280 likes | 455 Vues
Written by: Ari Juels Presented by Carlos A. Lopez. RFID Security and Privacy: A Research Survey. Outline. Introduction Basic RFID Tags Symetric-Key Tags RFID News. Definition. RFID: Is a technology for automated identification of objetcs and people RFID devices are called “RFID Tags”
E N D
Written by: Ari Juels Presented by Carlos A. Lopez RFID Security and Privacy: A Research Survey
Outline • Introduction • Basic RFID Tags • Symetric-Key Tags • RFID News
Definition • RFID: Is a technology for automated identification of objetcs and people • RFID devices are called “RFID Tags” • Small Microchip (Itachi Mu-chip 0.002x0.002in) • Transmit data over the air • Responds to interrogation • Possible successor of barcodes • EPCGlobal Inc Oversees the development of standards
RFID Overview ID:2342341456734 Credit Card #8163 3534 9234 9876 Radio signal (contactless) Range: from 3-5 inches to 3 yards Tags (transponders) Attached to objects, “call out” identifying data on a special radio frequency Reader (transceiver) Reads data off the tags without direct contact Database Matches tag IDs to physical objects
Reading Tags • The read process starts when an RFID reader sends out a query message • Invites all tags within range to respond • More than one RFID tag may respond at the same time • This causes a collision • Reader cannot accurately read information from more than one tag at a time • Reader must engage in a special singulation protocol to talk to each tag separately
Barcode Replacement • Unique Identification • Type of Object Vs. Unique among millions • Act as a pointer to a database • Automation • Optically scanned • Line-of-sight • Contact with readers • Careful physical position • Requires human intervention
RFID Standards Some standards that have been made regarding RFID technology include: • ISO 14223/1 – RFID of Animals, advanced transponders • ISO 14443: HF (13.56 MHz) RFID-enabled passports under ICAO 9303. • ISO 15693: HF (13.56 MHz) used for non-contact smart payment and credit cards • ISO/IEC 18000 - 7 different Parts • ISO 18185: "e-seals" for tracking cargo containers using the 433 MHz and 2.4 GHz frequencies. • EPCglobal - Most likely to undergo International Standardization according to ISO rules as with all sound standards in the world.
Tag Types • Passive: • All power comes from a reader’s signal • Tags are inactive unless a reader activates them • Cheaper and smaller, but shorter range • Semi-passive • On-board battery, but cannot initiate communication • Can serve as sensors, collect information from environment: for example, “smart dust” for military applications • Active: • On-board battery power • Can record sensor readings or perform calculations in the absence of a reader • Longer read range
Human-implantable RFID Applications • Supply-chain management • logistics, inventory control, retail check-out • Payment systems • ExxonMobil SpeedPass • I-Pass/EZ-Pas/Smart Tag toll systems • Credit Cards • Access Control • Passports • Library books • Hospital and Health Centers • Money - Yen and Euro banknoter anti-counterfeiting • Animal Tracking - and Human???
Wig model #4456 (cheap polyester) Das Kapitaland Communist-party handbook 1500 Euros in wallet Serial numbers: 597387,389473… 30 items of lingerie The consumer privacy problem Here’s Mr. BOB in 2015… Replacement hip medical part #459382
…the tracking problem Wig serial #A817TS8 • Mr. Bob pays with a credit card - his RFID tags now linked to his identity determines level of customer service • Mr. Bob attends a political rally - law enforcement scans his RFID tags • Mr. Jones wins Award - physically tracked by paparazzi via RFID • Read ranges of a tag • Nominal Range – Range intend to operate • Rogue Scanning Range –Powerful antenna amplifies the read range • Tag-To-Reader Eavesdropping range – A second reader can monitor the resulting tag emission • Reader-to-Tag eavesdropping range - Sometimes the reder send information with a greater power than the tags.
