Transcript Document
ll slides © 2008 RSA Laboratories RFID Security: In the Shoulder and on the Loading Dock Ari Juels RSA Laboratories WiSec 31 March 2008 Joint work with D. Boneh, E.-J. Goh, J. Halamka, A. Stubblefield, B. Parno, R. Pappu, and J. Westhues RFID (Radio-Frequency IDentication) takes many forms… “RFID” really denotes a spectrum of devices Basic “smart label” Toll payment plaque passive semi-passive passive no crypto no crypto some crypto few cm to many meters range several meters range Automobile ignition key Mobile phone several cm range RFID: Any wireless device whose main function is identification of an object or person… “Smart label” RFID tag • Passive tag • Ordinary range of several meters • Simply calls out (unique) name and static data “74AB8” “Evian bottle #949837428” “5F8KJ3” Capabilities of “smart label” RFID tag • Cheap! (target of $0.05 apiece) • Little memory – Static 96-bit+ identifier in current ultracheap tags – Up to hundreds of writeable bits • Little computational power – At most a few thousand gates (mostly for basic functionality) – No real cryptographic functions possible “Smart labels”: EPC (Electronic Product Code) tags Barcode EPC tag Fast, automated scanning Line-of-sight Specifies object type Radio contact Uniquely specifies object Provides pointer to database entry for every object, i.e., unique, detailed history 2030: Week in the life of a milk carton • 30 April: RFID-tagged cow “Bessie” produces milk • 30 April: Milk transferred to RFID-tagged tank – • 1 May: RFID portal on truck records loading of refrigeration tanks – • • • • • (Truck also has active RFID (+GPS) to track geographical location and RFID transponder to pay tolls) 2 May: Chemical-treatment record written to database record for milk barrel – • Cow identity and milking time recorded in tank-tag database Bessie’s herd recorded to have consumed bitter grass; compensatory sugars added 3 May: Milk packaged in RFID-tagged carton; milk pedigree recorded in database associated with carton tag 4 May: RFID portal at supermarket loading dock records arrival of carton 5 May: “Smart” shelf records arrival of carton in customer area 5 May 0930h: “Smart” shelf records removal of milk 5 May 0953h: Point-of-sale terminal records sale of milk (to Alice) 2030: Week in the life of a milk carton • 6 May 0953h: Supermarket transfers tag ownership to Alice’s smart home • • 6 May 1103h: Alice’s refrigerator records arrival of milk 6 May 1405h: Alice’s refrigerator records removal of milk; refrigerator looks up database-recorded pedigree and displays: “Woodstock, Vermont, 1% fat, light pasturization, artisanal, USDA organic, breed: Jersey, genetic design #81726” • 6 May 1807h: Alice’s “smart” home warns domestic robot that milk has been left out of refrigerator for more than four hours 6 May 1809h: Alice’s refrigerator records replacement of milk • • 7 May 0530h: Domestic robot uses RFID tag to locate milk in refrigerator; refills baby bottle 2030: Week in the life of a milk carton • 6 May 0953h: Supermarket transfers tag ownership to Alice’s smart home • • 6 May 1103h: Alice’s refrigerator records arrival of milk 6 May 1405h: Alice’s refrigerator records removal of milk; refrigerator looks up database-recorded pedigree and displays: “Woodstock, Vermont, Grade A, light pasturization, artisanal, USDA organic, breed: Jersey, genetic design #81726” • 6 May 1807h: Alice’s “smart” home warns domestic robot that milk has been left out of refrigerator for more than four hours 6 May 1809h: Alice’s refrigerator records replacement of milk • • • • 7 May 0530h: Domestic robot uses RFID tag to locate milk in refrigerator; refills baby bottle 7 May 0531h: Robot discards carton; “Smart” refrigerator notes absence of milk; transfers order to Alice’s PDA/phone/portable server grocery list 7 May 2357h: Recycling center scans RFID tag on carton; directs carton to paper-brick recycling substation RFID Today PROXIMITY CARDS Note: Often just emit static identifiers, i.e., they are just smart labels! AUTOMOBILE IGNITION KEYS RFID helps secure hundreds of