RFID Tutorial 2011 Part IV (Outer Limits)
-
Upload
rojara2008 -
Category
Documents
-
view
216 -
download
0
Transcript of RFID Tutorial 2011 Part IV (Outer Limits)
-
8/12/2019 RFID Tutorial 2011 Part IV (Outer Limits)
1/31
Introduction to RFIDSecurity and
Privacy
Ari JuelsChief Scientist
RSA, The Security Divisionof EMC
RFIDSec 2011 Tutorial
slides 2011, RSA L !or tories
-
8/12/2019 RFID Tutorial 2011 Part IV (Outer Limits)
2/31
P a r t I V :T h e O u t e r L i m i t s o f
R F I D S e c u r i t y
All slides 2006 RSA Laboratories
-
8/12/2019 RFID Tutorial 2011 Part IV (Outer Limits)
3/31
Rec ll these R"#D $$lic tionsNot Really Mad
Livestoc%
&ouse$ets
The cat came back,
the very next day
50 million+
-
8/12/2019 RFID Tutorial 2011 Part IV (Outer Limits)
4/31
&u' n loc tion tr c%in(
Schools A'use'ent $ r%s &os$it ls
-
8/12/2019 RFID Tutorial 2011 Part IV (Outer Limits)
5/31
A riddle)
! "
-
8/12/2019 RFID Tutorial 2011 Part IV (Outer Limits)
6/31
&u' n*i'$l nt !leR"#D
! " #eri$%i&T'
-
8/12/2019 RFID Tutorial 2011 Part IV (Outer Limits)
7/31
+E Su!der' l -iochi$ #'$l nt for C shless Tr ns ctions * is it the M r%.
The (ar) is 'icrochi$ sse'!ly /hich /ill !e
i'$l nted under the s%in of the ri(ht h nd Later on*t%e (ar) +ill be i(&lanted under t%e ,ore%ead* so&eo&le +%o %ave no ri-%t %and could also %avet%e (ar). The 'icrochi$ sse'!ly, c lled r diofre uency identific tion R"#D3 is lre dy used in
ni' ls #n do(s, the R"#D is $l ced !et/een theshoulder !l des, nd in !irds it is i'$l nted under the/in( +o/ there is one for hu' ns c lled#eri$%i&/
+++.ra&turec%rist.co( 666.%t(
-
8/12/2019 RFID Tutorial 2011 Part IV (Outer Limits)
8/31
&u' n*i'$l nt !leR"#D
! " #eri$%i&T'
E4cellent test !ed for $riv cy nd securityconce$ts5
6ro$osed for 'edic l*$ tient identific tion Also $ro$osed nd used s n uthentic tor for $hysic l
ccess control, 7$rosthetic !io'etric8 E ( , Me4ic n ttorney (ener l $ur$ortedly used for ccess to
secure f cility
h t %ind of cry$to(r $hy does it h ve. +one9 #t c n !e e sily cloned :& l '% et l ;0t /e dd ch llen(e*res$onse $rotocol. Clonin( ' y ctu lly !e good thin(
-
8/12/2019 RFID Tutorial 2011 Part IV (Outer Limits)
9/31
&u' n*i'$l nt !le R"#D 6hysic l coercion nd tt c%
#n 200?, ' n in M l ysi h d his fin(erti$cut off !y thieves ste lin( his !io'etric*
en !led Mercedes h t /ould h $$en if the @eriChi$ /ere usedto ccess ATM ' chines nd securef cilities.
6erh $s !etter if t (s c n !e cloned5 T (s should not !e used for uthentic tion
only for identific tion
-
8/12/2019 RFID Tutorial 2011 Part IV (Outer Limits)
10/31
Clone !ility B $riv cy 6riv cy 'e ns no lin% !ility or infor' tion !out identities #f t ( c n !e cloned, does th t 'e n it c n>t $rovide
$riv cy. Sur$risin(ly, no5
A very si'$le sche'e llo/s for simultaneous clone !ilitynd $riv cy
-
8/12/2019 RFID Tutorial 2011 Part IV (Outer Limits)
11/31
Clone !ility B $riv cy
&o'o'or$hic $u!lic*%ey cry$tosyste'e ( , El ' l3
6riv te $u!lic %ey $ ir SK , PK 3 R ndo'i ed sche'e9 C F E PK ,r :m= Se(antic security
Advers ry c nnot distin(uishC F E PK ,r :7 Alice = fro' C GF E PK ,s :7Bob =
Re encry&tion &ro&erty iven C only, c n $roduce r ndo'i ed
C G F E PK ,s :m=, /ithout %no/in( m
-
8/12/2019 RFID Tutorial 2011 Part IV (Outer Limits)
12/31
Clone !ility B $riv cy
T%e sc%e(e hen re d, t ( choosesfresh r nd out$uts C F E PK ,r :7n 'e8=Then9 Re der /ith SK c n decry$t n 'e Se(antic Security Advers ry c nnot
distin(uish 'on( t (s, i e , infrin(e
$riv cy Re encry&tion &ro&erty Advers ryc n clone t (9 records C nd out$utsr ndo'i ed C*
-
8/12/2019 RFID Tutorial 2011 Part IV (Outer Limits)
13/31
The covert*ch nnel $ro!le'Su$$ose there is n identific tion uthentic tion syste')
Authorized
Employees
Only
W h o s t h e
r e ?