CURRENT BALANCE Travel history: visited stations and dates WMATA Smart Trip RFID
…and the authentication problem Wig serial #A817TS8 • Privacy: Misbehaving readers harvesting information from well-behaving tags • Authentication: Well-behaving readers harvesting information from misbehaving tags, particularly counterfeit ones
Basic RFID tags Vs. Symmetric Key tags • Cannot: • Execute standards cryptographic operations • Strong Pseudorandom number generation • Hashing • Low-cost tags • EPC tags • Used in most gates
Privacy • Killing and Sleeping • Re-naming approach • Relabeling • Minimalist cryptography • Encryption • The proxy approach • Watchdog Tag • RFID Guardian • Distance Measurement • Blocking • Soft-blocking • Trusted Computing
Returning to basic issue of privacy:Kill codes • EPC tags have a “kill” function • On receiving password, tag self-destructs • Tag is permanently inoperative • No post-purchase benefits • Developed for EPC to protect consumers after point of sale • “Dead tags tell no tales” • Privacy is preserve • Why not sleep them? • Would be difficult to manage in practice – Users might have to manage her PIN for her tags
Privacy (Cont 2) • Re-naming approach • Even if the tag has no intrinsic meaning it can still enable tracking (Solution: Change over time) • Relabeling • Consumer are equipped to re-label tags with new identifier, but able to reactive old information • Minimalist cryptography • Change names each time is interrogated • Encryption • Re-Encryption • Public Key cryptosystem • Periodically re-encrypted by law enforcement • Universal Re-encryption
Privacy (Cont 3) • The proxy approach • Watchdog Tag • RFID Guardian
Please show reader certificate and privileges So what might solve our problems? • Higher-powered intermediaries like mobile phones • RFID “Guardian” and RFID REP (RFID Enhancer Proxy)
Privacy (Cont 4) • Distance Measurement • Distance as a measure of trust • A tag might release general information “I’m attached to a bottle of water” when scanned at a distance, but release more specific information, like unique identifier at a close range.
Privacy (Cont 5) • Blocking • Scheme depends on the incorporation of a modifiable bit called a privacy bit • It uses a blocking tag which prevents unwanted scanning of tag on a private zone • Soft-blocking -On the reader “Do not scan tags whose privacy is on” • Trusted Computing
Authentication • ECP tags Class-1 Gen-2 have no explicit anti-counterfeiting features • Yoking: Is a protocol that provides cryptographic proof that 2 tags have been scanned simultaneously to try to solve that the reader actually reads what is trying to scan.
Symmetric-Key Tags (capable of computing symmetric key) • Cloning • With a simple challenge-response protocol a tag T, can authenticate itself to a reader that shares the key Ki • The tag transmit Ti • The reader generates a random bit string R • The tag computes H=h(Ki,R) and transmits H • The reader verifies H =h(Ki,R) • Digital Signature Transponders ( created by Texas Instrument and used by Speedpass) • Based on the secrecy of the algorithm “Security through obscurity” was crack by student at Johns Hopkins • Reverse-Engineering • Key cracking • Simulation • Reverse - Engineering and side channels • Relay Attacks • Man-in-the-middle attacks can bypass any cryptographic protocol
Privacy • Symmetric-Key Management Problem • Leads to a paradox • A tag identifies itself before authenticating the readers • The tag emits it identifier Ti • So the reader can learn the identity of the tag • Privacy unachievable • Tag emits where P is a input value • Once receiving E, the reader searches all the spaces of tags keys, trying to decrypt E under every key K until its obtains P (The reader has all the tag’s key on it)
Privacy • Literature • Tree approach • Proposed approach where a tag contains more than one symmetric key in a hierarchical structure define by a tree S. • Every node has a unique key • Each tag is assigned to a unique leaf • It contains the key defined by the path from the root S to the leaf • Can be useful for: • A tag holder can transfer ownership of an RFID tag to another party, while history remains private • A centralized authority with full tag information can provision readers to scan particular tags over limited windows time • Synchronization approach • Symmetric-key primitive • The European network for excellence in cryptographic is evaluating 21 candidates stream ciphers
So what might solve our problems? • Cryptography! • Urgent need for cheaper hardware for primitives and better side-channel defenses • Some of talk really in outer limits, but basic caveats are important: • Pressure to build a smaller, cheaper tags without cryptography • RFID tags are close and personal, giving privacy a special dimension • RFID tags change ownership frequently • Key management will be a major problem • Think for a moment after this talk about distribution of kill passwords… • Are you ready for the Verichip?
RFDI News • RFID Passports cracked - http://blog.wired.com/sterling/2006/11/arphid_watch_fi.html • Can Aluminum Shield RFID Chips? - http://www.rfid-shield.com/info_doesitwork.php • RFID chips can carry viruses - http://arstechnica.com/news.ars/post/20060315-6386.html • Nightclub allows entry by RFID’ - http://www.prisonplanet.com/articles/april2004/040704bajabeachclub.htm • Demo: Cloning a Verichip - http://cq.cx/verichip.pl