Ch. 17: Security of RFID
description
Transcript of Ch. 17: Security of RFID
![Page 1: Ch. 17: Security of RFID](https://reader036.fdocuments.in/reader036/viewer/2022062423/56814428550346895db0c3d6/html5/thumbnails/1.jpg)
1
Ch. 17:Ch. 17:Security of RFIDSecurity of RFID
•slide 1
![Page 2: Ch. 17: Security of RFID](https://reader036.fdocuments.in/reader036/viewer/2022062423/56814428550346895db0c3d6/html5/thumbnails/2.jpg)
2
Roles of RFID applicationsRoles of RFID applications
•slide 2
Tags Reader Server(Database)
Secure
channel
Slides modified from presentation by Prof. HM
Sun
![Page 3: Ch. 17: Security of RFID](https://reader036.fdocuments.in/reader036/viewer/2022062423/56814428550346895db0c3d6/html5/thumbnails/3.jpg)
3
Security Problems of RFIDSecurity Problems of RFID
EavesdroppingHot-listing
◦Attacker has special interests in certain items
Replay attackCloningTracingData forgingDenial of Service
•slide 3
Fundamental problem:
Lack of mutual authentication
![Page 4: Ch. 17: Security of RFID](https://reader036.fdocuments.in/reader036/viewer/2022062423/56814428550346895db0c3d6/html5/thumbnails/4.jpg)
4
Physical Solutions for RFIDPhysical Solutions for RFID
•slide 4
![Page 5: Ch. 17: Security of RFID](https://reader036.fdocuments.in/reader036/viewer/2022062423/56814428550346895db0c3d6/html5/thumbnails/5.jpg)
5
Physical SolutionsPhysical Solutions
Kill tag after purchaseFaraday cageActive jamming
◦Disables all RFID, including legitimate applications
◦GuardianBlocker Tag
•slide 5
![Page 6: Ch. 17: Security of RFID](https://reader036.fdocuments.in/reader036/viewer/2022062423/56814428550346895db0c3d6/html5/thumbnails/6.jpg)
6
Special command permanently de-activates tag after the product is purchased
Disables many futuristic applications
Killing approachKilling approach
•slide 6
Referencewww.rsa.com/rsalabs/staff/bios/ajuels/
![Page 7: Ch. 17: Security of RFID](https://reader036.fdocuments.in/reader036/viewer/2022062423/56814428550346895db0c3d6/html5/thumbnails/7.jpg)
7
Container made of foil or metal mesh, impenetrable by radio signals of certain frequencies◦ Shoplifters are already known to use foil-lined bags
Maybe works for a wallet, but huge hassle in general
Faraday CageFaraday Cage
•slide 7
Referencewww.rsa.com/rsalabs/staff/bios/ajuels/
![Page 8: Ch. 17: Security of RFID](https://reader036.fdocuments.in/reader036/viewer/2022062423/56814428550346895db0c3d6/html5/thumbnails/8.jpg)
8
Blocker Tag Blocker Tag (The R(The RXXA Pharmacy)A Pharmacy)
•slide 8
Referencehttp:// www.rfidjournal.com
![Page 9: Ch. 17: Security of RFID](https://reader036.fdocuments.in/reader036/viewer/2022062423/56814428550346895db0c3d6/html5/thumbnails/9.jpg)
9
Active Jamming Active Jamming (Guardian)(Guardian)A mobile battery-powered device
that offers personal RFID security and privacy management.
•slide 9
Referencehttp:// www.rfidguardian.org
![Page 10: Ch. 17: Security of RFID](https://reader036.fdocuments.in/reader036/viewer/2022062423/56814428550346895db0c3d6/html5/thumbnails/10.jpg)
10
How Does the Reader Read a Tag?How Does the Reader Read a Tag?
When the reader sends a signal, more than one RFID tag may respond: this is a collision◦ Reader cannot accurately read information from more
than one tag at a timeReader must engage in a special singulation
protocol to talk to each tag separatelyTree-walking is a common singulation method
◦ Used by 915 Mhz tags, expected to be the most common type in the U.S.
•slide 10
Referencewww.cs.utexas.edu/~shmat/
![Page 11: Ch. 17: Security of RFID](https://reader036.fdocuments.in/reader036/viewer/2022062423/56814428550346895db0c3d6/html5/thumbnails/11.jpg)
11
Blocker Tag : Tree WalkingBlocker Tag : Tree Walking
•slide 11
000 001 010 011 100 101 110 111
Every tag has a k-bit identifier
prefix=0
prefix=00 prefix=01
prefix=10 prefix=11
prefix=1Reader broadcastscurrent prefix
Each tag with this prefixresponds with its next bit
If responses don’t collide,reader adds 1 bit to currentprefix, otherwise tries both possibilities
This takes O(k number of tags)
Referencewww.cs.utexas.edu/
~shmat/
![Page 12: Ch. 17: Security of RFID](https://reader036.fdocuments.in/reader036/viewer/2022062423/56814428550346895db0c3d6/html5/thumbnails/12.jpg)
12
Blocker Tag : ExampleBlocker Tag : Example
•slide 12
000 001 010 011 100 101 110 111
prefix=0
prefix=00 prefix=01
prefix=10 prefix=11
prefix=1
1. Prefix=“empty”
Next=0Next=1
Next=1
Collision!
1a. Prefix=0
Next=0
No collision
2. Prefix=00
1b. Prefix=1
2. Prefix=11
No collision
Next=1
3. ID=001
Talk to tag 001
No collision
Next=1
Next=1
Collision!
Next=1
Next=0
3a. ID=110
Talk to tag 110
3b. ID=111
Talk to tag 111
Referencewww.cs.utexas.edu/
~shmat/
![Page 13: Ch. 17: Security of RFID](https://reader036.fdocuments.in/reader036/viewer/2022062423/56814428550346895db0c3d6/html5/thumbnails/13.jpg)
13
Blocker TagBlocker Tag
A form of jamming: broadcast both “0” and “1” in response to any request from an RFID reader◦Guarantees collision no matter what tags are
presentTo prevent illegitimate blocking, make
blocker tag selective (block only certain ID ranges)◦E.g., blocker tag blocks all IDs with first bit=1◦ Items on supermarket shelves have first bit=0
Can’t block tags on unpurchased items (anti-shoplifting)◦After purchase, flip first bit on the tag from 0 to
1•slide 13
[Rivest, Juels, Szydlo]
Referencewww.cs.utexas.edu/
~shmat/
![Page 14: Ch. 17: Security of RFID](https://reader036.fdocuments.in/reader036/viewer/2022062423/56814428550346895db0c3d6/html5/thumbnails/14.jpg)
1414
行動票券之安全議題
* slides modified from presentation by 何煒華
高鐵車票
![Page 15: Ch. 17: Security of RFID](https://reader036.fdocuments.in/reader036/viewer/2022062423/56814428550346895db0c3d6/html5/thumbnails/15.jpg)
1515
安全議題
竄改偽造盜用複製、重複使用移轉 (vs. 複製 )
![Page 16: Ch. 17: Security of RFID](https://reader036.fdocuments.in/reader036/viewer/2022062423/56814428550346895db0c3d6/html5/thumbnails/16.jpg)
16
Summary
Security Concerns of RFIDSecurity Concerns of 行動票券