Nurbek Saparkhojayev and Dale R. Thompson, Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Ph.D., P.E. Computer Science and Computer Engineering Computer Science and Computer Engineering Dept. Dept. University of Arkansas University of Arkansas Matching Electronic Matching Electronic Fingerprints of RFID Tags Fingerprints of RFID Tags Using the Hotelling’s Using the Hotelling’s Algorithm Algorithm D. R. Thompson D. R. Thompson http://rfidsecurity.uark.edu http://rfidsecurity.uark.edu 1 This material is based upon work supported by the National Science Foundation, Cyber Trust area, under Grant No. CNS-0716578. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation. Presented to: IEEE Sensors Applications Symposium, Feb. 17, 2009
26
Embed
Matching Electronic Fingerprints of RFID Tags Using the Hotelling’s Algorithm
Matching Electronic Fingerprints of RFID Tags Using the Hotelling’s Algorithm. Presented to: IEEE Sensors Applications Symposium, Feb. 17, 2009. Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Computer Science and Computer Engineering Dept. University of Arkansas. - PowerPoint PPT Presentation
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Nurbek Saparkhojayev and Dale R. Thompson, Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Ph.D., P.E.
Computer Science and Computer Engineering Computer Science and Computer Engineering Dept.Dept.
University of ArkansasUniversity of Arkansas
Matching Electronic Fingerprints Matching Electronic Fingerprints of RFID Tags Using the of RFID Tags Using the Hotelling’s AlgorithmHotelling’s Algorithm
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 11
This material is based upon work supported by the National Science Foundation, Cyber Trust area, under Grant No. CNS-0716578.
Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science
Foundation.
Presented to: IEEE Sensors Applications Symposium, Feb. 17, 2009
ProblemProblem
Counterfeiting travel documents such Counterfeiting travel documents such as ePassport, DHS PASS card, and as ePassport, DHS PASS card, and future drivers licensesfuture drivers licenses
Travel documents contain radio Travel documents contain radio frequency identification (RFID) tagsfrequency identification (RFID) tags
http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 22D. R. ThompsonD. R. Thompson
Threats to RFID tagsThreats to RFID tags
Cloning the tagCloning the tag– Copy contents of tag to another tagCopy contents of tag to another tag
Side-channel (non-invasive) attacksSide-channel (non-invasive) attacks– Monitor certain external parameters such as Monitor certain external parameters such as
power consumption, timing delay, or power consumption, timing delay, or electromagnetic emissionelectromagnetic emission
– Inject noise/faults to the target to cause Inject noise/faults to the target to cause irregular behaviorsirregular behaviors
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 33
Tag Counterfeiting/CloningTag Counterfeiting/Cloning(Spoofing Identity)(Spoofing Identity)
http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 44D. R. ThompsonD. R. Thompson
Manipulating Data on Manipulating Data on PassportPassport
The Hacker’s Choice (Oct. 2, The Hacker’s Choice (Oct. 2, 2008)2008)– Copied passportCopied passport– Replaced picture with Replaced picture with
Elvis’s pictureElvis’s picture– Turned off active Turned off active
verificationverification– Tested on boarding pass Tested on boarding pass
http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 66D. R. ThompsonD. R. Thompson
ObjectiveObjective
Prevent counterfeiting of RFID tagsPrevent counterfeiting of RFID tags– Methods for creating electronic Methods for creating electronic
fingerprint based on physical fingerprint based on physical characteristics of tagcharacteristics of tag
– Digital integrated circuit (IC) design Digital integrated circuit (IC) design methodology that mitigates power- and methodology that mitigates power- and timing-based side-channel attackstiming-based side-channel attacks
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 77
ApproachApproach Electronic fingerprint
(e-fingerprint)– Authentication
becomes a function of what the device “is” in addition to a secret it “knows.”
Digital integrated circuit Digital integrated circuit (IC) design methodology (IC) design methodology that mitigates power- that mitigates power- and timing-based side-and timing-based side-channel attackschannel attacks
http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 88D. R. ThompsonD. R. Thompson
Two-layer securityTwo-layer security Authentication becomes a function of what the
device “is” in addition to a secret it “knows.” Two-layers
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 1616
Create synthetic tag Create synthetic tag fingerprintsfingerprints
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 1717
ParametersParameters
p = 4 = number of featuresp = 4 = number of features n1 = n2 = 20 = number of samplesn1 = n2 = 20 = number of samples alpha = 0.025 (95% confidence level)alpha = 0.025 (95% confidence level) If T^2 > 13.81, assume fingerprints If T^2 > 13.81, assume fingerprints
are differentare different
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 1818
Case 1: Compare fingerprint of tag 0 with all Case 1: Compare fingerprint of tag 0 with all other fingerprints at varying noise levels other fingerprints at varying noise levels
(mean = 0)(mean = 0)
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 1919
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 2020
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 2121
Case 2: A single tag fingerprint with std. Case 2: A single tag fingerprint with std. dev. 1.50 compared against itself at noise dev. 1.50 compared against itself at noise
levels with different meanslevels with different means
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 2222
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 2323
ConclusionsConclusions
Hotelling’s performs well across a Hotelling’s performs well across a large range of standard deviations IF large range of standard deviations IF the noise has zero meanthe noise has zero mean
Modest computationsModest computations
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 2424
Future WorkFuture Work
Apply the algorithm to the measured Apply the algorithm to the measured features instead of the synthetic features instead of the synthetic featuresfeatures
Apply the algorithm across a much Apply the algorithm across a much larger set of parameterslarger set of parameters
D. R. ThompsonD. R. Thompson http://rfidsecurity.uark.eduhttp://rfidsecurity.uark.edu 2525
Contact InformationContact Information
Dale R. Thompson, Ph.D., P.E.Dale R. Thompson, Ph.D., P.E.Associate ProfessorAssociate ProfessorComputer Science and Computer Engineering Dept.Computer Science and Computer Engineering Dept.JBHT – CSCE 504JBHT – CSCE 5041 University of Arkansas1 University of ArkansasFayetteville, Arkansas 72701-1201Fayetteville, Arkansas 72701-1201