RFID privacy. Foundations of Secure e-commerce (bmevihim219) Dr. Levente Buttyán

Transcription

1 Foundations of Secure e-commerce (bmevihim219) Dr. Levente Buttyán Associate Professor BME Hálózati Rendszerek és Szolgáltatások Tanszék Lab of Cryptography and System Security (CrySyS)

2 Outline - RFID applications - RFID architecture - security and privacy threats - prevention of tracking at the application layer - privacy problems at lower layers 2

3 Introduction RFID = Radio-Frequency Identification allows us to identify objects or subjects with neither physical nor visual contact need to place a transponder on or in the object and query it remotely using a reader the principle is fundamentally not new identify-friend-or-foe system of the Royal Air Force in WWII to distinguish allied aircrafts from enemy aircrafts motorway tolls, ski lifts, identification of livestock and pets, automobile ignition keys RFID is becoming interesting due to the ability to develop very small and cheap transponders called electronic tags offer only weak computation and storage capabilities passively powered by the reader s electromagnetic field communication distance is relatively short (a few meters) when outside of the reader s field, tags are inert low cost, small size can be deployed at very large scale pose new security and privacy problems! 3

4 Example applications access control current access control systems in buildings often use RFIDbased wireless tokens, e.g., cards or badges RFID in the automobile sector keyless entry using a key fob that contains an active RFID tag passive entry systems automatically unlock doors when the driver carrying a passive RFID tag approaches the car appeared recently, e.g., on Renault Laguna, Mercedes-Benz S- class, CL-class, and Toyota Lexus LS430 many car keys have an RFID device integrated into them which activates the fuel injection system (anti-theft measure) car keys can be replaced with cards that stay in the drivers pocket 4

5 Example applications (cont d) supply chain the idea is to replace barcodes with low cost RFID tags advantages tags can be scanned quickly in large quantities no need for visual channel tags can be placed right on or in objects, instead of the packaging tags may contain unique identifiers for individual objects facilitates management of objects throughout the entire supply chain (manufacturing, storage, distribution, ) stock and inventories in supermarkets and warehouses is a primary application domain (e.g., Wal-mart, Metro, Migros, ) RFID in libraries a tag in each volume makes borrowing and returning books easier inventories can be carried out without taking books from the shelves examples: K.U. Leuven (Belgium), Santa Clara (United States), Heiloo (Netherlands), Richmond Hill (Canada), 5

6 Example applications (cont d) subdermal tags RFID based identification of domestic animals is done routinely today identification of people??? nightclubs (e.g., Baja Beach Club, Barcelona) VIPs (e.g., members of a special organization) prisoners electronic IDs (passports, ID cards) already in use today chip in the passport contains biometric information of the bearer electronic payments systems electronic toll collection (e.g., EZ Pass) automated fare collection (AFC) in public transport systems contactless payment cards (e.g., Mastercard PayPass) 6

7 Applications in the future smart and easy shopping fast check-out at point-of-sale terminals terminal reads all tags in the shopping cart in a few seconds payment can be speeded up using contactless credit cards return items without receipt no need to keep receipts of purchased items tracking faulty or contaminated products object IDs can serve as indices into purchase records one can easily list all records that contain IDs belonging to a particular set of products and identify consumers that bought those products smart household appliances washing machine can select the appropriate program by reading the tags attached to the clothes refrigerator can print shopping lists automatically or even order food on-line interactive objects consumers can interact with tagged objects through their mobile phones acting as an RFID reader (NFC Near Field Communications technology) the mobile phone can download and display information about scanned objects (e.g., movie poster, furniture, etc.) 7

8 RFID system architecture RFID system elements RFID tags + RFID reader(s) + back-end infrastructure RFID tag = microcircuit + RF antenna tags request response (ID) ID reader RF communications back-end infrastructure and processing 8

9 RFID tag characteristics power active tags have their own battery passive tags have no internal energy source obtain energy from the reader s electromagnetic field reflect reader s RF signal and modulate it with information to be sent semi-passive tags have battery but use it only for internal calculations power for communication is obtained from the reader communication range depends on frequency and transmission power low frequency (LF) and high frequency (HF) tags: few decimeters ultra-high frequency (UHF) tags: several meters note: by using specific antennas and transmission powers above the legal limits, we can largely surpass these ranges note: information sent by a reader (forward channel) can be captured at a distance far superior than that sent by a tag (backward channel) 9

10 RFID tag characteristics (cont d) memory tags contain a minimum number of memory bits to store their identifier (between 32 and 128 bits) depending on the target application, tags can have ROM, EEPROM, RAM or SRAM electronic anti-theft devices (EAS, Electronic Article Surveillance) that can be found on many items, require only one bit (enabled EAS / not enabled EAS) they do not really allow object identification, only detection computing power can vary in a wide range: no computational capabilities, only memory that can be remotely accessed only simple logical operations (e.g., XOR and AND) a few thousand logical gates that allow for symmetric key encryption and hash more evolved tags could use asymmetric key crypto, but those are expensive 10

11 RFID tag characteristics (cont d) physical characteristics typically antenna size determines the size of the tag antenna size depends on the communication range and frequency smallest tag today is µ-tag from Hitachi (~0.4 mm) tamper resistance infeasible for low cost tags (low cost ~ few Euro cents) 11

12 Some specific examples 12

13 Various RFID tags Logistic and industry CD label Life stock and pets Logistic and industry (naked) Key fob Nail tag 13

14 Various RFID readers 14

15 Related standards ISO 14443: proximity cards (A Mifare, B Calypso) 15693: vicinity cards (can be read from a larger distance than proximity cards) 18000: describes a series of diverse RFID technologies, each utilizing a unique frequency band EPC (Electronic Product Code) established by EPCGlobal, a non profit organization made up of several companies and academics promotes very low cost RFID technology with the goal of integrating it into supply chains Class 1: unique identifier (a code that allows the identification of the product to which the tag is attached), and a function permitting the definitive destruction of the tag Class 2: more memory and authentication functions Class 3: semi-passive tags Class 4: active tags, which can potentially communicate with each other currently only Class 1 is fully specified ISO

16 Objectives: identification and authentication (mutual) authentication an authentication protocol allows a reader to be convinced of the identity of a queried tag in case of mutual authentication, the protocol allows a tag to be convinced of the identity of a querying reader identification an identification protocol allows a reader to obtain the identity of a queried tag, but no proof is required in many cases, identification is sufficient (e.g., inventory in a warehouse), although requirements also depend on the adversary model 16

17 Basic protocols identification R(eader) T(ag): request T R: ID authentication R: pick a random number N R T: N T: compute F(ID, N) T R: ID, F(ID, N) where F is some (not necessarily strong) crypto function, e.g., an encryption or a keyed hash 17

18 Security threats impersonation the adversary can (with non-negligible probability) successfully complete the authentication protocol in the name of a tag relevant only for authentication protocols, because identification protocols are trivially vulnerable to impersonation (no proof of identity is required) countermeasures need strong crypto and proper key management all tags sharing the same crypto key is not a good approach tags are not tamper resistant compromising a single tag allows the adversary to impersonate any other tag tags must have individual keys key diversification techniques are applicable once the tag identifies itself, the reader (back-end system) can look-up the tag key in a database, or compute it on-the-fly using some master key 18

19 Security threats (cont d) relay (wormhole) attack the adversary relays messages between a legitimate reader and a legitimate tag that is remote all systems that assume that successful run of the protocol via the RF interface means that the tagged object or person is present are defeated (e.g., access control systems, car antitheft systems, inventory systems, ) the feasibility of such relay attacks has been demonstrated defense is difficult, crypto alone does not help distance-bounding protocols have been proposed 19

20 Distance-bounding protocols estimate the distance between the parties from the round trip time rapid bit exchange in multiple rounds essentially, no computation during the distance estimation phase challenge-response principle to avoid that one party can send earlier than the reception of the other s last message estimated distance is only an upper bound on the real distance (because any party can always delay responses) if the parties are really far away, then estimated distance cannot be small (it is larger than the real distance) relay attack is detected however, false positives are possible 20

21 Example: Hancke-Kuhn protocol protocol: R : pick a nonce r and generate bits C 1,, C n R T : r T : compute h(k r) and split result into R (0) 1,, R (0) n, R (1) 1,, R (1) n T R : ID R T : C 1 T R : R (C1) 1 R T : C n T R : R (Cn) n distance estimation phase R : look up K that belongs to ID, compute h(k r) and split result into R (0) 1,, R (0) n, R (1) 1,, R (1) n, and for all i, compare R (Ci) i with R (Ci) i properties: tag authentication (prob. 1-(1/2) n ) with distance bounding (prob. 1-(3/4) n ) tag does not need to do computation during the distance estimation phase 21

