The Outer Limits of RFID Security
-
Upload
petersam67 -
Category
Business
-
view
328 -
download
0
description
Transcript of The Outer Limits of RFID Security
![Page 1: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/1.jpg)
All slides © 2006 RSA Laboratories
![Page 2: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/2.jpg)
RFID (Radio-Frequency IDentication)
takes many forms…
![Page 3: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/3.jpg)
“RFID” really denotes a spectrum of devices
Automobile ignition key Mobile phone
Toll paymentplaque
Basic“smart label”
passive passivesemi-passive
no crypto no crypto some crypto
few cm tofew meters
range
several metersrange
several cmrange
![Page 4: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/4.jpg)
“Smart labels”:EPC (Electronic Product Code) tags
Barcode EPC tag
Line-of-sight Radio contact
Specifies object type Uniquely specifies object
Fast, automated scanning
Provides pointerto database entryfor every object, i.e., unique, detailed history
![Page 5: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/5.jpg)
• 30 April: RFID-tagged cow “Bessie” produces milk• 30 April: Milk transferred to RFID-tagged tank
– Cow identity and milking time recorded in tank-tag database
• 1 May: RFID portal on truck records loading of refrigeration tanks– Truck also has active RFID (+GPS) to track geographical location and RFID transponder to pay tolls
• 2 May: Chemical-treatment record written to database record for milk barrel– Bessie’s herd recorded to have consumed mustard grass; compensatory sugars added to milk
• 3 May: Milk packaged in RFID-tagged carton; milk pedigree recorded in database associated with carton tag
• 4 May: RFID portal at supermarket loading dock records arrival of carton• 5 May: “Smart” shelf records arrival of carton in customer area• 5 May 0930h: “Smart” shelf records removal of milk• 5 May 0953h: Point-of-sale terminal records sale of milk (to Alice)
2030: Week in the life of a milk carton
![Page 6: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/6.jpg)
• 6 May 0953h: Supermarket transfers carton tag ownership to Alice’s smart home
• 6 May 1103h: Alice’s refrigerator records arrival of milk• 6 May 1405h: Alice’s refrigerator records removal of milk; refrigerator looks up database-recorded pedigree and displays:
“Woodstock, Vermont, Grade A, light pasturization, artisanal, USDA organic, breed: Jersey, genetic design #81726”
• 6 May 1807h: Alice’s “smart” home warns domestic robot that milk has been left out of refrigerator for more than four hours• 6 May 1809h: Alice’s refrigerator records replacement of milk
• 7 May 0530h: Domestic robot uses RFID tag to locate milk in refrigerator; refills baby bottle
2030: Week in the life of a milk carton
![Page 7: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/7.jpg)
• 6 May 0953h: Supermarket transfers carton tag ownership to Alice’s smart home
• 6 May 1103h: Alice’s refrigerator records arrival of milk• 6 May 1405h: Alice’s refrigerator records removal of milk; refrigerator looks up database-recorded pedigree and displays:
“Woodstock, Vermont, Grade A, light pasturization, artisanal, USDA organic, breed: Jersey, genetic design #81726”
• 6 May 1807h: Alice’s “smart” home warns domestic robot that milk has been left out of refrigerator for more than four hours• 6 May 1809h: Alice’s refrigerator records replacement of milk
• 7 May 0530h: Domestic robot uses RFID tag to locate milk in refrigerator; refills baby bottle
• 7 May 2357h: Recycling center scans RFID tag on carton; directs carton to paper-brick recycling substation
• 7 May 0531h: Robot discards carton; “Smart” refrigerator notes absence of milk; transfers order to Alice’s PDA/phone/portable server grocery list
2030: Week in the life of a milk carton
![Page 8: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/8.jpg)
Proximity cards
RFID Today: IN Your POcket
Note: Often just emit static identifiers, i.e., they are just smart labels!
