[PPT]

Written by: Ari Juels

Presented by Carlos A. Lopez

Outline

1. Introduction

2. Basic RFID Tags

3. Symetric-Key Tags

4. RFID News

Definition RFID: Is a technology for automated

identification of objetcs and people RFID devices are called “RFID Tags”

Small Microchip (Itachi Mu-chip 0.002x0.002in)

Transmit data over the airResponds to interrogationPossible successor of barcodesEPCGlobal Inc Oversees the development of

standards

RFID Overview

Tags (transponders)Attached to objects, “call out” identifying dataon a special radio frequency

ID:2342341456734

Credit Card #8163 3534 9234 9876

Reader (transceiver)Reads data off the tagswithout direct contact

Radio signal (contactless)Range: from 3-5 inches to 3 yards

DatabaseMatches tag IDs tophysical objects

Reading Tags The read process starts when an RFID reader sends

out a query message Invites all tags within range to respondMore than one RFID tag may respond at the same time

○ This causes a collisionReader cannot accurately read information from more than

one tag at a time

Reader must engage in a special singulation protocol to talk to each tag separately

Barcode ReplacementUnique Identification

○ Type of Object Vs. Unique among millions○ Act as a pointer to a database

Automation○ Optically scanned

Line-of-sightContact with readersCareful physical positionRequires human intervention

RFID StandardsSome standards that have been made regarding RFID technology

include: ISO 14223/1 – RFID of Animals, advanced transponders ISO 14443: HF (13.56 MHz) RFID-enabled passports under

ICAO 9303. ISO 15693: HF (13.56 MHz) used for non-contact smart

payment and credit cards ISO/IEC 18000 - 7 different Parts ISO 18185: "e-seals" for tracking cargo containers using the

433 MHz and 2.4 GHz frequencies. EPCglobal - Most likely to undergo International

Standardization according to ISO rules as with all sound standards in the world.

Tag Types Passive:

All power comes from a reader’s signal Tags are inactive unless a reader activates them Cheaper and smaller, but shorter range

Semi-passive On-board battery, but cannot initiate communication Can serve as sensors, collect information from environment: for example, “smart

dust” for military applications Active:

On-board battery power Can record sensor readings or perform calculations in the absence of a reader Longer read range

LF HF UHF Microwave

Freq. Range 125 - 134KHz 13.56 MHz 866 - 915MHz 2.45 - 5.8 GHz

Read Range 10 cm 1M 2-7 M 1M

Application Smart Cards, Ticketing, animal tagging,

Access Control

Small item management, supply chain,

Anti-theft, library, transportation

Transportation vehicle ID, Access/Security, large item management, supply chain

Transportation vehicle ID (tolls), Access/Security, large item management, supply chain

Applications Supply-chain management

logistics, inventory control, retail check-out Payment systems

ExxonMobil SpeedPass I-Pass/EZ-Pas/Smart Tag toll systems Credit Cards

Access Control Passports

Library books Hospital and Health Centers Money - Yen and Euro banknoter anti-counterfeiting Animal Tracking - and Human???

Human-implantable RFID

1500 Eurosin wallet

Serial numbers:597387,389473

…

Wigmodel #4456

(cheap polyester)

30 items of lingerie

Das Kapital and Communist-

party handbook

Replacement hipmedical part #459382

The consumer privacy problem

Here’sMr. BOBin 2015…

Wig serial #A817TS8

…the tracking problem Mr. Bob pays with a credit card - his

RFID tags now linked to his identity determines level of customer service

Mr. Bob attends a political rally - law enforcement scans his RFID tags

Mr. Jones wins Award - physically tracked by paparazzi via RFID

Read ranges of a tag Nominal Range – Range intend to operate Rogue Scanning Range –Powerful antenna

amplifies the read range Tag-To-Reader Eavesdropping range – A second

reader can monitor the resulting tag emission Reader-to-Tag eavesdropping range -

Sometimes the reder send information with a greater power than the tags.

WMATA Smart Trip RFID

CURRENT BALANCE

Travel history: visited stations and dates

Wig serial #A817TS8

…and the authentication problem Privacy: Misbehaving readers

harvesting information from well-behaving tags

Authentication: Well-behaving readers harvesting information from misbehaving tags, particularly counterfeit ones

Basic RFID tags Vs. Symmetric Key tags

Cannot:Execute standards cryptographic operationsStrong Pseudorandom number generationHashing

Low-cost tagsEPC tagsUsed in most gates

Privacy Killing and Sleeping Re-naming approach

RelabelingMinimalist cryptographyEncryption

The proxy approachWatchdog TagRFID Guardian

Distance Measurement Blocking

Soft-blocking Trusted Computing

Returning to basic issue of privacy:Kill codes EPC tags have a “kill” function

○ On receiving password, tag self-destructs○ Tag is permanently inoperative○ No post-purchase benefits

Developed for EPC to protect consumers after point of sale

○ “Dead tags tell no tales”○ Privacy is preserve

Why not sleep them?○ Would be difficult to manage in practice – Users

might have to manage her PIN for her tags

Privacy (Cont 2) Re-naming approach

Even if the tag has no intrinsic meaning it can still enable tracking (Solution: Change over time)○ Relabeling

Consumer are equipped to re-label tags with new identifier, but able to reactive old information

○ Minimalist cryptographyChange names each time is interrogated

○ EncryptionRe-Encryption

- Public Key cryptosystem- Periodically re-encrypted by law enforcement

Universal Re-encryption

Privacy (Cont 3)

The proxy approachWatchdog TagRFID Guardian

So what might solve our problems? Higher-powered intermediaries like

mobile phonesRFID “Guardian” and RFID REP (RFID

Enhancer Proxy)

Please show reader certificate and privileges

Privacy (Cont 4)

Distance MeasurementDistance as a measure of trust

○ A tag might release general information “I’m attached to a bottle of water” when scanned at a distance, but release more specific information, like unique identifier at a close range.

Privacy (Cont 5)

BlockingScheme depends on the incorporation of a

modifiable bit called a privacy bitIt uses a blocking tag which prevents

unwanted scanning of tag on a private zoneSoft-blocking -On the reader “Do not scan

tags whose privacy is on”

Trusted Computing

Authentication

ECP tags Class-1 Gen-2 have no explicit anti-counterfeiting featuresYoking: Is a protocol that provides

cryptographic proof that 2 tags have been scanned simultaneously to try to solve that the reader actually reads what is trying to scan.

Symmetric-Key Tags (capable of computing symmetric key) Cloning

With a simple challenge-response protocol a tag T, can authenticate itself to a reader that shares the key Ki1. The tag transmit Ti2. The reader generates a random bit string R3. The tag computes H=h(Ki,R) and transmits H4. The reader verifies H =h(Ki,R)

Digital Signature Transponders ( created by Texas Instrument and used by Speedpass)○ Based on the secrecy of the algorithm “Security through obscurity” was

crack by student at Johns Hopkins Reverse-Engineering Key cracking Simulation

Reverse - Engineering and side channels Relay Attacks

○ Man-in-the-middle attacks can bypass any cryptographic protocol

Privacy Symmetric-Key Management Problem Leads to a paradox

○ A tag identifies itself before authenticating the readers○ The tag emits it identifier Ti○ So the reader can learn the identity of the tag○ Privacy unachievable

Tag emits where P is a input value

Once receiving E, the reader searches all the spaces of tags keys, trying to decrypt E under every key K until its obtains P (The reader has all the tag’s key on it)

€

E = fkTi [P]

Privacy Literature

Tree approach○ Proposed approach where a tag contains more than one

symmetric key in a hierarchical structure define by a tree S.Every node has a unique keyEach tag is assigned to a unique leafIt contains the key defined by the path from the root S to the leaf

○ Can be useful for:A tag holder can transfer ownership of an RFID tag to another party,

while history remains privateA centralized authority with full tag information can provision readers

to scan particular tags over limited windows timeSynchronization approachSymmetric-key primitiveThe European network for excellence in cryptographic is

evaluating 21 candidates stream ciphers

So what might solve our problems? Cryptography!

Urgent need for cheaper hardware for primitives and better side-channel defenses

Some of talk really in outer limits, but basic caveats are important:Pressure to build a smaller, cheaper tags without cryptographyRFID tags are close and personal, giving privacy a special

dimensionRFID tags change ownership frequentlyKey management will be a major problem

○ Think for a moment after this talk about distribution of kill passwords…

Are you ready for the Verichip?

RFDI News RFID Passports cracked -

http://blog.wired.com/sterling/2006/11/arphid_watch_fi.html

Can Aluminum Shield RFID Chips? - http://www.rfid-shield.com/info_doesitwork.php

RFID chips can carry viruses - http://arstechnica.com/news.ars/post/20060315-6386.html

Nightclub allows entry by RFID’ - http://www.prisonplanet.com/articles/april2004/040704bajabeachclub.htm

Demo: Cloning a Verichip - http://cq.cx/verichip.pl