Six-Sigma your Promotions
Download
Report
Transcript Six-Sigma your Promotions
RFID and Security
Sanjay Sarma
MIT and CTO of OATSystems
©2006 Sanjay Sarma
Everything is different with RFID
Power is limited
Cost is an issue
Bandwidth is limited
Memory is a premium
Data is fast but… fallible
Tag connectivity is sporadic
The range of applications is large
The range of related technologies is huge
2
©2006
©2005Sanjay
OATSystems
Sarma
History (See “Shrouds of Time The history of RFID,” Landt 2001)
1948: Backscatter
– Stockman, H. "Communication by Means of Reflected Power", Proceedings
of the IRE, pp1196-1204, October 1948.
1974: Automotive license plates
– Sterzer, F., "An electronic license plate for motor vehicles", RCA Review,
1974, 35, (2) pp 167-175
1998:
2001:
2002:
2003:
DISC, Auto-ID Center founded at MIT
First standards presented
Gillette orders 500,000,000 tags from Alien
Wal-Mart, DoD Mandates
– EPCglobal launched, Center retired
– HP sits on the board
2004: More mandates
2005: First bulk tagging
– Emergence of Gen 2
– Multi-site deployments
– Beginnings of value
2006: Next Generation research
3
©2006
©2005Sanjay
OATSystems
Sarma
History of the EPC
1998-1999: DISC, Auto-ID Center founded at MIT
2001: First standards presented
2002: Gillette orders 500,000,000 tags from Alien
2003: Wal-Mart, DoD Mandates
– EPCglobal launched, Center retired
2004: More mandates
2005: First bulk tagging
– Emergence of Gen 2
– Multi-site deployments
– Beginnings of value
4
©2006
©2005Sanjay
OATSystems
Sarma
Low cost RFID
Silicon: 4c/mm2
20
handling cost
15
10
5
time
5
©2006
©2005Sanjay
OATSystems
Sarma
The stack
ONSONS
+ Blob
Company #2
Company #1
EPC-IS
Savant
ERP+RFID
Software
Company
Software
Readers
Readers
Reader
interface
Reader
Protocol
1
Gen 2
air-interface
tags
6
tags
tags
tags
tags
tags
©2006
©2005Sanjay
OATSystems
Sarma
RFID Systems
ID
– Electronic product code: header:manufacturer:product:serial
– Read-write extra memory/sensory data
Anti-collision
– One reader can read many tags
Reader coordination
– Make sure readers don’t interfere with each other
Middleware
– Collect all the data and make sense of it
7
©2006
©2005Sanjay
OATSystems
Sarma
How EPC Gen2 works
RF
–
–
–
level
Multiple speeds
Dense-mode
Many dials for EU, Asia,
US operation
Logic level
– Generalized selection
– Advanced sessions
– Advanced payload etc.
access
Entire population
Generalized Selection
Thinned population
Anti-collision (Query)
Single tag identified
Access of payload
Payload from tag
8
©2006
©2005Sanjay
OATSystems
Sarma
Classes of tags
Passive
My focus today
– No battery;
chip runs on scavenged power
– Communication
by backscatter only
– 10m range
Semi-passive
– Battery to run the chip
– Communication by backscatter
only
– 50m range
Active
– Battery runs the chip
– Communication by transmission
– 100+m range
•
•
•
•
•
•
•
•
Forward bandwidth is low
Low compute cycles for power
Power limited range
Weak backscatter
Forward bandwidth is higher
Faster cycles for power
Strong backscatter
Wake-up circuit
• Endless possibilities
Do not confuse with
near-field tags and smart-cards
9
©2006
©2005Sanjay
OATSystems
Sarma
How RFID is used in the
supply chain
©2006 Sanjay Sarma
Inventory
TIME
11
©2006
©2005Sanjay
OATSystems
Sarma
The Trace
TIME
Theft!!
Diversion!
Counterfeit!
12
©2006
©2005Sanjay
OATSystems
Sarma
The Flow
TIME
RECALL!!!
13
©2006
©2005Sanjay
OATSystems
Sarma
Supply Chain Problems
TIME
Errors making plans less
effective
RFID enables
• Real-time detection of errors
• Real-time correction
• Run-to-run improvement
i.e., tactical, operational,
strategic enhancement.
