50 ways to break RFID privacy



Similar documents
Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, Developed by: Smart Card Alliance Identity Council

RFID Security and Privacy. Simson L. Garfinkel, Ph.D. Center for Research on Computation and Society Harvard University October 5, 2005

Mécanismes de Restauration de. Privacy pour les Systèmes. RFID Offlines. Gildas AVOINE, Iwen COISEL, Tania MARTIN. Journées C2 Octobre 2012

Security/Privacy Models for "Internet of things": What should be studied from RFID schemes? Daisuke Moriyama and Shin ichiro Matsuo NICT, Japan

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

RFID Security: Threats, solutions and open challenges

Keep Out of My Passport: Access Control Mechanisms in E-passports

Tackling Security and Privacy Issues in Radio Frequency Identification Devices

How To Hack An Rdi Credit Card

A Study on the Security of RFID with Enhancing Privacy Protection

Security and Privacy Flaws in a Recent Authentication Protocol for EPC C1 G2 RFID Tags

A Secure RFID Ticket System For Public Transport

Secure recharge of disposable RFID tickets

Strengthen RFID Tags Security Using New Data Structure

CUNSHENG DING HKUST, Hong Kong. Computer Security. Computer Security. Cunsheng DING, HKUST COMP4631

Back-end Server Reader Tag

Security Issues in RFID systems. By Nikhil Nemade Krishna C Konda

A Note on the Relay Attacks on e-passports

Best Practices for the Use of RF-Enabled Technology in Identity Management. January Developed by: Smart Card Alliance Identity Council

Scalable RFID Security Protocols supporting Tag Ownership Transfer

An Overview of Approaches to Privacy Protection in RFID

Proxy Framework for Enhanced RFID Security and Privacy

Security Requirements for RFID Computing Systems

Privacy through Pseudonymity in Mobile Telephony Systems

Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars

Privacy and Security in library RFID Issues, Practices and Architecture

RFID Penetration Tests when the truth is stranger than fiction

Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars

Security and Privacy of RFID Systems. Claude Castelluccia

BSc (Hons.) Computer Science with Network Security. Examinations for 2011/ Semester 2

How To Attack A Key Card With A Keycard With A Car Key (For A Car)

A Vulnerability in the Song Authentication Protocol for Low-Cost RFID Tags

RFID Security and Privacy: A Research Survey. Vincent Naessens Studiedag Rabbit project

RFID Security. April 10, Martin Dam Pedersen Department of Mathematics and Computer Science University Of Southern Denmark

RFID based Bill Generation and Payment through Mobile

A Survey of RFID Authentication Protocols Based on Hash-Chain Method

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Cryptography and Network Security

Implementing high-level Counterfeit Security using RFID and PKI

Localization System for Roulette and other Table Games

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Karsten Nohl University of Virginia. Henryk Plötz HU Berlin

NXC5500/2500. Application Note w Management Frame Protection. ZyXEL NXC Application Notes. Version 4.20 Edition 2, 02/2015

Allwin Initiative for Corporate Citizenship Dartmouth Center for the Advancement of Learning Dickey Center Ethics Institute Institute for Security

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER

MACs Message authentication and integrity. Table of contents

Various Attacks and their Countermeasure on all Layers of RFID System

Chapter 8 Security. IC322 Fall Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE. Mihir Bellare UCSD 1

Security Challenges for User-Oriented RFID Applications within the Internet of Things

Security Issues in RFID. Kai Wang Research Institute of Information Technology, Tsinghua University, Beijing, China

RFID Security and Privacy: Threats and Countermeasures

Location Aware Selective Unlocking for Enhancing RFID Security

Implementation of biometrics, issues to be solved

EXHIBIT A. Part IV Content Identification 1. the transmission of content, it is important to consider how content can be identified (e.g.

The Secure Sockets Layer (SSL)

Microsoft RFID Platform Data Management. Christopher H. Short Microsoft Technology Center Director

How to Design and Build a RFID Network Infrastructure in Nationwide Buildings?

Security in RFID Networks and Protocols

How To Balance Load In Rdi With Power Conservation In A Power Efficient System

Attestation and Authentication Protocols Using the TPM

A Study on Computational Formal Verication for Practical Cryptographic Protocol: The Case of Synchronous RFID Authentication

The Study on RFID Security Method for Entrance Guard System

Special Topics in Security and Privacy of Medical Information. Reminders. Last lecture: Recap. Sujata Garera. Project part 1 submission

Chapter 15 User Authentication

Overview of Contactless Payment Cards. Peter Fillmore. July 20, 2015

Key Management (Distribution and Certification) (1)

PAP: A Privacy and Authentication Protocol for Passive RFID Tags

Caught in the Maze of Security Standards

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Wireless Sensor Networks Chapter 14: Security in WSNs

Rfid Authentication Protocol for security and privacy Maintenance in Cloud Based Employee Management System

