http://csce.uark.edu/~drt/rfi http://csce.uark.edu/~drt/rfi d 1 MIXNET for Radio MIXNET for Radio Frequency Frequency Identification Identification Jaanus Uudmae, Harshitha Sunkara, Dale R. Thompson, Sean Jaanus Uudmae, Harshitha Sunkara, Dale R. Thompson, Sean Bruce, and Jayamadhuri Penumarthi Bruce, and Jayamadhuri Penumarthi Dale R. Thompson, Ph.D., P.E. Dale R. Thompson, Ph.D., P.E. Associate Professor Associate Professor Computer Science and Computer Computer Science and Computer Engineering Dept. Engineering Dept. University of Arkansas University of Arkansas
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
MIXNET for Radio MIXNET for Radio Frequency IdentificationFrequency Identification
Jaanus Uudmae, Harshitha Sunkara, Dale R. Thompson, Sean Bruce, and Jaanus Uudmae, Harshitha Sunkara, Dale R. Thompson, Sean Bruce, and Jayamadhuri PenumarthiJayamadhuri Penumarthi
Dale R. Thompson, Ph.D., P.E.Dale R. Thompson, Ph.D., P.E.Associate ProfessorAssociate Professor
Computer Science and Computer Engineering Computer Science and Computer Engineering Dept.Dept.
Related ActivitiesRelated Activities Member of GS1 EPCglobal Hardware Action Group Product Member of GS1 EPCglobal Hardware Action Group Product
Data Protection ad hoc Committee (Dec. 2006 – present)Data Protection ad hoc Committee (Dec. 2006 – present) Affiliated with University of Arkansas RFID Research Center Affiliated with University of Arkansas RFID Research Center
(http://itri.uark.edu/rfid/) (Feb. 2005 – present)(http://itri.uark.edu/rfid/) (Feb. 2005 – present) Lightweight Authentication for RFID (Aug. 2006 – present)Lightweight Authentication for RFID (Aug. 2006 – present) Categorizing RFID Privacy Threats with STRIDE (July 2006)Categorizing RFID Privacy Threats with STRIDE (July 2006) Taught RFID Communications class (May – June 2006) Taught RFID Communications class (May – June 2006) RFID Security Threat Model (Mar. 2006)RFID Security Threat Model (Mar. 2006) Brute Force Attack of EPCglobal UHF Class-1 Generation-2 Brute Force Attack of EPCglobal UHF Class-1 Generation-2
RFID Tag (Jan. – May 2006)RFID Tag (Jan. – May 2006) Attack Graphs for EPCglobal RFID (Jan. – May 2006)Attack Graphs for EPCglobal RFID (Jan. – May 2006) MIXNET Using Universal Re-encryption for Radio Frequency MIXNET Using Universal Re-encryption for Radio Frequency
Identification (RFID) (Aug. 2005 – Dec. 2006)Identification (RFID) (Aug. 2005 – Dec. 2006) RFID Technical Tutorial and Threat Modeling Project (Jun. – RFID Technical Tutorial and Threat Modeling Project (Jun. –
University of Arkansas RFID University of Arkansas RFID Research CenterResearch Center
Fully student staffed with 24 industry members, which recently Fully student staffed with 24 industry members, which recently became the first open laboratory to be accredited by EPCglobal became the first open laboratory to be accredited by EPCglobal Inc.Inc.
Stands for Radio Frequency Stands for Radio Frequency IdentificationIdentification
Uses radio waves for identificationUses radio waves for identification New frontier in the field of information New frontier in the field of information
technology technology One form of Automatic IdentificationOne form of Automatic Identification Provides unique identification or serial Provides unique identification or serial
number of an object (pallets, cases, number of an object (pallets, cases, items, animals, humans)items, animals, humans)
RFID readerRFID reader Also known an interrogatorAlso known an interrogator Reader powers passive tags with RF energyReader powers passive tags with RF energy Can be handheld or stationaryCan be handheld or stationary Consists of:Consists of:
Tag is a device used to transmit Tag is a device used to transmit information such as a serial number information such as a serial number to the reader in a contact less to the reader in a contact less mannermanner
Classified as :Classified as :– Passive – energy from readerPassive – energy from reader– Active - batteryActive - battery– Semi-passive – battery and energy from Semi-passive – battery and energy from
RFID adds visibility as the items flow RFID adds visibility as the items flow through the supply chain from the through the supply chain from the manufacturer, shippers, distributors, manufacturer, shippers, distributors, and retailers.and retailers.
The added visibility can identify The added visibility can identify bottlenecks and save money.bottlenecks and save money.
Wal-Mart requested in June 2003 that Wal-Mart requested in June 2003 that their top 100 suppliers use RFID at the their top 100 suppliers use RFID at the pallet and case level by January 2005.pallet and case level by January 2005.
MIXNET using Universal Re-encryptionMIXNET using Universal Re-encryption
ElGamal:ElGamal:• A conventional cryptosystem, permits re-encryption if A conventional cryptosystem, permits re-encryption if
the public key is known at each MIXNETthe public key is known at each MIXNET• Ciphertext C’ represents re-encryption of C if both Ciphertext C’ represents re-encryption of C if both
decrypt to the same plaintext.decrypt to the same plaintext.• Privacy is because the ciphertext pair (C, C’) is Privacy is because the ciphertext pair (C, C’) is
indistinguishable from (C, R) for a random cipher R.indistinguishable from (C, R) for a random cipher R.• The tag pseudonym, a false name for the original The tag pseudonym, a false name for the original
identity is re-encrypted each time it passes a MIXNET.identity is re-encrypted each time it passes a MIXNET.
Key Generation:Key Generation:Alice: Alice: A random prime p, generator element g and private key x.A random prime p, generator element g and private key x. Generate public key Generate public key Publicize (p, g, y) and x as the private key.Publicize (p, g, y) and x as the private key. Encryption:Encryption:Bob:Bob:Chooses random k to send message m and computes a ciphertext pair Chooses random k to send message m and computes a ciphertext pair (c1, c2):(c1, c2): and and Decryption:Decryption:To decrypt ciphertext (c1, c2), Alice computesTo decrypt ciphertext (c1, c2), Alice computes
Universal Re-encryptionUniversal Re-encryption• Re-encrypts the ciphertext without the knowledge of the Re-encrypts the ciphertext without the knowledge of the
public key using a random encryption factor.public key using a random encryption factor.• Re-encryption is based on a homomorphic property,Re-encryption is based on a homomorphic property,
• Allows external anonymity which provides total privacy Allows external anonymity which provides total privacy protection for data being transmitted protection for data being transmitted
• Encrypts under the public key and random encryption factor Encrypts under the public key and random encryption factor • Appends an identity element to the ciphertext encrypted Appends an identity element to the ciphertext encrypted
based on ElGamal.based on ElGamal.• First decrypts the identity element to confirm the intended First decrypts the identity element to confirm the intended
• Extend simulation to a system of security Extend simulation to a system of security agentsagents
• Add MIXNET agent to open source TagCentricAdd MIXNET agent to open source TagCentric• Implement MIXNET on a readerImplement MIXNET on a reader• Implement traditional MIXNET between Implement traditional MIXNET between
readers and databases to hide location of tags readers and databases to hide location of tags from the databasefrom the database
RFID-related publicationsRFID-related publications M. Byers, A. Lofton, A. K. Vangari-Balraj, and D. R. Thompson, “Brute force M. Byers, A. Lofton, A. K. Vangari-Balraj, and D. R. Thompson, “Brute force
attack of EPCglobal UHF class-1 generation-2 RFID tag,” in Proc. IEEE Region 5 attack of EPCglobal UHF class-1 generation-2 RFID tag,” in Proc. IEEE Region 5 Technical Conf., Fayetteville, Arkansas, April 20-21, 2007, to appear.Technical Conf., Fayetteville, Arkansas, April 20-21, 2007, to appear.
S. C. G. Periaswamy, S. Bharath, M. Chagarlamudi, S. Estes, D. R. Thompson, S. C. G. Periaswamy, S. Bharath, M. Chagarlamudi, S. Estes, D. R. Thompson, “Attack graphs for EPCglobal RFID,” in Proc. IEEE Region 5 Technical Conf., “Attack graphs for EPCglobal RFID,” in Proc. IEEE Region 5 Technical Conf., Fayetteville, Arkansas, April 20-21, 2007, to appear.Fayetteville, Arkansas, April 20-21, 2007, to appear.
J. Uudmae, H. Sunkara, D. R. Thompson, S. Bruce, and J. Penumarthi, “MIXNET J. Uudmae, H. Sunkara, D. R. Thompson, S. Bruce, and J. Penumarthi, “MIXNET for radio frequency identification,” in Proc. IEEE Region 5 Technical Conf., for radio frequency identification,” in Proc. IEEE Region 5 Technical Conf., Fayetteville, Arkansas, April 20-21, 2007, to appear.Fayetteville, Arkansas, April 20-21, 2007, to appear.
D. R. Thompson, J. Di, H. Sunkara, and C. Thompson, “Categorizing RFID D. R. Thompson, J. Di, H. Sunkara, and C. Thompson, “Categorizing RFID privacy threats with STRIDE,” in Proc. ACM Symposium on Usable Privacy and privacy threats with STRIDE,” in Proc. ACM Symposium on Usable Privacy and Security (SOUPS), Carnegie Mellon University, Pittsburgh, Pennsylvania, July Security (SOUPS), Carnegie Mellon University, Pittsburgh, Pennsylvania, July 12-14, 2006.12-14, 2006.
D. R. Thompson, “RFID technical tutorial,” The Journal of Computing Sciences D. R. Thompson, “RFID technical tutorial,” The Journal of Computing Sciences in Colleges, vol. 21, no. 5, pp. 8-9, May, 2006.in Colleges, vol. 21, no. 5, pp. 8-9, May, 2006.
D. R. Thompson, N. Chaudhry, and C. W. Thompson, “RFID security threat D. R. Thompson, N. Chaudhry, and C. W. Thompson, “RFID security threat model,” in Proc. Acxiom Laboratory for Applied Research (ALAR) Conf. on model,” in Proc. Acxiom Laboratory for Applied Research (ALAR) Conf. on Applied Research in Information Technology, Conway, Arkansas, Mar. 3, 2006.Applied Research in Information Technology, Conway, Arkansas, Mar. 3, 2006.
N. Chaudhry, D. R. Thompson, and C. Thompson, RFID Technical Tutorial and N. Chaudhry, D. R. Thompson, and C. Thompson, RFID Technical Tutorial and Threat Modeling, ver. 1.0, tech. report, Dept. of Computer Science and Threat Modeling, ver. 1.0, tech. report, Dept. of Computer Science and Computer Engineering, University of Arkansas, Fayetteville, Arkansas, Dec. 8, Computer Engineering, University of Arkansas, Fayetteville, Arkansas, Dec. 8, 2005. Available: http://csce.uark.edu/~drt/rfid2005. Available: http://csce.uark.edu/~drt/rfid