On the Security of RFID

Similar documents
RF ID Security and Privacy

A Study on the Security of RFID with Enhancing Privacy Protection

Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, Developed by: Smart Card Alliance Identity Council

Back-end Server Reader Tag

Security Analysis and Complexity Comparison of Some Recent Lightweight RFID Protocols

RFID Security: Threats, solutions and open challenges

Tackling Security and Privacy Issues in Radio Frequency Identification Devices

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

RFID Security. April 10, Martin Dam Pedersen Department of Mathematics and Computer Science University Of Southern Denmark

Security and Privacy Flaws in a Recent Authentication Protocol for EPC C1 G2 RFID Tags

Strengthen RFID Tags Security Using New Data Structure

Radio Frequency Identification (RFID)

Privacy and Security in library RFID Issues, Practices and Architecture

A Survey of RFID Authentication Protocols Based on Hash-Chain Method

SECURITY FLOWS AND IMPROVEMENT OF A RECENT ULTRA LIGHT-WEIGHT RFID PROTOCOL

PAP: A Privacy and Authentication Protocol for Passive RFID Tags

RFID Security and Privacy: A Research Survey. Vincent Naessens Studiedag Rabbit project

Security and User Privacy for Mobile-RFID Applications in Public Zone

Security and privacy in RFID

Feature. Security and Privacy Trade-offs in RFID Use. Operational Zone RFID Tag. RFID Reader

A Secure and Efficient Authentication Protocol for Mobile RFID Systems

Low-Cost RFID Authentication Protocol for Anti-Counterfeiting and Privacy Protection

RAIN RFID and the Internet of Things: Industry Snapshot and Security Needs. Matt Robshaw and Tyler Williamson Impinj Seattle, USA

A Secure RFID Ticket System For Public Transport

WHAT IS RFID & HOW WILL IT IMPACT MY BUSINESS?

Cloud RFID UHF Gen 2

The Study on RFID Security Method for Entrance Guard System

Enabling the secure use of RFID

rf Technology to automate your BUsiness

Security in RFID Networks and Protocols

A Vulnerability in the Song Authentication Protocol for Low-Cost RFID Tags

RFID Systems: A Survey on Security Threats and Proposed Solutions

Various Attacks and their Countermeasure on all Layers of RFID System

Lightweight Cryptography. Lappeenranta University of Technology

RFID Basics HEGRO Belgium nv - Assesteenweg Ternat Tel.: +32 (0)2/ Fax : +32 (0)2/ info@hegrobelgium.

An Overview of RFID Security and Privacy threats

SATO RFID White Paper

How Does It Work? Internet of Things

RFID BASED VEHICLE TRACKING SYSTEM

Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars

How To Attack A Key Card With A Keycard With A Car Key (For A Car)

Secure and Serverless RFID Authentication and Search Protocols

RFID Tags. Prasanna Kulkarni Motorola. ILT Workshop Smart Labels USA February 21, 2008

Security Issues in RFID systems. By Nikhil Nemade Krishna C Konda

WHITE PAPER. ABCs of RFID

RFID TECHNOLOGY: A PARADIGM SHIFT IN BUSINESS PROCESSES. Alp ÜSTÜNDAĞ. Istanbul Technical University Industrial Engineering Department

Towards a Lightweight, Secure, and Untraceable RFID Authentication Protocol

Secure Anonymous RFID Authentication Protocols

Pitfalls in an ECC-based Lightweight Authentication Protocol for Low-Cost RFID

Security Requirements for RFID Computing Systems

How To Understand The Power Of An Freddi Tag (Rfid) System

Why Has the Development in RFID Technology Made Asset Management More Urgent?

RFID SECURITY. February The Government of the Hong Kong Special Administrative Region

RFID Authentication Protocol for Low-cost Tags

RFID Radio Frequency Identification

Key Words: RFID, radio frequency identification, electronic article surveillance, sensor networks

Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars

RFID market value vs tag cost : Reality vs Dream. Figure 3.2 Examples of RFID applications and potential applications at different tag prices

RF Attendance System Framework for Faculties of Higher Education

Security, Privacy, Authentication in RFID and Applications of Smart E-Travel

RFID Design Principles

Using RFID Techniques for a Universal Identification Device

How To Hack An Rdi Credit Card

Security and Privacy of RFID Systems. Claude Castelluccia

NEW TECHNOLOGY. Figure 1. Simplified view of data transfer in low-frequency passive RFID tags (the tag is enlarged for clarity).

