1 / 28

Handling Security Threats to the RFID System of EPC Networks

Handling Security Threats to the RFID System of EPC Networks. J. Garcia-Alfaro, M. Barbeau, E. Kranakis. Presenter Gicheol Wang. RFID Tags. Radio frequency devices that transmit information (e.g., serial numbers) to compliant readers in a contactless manner Classified in the literature as:

haruki
Télécharger la présentation

Handling Security Threats to the RFID System of EPC Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Handling Security Threats to the RFID System of EPC Networks J. Garcia-Alfaro, M. Barbeau, E. Kranakis Presenter Gicheol Wang

  2. RFID Tags • Radio frequency devices that transmit information (e.g., serial numbers) to compliant readers in a contactless manner • Classified in the literature as: • Passive: transmission power is derived from reader • Active: energy comes from on-board battery • Semi-passive: battery powered chips, but transmission powered by reader • Electronic Product Code (EPC) tags • Main kind of low-cost tags in use on today’s RFID supply chain applications • Passive UHF RFID tags • EPCglobal inc: Main organization controlling EPC development

  3. ELECTRONIC PRODUCT CODE Header Manager number Object class Serial number Sample representation of an EPC number RFID Tag

  4. Security Problems Security threats Insecure wireless channel Back-end services Middleware Readers Tags Secure wired channel • Threats to and from front-end components (i.e., tags and readers) • Privacy concerns during the receiving of information • Lack of authentication between readers & tags • Necessity of a fine grained access control for the interaction of principals

  5. Threat Analysis Methodology Strong Unlikely Likely Critical Likelihood Difficulty Solvable Possible Major Possible Minor None Likely Unlikely Low Moderate High High Medium Low Impact Motivation • Likelihood and risk function • this framework was proposed by ETSI

  6. EPC Inventory Protocol 1. Query 2. RN16 Reader Tag 3. ACK(RN16) 4. Tag ID • Lack of authentication between readers & tags • 16-bit random sequences (denoted as RN16) to acknowledge the process • Any compatible reader can obtain the code • Illicit readers can impersonate legal readers

  7. Rogue Scanning Tag Illicit Reader Reader • Powering the tag to obtain tag ID • The use of special hardware (e.g., highly sensitive receivers and high gain antennas) can ease the attack.

  8. Eavesdropping Reader Channel Tag Illicit Reader Reader • Passive observation or recording of the communication • The distance at which an attacker can eavesdrop the signal of an EPC reader can be much longer than the operating environment of the tag. • Some data items (e.g., 16-bit random sequences) can be eavesdropped at long distances.

  9. Cloning of Tags Tag Illicit 1. TagID 2. write TagID Reader Using the codes eavesdropped or scanned, an attacker may successfully clone the tags

  10. Location Tracking Illicit Reader TagID • Adversaries can distinguish any given tag by just getting the EPC • Correlating reader’s position, adversary can trace location of bearers • It can also provide useful data for fingerprinting and profiling

  11. Tampering of Data (1/3) 1. Query 2. RN16 3. ACK(RN16) Reader Tag 4. Tag ID 5. Req_RN(RN16) 6. Handle Gen2 tags are required to be writable Although this feature can be protected with a 32-bit password, bypassing the protection is solvable

  12. Tampering of Data (2/3) 7. Req_RN(Handle) 8. RN16' 9. Access(PIN31:16 RN16') Reader Tag 10. Handle 11. Req_RN(Handle) Gen2 tags are required to be writable Although this feature can be protected with a 32-bit password, bypassing the protection is solvable

  13. Tampering of Data (3/3) 12. RN16'' 13. Access(PIN15:0 RN16'') 14. Handle Reader Tag 15. Write(membank, wordptr,data, handle) 16. Header, Handle Gen2 tags are required to be writable Although this feature can be protected with a 32-bit password, bypassing the protection is solvable

  14. Denial of Service Tag Tag write/kill command Illicit Reader Jamming device (1) (2) Tag data destruction or interference by attacks such as (1) attacks targeting writing or self-destruction routines and (2) use of jamming or strong electromagnetic pulses.

  15. Evaluation of Threats (Summary)

  16. How to deal with these threats ? • Shielding or jamming the signal • It may work on some other RFID applications, but not on EPC setups • Third party blockers or guardians • Requires the management of new components • Use of lightweight countermeasures, such as: • Message Authentication Codes • Lock-based Access Control Schemes • Random Pseudonyms • Threshold Cryptography • Physically Unclonable Functions

  17. Message Authentication Codes • Tags & readers share a secret that allows the verification of the integrity and authenticity of exchanged messages Tag Message Secret Output Keyed Hash Function Keyed Hash Function MAC Secret Message Reader ? {Message, MAC} MAC

  18. Lock-based Access Control Schemes • Simplified Scheme: • Readers and tags share a common secret • When a tag receives a proof ownership of the secret (e.g., a hash of it), it locks itself  when interrogated, it only answers with this pseudo ID • Tag unlocks itself when it receives the secret Tag Tag (1) Reader Reader hash(secret) secret (2)

  19. Random Pseudonyms • Tags storing a pseudonym, or a list of pseudonyms, instead of the real object or tag identifier (i.e., EPC number) • To handle the location tracking threat, pseudonyms must be generated at random and they must change frequently • Authorized readers must know how to match the pseudonyms to the real tag identifiers

  20. Threshold Cryptography Secret Sharing Secret … … T1 T2 Tk Tn k out of n tags can reconstruct the secret Secret Exploit the natural movement of tag populations on the supply chain to distribute secrets and enforce privacy

  21. Physically Unclonable Functions (1/2) • Originated from optical mechanisms for generating unique secrets in the form of physical variations • E.g.: Light Binary output

  22. Physically Unclonable Functions (2/2) • Promising for the implementation of challenge-response protocols in low-cost EPC tags. • Optical designs have been improved towards new schemes exploiting other physical random variations • Delays of wires and logic gates of integrated circuits • SRAM startup values as origin of randomness • Can be used to handle the authentication threat, as well as the cloning and location tracking threats

  23. Secret Sharing(I) • Motivation of Secret Sharing My colleagues and I accidentally discovered a map that would lead us to a treasure island. We agreed to start the trip together tomorrow. The problem is who possesses the map until the start time Now, They can happily go home They don’t really trust one another

  24. Secret Sharing(II) • Problem of Secret Sharing • in above example, if someone who has the part of the map burns his(hers) intentionally • they never go to the treasure island • (n, t) Secret Sharing = threshold cryptography • greater than or equal to t parties can recover original s • less than t parties have no information about s You have never imagine I’m a spy. I’ll destroy my key.

  25. Secret Sharing(III) • Design of (n,t) secret sharing • generate a polynomial f(x)=ax(t-1) + bx(t-2) … + cx + M (mod p) • a prime ‘p’ which is larger than the number of shares required • ‘t’ is the number of shares necessary to reconstruct the secret • ‘a’, …, ‘c’ are random secret coefficients which are discarded once the data has been distributed • ‘M’ is the secret to be distributed • evaluate f(x) at x=1, x=2, …, x=n • distribute the resulting f(1), f(2), …, f(n) values as the shared data • any ‘t’ shares can be used to create the same polynomial f(x) • a linear algebra(Lagrange Interpolation) can be used to solve for M

  26. Secret Sharing(IV) • Example of (n,t) secret sharing • generate a polynomial ax2 + bx + M (mod p) • Assumption • a (5,3) threshold scheme is employed • M=5, a=4, b=6, and p=13 • f(x) = 4x2 + 6x + 5 (mod 13) • f(1) = 4+6+5 (mod 13)=2, f(2)=16+12+5 (mod 13)=7, f(3)=7, f(4)=2, f(5)=5 • {x, f(x)} is distributed to any five nodes • any node which gets three of these shares(for example share 1, 3, 5) can acquire the original polynomial through the following equation.

  27. Secret Sharing(V) • Lagrange interpolation • We can compute the lagrange interpolation polynomial using four points , , , as the following

  28. (3,2) threshold signature K/k s1 PS(m, s1) server 1 s2 c m <m>k server 2 PS(m, s3) s3 server 3 Secret Sharing(VI) • An Example of secret sharing m : message PS : partial signature Ex) PS(m, s1) is a partial signature of m via share s1 c : combiner <m>k : fully signature of m signed by private key Return

More Related