330 likes | 428 Vues
RFID Tags for Critical JSF Components/Sub-Assemblies. Alfio Grasso Deputy Director Auto-ID Lab, ADELAIDE. Agenda. Background on Auto-ID Lab RFID RFID Security & Authentication Primitives Project Activities Management Timescale Risks Deliverables Market Opportunities Conclusions.
E N D
RFID Tags for Critical JSF Components/Sub-Assemblies Alfio Grasso Deputy Director Auto-ID Lab, ADELAIDE
Agenda • Background on Auto-ID Lab • RFID • RFID Security & Authentication Primitives • Project Activities • Management • Timescale • Risks • Deliverables • Market Opportunities • Conclusions Australian JSF Advanced Technology and Innovation Conference Authentication of JSF Components & Sub-Assemblies
Adelaide, Auto-ID Lab Australian JSF Advanced Technology and Innovation Conference Authentication of JSF Components & Sub-Assemblies
The Auto-ID Laboratories Australian JSF Advanced Technology and Innovation Conference Authentication of JSF Components & Sub-Assemblies
Auto-ID Labs • One of 7 Auto-ID Labs around the world • MIT, USA • Cambridge, UK • Adelaide, Australia • Keio, Japan • Fudan, China • St Gallen, Switzerland • ICU, Korea Australian JSF Advanced Technology and Innovation Conference Authentication of JSF Components & Sub-Assemblies
Auto-ID Lab Advantage • RFID Lab has been operating for more than 3 decades • Commercial successes in RFID Commercialisation • RFID in Library, vehicle (toll, access), rail, waste management • International Collaboration • ASIC design, development and implementation • Collaboration with ChipTec • Security & Authentication • Design of compact metal mount tags • Beer kegs, wine closures, animal tags, • Standards Experience • ISO and EPCglobal • Intellectual Property • 21 patents • Know how Australian JSF Advanced Technology and Innovation Conference Authentication of JSF Components & Sub-Assemblies
RFID • Radio Frequency Identification • Automatic Data Capture • Uses RF to communicate • Basic Elements • Tags • Readers/Antennas • Host CPU Australian JSF Advanced Technology and Innovation Conference Authentication of JSF Components & Sub-Assemblies
Host CPU • Application • Do something with the tag information • Potential to generate massive amounts of data • Once installed it costs virtually NOTHING to read a tag! • Real time data => real time decisions • 0HIO (Zero Human Involvement Operations)* * Term defined by John Greaves, CHEP International Australian JSF Advanced Technology and Innovation Conference Authentication of JSF Components & Sub-Assemblies
Security Work • Elliptic Curve Cryptography • One Time Codes • Shrinking Generators • Physically Unclonable Functions Australian JSF Advanced Technology and Innovation Conference Authentication of JSF Components & Sub-Assemblies
Elliptic Curve Cryptography • Uses the discrete log problem • but over a finite abelian group of points x, y on an elliptic curve • y2 = x3 + a*x + b mod (p) • ECC keys can be shorter for the same security when compared with other systems • No mathematical proof of the difficulty has been published but the scheme is accepted as a standard by USA National Security Agency. • Keys must be large enough. • A 109 bit key has been broken (roughly same security to RSA 640) • 160 bits ECC - same security as RSA 1024 bits. • 224 bits ECC - same security as RSA 2048 bits. Australian JSF Advanced Technology and Innovation Conference Authentication of JSF Components & Sub-Assemblies
One Time Codes • Have available a set of purely random numbers in the tag and matching tag dependent number in a secure data based • Need a large supply to cater for many authentications • Options • Reserve a pair for final authentication by end user • Recharge in a secure environment • Assume an eavesdropper cannot be every where and use old codes for identity change for fresh reader or tag authentications Australian JSF Advanced Technology and Innovation Conference Authentication of JSF Components & Sub-Assemblies
Shrinking Generators • Two linear shift registers, A (data) and S (sampling), with different seeds, clocked together. • Outputs are combined as follows • If S is 1, output is A • If S is 0, there is no output and another clock is applied • This scheme has been resistant to cryptanalysis for 12 years. • No known attacks if • feedback polynomials are secret and • registers are too long for an exhaustive search. Australian JSF Advanced Technology and Innovation Conference Authentication of JSF Components & Sub-Assemblies
R1 LFSR Clock Q D Buffer Output (K) CLK CE R2 LFSR Shrinking Generator • Shrinking Generator • Minimal hardware complexity • Shrink the output from LFSR R1 • Produce irregular sequence K • Practical alternative to a one time pads • Known attacks have exp time complexity • Keep connection polynomials secret • Use maximum length LFSRs Australian JSF Advanced Technology and Innovation Conference Authentication of JSF Components & Sub-Assemblies
= y e ( x ) K Simple challenge-response protocol • Reader chooses a challenge, x, which is a random number and transmits it to the label. • The label computes and transmits the value y to the reader (here e is the encryption rule that is publicly known and K is a secret key known only to the reader and the particular label). • The reader then computes . • Then the reader verifies that. Australian JSF Advanced Technology and Innovation Conference Authentication of JSF Components & Sub-Assemblies
Physically Uncloneable Functions • Exploits gate and wire delay variations due to IC fabrication process • Use of PUFs on RFID tags to securely store keys • 800 challenge-response pairs to uniquely identify over 109 chips Australian JSF Advanced Technology and Innovation Conference Authentication of JSF Components & Sub-Assemblies
Editor of Security Book • Prof. Peter Cole and Damith Ranasinghe • Joint editors of a Springer-Verlag book, soon to be published • Networked RFID Systems and Lightweight Cryptography: Raising Barriers to Product Counterfeiting. Australian JSF Advanced Technology and Innovation Conference Authentication of JSF Components & Sub-Assemblies
