RFID SECURITY
description
Transcript of RFID SECURITY
RFID SECURITY
How Does RFID Work?
Tags (transponders)Attached to objects, call out their (unique) name and/or static data on a special radio frequency
02.3DFEX4.78AF51
EasyToll card #816
Reader (transceiver)Reads data off the tagswithout direct contact
Radio signal (contactless)
Range: from 3-5 inches to 3 yards
DatabaseMatches tag IDs tophysical objects
Asymmetric channels
TAGREADER EAVESDROPPER
~5 m
~100 m
Range of Reader (Forward Channel)
Tag’s Range (Backward Channel)
Applications
Tracking/Identification Library Books Children Pets Auto Parts
Inventory management in a Supply Chain
Contactless Smart Cards
A Generic Supply Chain
Suppliers
Manufacturers
WholesalersRetailers
goods, invoicesPurchase orders, payments
Supply web (retail customers not shown)
Key Decisions
When to order
How much to orderAs order quantity increases, holding cost increasesAs order quantity decreases, stockout cost increases
From whom to order
The Problem - Motivation Basic problem with RFID tags
Can be remotely scanned Respond to query by any reader This leads to security and privacy risk
Resource constraints Limited power and computing resources Hence classical cryptographic mechanisms not
feasible
The RFID security challenge How to obtain maximum security with almost no
resources?
The Problems of Privacy and Security RFID privacy concerns the problem of misbehaving
readers harvesting information from well-behaving tags. Risks : Leakage of personal information (prescriptions,
brand/size of clothes etc.). Location privacy: Tracking the physical location of
individuals by their RFID tags. RFID authentication concerns the problem of well
behaving readers receiving information from misbehaving tags, particularly counterfeit ones. Risks: Forgery Sabotage
Cost and capability The strength and flavor of proposed
security solutions will depend on the allowed tag cost for different applications
50+ cent tags. Low-end tags will be 10 cent, 5 cent and 2 cent in about 5 years
Challenge
Tens of research ideas have been proposed in the past two years
Propose improvements over the existing privacy enhancing protocols for the extremely resource constrained RFID systems
Security Attacks Spoofing
Imitating the behavior of a genuine tag Denial of Service Man in the middle attack
Modify the response of the tag to the reader or vice versa
Replay Attack Eavesdrop message from the tag (reader) & re-
transmit the message to the legitimate reader (tag). Traffic Analysis
Monitoring of comm. between reader & tag allows adversary to perform traffic analysis & generate statistical data.
Security and Privacy Requirements Anonymity
Tag output should not give idea about ID Untraceability
Tag output should be varying Indistinguishibility
Tag output should be truly random, i.e. variation should not be predictable
Forward Security Adversary should not be able to associate the
current output with past output Mutual Authentication
Tag-to-reader and reader-to-tag authentication
Backend Requirements
Efficiency and scalability Order of computation/precomputation
required as a function of number of tags Flexibility
Changes required with addition/removal of tags
Hash Lock
Reader RFID tag
Stores key; hash(key) for any tagUnique key for each tag
Stores metaID=hash(key)
Goal: Authenticate reader to the RFID tag
[Rivest, Weis, Sharma, Engels]
“Who are you?”
metaID
key
“My real ID is…”
Compute hash(key) andcompare with stored metaID
Hash Lock AnalysisPROS Relatively cheap to implement : Tag has to store hash
function implementation and metaID Security based on weak collision-resistance of hash
function Scalable due to low key look-up overhead
CONS Constant tag output – enables traceability
Motivates Randomization Too many messages/rounds Requires reader to know all keys
Randomized Hash Lock
Reader RFID tag
Stores its own IDk
[Weis et al.]
“Who are you?”
R, hash(R,IDk)
“You must be IDk”
Compute hash(R,IDi) for every
known IDi and compare
Stores all IDs:ID1, … ,IDn
Generate random R
Goal: Authenticate reader to the RFID tag
Randomized Hash Lock AnalysisPROS Randomized response prevents tracking Tag needs to store hash implementation and
pseudo-random number generator
CONS Inefficient brute force key look-up No Forward security
Motivates updating tag ID on each read Security Flaw - Adversary can impersonate tag by
learning a valid tag response.
OSK Scheme [Ohkubo, Suzuki and Kinoshita]
Goal: Enable reader to identify the RFID tag, change tag identifier on each read
Database TagReader
Query
Ai=G(Si)
Si+1=H(Si)
Compute Hash Chain
Ai=G(Si)
Tag ID
OSK AnalysisPROS Different random like values on every read operation
prevents tracking Forward Security ensured due to one way hash property Tag needs to store only 2 hash implementations, hence
low cost Minimal number of transmissions
CONS Not scalable for large scale applications due to brute
force search Motivates reducing computation time at
reader/backend Susceptible to DoS attacks May lead to problem due to hash collisions.
Summary RFIDs have many useful applications
related to tracking and identification But there are some important issues of
security and privacy Small number of gates for S/P makes the
design of such protocols challenging Tens of schemes proposed for
security/privacy but subtle drawbacks with many of them. Much more work needed in this area