130 likes | 228 Vues
Protecting RFID Communications in Supply Chains. Yingjiu Li & Xuhua Ding School of Information Systems Singapore Management University. Background. RFID. Each tag has a globally unique identification number . RFID tag has very weak computation power. RFID tag has very limited storage.
E N D
Protecting RFID Communications in Supply Chains Yingjiu Li & Xuhua Ding School of Information Systems Singapore Management University
Background • RFID • Each tag has a globally unique identification number. • RFID tag has very weak computation power. • RFID tag has very limited storage.
Supply Chain Management • Supply Chain • A coordinated system of organizations moving a product from supplier to customer. Partner P4 Partner P2 Partner P3 Partner P1
Security Requirements • Authoritative Access • For a shipment to partner Pi, only Pi’s reader can access. • Authenticity • Only legitimate RIFD tags can be accepted • Unlinkability • Infeasible to determine whether two responses are from the same tag. • Supply Chain Visibility • Manager’s ability to track and identify the flow.
System Model • Consider a supply chain of N partners • P1, P2,…PN • Each has a pair of public/private keys. • Material flow: P1 P2 P3… PN • No assumption on global knowledge of the entire supply chain. • Assumption: • Attackers are unable to access the stored secrets by physically compromising RFID readers or tags. • Attackers are able to eavesdrop the interaction between RFID tags and legitimate readers • Attackers are able to interrogate RFID tags arbitrary times.
Tag Initialization Database initialization ID Secret mask Response … c1 C1k2 C2k2 Cnk2 cn The Protocol A high level view : P1 initializes all RFID tags with a secret key from its next Partner. Partner Pi downloads the list of ids from Pi-1, reads all the tags, updates the tags for Pi+1. P1 tags C1 C2 Cn k2: the secret key chosen by P2
r t=H(r) ? t RFID Read Protocol (by Partner Pi) Pi ID Secret mask Response t c1 h(rc1ki) c2 h(rc2ki) cx r h(rcxki) cn =cxki a a database Di ’ RFID tags
ID Secret mask Response c1 r1 c2 r2 a=kiki+1 b=H(acki) cx rx h(rcxki) ? b H(a ) cn rn database Di RFID Write Protocol (by Partner Pi) Pi =cxki =a= cxki+1 RFID tag
Read Protocol The readers are NOT authenticated. For a tag prepared for Pi, only Pi and Pi-1’s reader can extract its ID. Only legitimate tags are processed. Write Protocol For a tag prepared for Pi, only commands from Pi and Pi-1 will be accepted. Reveal no information to eavesdroppers. Security
a a Balancing Security and Performance Basic Idea: Batch process with a shared nounce, instead of a fresh nounce per tag. Pi r3 r1 r2 a a a a
processed by Pi ’ Unlinkability & Supply Chain Visibility Supply Chain Visibility Unlinkability • The ability to identify all tags and the present partner • by introducing an trusted authority and key escrow Are they the same tag?? A weaker notion than universal unlinkability.
Performance • Tag’s storage cost: <128 bits • Tag’s computation cost: 1 hash + 1 XOR for read; 1 hash + 2 XOR for write • Communication cost among Partners: the list of tag identifications, (not the whole database) • Computation cost for a Partner: • only hash, XOR and comparison are needed; • A major portion can be pre-computed; • suitable for batch processes; • Practical, since the bottleneck is the tag-reader communication delay;