RFIDs and European Policies

tags Figure D-1 Components of a Passive RFID System

Implementation of a PC Security System using RF Transmitter-Receivers

Security/Privacy Models for "Internet of things": What should be studied from RFID schemes? Daisuke Moriyama and Shin ichiro Matsuo NICT, Japan

Automated Identification Technologies

Data Protection Technical Guidance Radio Frequency Identification

An Introductory and Elementary Study on RFID & Its Applications

LibRFID: Automation Software for Library Management System Using RFID Technology

CHAPTER 1 Introduction 1

An Overview of Approaches to Privacy Protection in RFID

Originally viewed as essentially remotely-readable

Modern Multipurpose Security Management System

Privacy and Security Aspects of RFID Tags

RFID Penetration Tests when the truth is stranger than fiction

a GAO GAO INFORMATON SECURITY Radio Frequency Identification Technology in the Federal Government Report to Congressional Requesters

Radio Frequency Identification (RFID) Vs Barcodes

Redes y Servicios de Radio. RFID Systems

RFID Privacy & Security Implementation - Recent topics & Applications in Japan -

RFID Technical Tutorial

An Intelligent Middleware Platform and Framework for RFID Reverse Logistics

Security Threat Mitigation Trends in Low-cost RFID Systems

A Research on Issues Related to RFID Security and Privacy

Identification based on radio frequency (RFID) - a new information technology with broad applications in economics

Scalable RFID Security Protocols supporting Tag Ownership Transfer

Security in Near Field Communication (NFC)

Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 1. Network Security. Canada France Meeting on Security, Dec 06-08

Secure Active RFID Tag System

EPCglobal RFID standards & regulations. Henri Barthel OECD Paris, 5 October 2005

RFID Security: Attacks, Countermeasures and Challenges

RFID Technology, Security Vulnerabilities, and Countermeasures

Security and Privacy for Internet of Things Application

Improving the Efficiency of RFID Authentication with Pre-Computation

Privacy versus Scalability in Radio Frequency Identification Systems

AN RFID BASED SUPPLY CHAIN INVENTORY MANAGEMENT SOLUTION FOR THE PETROLEUM DEVELOPMENT INDUSTRY: A CASE STUDY FOR SHELL NIGERIA

MANAGING OF AUTHENTICATING PASSWORD BY MEANS OF NUMEROUS SERVERS

Transcription:

On the Security of RFID Hung-Min Sun Information Security Lab. Department of Computer Science National Tsing Hua University slide 1

What is RFID? Radio-Frequency Identification Tag Reference http://glossary.ippaper.com slide 2

Roles of RFID applications Secure channel Tags Reader Server(Database) slide 3

Barcode v.s. RFID Barcode RFID require a direct line of sight to the printed barcode have no read/write capability cheap can be read at much greater distances unique object id more expensive Reference www.cs.utexas.edu/~shmat/ slide 4

Where Are RFID Used? Physical-access cards Inventory control Gillette Mach3 razor blades, ear tags on cows, kid bracelets in waterparks, pet tracking Logistics and supply-chain management Track a product from manufacturing through shipping to the retail shelf Gas station and highway toll payment Mobile SpeedPass Reference www.cs.utexas.edu/~shmat/ slide 5

Commercial Applications of RFID RFID cost is dropping dramatically, making it possible to tag even low-value objects Around 5c per tag, $100 for a reader Logistics and supply-chain management is the killer application for RFID Shipping, inventory tracking, shelf stocking, anti-counterfeiting, antishoplifting Massive deployment of RFID is in the works Wal-Mart pushing suppliers to use RFID at pallet level, Gillette has ordered 500,000,000 RFID tags Reference www.cs.utexas.edu/~shmat/ slide 6

Future Applications of RFID Location Awareness Health Care Apparel Smart Shelf Reference http://www.rfidjournal.com/ slide 7

RFID Tag Power Sources Passive (this is what mostly used now) Tags are inactive until the reader s interrogation signal wakes them up Cheap, but short range only Semi-passive On-board battery, but cannot initiate communication Can serve as sensors, collect information from environment: for example, smart dust for military applications More expensive, longer range Active On-board battery, can initiate communication Reference www.cs.utexas.edu/~shmat/ slide 8

RFID Frequency Ranges Low frequency (LF): (100~500KHz) 125 khz, 135 khz Shortest read range < 50 cm, slowest read speed Strong ability to read a tag on objects with liquid or metal components, Physical Access Control, Animal Identification High frequency (HF): (10~15 MHz), 13.56MHz Read range < 1.5 meter, cheapest tag Smart cards, smart shelves, health care Ultra-high frequency (UHF): (860 to 960) MHz Read range 3~10m, faster read speed EPC tags, supply chain systems Microwave: (> 1GHz), 2.45GHz, 5.8GHz Read range 3~10m, fast read speed, most expensive Supply chain systems, airline baggage tracking slide 9

Security Problems of RFID Eavesdropping Hot-listing Attacker has special interests in certain items Replay attack Cloning Tracing Data forging Denial of Service Fundamental problem: Lack of mutual authentication slide 10

Challenges of RFID Low-cost tag costs US$0.05 Limited computational ability and storage Cannot implement common cryptographic functions on the tags Goal: Lightweight computation approaches for securing RFID Lightweight mutual authentication protocols slide 11

However, RFID tag No or very limited power Little memory Static 64- or 128-bit identifier in current 5-cent tags Little computational power A few thousand gates at most Static keys for read/write access control Not enough resources to support public- or symmetric-key cryptography Cannot support modular arithmetic (RSA, DSS), elliptic curves, DES, AES; hash functions are barely feasible Is resettable Passive tag resets when power off slide 12