![Page 9: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/9.jpg)
Automobile ignition keys
f
RFID helps secure hundreds of millions of automobiles•Cryptographic challenge-response•Philips claims more than 90% reduction in car theft thanks to RFID!•Note: some devices, e.g., Texas Instruments DST, are weak…
in your pocket
![Page 10: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/10.jpg)
Payment devices
•ExxonMobil SpeedpassTM
in your pocket
•RFID now offered in all major credit cards in U.S.…
![Page 11: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/11.jpg)
“Not Really Mad”• Cattle
• Housepets
The cat came back, the very next day…
50 million+
in ANIMALs
![Page 12: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/12.jpg)
• Schools• Amusement parks• Hospitals• In the same vein: mobile phones with GPS…
on People
![Page 13: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/13.jpg)
• Dozens of countries issuing or soon to issue RFID-enabled passports
• Other identity documents, e.g., drivers’ licenses, to follow
In PAssports
![Page 14: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/14.jpg)
NFC (Near-Field Consortium)
Showtimes:16.00, 19.00
• Also, ticket purchases, payments, comparison shopping Phone can act as reader or tag
• NFC is a general-purpose protocol• Already available in some models
In Mobile phones
![Page 15: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/15.jpg)
• Talk in 2003-4 of planting RFID tags in 10,000 Yen banknotes and Euro banknotes
• Talk has dissipated• Main interest: anti-counterfeiting
In Currency?
![Page 16: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/16.jpg)
• Medical compliance: Greater independence (and privacy!), particularly for elderly
• Anti-counterfeiting: Better supply-chain visibility means less fraud– U.S. govt. urging RFID to combat counterfeiting of drugs
In pharmaceuticals
![Page 17: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/17.jpg)
1500 Eurosin wallet
Serial numbers:597387,389473
…
Wigmodel #4456
(cheap polyester)
30 items of lingerie
Das Kapital and Communist-
party handbook
Replacement hipmedical part #459382
The consumer privacy problem
Here’sMr. Jonesin 2020…
![Page 18: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/18.jpg)
Wig serial #A817TS8
…and the tracking problem
• Mr. Jones pays with a credit card; his RFID tags now linked to his identity; determines level of customer service– Think of car dealerships using drivers’ licenses to run credit checks…
• Mr. Jones attends a political rally; law enforcement scans his RFID tags
• Mr. Jones wins Turing Award; physically tracked by paparazzi via RFID
![Page 19: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/19.jpg)
Suica
Image courtesy of Kevin Fu
![Page 20: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/20.jpg)
Suica
Images courtesy of Kevin Fu
![Page 21: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/21.jpg)
What data are vulnerable?
CURRENT BALANCE
Travel history: visited stations and dates
Details ofmerchandisepurchase
Image courtesy of Kevin Fu
![Page 22: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/22.jpg)
RFID privacy
Only definitive way to achieve privacy is:– Emit an identifier only – Change identifier across reads
Wig serial #A817TS8u
![Page 23: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/23.jpg)
RFID privacy
Only definitive way to achieve privacy is:– Emit only an identifier– Change identifier across reads
#A817TS8u
![Page 24: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/24.jpg)
RFID privacy
Only definitive way to achieve privacy is:– Emit only an identifier– Change identifier across reads
#Z87d68aK
![Page 25: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/25.jpg)
1500 Eurosin wallet
Serial numbers:597387,389473
…
Replacement hipmedical part #459382
The authentication problem
Mad-cowhamburgerlunch Counterfeit!
Counterfeit!
Good readers, bad tags
Mr. Jones’s car is stolen!
Mr. Jones in 2020
![Page 26: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/26.jpg)
Won’t crypto solve our problems?We can do:• Challenge-response for
authentication• Mutual authentication
and/or encryption for privacy
AES
Side-channel countermeasures
But:
1. Moore’s Law vs. pricing pressure
2. Beyond simple “terrestrial” problems, basic cryptography may not be enough…
This is the theme of our talk!
![Page 27: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/27.jpg)
Simple authentication:Possession is the law
• How does Alice’s refrigerator get read/write privileges for the history for the milk carton bearing tag T?
• The straightforward approach:– A central registry R shares symmetric key k with the tag T– Alice’s refrigerator acts as authentication proxy between R and T– Tag T authenticates via challenge-response
c
r = fk(c) k
Registry R
k
c
r = fk(c)
![Page 28: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/28.jpg)
Simple authentication:Possession is the law
• But what if the tag is on Alice’s wristwatch? – Should any nearby reader be able to read tag
history?– Should any nearby reader be able to modify
tag history?