Research Article Cloud-Based RFID Mutual Authentication Protocol without Leaking Location Privacy to the Cloud

Security in Wireless and Mobile Networks

New Directions in RFID Security

Keeping SCADA Networks Open and Secure DNP3 Security

Analyzing the Security Schemes of Various Cloud Storage Services

Chapter 3. Network Domain Security

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Capture Resilient ElGamal Signature Protocols

A Scalable, Privacy-Preserving and Secure RFID Protocol

Privacy in e-ticketing & e-identity

Single Sign-On Secure Authentication Password Mechanism

Security and Privacy for Internet of Things Application

Chapter 9 Key Management 9.1 Distribution of Public Keys Public Announcement of Public Keys Publicly Available Directory

On the Security of RFID

Extending ECC-Based RFID Authentication Protocols to Privacy-Preserving Multi-Party Grouping Proofs

chap18.wireless Network Security

White paper. Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points.

Authentication Application

GSM and UMTS security

SECURITY ANALYSIS OF PASSWORD BASED MUTUAL AUTHENTICATION METHOD FOR REMOTE USER

Wireless Sensor Network Security. Seth A. Hellbusch CMPE 257

Fighting product clones through digital signatures

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

EPASSPORT WITH BASIC ACCESS CONTROL AND ACTIVE AUTHENTICATION

Special Topics in Security and Privacy of Medical Information. Reminders. Medical device security. Sujata Garera

OPENID AUTHENTICATION SECURITY

Packet Level Authentication Overview

1. discovery phase 2. authentication and association phase 3. EAP/802.1x/RADIUS authentication 4. 4-way handshake 5. group key handshake 6.

Transcription:

50 ways to break RFID privacy Ton van Deursen 1 University of Luxembourg ton.vandeursen@uni.lu 1 Financial support received from the Fonds National de la Recherche (Luxembourg). RFID privacy 1 / 40

Outline Radio frequency identification (RFID) Privacy considerations in RFID RFID layered communication model Physical layer Communication layer Application layer Privacy attacks Correlation attack RFID privacy 2 / 40

Radio frequency identification RFID privacy 3 / 40

Radio frequency identification Key properties of RFID: Wireless technology Cheap technology Unique identifiers No power source needed RFID privacy 4 / 40

RFID in your pocket RFID privacy 5 / 40

RFID in your underwear RFID privacy 6 / 40

RFID privacy 7 / 40

RFID research RFID security research mainly focuses on: Authenticity: is the tag who he claims to be? Proximity: is the tag in my vicinity? Privacy The adversary can Impersonate a reader Impersonate a tag Eavesdrop on messages Block messages Modify messages RFID privacy 8 / 40

Privacy problems Taken from Ari Juels: RFID Security and Privacy: A research Survey, IEEE Journal on Selected Areas in Communications 24 (2): 381-394 (2006) RFID privacy 9 / 40

Plain identities Item ID Message sent Wig W125 W125 Replacement hip H123 H123 Das Kapital DK234 DK234 500 euro note FH128 FH128 500 euro note FH129 FH129 500 euro note FH130 FH130 Lingerie L180 L180 Solution: encrypt the identity of the tag RFID privacy 10 / 40

Encrypted identities Item ID Message sent Wig W125 #5$a7X Replacement hip H123 rb91ur7x Das Kapital DK234 T3tUM 500 euro note FH128 DX0mbvs 500 euro note FH129 pifv2y 500 euro note FH130 rny5lr Lingerie L180 PxXmhJ8uJ Solution: encrypt the identity of the tag RFID privacy 11 / 40

Untraceability #5$a7X c53q8 #5$a7X #5$a7X ACD1& time RFID privacy 12 / 40

Untraceability #5$a7X c53q8 #5$a7X #5$a7X ACD1& time RFID privacy 13 / 40

Untraceability #5$a7X c53q8 #5$a7X #5$a7X ACD1& time RFID privacy 14 / 40

Untraceability #5$a7X c53q8 #5$a7X #5$a7X ACD1& time RFID privacy 15 / 40

Untraceability We call an RFID system untraceable if an adversary cannot recognize a tag he has seen before Untraceability is sometimes called (strong) privacy, indistinguishability, or unlinkability. RFID privacy 16 / 40

RFID stack Tag Reader 3. Application 2. Communication 1. Physical RFID privacy 17 / 40

RFID communication layers Physical layer: Transmission of bits Modulation/demodulation protocols Anti-collision protocols Communication layer: Cryptographic services Identification/authentication protocols Key update protocols Distance-bounding protocols Application layer: RFID application Data access/interpretation protocols. Photo on e-passport Building access privileges RFID privacy 18 / 40

