1 / 37

New Directions in Detection, Security and Privacy for RFID

New Directions in Detection, Security and Privacy for RFID. Leonid Bolotnyy and Gabriel Robins Department of Computer Science, UVa. Thesis.

mei
Télécharger la présentation

New Directions in Detection, Security and Privacy for RFID

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. New Directions in Detection, Security and Privacy for RFID Leonid Bolotnyy and Gabriel Robins Department of Computer Science, UVa

  2. Thesis Multi-tags, “yoking-proofs”, and physical unclonable functions can improve reliability, security, and privacy in radio frequency identification (RFID) systems.

  3. Progress • L. Bolotnyy and G. Robins, Multi-Tag Radio Frequency Identification Systems, IEEE Workshop on Automatic Identification Advanced Technologies (AutoID), pp. 83-88, 2005 • L. Bolotnyy and G. Robins, Randomized Pseudo-Random Function Tree Walking Algorithm for Secure Radio Frequency Identification, IEEE Workshop on Automatic Identification Advanced Technologies (AutoID), pp. 43-48, 2005 • L. Bolotnyy and G. Robins, Generalized ‘Yoking-Proofs’ for a Group of RFID Tags, IEEE International Conference on Mobile and Ubiquitous Systems (Mobiquitous), 2006 • L. Bolotnyy and G. Robins, PUF-Based Security and Privacy in RFID Systems, IEEE International Conference on Pervasive Computing (PerCom), 2007 • Several additional papers in progress • NSF Cyber Trust proposal (submitted January 2007) • Deutsche Telekom (largest in EU) offered to patent our multi-tags idea

  4. passive semi-passive active signal signal Reader antenna Reader antenna Inductive coupling Backscatter coupling Introduction • RFID • Tags types: • Frequencies: Low (125KHz), High (13.56MHz), UHF (915MHz) • Coupling methods:

  5. Radar invented - 1935 • EAS invented - early 1960’s • First RFID patent filed - 1973 • First RFID book published - 1999 • Auto-ID Center formed - 1999 • EPCglobal formed - 2004 • First RFID game marketed - 2006 History

  6. Thesis Proposal • Improve tag detection • Improve security and privacy Auditing algorithms for RFID “Yoking-Proofs” Inter-tag communication Definition of privacy PUF-based security Algorithms PUF design

  7. Why Multi-Tag RFID? • Bar-codes vs. RFID • line-of-sight • scanning rate • Unreliability of tag detection • radio noise is ubiquitous • liquids and metals are opaque to RF • milk, water, juice • metal-foil wrappers • Wal-Mart experiments (2005) • 90% tag detection at case level • 95% detection on conveyor belts • 66% detection of individual items inside fully loaded pallets • Our preliminary experiments support data above

  8. Applications of Multi-Tags

  9. B-field • Optimal Tag Placement: 4 β 3 2 1 The Power of an Angle • Inductive coupling: voltage ~ sin(β), distance ~ (power)1/6 • Far-field propagation: voltage ~ sin2(β), distance ~ (power)1/2

  10. Benefits and Costs of Multi-Tags • PROS • increases expected induced voltage on tag • increases operational range of system • increases memory per object • improves availability • improves reliability • improves durability • provides potential security enhancement • new applications • CONS • increases system cost • modestly complicates manufacturing • potentially increases tags’ interrogation time

  11. Experimental Apparatus and Experiments with Multi-Tags • Equipment • Experiments • Measure detection of ~20 multi-tagged objects • With/without metals and liquids • Rotate multi-tagged object mixes • 1, 2, 3, & 4 tags per object • Vary tag, reader, and antenna types • Vary distances, geometry, power • Multi-tags vs. multiple readers

  12. 2 Readers, 2 Tags 86.6% 1 Reader, 2 Tags 82.6% 1 Reader, 1 Tag 57.8% 2 Readers, 1 Tag 63.9% Δ= 4.0% Δ=22.7% Δ=18.7% Δ= 6.1% Δ=24.8% Preliminary Experimental Results 1 0.9 0.8 0.7 0.6 Average Detection Probability 0.5 0.4 0.3 0.2 0.1 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 Object Number