EPCglobal Class 1 Generation 2 Most popular in long-range RFID applications Frequency: 860-960 MHz Reading range:10-20 Feet ISO 18000-6C Reader RFID tag Query RN16 (16-bit random number) ACK (RN16) Tag ID Memory Read/Write & Other commands slide 13

Problems in EPCglobal C1G2 Long reading range A naïve protection: Use of 16-bit random number Tag ID is transmitted in plaintext Lack of reader-to-tag authentication Malicious Reader RFID tag Query RN16 (16-bit random number) ACK (RN16) Tag ID Memory Read/Write & Other commands slide 14

Secure Protocols for RFID slide 15

Secure RFID Protocols Hash-based Approaches [1] S. Weis, Security and Privacy in Radio-Frequency Identification Devices, master s thesis, Massachusetts Inst. of Technology (MIT), Massachusetts, USA, May 2003. [8] M. Ohkubo, K. Suzuki, and S. Kinoshita, Cryptographic Approach to Privacy-Friendly Tags, RFID Privacy Workshop, MIT, Massachusetts, USA, Nov. 2003. [9] T. Dimitriou, A Lightweight RFID Protocol to protect against Traceability and Cloning Attacks, Proc. 1st IEEE Conf. Security and Privacy for Emerging Areas in Comm. Networks (SecureComm 05), Sep. 2005. [12] G. Tsudik, YA-TRAP: Yet Another Trivial RFID Authentication Protocol, Proc. 4th IEEE Int l Conf. Pervasive Computing and Comm. (PerCom 06), Mar. 2006. [13] G. Avoine and P. Oechslin, A Scalable and Provably Secure Hash Based RFID Protocol, Proc. 3rd IEEE Int l Workshop Pervasive Computing and Comm. Security (PERCOMW 05), Mar. 2005. [14] D. Henrici and P. M uller, Hash-Based Enhancement of Location Privacy for Radio- Frequency Identification Devices Using Varying Identifiers, Proc. First IEEE Int l Workshop Pervasive Computing and Comm. Security (PerSec 04), Mar. 2004. [36] Ohkubo, M., Suzuki, K., and Kinoshita, "RFID privacy issues and technical challenges," Commun. ACM 48, 9 (Sep. 2005). slide 16

Secure RFID Protocols Lightweight Approaches [23] A. Juels, Strengthening EPC Tags Against Cloning, Manuscript, RSA Laboratories, Mar. 2005. [24] Y.C. Chen, W.L. Wang, and M.S. Hwang, RFID Authentication Protocol for Anti- Counterfeiting and Privacy Protection, Proc. 9th IEEE Int l Conf. Advanced Comm. Technology (ICACT 07), Feb. 2007. [25] A. Juels, Minimalist Cryptography for Low-Cost RFID Tags, Proc. 4th Int l Conf. on Security in Comm. Networks (SCN 04), Sep. 2004. [26] Y.Z. Li et al., Security and Privacy on Authentication Protocol for Low-cost RFID, Proc. Int l Conf. Computational Intelligence and Security (CIS 06), Nov. 2006. [27] P. Peris-Lopez et al., M2AP: A Minimalist Mutual-Authentication Protocol for Low-Cost RFID Tags, Proc. 3rd Int l Conf. Ubiquitous Intelligence and Computing (UIC-06), Sep. 2006. [29] H.Y. Chien, SASI: A New Ultralightweight RFID Authentication Protocol Providing Strong Authentication and Strong Integrity, IEEE T. Dependable Secure Comput., vol. 4, no. 4, pp. 337 340, 2007. [32] D.N. Duc et al., Enhancing Security of EPCglobal Gen2 RFID Tag against Traceability and Cloning, Proc. 3rd Conf. Symp. Cryptography and Inf. Security (SCIS 06), Jan. 2006. [35] A. Juels and S. Weis, Authenticating Pervasive Devices with Human Protocols. Crypto, Aug. 2005. slide 17

Security Analysis of RFID Protocols slide 18

So How to design a secure protocol for low-end RFID Tag? slide 19

Hung-Min Sun and Wei-Chih Ting, A Gen2-based RFID Authentication Protocol for Security and Privacy, IEEE Transactions on Mobile Computing, Vol. 8, No. 8, pp. 1052-1062, 2009.

Gen2+ Setup at manufacturer Write Tag keypool M Write Tag keypool After sold Tag keypool M End users or companies U slide 21

Gen2+ In use RFID tag Query (a,b) Reader ck EPC data (a,b) Verify ck U ck End users or companies slide 22

Gen2+ a b (a,b) 08ED 244D 7C21 9162 6963 U 023C 222F 1556 7222 969D ck 1618 4FBC C9DB EF7F 4709 2F93 5D7E... slide 23

Gen2+ Results before enhancement slide 24

Gen2+ In use RFID tag Query (a,b,c) Reader ck EPC data (a,b) Verify ck U ck End users or companies slide 25

< 10 rounds Results after enhancement slide 26

Thank You Q & A slide 27

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information