Transcript Document

ll slides © 2008 RSA Laboratories
RFID Security:
In the Shoulder
and on the
Loading Dock
Ari Juels
RSA Laboratories
WiSec
31 March 2008
Joint work with
D. Boneh, E.-J. Goh, J. Halamka,
A. Stubblefield, B. Parno, R. Pappu,
and J. Westhues
RFID (Radio-Frequency IDentication)
takes many forms…
“RFID” really denotes a
spectrum of devices
Basic
“smart
label”
Toll payment
plaque
passive
semi-passive
passive
no crypto
no crypto
some crypto
few cm to
many meters
range
several meters
range
Automobile
ignition key
Mobile phone
several cm
range
RFID: Any wireless device whose main function
is identification of an object or person…
“Smart label” RFID tag
• Passive tag
• Ordinary range of several meters
• Simply calls out (unique) name and
static data
“74AB8”
“Evian bottle
#949837428”
“5F8KJ3”
Capabilities of “smart label”
RFID tag
• Cheap! (target of $0.05 apiece)
• Little memory
– Static 96-bit+ identifier in current ultracheap tags
– Up to hundreds of writeable bits
• Little computational power
– At most a few thousand gates (mostly for
basic functionality)
– No real cryptographic functions
possible
“Smart labels”:
EPC (Electronic Product Code) tags
Barcode
EPC tag
Fast, automated
scanning
Line-of-sight
Specifies object type
Radio contact
Uniquely specifies object
Provides pointer
to database entry
for every object,
i.e., unique,
detailed history
2030: Week in the life of a milk carton
•
30 April: RFID-tagged cow “Bessie” produces milk
•
30 April: Milk transferred to RFID-tagged tank
–
•
1 May: RFID portal on truck records loading of refrigeration tanks
–
•
•
•
•
•
(Truck also has active RFID (+GPS) to track geographical location and RFID
transponder to pay tolls)
2 May: Chemical-treatment record written to database record for milk barrel
–
•
Cow identity and milking time recorded in tank-tag database
Bessie’s herd recorded to have consumed bitter grass; compensatory sugars added
3 May: Milk packaged in RFID-tagged carton; milk pedigree recorded in
database associated with carton tag
4 May: RFID portal at supermarket loading dock records arrival of carton
5 May: “Smart” shelf records arrival of carton in customer area
5 May 0930h: “Smart” shelf records removal of milk
5 May 0953h: Point-of-sale terminal records sale of milk (to Alice)
2030: Week in the life of a milk carton
•
6 May 0953h: Supermarket transfers tag ownership to Alice’s smart home
•
•
6 May 1103h: Alice’s refrigerator records arrival of milk
6 May 1405h: Alice’s refrigerator records removal of milk; refrigerator looks up
database-recorded pedigree and displays: “Woodstock, Vermont, 1% fat, light
pasturization, artisanal, USDA organic, breed: Jersey, genetic design #81726”
•
6 May 1807h: Alice’s “smart” home warns domestic robot that milk has been left
out of refrigerator for more than four hours
6 May 1809h: Alice’s refrigerator records replacement of milk
•
•
7 May 0530h: Domestic robot uses RFID tag to locate milk in refrigerator; refills
baby bottle
2030: Week in the life of a milk carton
•
6 May 0953h: Supermarket transfers tag ownership to Alice’s smart home
•
•
6 May 1103h: Alice’s refrigerator records arrival of milk
6 May 1405h: Alice’s refrigerator records removal of milk; refrigerator looks up
database-recorded pedigree and displays: “Woodstock, Vermont, Grade A, light
pasturization, artisanal, USDA organic, breed: Jersey, genetic design #81726”
•
6 May 1807h: Alice’s “smart” home warns domestic robot that milk has been left
out of refrigerator for more than four hours
6 May 1809h: Alice’s refrigerator records replacement of milk
•
•
•
•
7 May 0530h: Domestic robot uses RFID tag to locate milk in refrigerator; refills
baby bottle
7 May 0531h: Robot discards carton; “Smart” refrigerator notes absence of milk;
transfers order to Alice’s PDA/phone/portable server grocery list
7 May 2357h: Recycling center scans RFID tag on carton; directs carton to
paper-brick recycling substation
RFID Today
PROXIMITY CARDS
Note: Often just emit static identifiers, i.e., they are just smart labels!
AUTOMOBILE IGNITION KEYS
RFID helps secure hundreds of millions of automobiles
•Cryptographic challenge-response
•Philips claims more than 90% reduction in car theft thanks to RFID!
