Feb 24, 2016
Persistent Security for RFID
Mike Burmester, Florida State University, USA MITACS International Focus PeriodAdvances in Network Analysis and its Applications1TalkthroughHis Late Masters Voice: private localizationMotivation: device discovery and sensor deployments in hostile territoryRFID technologyPrivate localization protocols with with temporal and location mechanismswith temporal mechanisms onlywith location mechanisms onlyPrivate localization is not possible without some kind of temporal or location information.Threat model and security issues.4/20/29112MITACS International Focus Period2His Late Masters Voice ..A motivating paradigm Bob died suddenly leaving his treasure to sister Alice Moriarty will do anything to get the treasure.Alice hides it together with Nipper, and promptly departs. (Nipper is a low-cost RFID device that responds only to her calls)Alice can find the hidden treasure later when Moriarty is not around.
4/20/29113MITACS International Focus Period
Nipper listening to a recording of his late master painted by Francis Barraud who inherited from his late brother: Nipper, a phonograph and some recordings
3His Late Masters Voicem.Wrong painting!mnnnnmm Not a cylinder phonograph but a gramophone Each RFID tag must only respond to authorized readersEach authorized RFID reader must be authenticated without being challenged by the tag: any challenge by the tag will reveal its presence/position.Localization privacy captures a novel aspect of privacy extending the traditional privacy notions of anonymity and unlinkability to private localization.
4/20/29114MITACS International Focus Period
4Localization privacy . Barking for privacy Anonymity and unlinkability are slightly weaker notions:Even though the adversary may not be able to recognize a tag, or link the tag's interrogation sessions, by knowing its location it can identify that tag to some degree.Localization privacy is essentially a steganographic attribute.The goal of steganography is to hide data in such a way that the adversary cannot detect its existence, while The goal of private localization is to hide a device in such a way that its presence cannot be detected.
4/20/29115MITACS International Focus Period
5Localization privacy m.
Because localization privacy is essentially a steganographic attribute one would expect that any knowledge needed to enforce it is based on physical/environmental knowledge.We shall see that localization privacy can only be achieved by using non-application layer data such asTemporal orLocational information. 4/20/29116MITACS International Focus Period
6 Sensor deployments. MotivationSuppose we want to deploy 10,000 sensors in a 100 km2 for passive monitoring in a hostile territory.The lifetime of the system is expected to be at least 10 years.Attached to the sensors are RFID tags which are their communication interfaceThe tags are not networked to prevent detection.Robotic armored vehicles collect the monitored data at regular intervals.4/20/29117MITACS International Focus Period7Sensor deployments.in untrusted territory4/20/29118
Monitoring environmental data and surveillance.Deployment is not necessarily uniformMITACS International Focus Period8Path of armored RFID reader.multiple interrogations4/20/29119MITACS International Focus Period9
Device discovery,,,,,.one-time interrogations 4/20/291110MITACS International Focus Period10RFID systemsRFID tags a discardable technology?low costreplaceabletypically short-lived, but durableOther RFID system components, RFID readers and a backend server:Not necessarily low-costupgradeablemid- to long-term lifeBoth: May protect high-value assets4/20/291111MITACS International Focus Period
11RFID tagsAttached to, or embedded in, host objects to be identified. Each tag is a transponder with an RF coupling element and may also have a microprocessor. The coupling element has an antenna coil to capture RF power, clock pulses and data from the RFID reader.The microprocessor has small amounts of ROM for storing, among other information, the tag's identification, volatile RAM and (potentially) nonvolatile EEPROM.
4/20/291112MITACS International Focus Period12Types of passive tagsSmart label. Class 1 memory devices, typically Read-Only. Low cost replacements for bar codes.Re-writable tags. Class 1 re-writable memory. Subject to unauthorized cloning, disabling, tracking.IC tags. Class 2 tags with CMOS integrated circuit and non volatile EEPROM. Will defeat most attacks.BAP tags. Battery assisted IC tags with an extended read range
4/20/291113MITACS International Focus Period13RFID readersAn RFID reader is a device with storage, computing, and communication resources comparable to at least those of a powerful PDA. It is equipped with a transceiver consisting of an RF module, a control unit, and an RF coupling element to interrogate the tags.RFID readers implement a radio interface to the tags and also a high level interface to the Server that processes captured data.