millions of automobiles •Cryptographic challenge-response •Philips claims more than 90% reduction in car theft thanks to RFID! •Some devices, e.g., Texas Instruments DST, are weak [Bono et al. ’05])… f Credit CARDS • RFID now offered in all major credit cards in U.S. (“tap-and-go”)… • Some problems with first generation [Heydt-Benjamin et al. ’07] Transit CARDS •K. Nohl and H. Plötz on Mifare, 2008 PAssports • Dozens of countries issuing RFID-enabled passports • PASS card and “enhanced” drivers’ licenses (EPC tags) Little EPC at item-level, mostly cases and pallets Crate #123 (jet engines) Supply-chain visibility 31 August 2007 22.19 UTC Okinawa, Japan Crate #123 arrived Dock JHS1872H 22 August 2007 01.28 UTC Kansas, USA Crate #123 packed Factory #18762 25 August 2007 06.08 UTC NYC, USA Crate #123 loaded Cargo ship UAYHQUE pharmaceuticals • Anti-counterfeiting: Better supply-chain visibility means less fraud – U.S. FDA urging RFID use to combat counterfeiting of drugs – Pharmaceutical companies doing item-level trials with EPC today Security and Privacy Challenges The consumer privacy problem Here’s Mr. Jones… Wig Replacement hip model #4456 medical part #459382 (cheap polyester) Das Kapital and Communistparty handbook 1500 Euros in wallet 30 items of lingerie © RSA Laboratories Serial numbers: 597387,389473 … Privacy approach 1: Cover RFID tags with protective mesh or foil Problems: (1) Makes locomotion difficult (2) Shops don’t like distributing tools for theft Approach 2: EPC “kill” command for RFID tags Long-term problem: RFID tags are very useful in “live” state… Short-term problem: How do I get kill PINs to point of sale? The authentication problem Good readers, bad tags Mr. Jones in 2020 Counterfeit! Replacement hip medical part #459382 Mr. Jones’s car! 1500 Euros in wallet Mad-cow hamburger lunch Counterfeit! Serial numbers: 597387,389473 … Approach 3: Use cryptography Side-channel countermeasures AES But: 1. Not in cheap EPC for a while 2. The theme of today’s talk: The really hard part is key management… RFID on the Loading Dock Keeping the customer satisfied… • “I want a rock-solid encryption algorithm… with 20-bit keys.” • “I want a strong password-reset system… with user-friendly challenge questions like, `What is your favorite color?’” • “I want my retail stores to be able to read RFID-tagged items… but I want tag data to be unreadable after sale… and I don’t want to have to kill or rewrite them…” EPC tags and privacy • Again, EPC tags have no true cryptographic functionality • Only explicit EPC privacy feature: Kill – On receiving tag-specific PIN, tag self-destructs • But commercial RFID users say they: – Don’t want to manage kill PINs – Have no channel to communicate secret keys downstream in supply chain • Key transport is a big problem!!! A new approach: Put secret keys on the tags • Encrypt tag data under secret key • Apply secret sharing to spread key across tags in case – E.g., (s1, s2,, s3) E (m1) s1 E (m2) s2 E (m3) s3 A new approach: Put secret keys on the tags Supersteroids • Encrypt tag data under secret key 500mg; 100 count Serial tags #87263YHG • Apply secret sharing to spread key across in case Mfg: ABC Inc. – E.g., (s1, s2,, s3) Exp: 6 Mar 2010 E (m1) s1 E (m2) s2 E (m3) s3 Privacy through dispersion Privacy through dispersion E (m1) (SuperSteroids) s 1 (SuperE (m2) sSteroids) 2 (SuperE (m3) sSteroids) 3 Individual shares / small sets reveal no information about medication! Example application: Privacy protection on medications Data Step 1: Receive case at pharmacy Step 2: Pharmacy reads tags, gets keys, decrypts data for its database Step 3: Tags and data are dispersed Some challenges 1. Storage is at a premium in EPC, but no secret-sharing literature on “tiny” shares • • 2. “Short” shares are 128 bits, but we may want 16 bits or less! We needed to create new definitions and constructions Scanning errors • We need robustness in our secret-sharing scheme Some challenges 3. In-store key harvesting • • • • • Preventive idea: Add “chaff,” i.e., bogus or “noise” shares If secret-sharing scheme for