IntroductionProject DefinitionTimingSome references:Alireza Pirayesh Sabzevar ([email protected]) Project Proposal for ECE-646 Project Proposal for ECE-646 Cryptography and Computer Network-Security Security in RFID systems Introduction Radio Frequency Identification systems are in the limelight for a few years and become pervasive in our daily lives. Security and access control are the most likely applications to use radio frequency identification with three in 10 survey respondents planning an RFID implementation saying that they plan on developing security applications first but these smart devices are nowadays embedded in the consumer items as well. Other likely applications are inventory and asset management, and industrial tracking. While RFID is only used in a few ways now, its use is expected to increase by 450 percent in the next year and a further 96 percent in 2006. As RFID gets more popularity, the privacy issues raised by RFID tags are vitally important. In the wake of announcements by Wal-Mart, the biggest retailer in the world, that it would require RFID tags on cases/pallets of products to facilitate tracking - and may require tags on individual products eventually - scare stories concerning possible use of these tags to violate individual privacy have been surfacing. Such stories ignore not only common sense and practicality, but also the basic physics that govern the potential of these tags. Both the public and the retailers considering tag use need to understand these basic facts before they can enter meaningful debate on the use of the technology. The challenge in providing security for low-cost RFID tags is that they are computationally weak devices, unable to perform even basic symmetric-key cryptographic operations. Security researchers often therefore assume that good privacy protection in RFID tags is unattainable. Project Definition A 3 phase project for ECE-646 is trying to see how a security mechanism for RFID system can be implemented. Project starts with review of available solutions for RFID security and then narrows down to in depth study and implementation of one specific algorithm. In the phase one, the current solutions for providing security for RFID systems will be reviewed. The review will be done in 2 parts. Part one will cover the general idea of lightweight security mechanism for small computational devices. There is a considerable body of research on the design of lightweight public-key encryption and digital-signing algorithms – largely intended for use in smart cards and similarly small computational devices. These algorithms include identification or digital-signature schemes such as the classic Guillou Quisquater algorithm and also newer algorithms like the NTRUAlireza Pirayesh Sabzevar ([email protected]) Project Proposal for ECE-646 cryptosystem. Even the most lightweight of these many schemes is likely to be well beyond the capabilities of small RFID tags for quite some time to come. The second part of study specifically deals with RFID devices. The results of this part which will appear in a progress report include a review on RFID and its usage as well as security concerns and possible solution. In the second phase, the project will focus on implementation and evaluation of a security protocol proposed in “Minimalist Cryptography for Low-Cost RFID Tags” by Ari Juels. (http://www.rsasecurity.com/rsalabs/staff/bios/ajuels/publications/minimalist/Minimalist.pdf) The author claims that the proposed protocol provably achieves the properties of authentication and privacy in RFID tags in a good practical sense which involves no computationally intensive cryptographic operations, and relatively little storage. This claim will be challenged by this project to see how practical and secure the proposed protocol is. The proposed scheme in the paper needs read/write RFID tags with several hundred bits of memory comparable to Amtel TK5552. If equipment price allows, real tag and corresponding reader will be used otherwise the reader/tag interaction will be simulated by RPC. The Error injection or reading multiple tags simultaneously can be considered as some enhancements in the simulation to bring the system closer to the real environment. Implementation Track Operating System Programming language Communication Simulation Linux C RPC With RFID tag-reader MS-Windows Visual Basic Serial Port In either case, we want to see how an authentication mechanism based on challenge-response and one time pad can be implemented between a reader and tag. The communication between the reader and verifier is considered to be a secured communication. For testing the algorithm we try a couple of simple attacks like man-in-middle or passive attacks and see if we can break into the system. In any implementation track we design a suitable test case to verify the mechanism. In the conclusion part of the paper, the author, Ari Juels, says: The centralized verifier model that we work with in this paper, for instance, is valuable as a first step toward RFID-system characterization. Further development and understanding of RFID systems will certainly yield other useful models involving varying degrees and forms of decentralization. To follow his hint, in the last phase of the project, the idea of decentralized system will be examined. As the real world, we suppose a tag might be read by several readersAlireza Pirayesh Sabzevar ([email protected]) Project Proposal for ECE-646 connected to loosely connected verifier databases. In such a system, a tag may migrate among different verifiers as it moves from one physical location to another location. Defining a security model for such a system will be the first priority of this phase then the protocol will be changed accordingly. The new protocol will be implemented as continuation of the phase two simulator. Timing Phase Subject Date Deliverable Part 1 Study on security mechanism for small computational devices 10/13/2004 Study Report 1 Part 2 Study on security mechanism for RFID devices 11/03/2004 Study Report 2 Implementing a cryptography system for Low-Cost RFID Tags 11/17/2004 Implemented system, test results and related documents 3 A decentralized cryptography system for Low-Cost RFID Tags 12/01/2004 System model, modified protocol. implementation or simulation Some references: Ari Juels, Minimalist Cryptography for Low-Cost RFID Tags
View Full Document
Unlocking...