RFID SecurityOverviewLet’s tag it!RFID ModelAnatomy of RFID TagRFID In Daily Life2005: Raise of RFIDWhy the tag is not secure?Adding Security to TagsHow to solve the problems?Encrypted Tag - InitializationEncrypted Tag – Read: Step 1Encrypted Tag – Read: Step 2Encrypted Tag – Read: Step 3Encrypted Tag – Read: Step 4AssumptionsBenefitsConclusion9/3/2005Alireza P. Sabzevar1RFID SecurityAlireza P. SabzevarGMU-ECE 6469/3/2005 Alireza P. Sabzevar2Overviewz An introduction to RFIDz RFID security problemsz How to solve the problem?z An algorithm for RFID security: XOR and One-time padz Conclusion9/3/2005 Alireza P. Sabzevar3Let’s tag it!z You reach a toll station in the road, you have two options:Exact ChangeorE-ZPass, SmarTagz What will happen if we put the same kind of tag on every single item? Replacing bar-Code with RFID tag!9/3/2005 Alireza P. Sabzevar4RFID Model9/3/2005 Alireza P. Sabzevar5Anatomy of RFID TagAn RFID tag is powered only when within range of a reader.9/3/2005 Alireza P. Sabzevar6RFID In Daily LifeE-ZPass lanes in Toll StationsPets trackingExxon Gas Stations9/3/2005 Alireza P. Sabzevar72005: Raise of RFIDz In the NEWS: Wal-Mart is pushing its suppliers to start using RFID to track inventory by 2005 z Lots of other plans in public and private sector to use RFID.9/3/2005 Alireza P. Sabzevar8Why the tag is not secure?z Lack of password protection for read and write: Some body may fake a tagz Unencrypted communication between reader and the tag: Attacker may overhear the communicationz Having a constant value on the tag which makes it easy for eavesdropper to track a particular tag.9/3/2005 Alireza P. Sabzevar9Adding Security to Tagsz Kill Command and passwordz Challenge/Responsez Randomized Hash Functionz Hash Functionz Symmetric Encryption by verifier and writing the result into the tagz Smart card encryption for high-end tags9/3/2005 Alireza P. Sabzevar10How to solve the problems?z Encryption and Password Protection. z BUT: No enough power to execute an encryption algorithm like DES or RSAz We need a light-weight but still powerful algorithm: One-time pad & XOR9/3/2005 Alireza P. Sabzevar11Encrypted Tag - Initializationz TAGInitialization tok={α, β, γ}∆k = {δk(1), δk(2), δk(3),…. δk(m)}K= K XOR ∆k k={α’, β’, γ’}z VERIFIERStore the value ofk={α’, β’, γ’} and ∆k = {δk(1), δk(2), δk(3),…. δk(m)}in the database9/3/2005 Alireza P. Sabzevar12Encrypted Tag – Read: Step 1z TAGk={α’, β’, γ’}→ α’→z VERIFIER← read←If α’ is valid αxfor some tag Txthen tag←x and extract kx={αx, βx, γx} from database9/3/2005 Alireza P. Sabzevar13Encrypted Tag – Read: Step 2z TAGIf β’≠ βx then output(“reject”) and abortElse→ γ’→z VERIFIER← βx←9/3/2005 Alireza P. Sabzevar14Encrypted Tag – Read: Step 3z TAG z VERIFIERIf γ’≠ γx then output(“reject”) and abort Else Output(“accepted”) prepare the random set of ∆’k = {δ’k(1), δ’k(2), δ’k(3),…. δ'k(m)}← ∆’k ←9/3/2005 Alireza P. Sabzevar15Encrypted Tag – Read: Step 4z TAGRotate ∆k to left for the size of k ∆k = ∆kXOR ∆’ xk= k XOR ∆xz VERIFIERRotate ∆k to left for the size of k ∆k = ∆xXOR ∆’ xk= k XOR ∆x9/3/2005 Alireza P. Sabzevar16Assumptionsz An adversary may interact with targeted RFID tags only a relatively small number of times in rapid successionz The ability of an adversary to mount man-in-the-middle attacks between tags and legitimate reader is restricted.9/3/2005 Alireza P. Sabzevar17Benefitsz Β and γ work like challenge/responsez Tag values and communication are always encryptedz No constant value on the tagz With small change on existing tags (ATMEL TK5552) it can be implemented.z It works with current readers9/3/2005 Alireza P. Sabzevar18Conclusionz Most of low-cost RFID tags in the market are defenselessz Again security comes lastz RFID security will be a big challenge in coming yearsz It is possible to add a good level of security to low-cost
View Full Document
Unlocking...