•Some devices, e.g., Texas Instruments DST, are weak [Bono et al. ’05])…
f
Credit CARDS
• RFID now offered in all major credit cards in
U.S. (“tap-and-go”)…
• Some problems with first generation
[Heydt-Benjamin et al. ’07]
Transit CARDS
•K. Nohl and H. Plötz on Mifare, 2008
PAssports
• Dozens of countries issuing RFID-enabled
passports
• PASS card and “enhanced” drivers’ licenses
(EPC tags)
Little EPC at item-level,
mostly cases and pallets
Crate #123
(jet engines)
Supply-chain visibility
31 August 2007
22.19 UTC
Okinawa, Japan
Crate #123 arrived
Dock JHS1872H
22 August 2007
01.28 UTC
Kansas, USA
Crate #123 packed
Factory #18762
25 August 2007
06.08 UTC
NYC, USA
Crate #123 loaded
Cargo ship UAYHQUE
pharmaceuticals
• Anti-counterfeiting: Better supply-chain
visibility means less fraud
– U.S. FDA urging RFID use to combat
counterfeiting of drugs
– Pharmaceutical companies doing item-level trials
with EPC today
Security and Privacy
Challenges
The consumer privacy problem
Here’s
Mr. Jones…
Wig
Replacement hip
model #4456
medical part #459382
(cheap
polyester)
Das Kapital and
Communistparty handbook
1500 Euros
in wallet
30 items
of lingerie
© RSA Laboratories
Serial numbers:
597387,389473
…
Privacy approach 1: Cover RFID
tags with protective mesh or foil
Problems:
(1) Makes locomotion
difficult
(2) Shops don’t like
distributing tools for
theft
Approach 2:
EPC “kill” command for RFID tags
Long-term
problem:
RFID tags are
very useful
in “live” state…
Short-term
problem: How do
I get kill PINs to
point of sale?
The authentication problem
Good readers, bad tags
Mr. Jones in 2020
Counterfeit!
Replacement hip
medical part #459382
Mr. Jones’s car!
1500 Euros
in wallet
Mad-cow
hamburger
lunch
Counterfeit!
Serial numbers:
597387,389473
…
Approach 3: Use cryptography
Side-channel countermeasures
AES
But:
1. Not in cheap EPC for
a while
2. The theme of today’s
talk: The really hard
part is key
management…
RFID on the
Loading Dock
Keeping the customer satisfied…
• “I want a rock-solid encryption algorithm…
with 20-bit keys.”
• “I want a strong password-reset system…
with user-friendly challenge questions like,
`What is your favorite color?’”
• “I want my retail stores to be able to read
RFID-tagged items… but I want tag data
to be unreadable after sale… and I don’t
want to have to kill or rewrite them…”
EPC tags and privacy
• Again, EPC tags have no true cryptographic
functionality
• Only explicit EPC privacy feature: Kill
– On receiving tag-specific PIN, tag self-destructs
• But commercial RFID users say they:
– Don’t want to manage kill PINs
– Have no channel to communicate secret keys
downstream in supply chain
• Key transport is a big problem!!!
A new approach:
Put secret keys on the tags
• Encrypt tag data under secret key 
• Apply secret sharing to spread key  across tags in case
– E.g.,   (s1, s2,, s3)
E (m1)
s1
E (m2)
s2
E (m3)
s3

A new approach:
Put secret keys on the tags
Supersteroids
• Encrypt tag data under secret key  500mg; 100 count
Serial tags
#87263YHG
• Apply secret sharing to spread key  across
in case
Mfg: ABC Inc.
– E.g.,   (s1, s2,, s3)
Exp: 6 Mar 2010
E (m1)
s1
E (m2)
s2
E (m3)
s3

Privacy through dispersion
Privacy through dispersion
E (m1)
(SuperSteroids)
s
1
(SuperE
 (m2)
sSteroids)
2
(SuperE
 (m3)
sSteroids)
3
Individual shares / small sets reveal
no information about medication!
Example application:
Privacy protection on medications
Data
Step 1: Receive case
at pharmacy
Step 2: Pharmacy reads
tags, gets keys, decrypts
data for its database
Step 3: Tags and data
are dispersed
Some challenges
1.
Storage is at a premium in EPC, but no secret-sharing
literature on “tiny” shares
•
•
2.
“Short” shares are 128 bits, but we may want 16 bits or less!