  13. privacy Security and Privacy in RFID • Privacy A B C Alice was here: A, B, C

  14. σ (m) m Security and Privacy in RFID • Privacy: difficult to track tags • Security • Secure Identification f(r, ID) f(c) • Tag Authentication c • Message Authentication • Ownership Transfer • Auditing

  15. “Yoking-Proofs” • Yoking: joining together / simultaneous presence of multiple tags • Key Observation: Passive tags can communicate with each other through reader • Problem Statement: Generate proof that a group of passive tags were identified nearly-simultaneously • Applications – verify that: • medicine bottle sold together with instructions • tools sold together with safety devices • matching parts were delivered together • several forms of ID were presented • a group of people was present at a meeting

  16. Assumptions and Goals • Assumptions • Tags are passive • Tags have limited computational abilities • Tags can compute a keyed hash function • Tags can maintain some state • Verifier is trusted and powerful • Solution Goals • Allow readers to be adversarial • Make valid proofs improbable to forge • Allow verifier to verify proofs off-line • Detect replays of valid proofs • Timer on-board a tag • FCC regulations: protocol termination < 400ms • Capacitor discharge can implement timeout

  17. Generalized “Yoking-Proof” Protocol Idea: construct a chain of mutually dependent MACs 1 2 3 5 4 Anonymous Yoking: tags keep their identities private Speedup yoking protocols by splitting chain into arcs

  18. Inter-Tag Communication in RFID • Idea: heterogeneity in ubiquitous computing • “Yoking proofs” • Battery-less sensing • Tags as mailboxes • Tags as proxies • Location access control • Tags partitioned into groups • Group leader in charge of authentication and access control • Subordinate reader-tag authentication

  19. PUF-Based Security and Privacy • Digital crypto implementations require 1000’s of gates • Low-cost alternatives • Pseudonyms / one-time pads • Low complexity / power hash function designs • Hardware-based solutions • Definition of privacy that incorporates hardware attacks • PUF definition • Security is based on: • wire delays • gate delays • quantum mechanical fluctuations • PUF characteristics • uniqueness • reliability • unpredictability

  20. Identification Sequence: ID, p(ID), …, pk(ID) • It is important to have • a reliable PUF • no loops in PUF chains • no identical PUF outputs • no impersonation attacks • Authentication Pairs: c1, p(c1), c2, p(c2), ..., cn, p(cn) • MAC based on PUF • Motivation: “yoking-proofs”, signing sensor data • large keys • cannot support arbitrary messages • Verify that at least the desired fraction of challenge-response pairs is correct • Large message set • Small message set PUF-Based Algorithms

  21. PUF-Based Ownership Transfer • Ownership Transfer • To maintain privacy we need • ownership privacy • forward privacy • Physical security is especially important • Solutions • public key cryptography • knowledge of owners sequence • trusted authority • short period of privacy

  22. algorithm # of gates MD4 MD5 SHA-256 AES Yuksel PUF 7350 8400 10868 3400 1701 545 Comparison of PUF With Digital Hash Functions • Reference PUF: 545 gates for 64-bit input • 6 to 8 gates for each input bit • 33 gates to measure the delay • Low gate count of PUF has a cost • probabilistic outputs • difficult to characterize analytically • non-unique computation • extra storage • Different attack target for adversaries • model building rather than key discovery • Physical security • hard to break tag and remain undetected

  23. PUF Design • Attacks on PUF • impersonation • modeling • hardware tampering • side-channel • Weaknesses of existing PUF reliability • New PUF design • no oscillating circuit • sub-threshold voltage • Compare different non-linear delay approaches

  24. Conclusion and Research Plan • Contributions • Multi-Tags • tag objects with multiple tags to improve detection • Security and Privacy • Yoking proofs • Inter-tag communication • Hardware-based security • PUFs • Plan for the next 5 months • finish multi-tag experiments • define privacy w.r.t. physical attacks • design / evaluate improved PUF circuits • publish more papers

