Randomized PRF Tree Walking Algorithm for Secure RFID
description
Transcript of Randomized PRF Tree Walking Algorithm for Secure RFID
![Page 1: Randomized PRF Tree Walking Algorithm for Secure RFID](https://reader036.fdocuments.in/reader036/viewer/2022062315/56815da9550346895dcbd8bf/html5/thumbnails/1.jpg)
Leonid Bolotnyy and Gabriel Robins
Department of Computer Science
University of Virginia [email protected], [email protected]
Randomized PRF Tree Walking Algorithm for
Secure RFID
![Page 2: Randomized PRF Tree Walking Algorithm for Secure RFID](https://reader036.fdocuments.in/reader036/viewer/2022062315/56815da9550346895dcbd8bf/html5/thumbnails/2.jpg)
Talk Outline
• Identification Problem– Secure Binary-Tree Walking Algorithm
• Reader-tag Authentication Problem• Multi-tag RFID Systems
![Page 3: Randomized PRF Tree Walking Algorithm for Secure RFID](https://reader036.fdocuments.in/reader036/viewer/2022062315/56815da9550346895dcbd8bf/html5/thumbnails/3.jpg)
Identification Problem
Tag IDTag ID
TagsReader
Local Server
![Page 4: Randomized PRF Tree Walking Algorithm for Secure RFID](https://reader036.fdocuments.in/reader036/viewer/2022062315/56815da9550346895dcbd8bf/html5/thumbnails/4.jpg)
Secure Identification Problem
Tag IDTag ID
TagsReader
Local Server
![Page 5: Randomized PRF Tree Walking Algorithm for Secure RFID](https://reader036.fdocuments.in/reader036/viewer/2022062315/56815da9550346895dcbd8bf/html5/thumbnails/5.jpg)
Passive vs. Active Adversary
Reader Tag Eavesdropper
Backward Range
Forward Range
![Page 6: Randomized PRF Tree Walking Algorithm for Secure RFID](https://reader036.fdocuments.in/reader036/viewer/2022062315/56815da9550346895dcbd8bf/html5/thumbnails/6.jpg)
Secure Binary-Tree Walkingi. Each tag generates a random numberii. Reader tree-walks these random numbersiii. Selected tag transmits its real-ID
Traverse(i, count) := Read random bit if collision on detected: Suspend all tags with == 1 Each suspended tag stores Traverse(i+
i
i
i
b ib
bi
1, 0) Wake up tags suspended on bit Traverse(i+1, 0) else if no collision on detected: if(count > threshold) Tree-Walk rem
i
i
b
aining tags else Traverse(i+1, count+1)
R. Rivest, S. Weis, EPCglobal, Inc.
0 1
11
111
10
110101100
01
011010
00
001000
![Page 7: Randomized PRF Tree Walking Algorithm for Secure RFID](https://reader036.fdocuments.in/reader036/viewer/2022062315/56815da9550346895dcbd8bf/html5/thumbnails/7.jpg)
Algorithm AnalysisMajor questions about the algorithm:
1. How to deal with collisions on real-IDs?2. How to choose optimal random number length?3. How to choose the threshold?
Number of tags per random number will have a Poisson distribution
( , ) * *cos bith n m t m t
(Expected number of random IDs with k tags)
(Expected total number of colliding tags)
(Cost function)
where t is the smallest exponent for which
2mn
( , , ) * *2!
kmf n m k e
k
2
2
( , ) ( , , )m
k
g n m f n m k k
1( ( , ), ) 1t tg m n mg g 2( , ) ( ( , ), )m n g g m n mg
n: number of tags, m: random number length
![Page 8: Randomized PRF Tree Walking Algorithm for Secure RFID](https://reader036.fdocuments.in/reader036/viewer/2022062315/56815da9550346895dcbd8bf/html5/thumbnails/8.jpg)
Optimal random number lengthUse average n over many traverse runs
309 ,200010 ,52 mnk
![Page 9: Randomized PRF Tree Walking Algorithm for Secure RFID](https://reader036.fdocuments.in/reader036/viewer/2022062315/56815da9550346895dcbd8bf/html5/thumbnails/9.jpg)
Determining threshold
For n = 2000, after about 11 bits, we expect zero, one, or two bits per branchStill have a “long” way to finish traversing the treeCostly over all branches if we traverse every branch to the end
Start the threshold at 2Increase threshold by 1 if collision occursDecrease threshold by 1 if over the entire traverse no collisions occurred
2i i
nt bits)(Expected number of tags on a branch after it
Pr[ tags match in threshold number of bits] = it ( 1)1
2 ithreshold t
![Page 10: Randomized PRF Tree Walking Algorithm for Secure RFID](https://reader036.fdocuments.in/reader036/viewer/2022062315/56815da9550346895dcbd8bf/html5/thumbnails/10.jpg)
Randomized PRF Tree Walking Algorithm
Goal: Efficiently solve reader-tag authentication problem in the presence of many tags
Steps of the algorithm:
1. Each tag generates a random number, and the reader performs a tree-walk on these numbers
2. Once a tag is selected, the reader and the tag engage in a tree-waking private authentication protocol
3. The reader moves the tag to a different position in a tree.
![Page 11: Randomized PRF Tree Walking Algorithm for Secure RFID](https://reader036.fdocuments.in/reader036/viewer/2022062315/56815da9550346895dcbd8bf/html5/thumbnails/11.jpg)
Binary Tree of Secrets
1, 0s
3, 4s3, 1s 3, 3s
1, 1s
3, 2s
2, 3s2, 1s
3, 0s
2, 0s
3, 7s3, 6s3, 5s
2, 2s
D. Molnar and D. WagnerPrivacy and Security in Library RFIDIssues, Practices, and Architecture
![Page 12: Randomized PRF Tree Walking Algorithm for Secure RFID](https://reader036.fdocuments.in/reader036/viewer/2022062315/56815da9550346895dcbd8bf/html5/thumbnails/12.jpg)
Step 1
Traverse(i, count) := Read random bit if collision on detected: Suspend all tags with == 1 Each suspended tag stores Traverse(i+
i
i
i
b ib
bi
1, 0) Wake up tags suspended on bit Traverse(i+1, 0) else if no collision on detected: if(count > threshold) Proceed to st
i
i
b
1ep 2 with ,..., Tree-Walk remaining tags else Traverse(i+1, count+1)
ir b b
Each tag generates a random number, and the readerperforms a tree-walk on these numbers
![Page 13: Randomized PRF Tree Walking Algorithm for Secure RFID](https://reader036.fdocuments.in/reader036/viewer/2022062315/56815da9550346895dcbd8bf/html5/thumbnails/13.jpg)
Step 2
1 2 n
1, 2, ,, , ..., {0,1}kb b k bs s s
n1 {0,1}i
Rr 1ir
,,2 1 2, (0, , )i bii i i
i s ir b f r r
,*
1 2(1, , )i bii i
s if r r
n2 {0,1}i
Rr
Hello, rt
for 1 to i k
, 1 2(0, , )i bii i
s if r r check that
,*
1 2(1, , )i bii i
s if r r check that
Reader Tag
Once a tag is selected, the reader and the tag engage in a tree-waking private authentication protocol
![Page 14: Randomized PRF Tree Walking Algorithm for Secure RFID](https://reader036.fdocuments.in/reader036/viewer/2022062315/56815da9550346895dcbd8bf/html5/thumbnails/14.jpg)
Step 3
1r
0 1
1 1 2 1
1
(0,0, )(0,1, ) ', (0,2, ) ',(0, , ) 2, 3 secrets 2
k
k k
k
s
s s
i s i
ID f rf r t f r bf i r s i
1 1
2 1
1
(0,1, )(0,2, )(0, , )
k
k
k
s
s
i i s
t f rb f rs f i r
compute
Reader Tag
0 1(0,0, )ksf r ID check that
The reader moves the tag to a different position in a tree
![Page 15: Randomized PRF Tree Walking Algorithm for Secure RFID](https://reader036.fdocuments.in/reader036/viewer/2022062315/56815da9550346895dcbd8bf/html5/thumbnails/15.jpg)
Properties of the Algorithm• Allows on-line addition and removal of tags• Provides security against active eavesdroppers• Offers security against foreign readers• Enables dynamic tradeoff between security,
privacy and singulation time• Effective against active attacks
– stealing a tag– tracking and hotlisting
• Requires a tag to be equipped with– pseudo-random function, XOR unit– random number generator– writable memory
![Page 16: Randomized PRF Tree Walking Algorithm for Secure RFID](https://reader036.fdocuments.in/reader036/viewer/2022062315/56815da9550346895dcbd8bf/html5/thumbnails/16.jpg)
Space and Time Complexity Evolution
is the total number of tags in the systemn
( )O n (1)O(log )O n ( )treeo depth( )treeO depth
D. Molnar and D. Wagner
Our algorithm
Our algorithm assuming secrets are hard to steal
Our algorithm assuming tags are read often and/orsecrets are very hard to steal
![Page 17: Randomized PRF Tree Walking Algorithm for Secure RFID](https://reader036.fdocuments.in/reader036/viewer/2022062315/56815da9550346895dcbd8bf/html5/thumbnails/17.jpg)
Random Number Generator
V
Random Bits
NoConnect
The voltage signal is amplified, disturbed, stretched, and sampled,resulting in random bits.
Will Warehttp://willware.net/hw-rng.html
![Page 18: Randomized PRF Tree Walking Algorithm for Secure RFID](https://reader036.fdocuments.in/reader036/viewer/2022062315/56815da9550346895dcbd8bf/html5/thumbnails/18.jpg)
New Idea: Multi-Tags
• Redundant Tags• Dual-Tags
– Own Memory Only– Shared Memory Only– Own and Shared Memory
• Triple-Tags• n-Tags
1 3 42
Attach more than one tag to an object
![Page 19: Randomized PRF Tree Walking Algorithm for Secure RFID](https://reader036.fdocuments.in/reader036/viewer/2022062315/56815da9550346895dcbd8bf/html5/thumbnails/19.jpg)
Benefits of Multi-Tag Systems
• Increased expected voltage on a tag• Increased expected communication range
– Increased availability• Increased memory• Increased reliability• Increased durability• Enhanced security
New applications
![Page 20: Randomized PRF Tree Walking Algorithm for Secure RFID](https://reader036.fdocuments.in/reader036/viewer/2022062315/56815da9550346895dcbd8bf/html5/thumbnails/20.jpg)
Our Current and Future Work
Let’s Collaborate!
Authentication algorithms with human protocolsA. Juels, S. Weis
D. Molnar, D. Wagner
A. Juels
New and emerging problems
Tag identification with delegation, ownership transfer
Efficient cloning-resistant identification algorithms
Find New and Improve Existing Algorithms