E [ A l i c e ]
Its Alice!
-
8/12/2019 RFID Tutorial 2011 Part IV (Outer Limits)
14/31
The covert*ch nnel $ro!le'Su$$ose there is n identific tion uthentic tion syste')
Authorized
Employees
Only
W h o s t h e
r e ?
E [ A l i c e + ? ]
Alice has low blood pressure and
high blood-alcohol
Alice recently passed a casinos
RFID reader.
Mercury switchindicates that
Alice napped onjob
-
8/12/2019 RFID Tutorial 2011 Part IV (Outer Limits)
15/31
&o/ c n /e ssure Alice of nocovert ch nnels.
Hut$uts 'ust !e deter'inistic R ndo'ness l/ ys le ves roo' for covert e'issions
Could (ive Alice secret %ey to chec% th t out$uts refor' tted correctly
E ( , $seudor ndo'*(ener tor seed for device -ut /e don>t / nt Alice or third $ rty3 to h ve to ' n (e
sensitive %eyin( ' teri l A( in, key management is the problem 5
C n /e en !le Alice or nyone else3 to verify covert*freeness publicly , i e , /ithout e4$osin( secret %eys.
Si'ult neous $u!licly verifi !le covert*freeness nd $riv cyre i'$ossi!le5
-
8/12/2019 RFID Tutorial 2011 Part IV (Outer Limits)
16/31
&ere>s /hy)
Su$$ose there /ere $u!lic CC detector)
X18 Ultra CC-DetectorTM
A 1
A2
3 o $ $
4 e s * $ $ 5
-
8/12/2019 RFID Tutorial 2011 Part IV (Outer Limits)
17/31
&ere>s covert ch nnel5
1 Cre te identity for user 7-o!8 -o! could !e fictitious Just need out$ut se uence B1 , B2 , )
2 Alice>s chi$ does follo/in(9 #f no n $, out$ut A1, A2, A3, etc. /ith
Alice>s identity #f Alice h s t %en n $, then fli$ to -o!>s
identity, i e , out$ut A1, A2 B1, B2
-
8/12/2019 RFID Tutorial 2011 Part IV (Outer Limits)
18/31
Su$$ose /e detect this covertch nnel
X18 Ultra CC-DetectorTM
A 1
A2 3o $$
B 1 4es* $$
-
8/12/2019 RFID Tutorial 2011 Part IV (Outer Limits)
19/31
+o/ if there re lly is user -o!,/e h ve $ro!le'
X18 Ultra CC-DetectorTM
A 1
A 2
3o $$
-
8/12/2019 RFID Tutorial 2011 Part IV (Outer Limits)
20/31
Alice follo/ed !y -o! yields7Ies8
X18 Ultra CC-DetectorTM
A 1
6 1
4es* $$
-
8/12/2019 RFID Tutorial 2011 Part IV (Outer Limits)
21/31
BobAlice
Alice Alice
6riv cy is !ro%en9 e c ndistin(uish !et/een identities5
X18 Ultra CC-DetectorTM
4esX18 Ultra CC-DetectorTM
3o
-
8/12/2019 RFID Tutorial 2011 Part IV (Outer Limits)
22/31
So $u!lic CC*verifi !ility B $riv cyis i'$ossi!le
-ut /e c n chieve it ny/ y) #de 9 ch n(e the definition of $riv cy
e %en locali!ed $riv cy, e ( , eli'in te $riv cy cross $ ir/isev lues
Allo/ loc li ed CC*chec%in(, e ( , $ ir/ise Loc li ed $riv cy is le st i'$ort nt ty$e of $riv cy
+o/ /e c n do s$ot CC*chec%in()
A1 A2 A AK A? A< A A AN
X18 Ultra CC-DetectorTM
yes no
-
8/12/2019 RFID Tutorial 2011 Part IV (Outer Limits)
23/31
So $u!lic CC*verifi !ility B $riv cyis i'$ossi!le
+o/ let>s sho/ ho/ to chieve it ny/ y) #de 9 ch n(e the definition of $riv cy
e %en locali!ed $riv cy, e ( , eli'in te $riv cy cross $ ir/isev lues
Allo/ loc li ed CC*chec%in(, e ( , $ ir/ise Loc li ed $riv cy is le st i'$ort nt ty$e of $riv cy
+o/ /e c n do s$ot CC*chec%in()
A1 A2 A AK A? A< A B1 B2
X18 Ultra CC-DetectorTM
yes no
-
8/12/2019 RFID Tutorial 2011 Part IV (Outer Limits)
24/31
So $u!lic CC*verifi !ility B $riv cyis i'$ossi!le
+o/ let>s sho/ ho/ to chieve it ny/ y) #de 9
e %en $riv cy definition to e4clude locali!ed $riv cy, e ( ,$riv cy cross $ ir/ise v lues
Allo/ loc li ed CC*chec%in(, e ( , $ ir/ise Loc li ed $riv cy is le st i'$ort nt ty$e of $riv cy
+o/ /e c n do s$ot CC*chec%in()
A1 A2 A AK A? A< A A AN . . .