We needed to create new definitions and constructions
Scanning errors
•
We need robustness in our secret-sharing scheme
Some challenges
3. In-store key harvesting
•
•
•
•
•
Preventive idea: Add “chaff,” i.e., bogus or “noise” shares
If secret-sharing scheme for case can tolerate d errors, then add
2d/3 bogus shares per case
Can recover from <d/3 errors in single case, since 2d/3 + d/3 = d
Hard to reconstruct secrets for two cases mixed together, as we
have 4d/3 > d errors
“Overinformed” adversary

Some challenges
Wig
serial #A817TS8
4. We don’t solve tracking problem
•
You’ve already got credit cards, car keys, proximity cards, mobile
phones, and so forth
Another twist:
Secret-sharing for authentication
• A key  is useful not just for consumer privacy,
but for authentication:
– Read / write “unlock” codes for EPC tags
– Anti-cloning for EPC tags [Juels ’05]
– Symmetric key for challenge-response tag
authentication (again, anti-cloning)
• But putting  on case is bad if case is diverted
– Attacker can read / rewrite tags and re-inject goods
– Attacker can clone tags
Secret-sharing across cases
s1
s2

s3
s’1
s’2
’
s’3
Secret-sharing across cases
s1
s2

s3
s’1
s’2
’
s’3
But “windows” are not always
neat…
s1
s2
Warehouse A
s3
s’1
s’2
s’3
Warehouse B
receivers cannot reconstruct  and ’ !
SWISS
(Sliding Window Information Secret-Sharing)
1
2
3
4
5
6
s1
s2
s3
s4
s5
s6
Given  2 out of 4 si, get corresponding i
Given  2 out of 4 si, get corresponding i
Given  2 out of 4 si, get corresponding i
SWISS
(Sliding Window Information Secret-Sharing)
1
2
3
4
5
6
s1
s2
s3
s4
s5
s6
Warehouse B
1 3 5
SWISS
(Sliding Window Information Secret-Sharing)
1
2
3
4
5
6
s1
s2
s3
s4
s5
s6
Adversary with more sporadic case access
SWISS
(Sliding Window Information Secret-Sharing)
s1
s2
s3
s4
s5
s6
• A k-out-of-n-SWISS scheme is straightforward with
share size si linear in n
• It’s not obvious how to get more compact si
• That’s what our paper [JPP ’08] addresses…
– Tricks using bilinear maps, i.e., pairings
– Size of si is constant(!) in k,n
– Access structure not perfect
RFID in the
Shoulder
Other RFID applications today:
Animal tagging…
“Not Really Mad”
• Livestock
• Housepets
50 million+
The cat came back,
the very next day…
Human location tracking
• Schools
• Amusement parks
• Hospitals
A riddle…
+
= ???
Human-implantable
RFID
+
= ???
VeriChipTM
Human-implantable
RFID
• Excellent test bed for privacy and security
concepts!
• Proposed for medical-patient identification
• Also proposed and used as an authenticator for physical
access control, a “prosthetic biometric”
+
=
– E.g., Mexican attorney general purportedly used for access to
secure facility
• What kind of cryptography does it have?
– None: It can be easily cloned [Halamka et al. ’06]
VeriChipTM
• So shouldn’t we add a challenge-response protocol?
• Cloning may actually be a good thing
Human-implantable RFID
• Physical coercion and attack
– In 2005, a man in Malaysia had his fingertip
cut off by thieves stealing his biometricenabled Mercedes
– What would happen if the VeriChip were used
to access ATM machines and secure
facilities?
• Perhaps better if tags can be cloned!
• Tags should not be used for
authentication—only for identification
Cloneability + privacy
• Privacy means no linkability or information
about identities
• If a tag can be cloned, does that mean it can’t
provide privacy?
– Surprisingly, no!
• A very simple scheme allows for
simultaneous cloneability and privacy
Cloneability + privacy
Homomorphic public-key cryptosystem
(e.g., El Gamal)
• Private / public key pair (SK, PK)
• Randomized scheme: C = EPK,r [m]
• Semantic security:
Adversary cannot distinguish
C = EPK,r [“Alice”] from C’*= EPK,s [“Bob”]
• Re-encryption property:
Given C only, can produce randomized
C* = EPK,s [m], without knowing m
Cloneability + privacy
The scheme: When read, tag chooses
fresh r and outputs C = EPK,r [“name”]
Then:
• Reader with SK can decrypt name
• Semantic Security: Adversary cannot
distinguish among tags, i.e., infringe
privacy
• Re-encryption property: Adversary
can clone a tag: records C and outputs
randomized C*
The covert-channel problem
Suppose there is an identification / authentication system…
It’s Alice!