• What if registry R is unavailable? – Will the tag carry information on board? – If so, who can access it? – Does Alice’s baby get its milk?
![Page 29: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/29.jpg)
???
The VeriChipTM
+ =Human-implantable RFID
![Page 30: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/30.jpg)
The VeriChipTM
+ =Human-implantable RFID
• Proposed for medical-patient identification• Also proposed and used as an authenticator for
physical access control, a “prosthetic biometric”– E.g., Mexican attorney general purportedly used for
access to secure facility
• What kind of cryptography does it have?– None: It can be easily cloned
• So shouldn’t we add a challenge-response protocol?
• Cloning may actually be a good thing
![Page 31: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/31.jpg)
The VeriChipTM
• Physical coercion and attack– In 2005, a man in Malaysia had his fingertip cut off by
thieves stealing his biometric-enabled Mercedes– What would happen if the VeriChip were used to
access ATM machines and secure facilities?• Perhaps it is better then if tags can be cloned
and are not used for authentication—only for identification
• But if a tag is cloneable, and used for identification, does that mean that privacy is impossible? – I.e., does cloneability imply an ability to track?
![Page 32: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/32.jpg)
Private identification• A very simple scheme allows for
simultaneous cloneability and privacy
• El Gamal public-key cryptosystem:– Randomized scheme: C = EPK,r [m]
– Semantic security: Cannot distinguish between ciphertexts C and C’ on known plaintexts without knowledge of SK
• Adversary cannot distinguish between C = EPK,r [Alice] and C’ = EPK,r’ [Bob]
![Page 33: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/33.jpg)
Private identificationOur simple scheme:
“Who are you?”
C = EPK,r [Alice]
SK
“Proceed to authenticateOfficer Alice”
Officer Alice
![Page 34: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/34.jpg)
Private identificationTake two:
“Who are you?”
C’ = EPK,r’ [Alice]
SKOfficer Alice
“Proceed to authenticateOfficer Alice”
![Page 35: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/35.jpg)
Private identification
• Semantic security → An attacker who intercepts C and C’ cannot tell if they come from the same chip– Attacker cannot identify or track Alice
• But attacker can still clone Alice’s chip!• El Gamal re-encryption (homomorphism):
– Let U = EPK,r [1] have uniformly random r
– Then given C = EPK,r’ [m], the distribution CxU is uniform over ciphertexts on m
• Clone chip selects U and outputs CxU • Clone chip is indistinguishable from Alice’s!
![Page 36: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/36.jpg)
Attacker’s perspective
“Who are you?”
C
Alice’schip
![Page 37: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/37.jpg)
Attacker’s perspective
“Who are you?”
C x U
“Proceed to authenticateOfficer Alice”
Attacker can simulate Alice’s chip, but…•He cannot track Alice•He may not even know whose chip he’s cloned!
![Page 38: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/38.jpg)
The covert-channel problemSuppose there is a secret sensor…
“Who are you?”
C
SKOfficer Alice
“Officer Alicehas low bloodpressure andhigh blood-alcohol”
![Page 39: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/39.jpg)
The covert-channel problemSuppose there is a secret sensor…
“Who are you?”
C
SKOfficer Alice
“Officer Alicerecently passed near the RFID reader of a casino”
![Page 40: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/40.jpg)
The covert-channel problemSuppose there is a secret sensor…
“Who are you?”
C
SKOfficer Alice
“Mercury switchindicates that OfficerAlice took a nap this afternoon.”
![Page 41: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/41.jpg)
How can we ensure no covert channels?
• Must make outputs deterministic
• Can also, e.g., give PRNG keys to Alice
• But can we:– Allow Alice to verify covert-freeness without
exposing secret keys to her?– Enable a third party to verify covert-freeness?
• It turns out that privacy and such verifiable covert-freeness are contradictory!
![Page 42: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/42.jpg)
Covert-freeness detector
A
A’
“No covertchannel”
“Yes, covertchannelsuspected”
![Page 43: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/43.jpg)
Here’s a covert channel!