14
©2006
©2005Sanjay
OATSystems
Sarma
On security of passive and
semi passive tags
©2006 Sanjay Sarma
Privacy: The very act of detection poses a challenge
Readers and tags cannot hide their very presence
– Sniffing
The structured ID could be a problem
– header:manufacturer:product:serial
– Do I want people to know I am taking a Pfizer product?
Repeated unique numbers are a problem
– Track based on repeated ID
Constellations of non-unique numbers are a problem
– I may be the only person in Graz
with a Titan watch and Docker pants
16
©2006
©2005Sanjay
OATSystems
Sarma
Some problems can be solved
Readers and tags cannot hide their
very presence
– Sniffing
The structured ID could be a
problem
–
–
header:manufacturer:product:ser
ial
Do I want people to know I am taking a
Pfizer product?
Repeated unique numbers are a
problem
– Track based on repeated ID
Constellations of non-unique
numbers are a problem
– I may be the only person in
Graz with a Titan watch and
Docker pants
17
Spread spectrum, etc. expensive.
Non-structured numbers, special
ONS for sorting them out
Temporary ID by encrypting
EPC|nonce
Shared key, so key-management
problem
©2006
©2005Sanjay
OATSystems
Sarma
The fact of the matter is
Can’t do anything beyond hashes in passive RFID tags
Physics is our best friend
– Can’t activate from afar
– Can’t hear backscatter from afar
– Consider backscatter channel a private channel
There is a physical zone of trust for privacy
– Tag response audible a few meters
– If you have worries, you can create further physical barriers
• Shielding
• Killing the tag
– Famous EPC kill code
• Reduced range mode of tags
• Personalization of tags
18
©2006
©2005Sanjay
OATSystems
Sarma
Some of the other issues
Privacy violation is a consequence of unauthorized reading
– Other privacy protections
– Detection of unauthorized readers
Eavesdropping
Using tags to prevent counterfeits
– Skimming the tag and replaying
– Tampering with the physical artifact
Prevent tag hijack
19
©2006
©2005Sanjay
OATSystems
Sarma
Other issues in unauthorized reading
Perhaps require readers to announce themselves
– What if reader announced its name, ID, and function
– Tag detects this and chooses not to respond
– Too expensive
– Too voluntary
The Sentinel Concept
– Blocker Tag from Juels et. al. Logical jamming when readin
some tags
– The Watchdog Tag from Floerkemeier (upcoming PhD thesis)
Sarma’s vindictive Sentinel
– All readers need to register with guardian
– If a reader is not registered, Sentinel will jam the channel
– No politeness
20
©2006
©2005Sanjay
OATSystems
Sarma
Eavesdropping
A reader in Wal-Mart is readings its tags
– Readers put out ~watts
A competitor is sitting outside listening to the reader
– Can it infer the contents?
Tag response unlikely to be decipherable
Put secret information in tag response channel
The forward response is now XOR’ed with previous reverse
channel secret
– Blind-tree walking by [Weis 03]
21
©2006
©2005Sanjay
OATSystems
Sarma
Eavesdropping is easier when Gen 2 Masking is used
Entire population
Generalized Selection
Thinned population
Anti-collision (Query)
Single tag identified
Access of payload
You are listening from a
distance
You hear the selection
command
You see the number of
responses that were received
You can detect the numbers of
tags in a population
Solution is:
– Use masking judiciously
– Use chaff when necessary
– Sentinel Tag generates
chaff, notifies middleware
– The Sentinel Tag again!
Payload from tag
22
©2006
©2005Sanjay
OATSystems
Sarma
Counterfeit detection
Some secret on the tag which you can verify
Can do it by hash, symmetric or asymmetric crypto
Easier to do in near-field or semi-passive/active tags
Harder to do in RFID
– Limited gates
– Limited compute cycles
– Ephemeral contact
Killer app for RFID
– Counterfeit market worldwide is very large ($500B? See
Staake’s work)
– The very presence of an RFID tag is also a defense
– The history of a serialized number is further defense
23
©2006
©2005Sanjay
OATSystems
Sarma
Low-Cost Hash Design [Weis 2003]
Traditional: Many Gates, Few Cycles
– Expensive
– High-power
Low-Cost: Few Gates, Many Cycles
– Slow
Cellular Automata
– Cellhash, 1993. No major breaks (yet).