Authorized
Employees
Only
The covert-channel problem
Suppose there is an identification / authentication system…
Mercury switch
Alice
low blood
Alice has
recently
indicates that
pressure
passed a and
casino’s
Alice napped on
high
RFID blood-alcohol
reader.
job
Authorized
Employees
Only
How can we assure Alice of no
covert channels?
• Outputs must be deterministic
– Randomness always leaves room for covert emissions
• Could give Alice a secret key to check that outputs are
formatted correctly
– E.g., pseudorandom-generator seed for device
• But we don’t want Alice (or a third party) to have to manage
sensitive keying material. Again, key management is the
problem!
• Can we enable Alice (or anyone else) to verify covertfreeness publicly, i.e., without exposing secret keys?
• Simultaneous publicly verifiable covert-freeness and privacy
are impossible!
Here’s why…
Suppose there were a public CC detector…
X18 Ultra CC-DetectorTM
Here’s a covert channel!
1. Create identity for user “Bob”
•
•
Bob could be fictitious
Just need output sequence B1, B2, …
2. Alice’s chip does following:
•
•
If no nap, output A1, A2, A3, etc. with
Alice’s identity
If Alice has taken a nap, then flip to Bob’s
identity, i.e., output A1, A2… B1, B2
Suppose we detect this covert
channel
X18 Ultra CC-DetectorTM
Yes,
No CC
CC
Now if there really is a user Bob,
we have a problem...
X18 Ultra CC-DetectorTM
No CC
Alice followed by Bob yields
“Yes”
X18 Ultra CC-DetectorTM
Yes, CC
Privacy is broken: We can
distinguish between identities!
X18 Ultra CC-DetectorTM
No
Alice
Alice
X18 Ultra CC-DetectorTM
Yes
Alice
Bob
So public CC-verifiability + privacy
is impossible
• But we can achieve it anyway…
• Idea: change the definition of privacy
– Weaken localized privacy, e.g., eliminate privacy across pairwise
values
– Allow localized CC-checking, e.g., pairwise
– Localized privacy is least important type of privacy
• Now we can do spot CC-checking…
yes / no
X18 Ultra CC-DetectorTM
A1
A2
A3 A4
A5
A6 A7
A8
A9
So public CC-verifiability + privacy
is impossible
• But we can achieve it anyway…
• Idea: change the definition of privacy
– Weaken localized privacy, e.g., eliminate privacy across pairwise
values
– Allow localized CC-checking, e.g., pairwise
– Localized privacy is least important type of privacy
• Now we can do spot CC-checking…
yes / no
X18 Ultra CC-DetectorTM
A1
A2
A3 A4
A5
A6 A7
B1
B2
So public CC-verifiability + privacy
is impossible
• Now let’s show how to achieve it anyway…
• Idea:
– Weaken privacy definition to exclude localized privacy, e.g.,
privacy across pairwise values
– Allow localized CC-checking, e.g., pairwise
– Localized privacy is least important type of privacy
• Now we can do spot CC-checking…
A1
A2
A3 A4
A5
A6 A7
A8
A9
Still a difficult problem
• Constructing a deterministic sequence
whose values are:
– Publicly, pairwise verifiable
– Otherwise unlinkable
• Again, use bilinear maps (with nonstandard hardness assumption…)
• We have only solved the problem of covert
channels in explicit logical-layer problem
– Timing or power side-channel?
The message of this talk:
Crypto is not always the hard part!
Side-channel countermeasures
AES
With crypto, we can do:
• Challenge-response
for authentication
• Mutual authentication
and/or encryption for
privacy
Again, crypto is hard, but
really hard part is
key management…
The key-management problem
Kansas, USA
Okinawa, Japan
The key poses its own “transport” problems:
• It must be tag-specific (usually)
• It must be highly available
• It must be secured at all times
“Top secret:
• Like managing
10,000,000,000 passwords!
X-32 cone”
“Top secret:
X-32 cone”
The RFID key-management problem
Body passwords?
To learn more
Papers available at RFID CUSP Web site:
www.rfid-cusp.org
– J. Halamka, A. Juels, A. Stubblefield, and J.
Westhues. “The Security Implications of VeriChip
Cloning.” Journal of the American Medical Informatics
Association (JAMIA), 2006.
– D. Bailey, D. Boneh, E.-J. Goh, and A. Juels. “Covert
Channels in Privacy-Preserving Identification
Systems.” In ACM CCS, 2007.
– A. Juels, R. Pappu, and B. Parno. “Key Transport in
Unidirectional Channels with Applications to RFID
Security.” 2008. In submission.
– J. Westhues’s RFID cloning page: http://cq.cx.