22 An attack on the H-K protocol R : pick a nonce r and generate bits C 1,, C n R A(T) : r A(R) T : r T : compute h(k r) and split result into R (0) 1,, R (0) n, R (1) 1,, R (1) n T A(R) : ID A(R) sends 0,, 0 to T and receives R (0) 1,, R (0) n A(R) T : r T : compute h(k r) and split result into R (0) 1,, R (0) n, R (1) 1,, R (1) n T A(R) : ID A(R) sends 1,, 1 to T and receives R (1) 1,, R (1) n, A(T) R : ID A(T) responds to any challenge C i of R without communicating remotely with T verification at R is successful, distance bounding is defeated 22

23 Privacy threats in most of the applications, RFID tags respond to the reader s query automatically, without authenticating the reader (only the tag authenticates itself) interaction usually reveals tag specific information (typically the ID stored in the tag, or even more) clandestine scanning of tags is a plausible threat two particular privacy problems: inventorying tracking 23

24 Inventorying a reader can silently determine what objects a person is carrying reader-tag interaction may reveal more than an ID (e.g., title of a tagged book, name of a tagged medicine, ) object can be identified by resolving the ID read from the tag suitcase: Samsonit e jeans: Lee Cooper watch: Casio book: Applied Cryptography shoes: Nike 24

25 Tracking set of readers can determine where a given person is located trivial if tags use unique identifiers even if tag response is not unique, it is possible to track a constellation of a set of particular tags (or tag types/standards!!!) IDs: 12, 34, 56, 7:32 IDs: 12, 34, 56, 7:45 IDs: 12, 34, 56, 8:03 IDs 12, 34, 56, 8:21 25

26 Is this really a problem? other technologies also permit the tracking of people (e.g., video surveillance, GSM, Bluetooth) however, consider the following: RFID tags permit everybody to track people using low cost equipment tags cannot be switched off easily physical or electronic destruction of tags during checkout but how to verify that operation was successful??? tags can be easily hidden, their lifespan is not limited, and analyzing the collected data can be efficiently automated although nominal reading distance is only a few decimeters or meters, a more efficient antenna and larger power could be used to go beyond the presupposed limits in many cases, an adversary can get close enough (e.g., public transport) current trend is towards UHF systems, where the communication distance is larger than in LF/HF systems 26

27 Is this really a problem? Press release: Benetton selects Philips to introduce smart labels across 5,000 worldwide stores Press release: Hidden sensors in clothing may fuel global surveillance network Press release: Benetton has publicly retreated from plans to fit clothing with tiny remote surveillance and tracking chips Gillette has been caught hiding tiny RFID surveillance chips in the packaging of its shaving products. These tiny, high tech spy tags are being used to trigger photo taking of unsuspecting customers! "The world's stupidest anti-shoplifting campaign" - CommsWorld In their "Future Store", a supermarket of the "Extra" chain in Rheinberg near Duisburg (opened in April 2003 with a well-advertised event featuring Claudia Schiffer), the Metro Group are trialing the use of transponders or so-called RFIDs ("Radio Frequency Identification" devices). For its instigation and the related marketing concepts, the Metro Group is receiving an exemplary and future-oriented Big Brother Award. 27

28 Dead tags tell no tales idea: permanently disable tags with a special kill command part of the EPC specification advantages: simple effective disadvantages: eliminates all post-purchase benefits of RFID for the consumer and for society no return of items without receipt no smart house-hold appliances cannot be applied in some applications library e-passports banknotes similar approaches: put RFID tags into price tags or packaging which are removed and discarded 28

29 Sleep command idea: instead of killing the tag definitively, put it in sleep mode tag can be re-activated if needed advantages: simple effective disadvantages: difficult to manage in practice tag re-activation must be password protected how the consumers will manage hundreds of passwords for their tags? passwords can be printed on tags, but then they need to be scanned optically or typed in by the consumer 29

30 Other similar approaches Faraday cage can be effective in some applications (e.g., passports, money wallets) may not be usable in others (e.g., clothes, subdermal) clipped tags tag s antenna can be physically separated from the chip reactivation of the tag can only be done intentionally 30