1. Create identifier for Bob• Bob need not actually own a chip
2. Alice’s chip does following:• If no nap, output ciphertexts A, A’, A’’,
etc. with Alice’s identity• If Alice has taken a nap, output
ciphertexts B,B’,B’’, etc. with Bob’s identity
![Page 44: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/44.jpg)
Suppose we detect the covert channel…
“No covertchannel”
A
A’
![Page 45: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/45.jpg)
Suppose we detect the covert channel…
“Yes, covertchannel
suspected”
A
B
![Page 46: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/46.jpg)
Then we can distinguish between Alice and Bob: Privacy is broken!
“Yes, covertchannel
suspected”
A
B
![Page 47: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/47.jpg)
Then we can distinguish between Alice and Bob: Privacy is broken!
“A and B represent different
people”
A
B
![Page 48: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/48.jpg)
• Let’s change (relax) the definition of privacy!• If non-sequential tag outputs are checked, detector learns nothing…
READ EVENTS
“?????”
Covert-freeness and privacy?
![Page 49: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/49.jpg)
Covert-freeness and privacy?• Detector can do pairwise check only…
READ EVENTS
“Covert-free pair”
• Achievable “efficiently” with pairings-based cryptography (ECC)
![Page 50: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/50.jpg)
Covert-freeness and privacy?• Privacy is largely preserved because of locality• Covert-freeness checkable probabilistically, i.e., with spot checks
READ EVENTS
“Covert-free pair”
![Page 51: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/51.jpg)
Returning to basic issue of privacy:Kill codes
• EPC tags have a “kill” function• On receiving password, tag self-destructs• Tag is permanently inoperative
• Developed for EPC to protect consumers after point of sale
• “Dead tags tell no tales”• Privacy is preserved
• Simple and categorical, but not a wholly satisfying solution…
![Page 52: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/52.jpg)
Problem 1: Post-consumer uses of tags
k
Dead tags perhaps not harmful, but certainly not beneficial…
![Page 53: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/53.jpg)
Problem 2: RF signatures• Y. Oren and A. Shamir attacked EPC kill passwords via over-the-
air power analysis• Found that dead tags are detectable!
– Backscatter from antennas• Hypothesize manufacturer type may be learnable
•3 type A tags (merchandise)•2 type B tags (medication)•10 type C tags (500-Euro banknotes)
• Probably of limited significance, but still bears on privacy• Do tags possess uniquely detectable RF fingerprints?
– Device signatures a staple of electronic warfare
• Cryptography would not help here!
![Page 54: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/54.jpg)
So what might solve our problems?
• The fact that privacy is not RFID specific
• Laws and policy
• RFID security as a database problem– Reduces problem to access control, but:– Accept tracking of identifiers– Create further dependence on network
connectivity
![Page 55: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/55.jpg)
So what might solve our problems?
• Higher-powered intermediaries like mobile phones– RFID “Guardian” and RFID REP
Please show reader certificate and privileges
![Page 56: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/56.jpg)
So what might solve our problems?
• Cryptography!– Urgent need for cheaper hardware for primitives and better side-
channel defenses
• Some of talk really in outer limits, but basic caveats are important:– Pressure to build a smaller, cheaper tags without cryptography– RFID tags are close and personal, giving privacy a special
dimension– RFID tags change ownership frequently– Key management will be a major problem
• Think for a moment after this talk about distribution of kill passwords…
• Are there good hardware approaches to key distribution, e.g., proximity as measure of trust
![Page 57: The Outer Limits of RFID Security](https://reader035.fdocuments.in/reader035/viewer/2022081516/54c0d52c4a7959f0128b45cd/html5/thumbnails/57.jpg)
To learn more
• Largely collaborative work within RFID CUSP– www.rfid-cusp.org– Papers available on publications page
• Papers:– “RFID security and privacy: a research survey”– “The security implications of VeriChipTM
cloning,” • Joint work with J. Halamka, A. Stubblefield, and J. Westhues
– “Covert channels in privacy-preserving identification systems”• Forthcoming joint work with Dan Bailey
– “Power analysis of RFID tags” (on Internet; not RFID-CUSP)• Y. Oren and A. Shamir