case can tolerate d errors, then add 2d/3 bogus shares per case Can recover from <d/3 errors in single case, since 2d/3 + d/3 = d Hard to reconstruct secrets for two cases mixed together, as we have 4d/3 > d errors “Overinformed” adversary Some challenges Wig serial #A817TS8 4. We don’t solve tracking problem • You’ve already got credit cards, car keys, proximity cards, mobile phones, and so forth Another twist: Secret-sharing for authentication • A key is useful not just for consumer privacy, but for authentication: – Read / write “unlock” codes for EPC tags – Anti-cloning for EPC tags [Juels ’05] – Symmetric key for challenge-response tag authentication (again, anti-cloning) • But putting on case is bad if case is diverted – Attacker can read / rewrite tags and re-inject goods – Attacker can clone tags Secret-sharing across cases s1 s2 s3 s’1 s’2 ’ s’3 Secret-sharing across cases s1 s2 s3 s’1 s’2 ’ s’3 But “windows” are not always neat… s1 s2 Warehouse A s3 s’1 s’2 s’3 Warehouse B receivers cannot reconstruct and ’ ! SWISS (Sliding Window Information Secret-Sharing) 1 2 3 4 5 6 s1 s2 s3 s4 s5 s6 Given 2 out of 4 si, get corresponding i Given 2 out of 4 si, get corresponding i Given 2 out of 4 si, get corresponding i SWISS (Sliding Window Information Secret-Sharing) 1 2 3 4 5 6 s1 s2 s3 s4 s5 s6 Warehouse B 1 3 5 SWISS (Sliding Window Information Secret-Sharing) 1 2 3 4 5 6 s1 s2 s3 s4 s5 s6 Adversary with more sporadic case access SWISS (Sliding Window Information Secret-Sharing) s1 s2 s3 s4 s5 s6 • A k-out-of-n-SWISS scheme is straightforward with share size si linear in n • It’s not obvious how to get more compact si • That’s what our paper [JPP ’08] addresses… – Tricks using bilinear maps, i.e., pairings – Size of si is constant(!) in k,n – Access structure not perfect RFID in the Shoulder Other RFID applications today: Animal tagging… “Not Really Mad” • Livestock • Housepets 50 million+ The cat came back, the very next day… Human location tracking • Schools • Amusement parks • Hospitals A riddle… + = ??? Human-implantable RFID + = ??? VeriChipTM Human-implantable RFID • Excellent test bed for privacy and security concepts! • Proposed for medical-patient identification • Also proposed and used as an authenticator for physical access control, a “prosthetic biometric” + = – E.g., Mexican attorney general purportedly used for access to secure facility • What kind of cryptography does it have? – None: It can be easily cloned [Halamka et al. ’06] VeriChipTM • So shouldn’t we add a challenge-response protocol? • Cloning may actually be a good thing Human-implantable RFID • Physical coercion and attack – In 2005, a man in Malaysia had his fingertip cut off by thieves stealing his biometricenabled Mercedes – What would happen if the VeriChip were used to access ATM machines and secure facilities? • Perhaps better if tags can be cloned! • Tags should not be used for authentication—only for identification Cloneability + privacy • Privacy means no linkability or information about identities • If a tag can be cloned, does that mean it can’t provide privacy? – Surprisingly, no! • A very simple scheme allows for simultaneous cloneability and privacy Cloneability + privacy Homomorphic public-key cryptosystem (e.g., El Gamal) • Private / public key pair (SK, PK) • Randomized scheme: C = EPK,r [m] • Semantic security: Adversary cannot distinguish C = EPK,r [“Alice”] from C’*= EPK,s [“Bob”] • Re-encryption property: Given C only, can produce randomized C* = EPK,s [m], without knowing m Cloneability + privacy The scheme: When read, tag chooses fresh r and outputs C = EPK,r [“name”] Then: • Reader with SK can decrypt name • Semantic Security: Adversary cannot distinguish among tags, i.e., infringe privacy • Re-encryption property: Adversary can clone a tag: records C and outputs randomized C* The covert-channel problem Suppose there is an identification / authentication system… It’s Alice! Authorized Employees Only The covert-channel problem Suppose there is an identification / authentication system… Mercury switch Alice low blood Alice