  25. Bolotnyy and Robins, Multi-Tag Radio Frequency Identification Systems,IEEE Workshop on Automatic Identification Advanced Technologies (AutoID), pp. 83-88, 2005 • Bolotnyy and Robins, Randomized Tree Walking Algorithm for Secure RFID, IEEE Workshop on Automatic Identification Advanced Technologies (AutoID), pp. 43-48, 2005 • Bolotnyy and Robins, Generalized ‘Yoking-Proofs’ for a Group of RFID Tags, IEEE International Conference on Mobile and Ubiquitous Systems (Mobiquitous), 2006 • Bolotnyy and Robins, PUF-Based Security and Privacy in RFID Systems, IEEE International Conference on Pervasive Computing (PerCom), 2007

  26. Back Up Slides

  27. Related Work on Multi-Tags • Two-antennas per tag to determine location • Four tags per object to determine movement direction • Multiple tags to increase reliability (for visually impaired) • Random placement of two tags on playing cards • Splitting tag ID into Class ID and Pure ID • Up to three tags to determine object-person interaction

  28. Redundant Tags • Complimentary Tags • Dual-Tags • Own Memory Only • Shared Memory Only • Own and Shared Memory • Triple-Tags • n-Tags Types of Multi-Tags

  29. Detection Distance with Multi-Tags

  30. Effects of Multi-Tags on Anti-Collision Algorithms Algorithm Redundant Tags Dual-Tags *If Dual-Tags communicate to form a single response **Assuming an object is tagged with two tags

  31. Related Work on “Yoking-Proofs” • Juels [2004] • protocol is limited to two tags • no timely timer update (minor/crucial omission) • Saito and Sakurai [2005] • solution relies on timestamps generated by trusted database • violates original problem statement • one tag is assumed to be more powerful than the others • vulnerable to “future timestamp” attack • Piramuthu [2006] • discusses inapplicable replay-attack problem of Juels’ protocol • independently observes the problem with Saito/Sakurai protocol • proposed fix only works for a pair of tags • violates original problem statement

  32. Speeding Up The Yoking Protocol Idea: split cycle into several sequences of dependent MACs starting / closing tags Requires • multiple readers or multiple antennas • anti-collision protocol

  33. Related Work on PUF • Optical PUF [Ravikanth 2001] • Silicon PUF [Gassend et al 2002] • design, implementation, simulation, manufacturing • authentication algorithm • controlled PUF • PUF in RFID • off-line reader authentication using public key cryptography [Tuyls et al 2006]

  34. GetID probv(n) ID GetResponse(c1) n n i μi(1-μ)n-i probv = 1 -∑ p(c1) i=t+1 . . . probf(n) GetResponse(cn) p(cn) n n j τj(1- τ)n-j probf = 1 -∑ j=t+1 α < probv ≤ 1 and probf ≤ β ≤ 1 0 ≤ t ≤ n-1 PUF-Based Authentication Reader Tag

  35. PUF-Based Identification Algorithm • Tag stores its identifier: ID • Database stores: ID, p(ID), …, pk(ID) • Upon reader’s query, the tag • responds with p(ID) • updates its ID with p(ID) • It is important to have • a reliable PUF • no loops in PUF chains • no identical PUF outputs • Assumptions • passive adversaries (otherwise, denial of service possible) • physical compromise of tags not possible • reliable PUF

  36. valid signature σ: υ (M, σ) = 1 K • forged signature σ’ : υ (M’, σ’) = 1, M = M’ K • Large message set σ (m) =c, r1, ..., rn, pc(r1, m), ..., pc(rn, m) • Small message set σ (m) =c, pc(1)(m), ..., pc(n)(m), ..., c+q-1, pc+q-1(1)(m), pc+q-1(n)(m) PUF-Based MAC Algorithms • MAC = (K, τ, υ) • Need to protect against replay attacks • MAC based on PUF • large keys • cannot support arbitrary messages • Motivational example: buyer/seller

  37. s1,2 s2,4 s2,5 s3,8 s3,9 s3,10 Using PUF to Detect and Restore Privacy of Compromised System s1,0 s1,1 s2,0 s2,1 s2,2 s2,3 s3,0 s3,1 s3,2 s3,3 s3,4 s3,5 s3,6 s3,7 • Detect potential tag compromise • Update secrets of affected tags

More Related