-
8/12/2019 RFID Tutorial 2011 Part IV (Outer Limits)
25/31
Still difficult $ro!le' Constructin( dete"ministic se uence
/hose v lues re9 6u!licly, $ ir/ise verifi !le
Hther/ise unlin% !le A( in, use !iline r ' $s /ith non*
st nd rd h rdness ssu'$tion)3
e h ve only solved the $ro!le' of covertch nnels in e4$licit lo(ic l*l yer $ro!le' Ti'in( or $o/er side*ch nnel.
-
8/12/2019 RFID Tutorial 2011 Part IV (Outer Limits)
26/31
r $$in( u$
-
8/12/2019 RFID Tutorial 2011 Part IV (Outer Limits)
27/31
Oey #de 1
Tr c%in( $riv cy is futile Pnless you>re loo%in( to $u!lish
$ $ers3 Content $riv cy is still i'$ort nt
-
8/12/2019 RFID Tutorial 2011 Part IV (Outer Limits)
28/31
Oey #de 2
E6C t (s c n>t do cry$to So'e t (s c n do cry$to, !ut
%ey ' n (e'ent re' ins h rd Cry$to is not cure* ll5
-
8/12/2019 RFID Tutorial 2011 Part IV (Outer Limits)
29/31
Oey #de
R"#D is n 'or$hous l !el Also e4citin( rese rch to !e done
on9 CR"#D +"C #'$l nt !le 'edic l devices Etc , etc
-
8/12/2019 RFID Tutorial 2011 Part IV (Outer Limits)
30/31
So'e note/orthy results E4tr ction of %ill 6#+s fro' first*(ener tion E6C t (s vi re'ote
$o/er n lysis Hren Q Sh 'ir >0
-re %s of 6hili$s Mif re of /hich !illions of chi$s h ve !een sold3 rci et l >0 Courtois et l >0
#'$le'ented rel y tt c%s Ofir Q ool >0?
Hn*t ( cry$to i'$le'ent tion
Ch e et l ;0
See 7ildas Avoine8s e9cellent RFID Security : Privacybiblio-ra&%y at %tt& +++.avoine.net r,id
-
8/12/2019 RFID Tutorial 2011 Part IV (Outer Limits)
31/31
List of referenced $ $ers O Ooscher, A Juels, @ -r %ovic, nd T Oohno9
E6C R"#D T ( Security e %nesses nd Defenses9 6 ss$ort C rds, Enh nced Drivers Lice ACM CCS 0N
A Juels, - 6 rno, nd R 6 $$uPnidirection l Oey Distri!ution Across Ti'e nd S$ ce /ith A$$lic tions to R"#D Security
PSE+# Security 200 D - iley, D -oneh, E *J oh, nd A Juels
Covert Ch nnels in 6riv cy*6reservin( #dentific tion Syste's ACM CCS >0 A Juels, 6 Syverson, nd D - iley
&i(h*6o/er 6ro4ies for Enh ncin( R"#D 6riv cy nd Ptility 6ET >0? S -ono et l Security An lysis of Cry$to(r $hic lly*En !led R"#D Device PSE+#
Security >0? A Juels nd J -r in rd Soft -loc%in(9 "le4i!le -loc%er T (s on the Che $ 6ES >0K A Juels, R L Rivest, nd M S ydlo
The -loc%er T (9 Selective -loc%in( of R"#D T (s for Consu'er 6riv cy ACM CCS 0
http://www.rsa.com/rsalabs/node.asp?id=3897http://www.rsa.com/rsalabs/node.asp?id=3497http://www.rsa.com/rsalabs/node.asp?id=3358http://www.rsa.com/rsalabs/node.asp?id=2948http://www.rsa.com/rsalabs/node.asp?id=2948http://www.rsa.com/rsalabs/node.asp?id=2838http://www.rsa.com/rsalabs/node.asp?id=2838http://www.rsa.com/rsalabs/node.asp?id=2032http://www.rsa.com/rsalabs/node.asp?id=2032http://www.rsa.com/rsalabs/node.asp?id=2060http://www.rsa.com/rsalabs/node.asp?id=2060http://www.rsa.com/rsalabs/node.asp?id=2060http://www.rsa.com/rsalabs/node.asp?id=2032http://www.rsa.com/rsalabs/node.asp?id=2838http://www.rsa.com/rsalabs/node.asp?id=2948http://www.rsa.com/rsalabs/node.asp?id=3358http://www.rsa.com/rsalabs/node.asp?id=3497http://www.rsa.com/rsalabs/node.asp?id=3897