has recently indicates that pressure passed a and casino’s Alice napped on high RFID blood-alcohol reader. job Authorized Employees Only How can we assure Alice of no covert channels? • Outputs must be deterministic – Randomness always leaves room for covert emissions • Could give Alice a secret key to check that outputs are formatted correctly – E.g., pseudorandom-generator seed for device • But we don’t want Alice (or a third party) to have to manage sensitive keying material. Again, key management is the problem! • Can we enable Alice (or anyone else) to verify covertfreeness publicly, i.e., without exposing secret keys? • Simultaneous publicly verifiable covert-freeness and privacy are impossible! Here’s why… Suppose there were a public CC detector… X18 Ultra CC-DetectorTM Here’s a covert channel! 1. Create identity for user “Bob” • • Bob could be fictitious Just need output sequence B1, B2, … 2. Alice’s chip does following: • • If no nap, output A1, A2, A3, etc. with Alice’s identity If Alice has taken a nap, then flip to Bob’s identity, i.e., output A1, A2… B1, B2 Suppose we detect this covert channel X18 Ultra CC-DetectorTM Yes, No CC CC Now if there really is a user Bob, we have a problem... X18 Ultra CC-DetectorTM No CC Alice followed by Bob yields “Yes” X18 Ultra CC-DetectorTM Yes, CC Privacy is broken: We can distinguish between identities! X18 Ultra CC-DetectorTM No Alice Alice X18 Ultra CC-DetectorTM Yes Alice Bob So public CC-verifiability + privacy is impossible • But we can achieve it anyway… • Idea: change the definition of privacy – Weaken localized privacy, e.g., eliminate privacy across pairwise values – Allow localized CC-checking, e.g., pairwise – Localized privacy is least important type of privacy • Now we can do spot CC-checking… yes / no X18 Ultra CC-DetectorTM A1 A2 A3 A4 A5 A6 A7 A8 A9 So public CC-verifiability + privacy is impossible • But we can achieve it anyway… • Idea: change the definition of privacy – Weaken localized privacy, e.g., eliminate privacy across pairwise values – Allow localized CC-checking, e.g., pairwise – Localized privacy is least important type of privacy • Now we can do spot CC-checking… yes / no X18 Ultra CC-DetectorTM A1 A2 A3 A4 A5 A6 A7 B1 B2 So public CC-verifiability + privacy is impossible • Now let’s show how to achieve it anyway… • Idea: – Weaken privacy definition to exclude localized privacy, e.g., privacy across pairwise values – Allow localized CC-checking, e.g., pairwise – Localized privacy is least important type of privacy • Now we can do spot CC-checking… A1 A2 A3 A4 A5 A6 A7 A8 A9 Still a difficult problem • Constructing a deterministic sequence whose values are: – Publicly, pairwise verifiable – Otherwise unlinkable • Again, use bilinear maps (with nonstandard hardness assumption…) • We have only solved the problem of covert channels in explicit logical-layer problem – Timing or power side-channel? The message of this talk: Crypto is not always the hard part! Side-channel countermeasures AES With crypto, we can do: • Challenge-response for authentication • Mutual authentication and/or encryption for privacy Again, crypto is hard, but really hard part is key management… The key-management problem Kansas, USA Okinawa, Japan The key poses its own “transport” problems: • It must be tag-specific (usually) • It must be highly available • It must be secured at all times “Top secret: • Like managing 10,000,000,000 passwords! X-32 cone” “Top secret: X-32 cone” The RFID key-management problem Body passwords? To learn more Papers available at RFID CUSP Web site: www.rfid-cusp.org – J. Halamka, A. Juels, A. Stubblefield, and J. Westhues. “The Security Implications of VeriChip Cloning.” Journal of the American Medical Informatics Association (JAMIA), 2006. – D. Bailey, D. Boneh, E.-J. Goh, and A. Juels. “Covert Channels in Privacy-Preserving Identification Systems.” In ACM CCS, 2007. – A. Juels, R. Pappu, and B. Parno. “Key Transport in Unidirectional Channels with Applications to RFID Security.” 2008. In submission. – J. Westhues’s RFID cloning page: http://cq.cx.