Physical layer: Fingerprinting RFIDs wake up I m ready RFID privacy 19 / 40

Physical layer: Fingerprinting RFIDs RFID privacy 20 / 40

Physical layer: Fingerprinting RFIDs RFID privacy 21 / 40

Physical layer: Fingerprinting RFIDs RFID privacy 22 / 40

Physical layer: Fingerprinting RFIDs RFID privacy 23 / 40

Physical layer: Fingerprinting RFIDs Fingerprinting RFIDs: Only possible in a controlled environment Expensive equipment needed Performance results (Danev et al. 2009): Sample size of 50 identical JCOP tags: correct identification in 95% of the cases. Sample size of 8 e-passports: correct identification in 100% of the cases. RFID privacy 24 / 40

Physical layer: UIDs Anti-collision: Before running communication-layer protocols, the reader and tags performs an anti-collision protocol Anti-collision singles out one tag for communication Tags assume anti-collision identifiers: UIDs (unique identifiers) Unique identifiers are almost always static. And can be read out by anybody with an RFID reader. RFID privacy 25 / 40

RFID reader Available at www.touchatag.com for EUR 30/$40. RFID privacy 26 / 40

Communication layer: Unique attribute attacks y, P, x 1 P, x 2 P R nonce r 2 r 2 x 1, x 2, P, Y = yp T Authentication protocol (Lee et al. 2008) r 2 0 nonce r 1 T 1 := r 1 P T 2 := (r 1 + x 1 )Y Challenge response structure Public-key based Randomized tag responses find x 1 P = y 1 T 2 T 1 (vp x 1 T 1 )r 1 2 = x 2 P T 1, T 2, v v := r 1 x 1 + r 2 x 2 Design goals: Authentication Untraceability RFID privacy 27 / 40

Communication layer: Unique attribute attacks y, P, x 1 P, x 2 P R nonce r 2 r 2 x 1, x 2, P, Y = yp T Reader computes: y 1 T 2 T 1 r 2 0 nonce r 1 = (r 1 + x 1 )P r 1 P = x 1 P find x 1 P = y 1 T 2 T 1 (vp x 1 T 1 )r 1 2 = x 2 P T 1, T 2, v T 1 := r 1 P T 2 := (r 1 + x 1 )Y v := r 1 x 1 + r 2 x 2 And verifies: (vp x 1 T 1 )r 1 2 = r 1 x 1 P r 1 x 1 P + r 2 r 1 2 x 2P = x 2 P RFID privacy 28 / 40

Communication layer: Unique attribute attacks R T R T r 2 T 1, T 2, v r 2 T 1, T 2, v Question: T? = T RFID privacy 29 / 40

Communication layer: Unique attribute attacks R T R T r 2 T 1, T 2, v r 2 T 1, T 2, v T 1 T 1 v v = (r 1 r 1 )P (r 1 r 1 )x 1 = x 1 1 P RFID privacy 30 / 40

Communication layer: e-passports Basic access control protocol k, k reader GetChallenge k, k passport NP nonce NP nonce NR, KR r = {NR, NP, KR} k r, MAC k (r) verify MAC and r RFID privacy 31 / 40

Communication layer: e-passports The passport first verifies the MAC Then it verifies the encryption Verification of the MAC and the encryption takes time. RFID privacy 32 / 40

Communication layer: e-passport The attacker can (Chothia/Smirnov, 2010): Record a message of a person with passport P he wants to trace Replay that message later to any passport P in his vicinity For a passport P P the MAC and encryption will not verify correctly For passport P the MAC will verify correctly, but the encryption will not Therefore, the passport P will take longer to respond with an error message than any other passport P P. RFID privacy 33 / 40

RFID privacy 34 / 40

Even if all layers maintain privacy... Assume all layers are properly protected. And a single tag is not traceable. An attacker can still find out which protocols a tag runs. And figure out the type and brand of a tag RFID privacy 35 / 40

Even if all layers maintain privacy... Scenario: A store wants to trace their customers Installs an RFID reader at the store entrance Then the store owner can see the amount and types of all tags one carries The following two customers can be easily distinguished: Customer 1 s set of tags: {A, BB, CCCCC, DDD}. Customer 2 s set of tags: {AA, C}. RFID privacy 36 / 40

Even if all layers maintain privacy... Effectiveness: Increases if the number of tags people carry on them increases Increases if the number of different tags increases Very effective against people with rare tags Very hard to counter Question: How does one analyze the privacy loss in this situation? RFID privacy 37 / 40

Conclusion Summary: RFID layered communication model Taxonomy of traceability attacks Physical layer: Fingerprinting RFIDs Unique identities: UIDs Communication layer: Unique attribute attacks Passport tracing Application layer Correlation attack RFID privacy 38 / 40

Future work Future work: Analyze privacy loss under correlation attack Find minimal conditions to maintain privacy RFID privacy 39 / 40

. Thank you! http://satoss.uni.lu/ton RFID privacy 40 / 40

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information