31 On crypto based approaches tag should not send ID in clear public key crypto would solve the problem ID is encrypted with the public key of the reader only the reader can decrypt it but public key crypto is not available for low cost tags symmetric encryption with a common shared key enough to compromise a single tag, and than all tags become traceable symmetric encryption with individual tag keys encryption must be randomized!!! reader needs to search through the entire set of tag keys and attempt decryption with them (no hint on the key/identity can be provided to the reader) ID refreshment (pseudonyms) adversary should not be able to tell the difference between the information sent by the tag and a random value information sent by the tag should only be used once 31

32 Weis-Sarma-Rivest-Engels protocol setup each tag is initialized with a randomly chosen identifier ID system stores an entry for each tag in its database that contains ID protocol R T : request T : pick a random number r, and compute s = h(id r) T R : r, s R : search through the database for the ID for which h(id r) = s an alternative in theory, the hash function may leak information about its input (e.g., certain bits) instead of hashing, s can be computed as s = ID XOR f K (r), where K is a key shared between T and R, and f.(.) is a pseudo random fn a potential problem no authentication is provided an adversary can replay tag responses (impersonation) 32

33 Molnar-Wagner protocol setup each tag is initialized with a randomly chosen identifier ID and a tag key K the system stores an entry for each tag in its database that contains both ID and K protocol R : pick a random number a R T : a T : pick a random number b, and compute s = ID XOR f K (0 a b) T R : b, s R : search through the database for an (ID, K) pair for which ID XOR f K (0 a b) = s; if found, then compute t = f K (1 a b) R T : t notes the protocol provides mutual authentications 0 and 1 serves as direction indicators 33

34 Ohkubo-Suzuki-Kinoshita protocol setup each tag maintains a state variable s the system stores for each tag its ID and its initial state s 0 two hash functions h and g, and a system parameter m are agreed upon protocol R T : request T : compute response r = g(s) and new state s = h(s) T R : r R : search through the database and find the entry for which g(h (i) (s 0 )) = r for some 0 < i <= m notes protocol provides forward privacy: even if a tag is compromised, its previous interactions cannot be associated with the tag (previous state of the tag cannot be computed due to the one-way property of h) no authentication is provided an adversary can replay tag responses (impersonation) 34

35 OSK protocol with authentication setup same as before protocol R : pick a random number r R T : r T : compute response a = g(r XOR s) and new state s = h(s) T R : a R : search through the database and find the entry for which g(r XOR h (i) (s 0 )) = a for some 0 < i <= m; if found compute b = g(w XOR h (i+1) (s 0 )), where w is a fixed known value R T : b notes both versions are vulnerable to a DoS attack where an adversary queries the tag more than m times; such a victim tag can no longer identify itself to the system if state is advanced only if a correct b is received from R, then privacy can be defeated by preventing T to receive b: state is not updated, and T gives the same response to the same r as before 35

36 The HB protocol HB stands for Hopper and Blum s secure human authentication protocol involves only simple operations that even a human can perform such as XOR and AND basic idea: tag and reader share a secret value x of k bits reader sends a challenge a to the tag tag computes the binary inner product a.x (involves only XOR and AND) and sends the result back legitimate tag gives the right answer with prob. 1, while an impersonating adversary succeeds with probability ½ repeating the procedure can reduce the success probability of the adversary arbitrarily ( (½) n ) unfortunately, each run of the protocol leaks information about x, and ~k runs result in a s.l.e. that can be solved for x with Gaussian elimination to thwart this, the tag injects noise in its responses, and sends a wrong result with probability 0 < q < ½ legitimate tag gives the right answer with prob. 1-q > ½, while an impersonating adversary succeeds with probability ½ still distinguishable 36

37 The HB protocol (cont d) setup tag stores the secret value x (k bits long), and system parameter q system stores for each tag its x value protocol R : pick a from {0, 1} k uniformly at random R T : a T : pick v from {0, 1} such that Pr{v = 1} = q, and compute s = a.x + v T R : s R : for each entry x in the database, check if s = a.x ; after n rounds, the reader selects the entry that matches ~(1-q)n times an active attack an adversary can challenge the tag n times with the same a tag responds with a.x ~(1-q)n > n/2 times and a.x + 1 ~qn < n/2 times the value of a.x can be obtained repeat multiple times with different linearly independent a values system of linear equations can be solved for x 37

38 The HB + protocol (cont d) setup tag stores secret values x and y (each of them is k bits long), and system parameter q system stores for each tag its (x, y) values protocol T : pick b from {0, 1} k uniformly at random, and v from {0, 1} such that Pr{v = 1} = q T R : b R : pick a from {0, 1} k uniformly at random R T : a T : compute s = a.x + b.y + v T R : s R : for each entry (x, y ) in the database, check if s = a.x + b.y ; after n rounds, the reader selects the entry that matches ~(1-q)n times 38

39 The HB + protocol (cont d) an active (man-in-the-middle) attack is still possible active adversary modifies the reader s challenge a to a = a+d tag responds with s = a.x + b.y + v = a.x + b.y + v + d.x the same d is used in each of the n rounds if the tag is successfully authenticated, then d.x = 0. otherwise d.x = 1 repeat the whole procedure for sufficiently many linearly independent d values, and solve the obtained system of linear equations for x once x is determined, an attacker can impersonate the tag by setting b = 0 the adversary can select b, and respond to the reader s challenge a with a.x + v (v is chosen according to the probability q) the same b is used in each of the n rounds if authentication is successful, then b.y = 0, otherwise b.y = 1 repeat the whole procedure for sufficiently many linearly independent b values, and solve the obtained system of linear equations for y 39

40 Traceability in lower layers collision avoidance layer responsible for selecting a single tag when multiple tags are in the reader s range (singulation procedure) also uses identifiers (although these are not necessarily fixed) singulation procedure may reveal these identifiers physical layer defines the physical air interface (frequency, modulation, data encoding, timings, etc) radio fingerprinting may be a problem here 40

41 Binary tree walking a deterministic singulation procedure based on a depth first search in a binary tree, where the leaves are the singulation IDs in each step, the reader sends an ID prefix, and each tag whose ID starts with that prefix responds with the next bit of the ID if multiple tags respond with the same bit, then no collision will occur, and the reader can extend the prefix with the response bit otherwise, if some tags respond differently, then there s a collision, and the reader recurses on both possible extensions of the prefix reader: prefix -? tags: collision reader: prefix 0? tags: 0 reader: prefix 00? tags: 1 reader: prefix 1? tags: 0 reader: prefix 10? tags: collision 41

42 The blocker tag idea: tree is divided into two zones privacy zone: all IDs starting with 1 upon purchase of a product, its tag is transferred into the privacy zone by setting the leading bit the blocker tag is a special tag, such that when the prefix in the reader s query starts with 1, it simulates a collision when the blocker tag is present, all IDs in the privacy zone will appear to be present for the reader when the blocker tag is not present, everything works normally privacy zone transfer to the privacy zone upon purchase 42

43 Slotted Aloha a probabilistic collision avoidance protocol time is divided into n slots, where n is chosen by the reader each tag randomly chooses one slot and responds to the reader when its slot arrives some collisions may occur to recover, the reader queries the tags again (until no collision occurs) it can mute the tags that have not brought out collisions by indicating their identifiers or the time slots during which they transmitted it can choose a more appropriate n 43

44 Privacy problems with Slotted Aloha if the switch-off technique is used, the reader may mute correctly identified tags by broadcasting their identifier better to broadcast slot numbers instead of identifiers an attack based on keeping a singulation session open is still possible: adversary sends a singulation request to a target tag, tag responds in slot s adversary does not close the session (no ack is sent) later when the adversary suspects that the target tag is present, she can confirm this by sending a new singulation request indicating that only tags which transmitted during s must retransmit if a tag retransmits, there is a high probability that it is the adversary s target tag another tag will respond to the second singulation request if and only if its last session also stayed opened and it also transmitted during s it is fundamental that singulation sessions cannot stay open use some internal timeout to abort singulation sessions with abnormal duration such timers can be implemented by loading a capacitor on the first request and close any open session when the capacitor is empty 44

45 Radio fingerprinting the transient behavior at the very beginning of a transmission will be slightly different for different transceivers, especially if they are produced by different manufacturers one person may carry RFID tags from many different manufacturers, and the particular constellation of brands may be unique to a person! the same may be said about constellation of standards (that differ in frequency band, modulation, and bit encodings) 45