Project Activities • Define User Requirements (Use Cases) • Investigate and document the uses of RFID in the JSF program • manufacturer, supply chain, deployment, support and maintenance • Develop at least one authentication scheme using passive RFID tags, based on one or more use cases • Develop Vendor Extensions to EPCglobal’s Class 1, Generation 2 standard to implement the authentication scheme, ISO 18000 Part 6 Type C • Design, Fabricate and Test the proposed vendor extensions to commercially available C1G2 ASIC implementations • Design RFID Tag Antennas for one or more use cases • Develop Demonstration Software for authentication based on C1G2 Vendor extensions • Undertake and participate in field trials • Provide documentation to JSF Industry Partners Australian JSF Advanced Technology and Innovation Conference Authentication of JSF Components & Sub-Assemblies
Theory of Operation • Commercial RFID C1G2 readers will be used to identify the tags • The unique identity (UID) stored on the tag is anticipated to be the DoD Identity Type as defined in EPCglobal’s Tag Data Standards V1.3 • The DoD Construct identifier is defined by the United States Department of Defense. (http://www.dodrfid.org/supplierguide.htm) Australian JSF Advanced Technology and Innovation Conference Authentication of JSF Components & Sub-Assemblies
Secure Data • Once the reader identifies the UID (unique identifier), the reader passes the UID to the Application • The Application uses a secure connection to a secure database to determine the authentication codes applicable to the Tag. • The application then encrypts and sends the appropriate authentication code, via a C1G2 Vendor extension to the tag. Australian JSF Advanced Technology and Innovation Conference Authentication of JSF Components & Sub-Assemblies
Tag Confirms Legitimate Reader • Once the tag receives the encrypted authentication code via the vendor extension, if valid it will respond with its authentication code, also encrypted. • If not valid it will respond with a random number • In both cases care will be taken to prevent side channel attacks • e.g. by monitoring Power Supply Australian JSF Advanced Technology and Innovation Conference Authentication of JSF Components & Sub-Assemblies
Verification by Reader • Once the encrypted response is received and verified • The Tag has authenticated the RFID Reader, and • The RFID Reader has authenticated the Tag Australian JSF Advanced Technology and Innovation Conference Authentication of JSF Components & Sub-Assemblies
Project Plan Australian JSF Advanced Technology and Innovation Conference Authentication of JSF Components & Sub-Assemblies
Timescale • Use cases developed in the first year • ASIC implementation in the second year • Testing, Field Work and Documentation in the third year • Seeking Industry Partner • Assist in use case definitions • Application Software Commercialisation • Tag Rollout • First products in 2010 • Ongoing and through life support Australian JSF Advanced Technology and Innovation Conference Authentication of JSF Components & Sub-Assemblies
Risk Management • 18 Risks Identified • Likelihoods Low to Medium • Commercial Participation (Medium) • Technical Risks (Low) • Schedule Risks (Low) • Impact Low to High • Commercial Participation (High) • Technical Risks (Low) • Schedule Risks (Low) Australian JSF Advanced Technology and Innovation Conference Authentication of JSF Components & Sub-Assemblies
Deliverables • Use Case Report • ASIC Implementation Plan • ASIC Design • Field Trial Report • Design Package Australian JSF Advanced Technology and Innovation Conference Authentication of JSF Components & Sub-Assemblies
JSF Block Development • Assuming a 2007 start, JSF Block 4 is the earliest possible deployment Australian JSF Advanced Technology and Innovation Conference Authentication of JSF Components & Sub-Assemblies
Industrial Partnerships • Assist in the research in developing use cases • Develop systems for the deployment of RFID tags for JSF components and sub-assemblies. • Develop, possibly with further collaboration with the Auto-ID Lab Adelaide other use case solutions. • Develop, possibly with further collaboration with the Auto-ID Lab, Adelaide other RFID antenna form factors. • Develop and commercialise the prototype software, which was used to demonstrate one or more use cases, into system software for the deployment of the technology into JSF programs. • Develop commercial applications of the RFID tags for non-military applications. • Develop commercial applications of the System Software for non-military applications. • Provide operational support, needs analysis and logistics, to manage the deployment of the technology into JSF programs, throughout the JSF life span. Australian JSF Advanced Technology and Innovation Conference Authentication of JSF Components & Sub-Assemblies
Commercial Market • Authentication and anti-counterfeiting a world problem, OECD reports that counterfeits are • 50% of motion pictures • 40% of business software • 33% of music • 10% of clothing • 10% of automobile spares • 10% of the world’s pharmaceuticals • US and others mandating Pedigree Laws • Solutions developed have huge commercial opportunities Australian JSF Advanced Technology and Innovation Conference Authentication of JSF Components & Sub-Assemblies
Conclusions • RFID has low to moderate technical risk • Auto-ID Lab commercial success in RFID developments • Significant research already undertaken in RFID and security/authentication • Looking NOW for Industrial Partners • Significant opportunity for JSF • Australia & International • Significant JSF and Commercial opportunities for Industrial Partner(s) Australian JSF Advanced Technology and Innovation Conference Authentication of JSF Components & Sub-Assemblies