RFID
Hospital and Health Centers
Money - Yen and Euro banknoter anti-counterfeiting
Animal Tracking - and Human???
The consumer privacy problem
Here’s
Mr. BOB
in 2015…
Wig
Replacement hip
model #4456
medical part #459382
(cheap
polyester)
Das Kapital and
Communistparty handbook
1500 Euros
in wallet
30 items
of lingerie
Serial numbers:
597387,389473
…
…the tracking problem
Wig
serial #A817TS8
Mr. Bob pays with a credit card - his
RFID tags now linked to his identity
determines level of customer service
 Mr. Bob attends a political rally - law
enforcement scans his RFID tags
 Mr. Jones wins Award - physically
tracked by paparazzi via RFID


Read ranges of a tag




Nominal Range – Range intend to operate
Rogue Scanning Range –Powerful antenna
amplifies the read range
Tag-To-Reader Eavesdropping range – A second
reader can monitor the resulting tag emission
Reader-to-Tag eavesdropping range Sometimes the reder send information with a
greater power than the tags.
CURRENT BALANCE
Travel history: visited
stations and dates
WMATA Smart Trip
RFID
…and the authentication problem
Privacy: Misbehaving readers
harvesting information from wellbehaving tags
 Authentication: Well-behaving
readers harvesting information
from misbehaving tags,
particularly counterfeit ones

Wig
serial #A817TS8
Basic RFID tags Vs. Symmetric Key tags

Cannot:
 Execute standards cryptographic operations
 Strong Pseudorandom number generation
 Hashing

Low-cost tags
 EPC tags
 Used in most gates
Privacy


Killing and Sleeping
Re-naming approach
 Relabeling
 Minimalist cryptography
 Encryption

The proxy approach
 Watchdog Tag
 RFID Guardian


Distance Measurement
Blocking
 Soft-blocking

Trusted Computing
Returning to basic issue of privacy:
Kill codes

EPC tags have a “kill” function
○
○
○

Developed for EPC to protect consumers
after point of sale
○
○

On receiving password, tag self-destructs
Tag is permanently inoperative
No post-purchase benefits
“Dead tags tell no tales”
Privacy is preserve
Why not sleep them?
○
Would be difficult to manage in practice –
Users might have to manage her PIN for her
tags
Privacy (Cont 2)

Re-naming approach
 Even if the tag has no intrinsic meaning it can still
enable tracking (Solution: Change over time)
○ Relabeling
 Consumer are equipped to re-label tags with new identifier,
but able to reactive old information
○ Minimalist cryptography
 Change names each time is interrogated
○ Encryption
 Re-Encryption
- Public Key cryptosystem
- Periodically re-encrypted by law enforcement
 Universal Re-encryption
Privacy (Cont 3)

The proxy approach
 Watchdog Tag
 RFID Guardian
So what might solve our problems?

Higher-powered intermediaries like
mobile phones
 RFID “Guardian” and RFID REP (RFID
Enhancer Proxy)
Please show reader
certificate and
privileges
Privacy (Cont 4)

Distance Measurement
 Distance as a measure of trust
○ A tag might release general information “I’m
attached to a bottle of water” when scanned at
a distance, but release more specific
information, like unique identifier at a close
range.
Privacy (Cont 5)

Blocking
 Scheme depends on the incorporation of a
modifiable bit called a privacy bit
 It uses a blocking tag which prevents
unwanted scanning of tag on a private zone
 Soft-blocking -On the reader “Do not scan
tags whose privacy is on”

Trusted Computing
Authentication

ECP tags Class-1 Gen-2 have no
explicit anti-counterfeiting features
 Yoking: Is a protocol that provides
cryptographic proof that 2 tags have been
scanned simultaneously to try to solve that
the reader actually reads what is trying to
scan.
Symmetric-Key Tags
(capable of computing symmetric key)

Cloning
 With a simple challenge-response protocol a tag T, can authenticate
itself to a reader that shares the key Ki
1.
2.
3.
4.
The tag transmit Ti
The reader generates a random bit string R
The tag computes H=h(Ki,R) and transmits H
The reader verifies H =h(Ki,R)
 Digital Signature Transponders ( created by Texas Instrument and used
by Speedpass)
○
Based on the secrecy of the algorithm “Security through obscurity” was
crack by student at Johns Hopkins
 Reverse-Engineering
 Key cracking
 Simulation
 Reverse - Engineering and side channels
 Relay Attacks
○
Man-in-the-middle attacks can bypass any cryptographic protocol
Privacy
Symmetric-Key Management Problem
 Leads to a paradox

○ A tag identifies itself before authenticating the
readers
○ The tag emits it identifier Ti
○ So the reader can learn the identity of the tag
○ Privacy unachievable
 Tag emits
E  f kTi [P] where P is a input value
 Once receiving E, the reader searches all the
spaces of tags keys, trying to decrypt E under
every key K until its obtains P (The reader has
all the tag’s key on it)
Privacy

Literature
 Tree approach
○ Proposed approach where a tag contains more than one
symmetric key in a hierarchical structure define by a tree S.
 Every node has a unique key
 Each tag is assigned to a unique leaf
 It contains the key defined by the path from the root S to the leaf
○ Can be useful for:
 A tag holder can transfer ownership of an RFID tag to another party,
while history remains private
 A centralized authority with full tag information can provision readers
to scan particular tags over limited windows time
 Synchronization approach
 Symmetric-key primitive
 The European network for excellence in cryptographic is
evaluating 21 candidates stream ciphers
So what might solve our problems?

Cryptography!
 Urgent need for cheaper hardware for primitives and better side-
channel defenses

Some of talk really in outer limits, but basic caveats are
important:
 Pressure to build a smaller, cheaper tags without cryptography
 RFID tags are close and personal, giving privacy a special
dimension
 RFID tags change ownership frequently
 Key management will be a major problem
○ Think for a moment after this talk about distribution of kill passwords…

Are you ready for the Verichip?
RFDI News





RFID Passports cracked http://blog.wired.com/sterling/2006/11/arphid_w
atch_fi.html
Can Aluminum Shield RFID Chips? http://www.rfid-shield.com/info_doesitwork.php
RFID chips can carry viruses http://arstechnica.com/news.ars/post/20060315
-6386.html
Nightclub allows entry by RFID’ http://www.prisonplanet.com/articles/april2004/0
40704bajabeachclub.htm
Demo: Cloning a Verichip http://cq.cx/verichip.pl