– Very cheap, fast and scalable.
Non-Linear Feedback Shift Registers:
– Relatively cheap and flexible.
– Lots of classified work.
24
©2006
©2005Sanjay
OATSystems
Sarma
The Digital Millennium Act
Can be used to stymie commodity replacements!
Tags on cartridges
Readers in printers
Some important content in tag: say colors
Non-copy-able
25
©2006
©2005Sanjay
OATSystems
Sarma
The Pink Panther replay scenario
Imagine diamonds in a display (each diamond has passive tag)
Tags are being read continuously by reader
Pink Panther has a tag mimicking machine
– Listens for the tags being read
– Starts playing them back
– While pink Panther steals the diamonds
One solution is a Sentinel Tag generating chaff
Mimicking machine cannot tell chaff from real content
Will replay chaff
The Sentinel Tag again
26
©2006
©2005Sanjay
OATSystems
Sarma
Writing to tags
Enter Code and Lock
Kill
Write
Issues:
Administering kill codes
Preventing mass killing of tags
Administering the other codes
Personalizing tags
27
©2006
©2005Sanjay
OATSystems
Sarma
Preventing mass kill
If the codes are not all set to 1111, then you can’t kill the tags
easily
Killing is not an RF function in EPC tags; it is an addressed,
logical request
– You can only kill at the rate of anti-collision
– You can only kill from the passive distance
– From that range, you have other options open to you
Sarma’s Sentinel Tag: when you see an unauthorized kill going
on, jam the airwaves!
The real challenge is kill code management: how does it pass
from owner to owner?
28
©2006
©2005Sanjay
OATSystems
Sarma
A keyless approach to administration [Weis 03]
Reader
metaID := hash(key)
Store: (key,metaID)
Tag
Who
are you?
metaID
Store: metaID
metaID
key
metaID == hash(key)?
“Hi, my name is..”
Querying
Unlocking
Locking
a locked
a atag
tagtag
29
©2006
©2005Sanjay
OATSystems
Sarma
Personalizing tags: an opportunity
Say you go to a store and buy a product
The product has a tag
You now want to personalize that tag
You have a little PDA which talks to the store reader and
personalizes your tag
Your PDA is a personalizing device which now talks to your
back-end system at home
– Tanenbaum et. al 05
– Foley 05
30
©2006
©2005Sanjay
OATSystems
Sarma
The repeating themes
The backscatter distance is a zone of trust
– No perfect, inexpensive solution beyond within that zone of
trust for passive tags
Passive tags cry for a Sentinel Tag
– Sentinel can aggregate security/defense/privacy functions
which individual tags cannot afford
– Turns out that there are several other
31
©2006
©2005Sanjay
OATSystems
Sarma
The System
©2006 Sanjay Sarma
The system
Transfer of codes,
Data, etc.
ONSONS
+ Blob
Company #2
Company #1
EPC-IS
Savant
ERP+RFID
Software
Company
Software
Readers
Readers
Reader
interface
Reader
Protocol
1
Gen 2
air-interface
tags
33
tags
tags
tags
tags
tags
©2006
©2005Sanjay
OATSystems
Sarma
Recent attacks
©2006 Sanjay Sarma
Viruses and Worms
Tanenbaum’s group
Researchers demonstrated a RFID virus:
Based on an “SQL injection” attack
Website: http://www.rfidvirus.org
Shamir’s group
Side channel attack
Power analysis
35
©2006
©2005Sanjay
OATSystems
Sarma
Conclusions
©2006 Sanjay Sarma
The opportunities
37
Technology
Applications
Analysis
Tags
Semiconductors
Packaging
Protocols
Antennae
Readers
Middleware/Reader
Middleware
Databases
Enterprise architecture
Distributed systems
Identity management
Business process
Supply chain
–
Retail
–
Healthcare
–
B2B
–
Critical goods
Logistics
–
Travel/airports
–
Defense
–
Heavy industries
–
Asset management
Operations
–
Factory
–
DC/warehouse
–
Institutions
–
Maintenance
Personal systems….
RF Systems
Communications
Security
System dynamics
–
Supply chain
•
Planning
•
Execution
•
Policy
–
Demand planning
Social/ethical
Business planning
Macroeconomics
Policy/frequency
©2006
©2005Sanjay
OATSystems
Sarma