4/20/291114MITACS International Focus Period
14Backend ServerA trusted entity that maintains a database with all the information needed to identify tags, including their identification numbers.Since the integrity of an RFID system is entirely dependent on the proper behavior of the Server, it is assumed that the Server is physically secure and not subject to attacks.As far as resources the Server is a powerful computing device with ample disk, memory, communication, and other resources.
4/20/291115MITACS International Focus Period
15Reader-tag couplingAffects the tag's reading range & the frequencies needed.RFID capacitive (electric) coupling short ranges (subcentimeter for UHF near-field )RFID inductive (magnetic) coupling slightly longer ranges (submeter for UHF)RFID backscatter coupling range: 10m--100m+ For localization privacy apps use backscatter coupling
4/20/291116MITACS International Focus Period
16Fine grained . localizationLocalization is based on analyzing RF signals emitted by the target.The RF waveform is influenced by the paths traveled by the signal.For fine granularity the raw signal waveform must be passed to the upper layers and processed using algorithms that understand that the intricate relations the wireless environment and the signal.4/20/2911MITACS International Focus Period17
17Localization algorithmsBased on modeling the variations of RF signals in the environment. There are two types of algorithms. Those that:Calibrate the RF signal distribution and then estimate the location.Multilateration algorithmsBayesian inference algorithmsDirectly compute the locationNearest-eighbor algorithmsProximity algorithmsKernel-based learning algorithms.4/20/2911MITACS International Focus Period18
18NLJ detectorsNon-Linear Junction detectors detect covert devices based on the fact that subjecting a NLJ to a strong high frequency spectrally pure microwave (888 or 915 MHz) will cause the junction to emit the lower harmonics of the signal.A NLJ detector floods the target area with high frequency energy and detects the emitted harmonics from the target.Will detect any electronic device that is not shielded, even if it is switched off.4/20/2911MITACS International Focus Period19
19Protocol 1.....................bbb...... TagTag knows its location & the time The RFID reader sends: timer , locr ; x = MACk(timer , locr)The tag check it. If the values timer , locr are close enough to the locally measured values then it responds with: y = MACk(x) If this is correct the RFID reader accepts (the tag as authentic).Here k is a secret key that the RFID reader shares with the tag.Step 1 authenticates the reader to the tagThis step can be thought of as a `response to the location & time challenge 4/20/291120MITACS International Focus Period
20LocalizationThe actual location of the tag is determined by analyzing the RF signal waveform of its response y in Step 2 by using a localization algorithm.4/20/291121MITACS International Focus Period
Protocol 1..on.,,,,,bon bab.on Tag knows its location & time 21ProblemScalabilityThe RFID reader must send a different challenge to each one of the tags, if it does not know an approximate location of the tags.
[Public Key cryptography will address this issue---use ECC] 4/20/291122MITACS International Focus Period
Protocol 1..on.,,,,,bon bab.on Tag knows its location & time 22 The RFID reader sends: timer , x = MACk(timer)The RFID tag check this. If it is correct it responds with: y = MACk(x) If this is correct the RFID reader accepts .Step 1 authenticates the reader to the tag.This step can be thought of as a `response to the time challenge
4/20/291123MITACS International Focus Period
Protocol 2...,,,,,bon bab.on Tag knows the time only 23Protocol 2..nm.,,,,,bon bab.on Tag knows the time only Problem:Clocks must be synchronized. This problem cannot be solved for lightweight applications!4/20/291124MITACS International Focus Period
24 Suppose the tag and reader share a synchronized counter ctThe reader sends: