1 / 43

Radio Frequency Identification

Radio Frequency Identification. Foundations of Privacy 2010 Guy Katz. Planned Topics. Introduction to RFID How does it work Threats to user privacy Possible solutions. Introduction to RFID. Radio Frequency Identification. “Wireless” Identification System Consists of Tag

casey
Télécharger la présentation

Radio Frequency Identification

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Radio Frequency Identification Foundations of Privacy 2010Guy Katz

  2. Planned Topics • Introduction to RFID • How does it work • Threats to user privacy • Possible solutions

  3. Introduction to RFID

  4. Radio Frequency Identification • “Wireless” Identification System • Consists of • Tag • Small transponder • Attached to a physical object • Transceiver • Reads (writes) data from tags • Connected to some database

  5. Origins • RFID has been around for 60 years • “Friend or Foe” systems in WW II: • German pilots would roll their planes when coming back to base • The British put basic transmitters on theirs • Theft prevention (1970’s) • Trucks in Los Alamos laboratory had transponders • Toll payments • Agriculture

  6. Recent Developments • A large increase in deployment since year 2000 • Reasons: • Tags and readers much smaller and cheaper • World wide standardization (ISO)

  7. Current Uses • Supply Chain Management • From production to customer; replaces bar codes • Payment systems • Toll roads, cafeterias, Rav-Kav • Access Control • Weizmann Institute of Science • Theft Prevention • Anti-Counterfeiting • Passports, Money Bills • Implanted Tags

  8. Implanted RFID tags

  9. RFID Tags vs. Barcodes

  10. How does it work?

  11. Tags • Contain an antenna and a small circuit • Purpose in life: broadcast an ID • Usually 128 bits • Very small - a few millimeters • “Cost Barrier” – 5 cent per tag • Two subgroups: • Active Tags • Passive Tags Integrated Circuit 4 x 4 mm

  12. Active Tags • Can initiate communication on their own • Transmit, looking for a reader • Range can be over 100 meters • Require a power source • Consequently, expensive Active RFIF Tag Part of a monitoring system6.5 x 4 x 2 cm

  13. Passive Tags • No power source • Consequently, very cheap • Energy extracted from RF signal • Can’t initiate communication on their own • Need to receive energy before they can answer • Range up to 10 meters

  14. Readers • Power tags through RF signals • Usually connected to some database • Singulation (Anti-Collision) • Communicate with many tags at once • Still a bit expensive • Cheapest ones around 500$

  15. Singulation • A method used by readers • Goal: discover all present tags • Difficulty: If many tags answer together, answers get mixed up • The reader can’t separate their answers • Does know that more than one tag responded • Need a way to solve collisions…

  16. Tree Walking • The standard singulation protocol • Each round, readers looks for a n-bit prefix • Asks: “Who starts with 1010…?” • Tags answer with their next digit • If multiple tags answer, recurse on both (n+1) bits prefixes • For n tags and k identity bits, O(n*k) • In practice, a few seconds for a shopping cart

  17. Tree Walking - Example Who has “0“? Who has “10“? Who has “1“? Who has “ “? Who has “01“? Who has “00“? 0 0 0 0 1 1 1 1 010 011 011 011 011 101 101 101 101 010 010 010

  18. Frequencies • Various ranges • From 120 KHz to 10.6 GHz • Dictate passive read range • From 10cm to 10 meters, accordingly. • Can be used to ignore more distant tags

  19. Threats to user privacy

  20. Possible Attacks on RFID • Sniffing/Eavesdropping • Spoofing/Cloning • Tracking • Replay • Denial Of Service Not all attacks related to privacy!

  21. Privacy Concern – Unique Identification • Tags contain an identification code • EPC usually consists of 64-128 bits • Some bits indicate vendor and product ID • Others form a unique product ID • Tags becomes associated with a person! • Don’t even need to know item type

  22. Privacy Concern – Unique Identification (Continued) • Reading is done silently and remotely • Personal information can be gathered • Information about individuals’ habits: where you go, what you buy… • Physical tracking of people • Military and Corporate Espionage • Track down parts and components • Implanted Tags • Big Brother?

  23. The Difficulty • Need to keep the tags cheap • A wide range of systems and uses • No single solution suits everyone • Need to only block malicious readings • Defining the typical adversary • What sort of equipment? Readers, tags, scanners, etc… • What sort of abilities? • Can impersonate a reader? Connect to the DB? • Always present?

  24. Possible Solutions

  25. Our Scope • We focus on EPC (Electronic Product Code) RFID tags • Goal: prevent the adversary from associating a tag with a person

  26. Physical Blocks • Physically prevent RFID tags from transmitting • Aluminum foil lined wallets • Special cases for smart passports • Take off covers when transmission needed • Problem: only suitable for specific RFID tags • Led lined supermarket bags? • Commercial products already available Passport Case Available for 18$

  27. Zombie Tags • Tags contain a “kill” command • A supermarket might disable tags on checkout • Zombie tags don’t answer readers • Prevents association of people with their tags • Covers most privacy concerns • Problems: • Some applications need the tag alive • Alice’s milk carton • Return products to stores • Toll payment tags, implanted tags

  28. Privacy Bits • An approach proposed by Juels and Brainard (2004) • Tags broadcast a privacy bit – “its ok/not ok to read me” • Problem: readers may choose to obey policy • Corrupt readers risk being caught • How does the owner configure the tags? • Naïve solution…

  29. The obvious answer… Crypto! • Cryptographic solutions inherently expensive • Require computational power • Require more memory • Sometimes require source of randomness • Three approaches have been proposed: • Hash-Lock • Re-Encryption • Silent Tree Walking • So far, all too expensive to be practical • But we’ll have a look anyway…

  30. Hash-Lock (Weis et al, 2003) • Similar to a password • A tag can be locked by a reader • Locked tags don’t transmit until unlocked • Locked tags have an ID y • Can only be unlocked by x s.t. h(x) = y • h: standard one-way hash function • The consumer knows x, can unlock at home • When locked, cannot be associated with the owner

  31. Hash-Lock (Continuted) • Problems: • Tags still need to calculate h(x) • Expensive… • Many tags, hard to manage • Consumer might not be aware of all the tags he’s carrying

  32. Re-Encryption (Juels & Pappu 2003) • Mechanism to prevent counterfeiting of money bills • The idea: • Put an RFID tag inside the bill • Every bill has a unique ID • Encrypt the ID with a police public key • Periodically re-encrypt it • Can’t link different appearances of a given tag

  33. Re-Encryption (Continued) • Re-encryption done by external agents (in big stores, banks, etc) • Problems: • Costly infrastructure • Burdensome process • Often need to re-encrypt • People naturally lazy • Unclear just how effective the process is

  34. Silent Tree Walking(Weis et al, 2003) • Readers use singulation protocols • Most common: Tree Walking • It is sufficient to eavesdrop the reader to identify the tag (up to last bit) • A reader transmits much louder • Can be “heard” from further away • The idea: encrypt the reader’s requests • Makes eavesdropping harder

  35. Silent Tree Walking (Continued) • Problem: How to encrypt? • Tags have limited resources and no randomness • Need a shared reader-tag key beforehand • Makes the system impractical • Still, might be useful combined with other solutions…

  36. Blocker Tags(Juels, Rivest and Szydlo, 2003) • Using an exterior device to block tag readers • Enables a user to block the adversary • One blocker suffices for all tags • Cheap • Same price as a tag • Don’t have to change existing RFID tags • Can turn off at home…

  37. How do blocker tags work? • The idea: disrupt the singulation protocol • Trick the reader - make it think all tags are present • Makes reading useless • For instance, a tag that disrupts the tree walking algorithm • Always answers both 0 and 1 • Might require two antennas • The reader doesn’t know which tags exist

  38. Partial Blocking – Private Branch • The blocker will disrupt any reading around it • Can be configured to only disrupt “private branches” • Specific ID’s defined as private • Readers have no right to read them… • Can change the tree walking algorithm to avoid unneeded queries

  39. Tree Walking with a Blocker Who has “10“? Who has “01“? Who has “1“? Who has “0“? Who has “00“? Who has “ “? 0 0 0 0 0 1 1 1 1 1 100 010 011 011 011 011 101 101 101 100 101 101 101 Blocker Blocks 0* Blocker Blocks 0* 010 010 010

  40. Other Blocker Tag Issues • Can the blocker itself pose a privacy breech? • Can track a unique “private zone” • Allow only a few privacy policies? • Bob’s blocker may disrupt Alice’s readings • Can use a random “private zone” to avoid conflicts • Tradeoff with the previous bullet • Tailored for the tree walking algorithm • However, should be adjustable to any other algorithm as well • Can be used in Denial of Service attacks

  41. Conclusions • RFID is becoming cheap and widespread • It can easily disclose private information • Partial solutions: • Physical blocks • Zombie tags • Privacy Bits • Encryption schemes are effective, but require expensive tags and infrastructure • Only suitable for specific cases • Blocker tags are a cheap, effective solution for EPC RFID tags

  42. Thank you!

  43. References • “Squealing Euros: Privacy-Protection in RFID-Enabled Banknotes” by Juels and Pappu, 2003 • “Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems” by Weis et al, 2003 • “Selective Blocking of RFID Tags for Consumer Privacy” by Juels, Rivest & Szydlo, 2003 • “RFID Privacy: An Overview of Problems and Proposed Solutions” by Garfinkel, Juels & Pappu, 2005 • “RFID”, presentation by Alon Rosen

More Related