Scribd
Upload
43 views45 pages

6.857: RFID Security and Privacy: November 2, 2004

The document discusses a lecture on RFID security and privacy that covers the history and applications of RFID technology, security threats posed by RFID systems including espionage and forgery, adversarial models for RFID attacks, and potential countermeasures that can be used to increase security while meeting the strict resource constraints of RFID tags.

Uploaded by

ALEX SAGAR
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
43 views45 pages

6.857: RFID Security and Privacy: November 2, 2004

The document discusses a lecture on RFID security and privacy that covers the history and applications of RFID technology, security threats posed by RFID systems including espionage and forgery, adversarial models for RFID attacks, and potential countermeasures that can be used to increase security while meeting the strict resource constraints of RFID tags.

Uploaded by

ALEX SAGAR
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 45

6.

857: RFID Security and Privacy


November 2nd, 2004
Massachusetts Institute of Technology
Computer Science and Artificial Intelligence Laboratory

6.857 Lecture - November


2, 2004

Talk Abstract and Outline


Abstract: What is RFID, how does it affect
security and privacy, and what can we do
about it?
Outline
RFID Introduction, History, and Applications
Security Threats and Adversarial Model
Countermeasures

6.857 Lecture - November


2, 2004

What is RFID?
Radio Frequency Identification: Identify
physical objects through a radio interface.
Many different technologies called RFID.
Others types of auto-ID systems include:
Optical barcodes
Radiological tracers
Chemical taggants

6.857 Lecture - November


2, 2004

RFID System Primer


Three Main Components:
Tags, or transponders, affixed to objects
and carry identifying data.
Readers, or transceivers, read or write tag
data and interface with back-end
databases.
Back-end databases correlate data stored
on tags with physical objects.
6.857 Lecture - November
2, 2004

RFID Adhesive Labels


4 cm

6.857 Lecture - November


2, 2004

An RFID
Smart Shelf
Reader

6.857 Lecture - November


2, 2004

System Interface

Network

Reader

Data
Processing

Reader

01.203D2A.916E8B.8719BAE03C

Tag

Database
6.857 Lecture - November
2, 2004

RFID History
Earliest Patent: John Logie Baird (1926)
Identify Friend or Foe (IFF) systems developed
by the British RAF to identify friendly aircraft.
Both sides secretly tracked their enemys IFF.
How do you identify yourself only to your friends?
Dont shoot! Were British!

Oh. Were British too!

6.857 Lecture - November


2, 2004

Digression #1:
Related Military Applications
IFF still used today for aircraft and
missiles. Obviously classified.
Could envision an IFF system for soldiers.
Lots of military interest in pervasive
networks of cheap, RFID-like sensors.
Monitoring pipelines, detecting biological
agents, tracking munitions, etc.
6.857 Lecture - November
2, 2004

Commercial Applications
Early Applications:
Tracking boxcars and shipping containers.
Cows: RFID ear tags.
Bulky, rugged, and expensive devices.

The RFID Killer Application?

6.857 Lecture - November


2, 2004

Supply-Chain Management
(Not Gum)

First Universal Product Code scanned was


on a pack of Juicy Fruit gum in 1976.
Every day, over five billion barcodes are
scanned around the world.
But barcodes are slow, need line of sight,
physical alignment, and take up packaging
real estate.
Over one billion RFID tags on the market.
Example: Gillettes shrinkage problem.
6.857 Lecture - November
2, 2004

Modern RFID Applications


Supply-Chain Management
Inventory Control
Logistics
Retail Check-Out

Access Control: MIT Proximity Cards.


Payment Systems: Mobil SpeedPass.
Medical Records: Pet tracking chips.
6.857 Lecture - November
2, 2004

Prada's RFID Closet

MIT Prox Card

6.857 Lecture - November


2, 2004

6.857 Lecture - November


2, 2004

Tag Power Source


Passive:
All power comes from a readers interrogation signal.
Tags are inactive unless a reader activates them.
Passive powering is the cheapest, but shortest range.

Semi-Passive:
Tags have an on-board power source (battery).
Cannot initiate communications, but can be sensors.
Longer read range, more cost for battery.

Active:
On-board power and can initiate communications.
6.857 Lecture - November
2, 2004

Functionality Classes
Class Nickname

Memory

Power
Source

Anti-Shoplift
Tags

None

Passive

Article Surveillance

Electronic
Product Code

Read-Only

Passive

Identification Only

Electronic
Product Code

Read/Writ
e

Passive

Data Logging

Sensor Tags

Read/Writ
e

Semi-Passive Environmental
Sensors

Smart Dust

Read/Writ
e

Active

6.857 Lecture - November


2, 2004

Features

Ad Hoc Networking

Operating Frequencies
Range Class

LF

HF

UHF

Frequency
Range

120-140 MHz

13.56 MHz

868-956 MHz

Maximum
Range?

3 meters

3 meters

10 meters

Typical Range

10-20
centimeters

10-20
centimeters

3 meters

6.857 Lecture - November


2, 2004

Asymmetric Channels

Reader

Tag

Eavesdropper

Backward Channel Range (~5m)

Forward Channel Range (~100m)

6.857 Lecture - November


2, 2004

Security Risks: Espionage


Corporate Espionage:
Identify Valuable Items to Steal
Monitor Changes in Inventory

Personal Privacy
Leaking of personal information
(prescriptions, brand of underwear, etc.).
Location privacy: Tracking the physical
location of individuals by their RFID tags.
6.857 Lecture - November
2, 2004

Espionage Case Study


The US Food and Drug Administration
(FDA) recently recommended tagging
prescription drugs with RFID pedigrees.
Problems:
Im Oxycontin. Steal me.
Bobs Viagra sales are really up this month.
Hi. Im Alices anti-fungal cream.

6.857 Lecture - November


2, 2004

Security Risks: Forgery


RFID casino chips, Mobil SpeedPass, EZPass, FasTrak, prox cards, 500
banknotes, designer clothing.
Skimming: Read your tag, make my own.
Swapping: Replace real tags with decoys.
Producing a basic RFID device is simple.
A hobbyist could probably spoof most
RFID devices in a weekend for under $50.
6.857 Lecture - November
2, 2004

Security Risks: Forgery


Mandel, Roach, and Winstein @ MIT
Took a couple weeks and $30 to figure out how
produce a proximity card emulator.
Can produce fake cards for a few dollars.
Can copy arbitrary data, including TechCash.
Could read cards from several feet.
(My card wont open the door past a few inches.)
Broke Indala's FlexSecur data encryption.
(Just addition and bit shuffling. Doh.)
6.857 Lecture - November
2, 2004

6.857 Lecture - November


2, 2004

Security Risks: Sabotage


If we cant eavesdrop or forge valid tags,
can simply attack the RFID infrastructure.
Wiping out inventory data.
Vandalization.
Interrupting supply chains.
Seeding fake tags difficult to remove.

6.857 Lecture - November


2, 2004

Adversarial Model
Can classify adversaries by their access.
Three levels of read or write access:
Physical: Direct access to physical bits.
Logical: Send or receive coherent messages.
Signal: Detect traffic or broadcast noise.

Can further break down into Forward-only


or Backward-only access.
6.857 Lecture - November
2, 2004

Adversarial Model: Attacks


Long-Range Passive Eavesdropper:
Forward-Only Logical Read Access.
No Write Access.

Tag Manufacture/Cloning:
No Read Access/Physical Read Access.
Physical Write Access.

Traffic Analysis: Signal Read Access.


Jamming: Signal Write Access.
6.857 Lecture - November
2, 2004

Adversarial Model:
Countermeasures
Countermeasures will degrade an
adversarys access. For example:
Encryption degrades logical read access
to signal read access.
Authentication degrades logical write to
signal write access.
Tamper resistance can degrade physical
read to logical read access.
6.857 Lecture - November
2, 2004

Is it really that bad?


Maybe Not.
Tags can only be read from a few meters.*
Will mostly be used in closed systems like
warehouses or shipping terminals.
Can already track many consumer purchases
through credit cards.
Difficult to read some tags near liquids or metals.
Can already track people by cell phones,
wireless MAC addresses, CCTV cameras, etc.
6.857 Lecture - November
2, 2004

Butthe customer is always right.


The public perception of a security risk, whether
valid or not, could limit adoption and success.
Similar to Pentium IIIs unique ID numbers.
Successful boycott of Benetton.
Privacy advocates have latched on:
e-mails sent to the RFID Journalhint at some of
the concerns. I'll grow a beard and f--k Gillette, wrote
one reader, Economist Magazine, June 2003.
Auto-ID: The worst thing that ever happened to
consumer privacy, CASPIAN website.
6.857 Lecture - November
2, 2004

Digression #2:
RFID Public Relations
The industry never misses a chance to
shoot itself in the foot.
Track anything, anywhere.
Wal-Mart Caught Conducting Secret
Human Trials Using Alien Technology!
Lesson: If you dont want people to
negatively spin your technology, dont
make their jobs easier.
6.857 Lecture - November
2, 2004

Security Challenge
Resources, resources, resources.
EPC tags ~ 5 cents. 1000 gates ~ 1 cent.
Main security challenges come from
resource constraints.
Gate count, memory, storage, power, time,
bandwidth, performance, die space, and
physical size are all tightly constrained.
Pervasiveness also makes security hard.
6.857 Lecture - November
2, 2004

Example Tag Specification


Storage 128-512 bits of read-only storage.
Memory 32-128 bits
memory.

of

volatile

read-write

Gate Count 1000-10000 gates equivalents.


Security Gate Budget 200-2000 gate equivalents.
Operating Frequency UHF 868-956 MHz.
Forward Range 100 meters.
Backward Range 3 meters.
Read Performance 100 read operations per second.
Cycles per Read 10,000 clock cycles.
Tag Power Source Passively powered via RF signal.
Power Consumption per 10 Watts
Read
Features Anti-Collision Support
Random
Number Generator
6.857 Lecture
- November
2, 2004

Resource Constraints
With these constraints, modular math
based public-key algorithms like RSA or
ElGamal are much too expensive.
Alternative public-key cryptosystems like
ECC, NTRU, or XTR are too expensive.
Symmetric encryption is also too costly.
We cant fit DES, AES, or SHA-1 in 2000
gates.
(Recent progress made with AES.)
6.857 Lecture - November
2, 2004

Hash Locks
Rivest, Weis, Sarma, Engels (2003).
Access control mechanism:
Authenticates readers to tags.

Only requires OW hash function on tag.


Lock tags with a one-way hash output.
Unlock tags with the hash pre-image.
Old idea, new application.
6.857 Lecture - November
2, 2004

Hash Lock Access Control


Reader
metaID hash(key)
Store (key,metaID)

Tag
Who
are you?
metaID

Store metaID
metaID

key

metaID = hash(key)?
Hi, my name is..

Querying
Unlocking
Locking
a locked
a atag
tagtag

6.857 Lecture - November


2, 2004

Hash Lock Analysis


+ Cheap to implement on tags:
A hash function and storage for metaID.
+ Security based on hardness of hash.
+ Hash output has nice random properties.
+ Low key look-up overhead.
- Tags respond predictably; allows tracking.
Motivates randomization.
6.857 Lecture - November
2, 2004

Randomized Hash Lock


Reader
Knows tag ID1,, IDn

Tag: IDk
Query?
R,hash(R, IDk)

Search hash(R, IDi)


IDk

Unlocking a tag

6.857 Lecture - November


2, 2004

Select random R

Randomized Hash Lock Analysis


+ Implementation requires hash and random
number generator
Low-cost PRNG.
Physical randomness.

+ Randomized response prevents tracking.


- Inefficient brute force key look-up.
- Hash is only guaranteed to be one-way.
Might leak information about the ID.
(Essentially end up with a block cipher?)
6.857 Lecture - November
2, 2004

Blocker Tags
Juels, Rivest, Szydlo (2003).
Consumer Privacy Protecting Device:
Hides your tag data from strangers.

Users carry a blocker tag device.


Blocker tag injects itself into the tags anticollision protocol.
Effectively spoofs non-existent tags.
(Only exists on paper.)
6.857 Lecture - November
2, 2004

Other Work
Efficient Implementations for RFID:
Feldhofer, Dominikus, and Wolkerstorfer.
Gaubatz, Kaps, and Yksel.

Secure Protocols:
Ari Juels.
Inoue and Yasuura
Gildas Avoine.

Privacy Issues:
Molnar and Wagner.
Henrici and Mller.

Limited Bibliography:
crypto.csail.mit.edu/~sweis/rfid/

6.857 Lecture - November


2, 2004

RFID Policy

Policy can address a lot of privacy issues.


RSA Security is proposing a privacy bit:
Sort of like a do not disturb sign.
Doesnt stop someone from reading a tag.
More bits could encode various access policies

Garfinkel has proposed an RFID Bill of Rights.


Other fair information practices proposed by
EPIC, EFF, CASPIAN, etc.

6.857 Lecture - November


2, 2004

Simsons Bill of Rights


The RFID Bill of Rights:
1)The right to know whether products contain
RFID tags.
2)The right to have RFID tags removed or
deactivated when they purchase products.
3)The right to use RFID-enabled services
without RFID tags.
4)The right to access an RFID tags stored data.
5)The right to know when, where and why the
tags are being read.
6.857 Lecture - November
2, 2004

A New Idea: Humans and Tags


Tags are dumb. But so are people.
Hopper and Blum have human-oriented
identification protocols that you can do in
your head. Linked off www.captcha.net.
Now adopting their protocol to RFID and
securing it against stronger adversaries.
(Papers in progress.)
6.857 Lecture - November
2, 2004

Questions?

6.857 Lecture - November


2, 2004

Dont forget to vote!

6.857 Lecture - November


2, 2004

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy