Toward Practical Public Key Anti- Counterfeiting for Low-Cost EPC Tags Alex Arbit, Avishai Wool, Yossi Oren, IEEE RFID April 2011 1.

Slides:

Advertisements

Similar presentations

TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST

Advertisements

Personal Computers and Applications

All Programmable FPGAs, SoCs, and 3D ICs

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

ISA 662 IKE Key management for IPSEC Prof. Ravi Sandhu.

Symmetric Encryption Prof. Ravi Sandhu.

Objectives Know why companies use distribution channels and understand the functions that these channels perform. Learn how channel members interact and.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 5 Author: Julia Richards and R. Scott Hawley.

1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.

By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.

1 Building a Fast, Virtualized Data Plane with Programmable Hardware Bilal Anwer Nick Feamster.

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.

Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination.

Wireless Networks Should Spread Spectrum On Demand Ramki Gummadi (MIT) Joint work with Hari Balakrishnan.

1 The Pollution Attack in P2P Live Video Streaming: Measurement Results and Defenses Prithula Dhungel Xiaojun Hei Keith W. Ross Nitesh Saxena Polytechnic.

Address-based Route Reflection Ruichuan Chen (MPI-SWS) Aman Shaikh (AT&T Labs - Research) Jia Wang (AT&T Labs - Research) Paul Francis (MPI-SWS) CoNEXT.

Smart Tracking: Usage of IPv6 in RFID System for Global Mobility

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Title Subtitle.

DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

ADDING INTEGERS 1. POS. + POS. = POS. 2. NEG. + NEG. = NEG. 3. POS. + NEG. OR NEG. + POS. SUBTRACT TAKE SIGN OF BIGGER ABSOLUTE VALUE.

SUBTRACTING INTEGERS 1. CHANGE THE SUBTRACTION SIGN TO ADDITION

MULT. INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

Thialﬁ: A Client Notiﬁcation Service for Internet-Scale Applications

BT Wholesale October Creating your own telephone network WHOLESALE CALLS LINE ASSOCIATED.

Block Cipher Modes of Operation and Stream Ciphers

ECE454/CS594 Computer and Network Security

Trusted Symbol of the Digital Economy 1 Bill Holmes – VP Marketing ID Platform - Smart Cards.

SE-292 High Performance Computing

The VARAN Bus, the Real-Time Ethernet Bus System 1 / 23 The VARAN Bus.

Trusted Design In FPGAs

Mitigate Unauthorized Tracking in RFID Discovery Service Qiang Yan 1, Robert H. Deng 1, Zheng Yan 2, Yingjiu Li 1, Tieyan Li 3 1 Singapore Management University,

ABC Technology Project

Squares and Square Root WALK. Solve each problem REVIEW:

Do you have the Maths Factor?. Maths Can you beat this term’s Maths Challenge?

Chapter 5 Test Review Sections 5-1 through 5-4.

SIMOCODE-DP Software.

GG Consulting, LLC I-SUITE. Source: TEA SHARS Frequently asked questions 2.

Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.

1 First EMRAS II Technical Meeting IAEA Headquarters, Vienna, 19–23 January 2009.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBCMSN BCMSN Module 1 Lesson 1 Network Requirements.

Addition 1’s to 20.

25 seconds left…...

We will resume in: 25 Minutes.

A SMALL TRUTH TO MAKE LIFE 100%

International Data Encryption Algorithm

L8. Reviews Rocky K. C. Chang, May Foci of this course 2 Rocky K. C. Chang  Understand the 3 fundamental cryptographic functions and how they are.

SE-292 High Performance Computing Memory Hierarchy R. Govindarajan

A SMALL TRUTH TO MAKE LIFE 100%

1 Unit 1 Kinematics Chapter 1 Day

1 PART 1 ILLUSTRATION OF DOCUMENTS  Brief introduction to the documents contained in the envelope  Detailed clarification of the documents content.

How Cells Obtain Energy from Food

McGraw-Hill©The McGraw-Hill Companies, Inc., 2001 Chapter 16 Integrated Services Digital Network (ISDN)

Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.

Registry system data exchange General design requirements Pre-sessional Consultations on Registries 19 October 2002 New Delhi, India UNFCCC secretariat.

Off-the-Record Communication, or, Why Not To Use PGP

Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.

Digital signature using MD5 algorithm Hardware Acceleration

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof :: Naveen Sastry :: David Wagner Presented by Roh, Yohan October.

Security of the Internet of Things: perspectives and challenges

1 Example security systems n Kerberos n Secure shell.

Presentation transcript:

Toward Practical Public Key Anti- Counterfeiting for Low-Cost EPC Tags Alex Arbit, Avishai Wool, Yossi Oren, IEEE RFID April

Outline Anti-counterfeiting for RFID Cryptographic anti-counterfeiting Lab system setup WIPR protocol flow Implementation results Optimizations Summary & Future work 2

RFID EPC Supply chain 3 Counterfeiting is considered one of the greatest treats to the worlds economy Electronic Product Code (EPC) is designed to guarantee uniqueness of every RFID Tag in Supply Chain Problem: Standard RFID EPC-based supply chain is generally unprotected and may become an easy target for the adversary

RFID Tags Anti-counterfeiting methods Unique ID (EPC) Unencrypted value – an easy prey for adversary! A world-wide readers network database to trace compromised tag IDs (track-and-trace) Essential cooperativeness of all supply chains Loss of information privacy Cryptographic solution Asymmetric solution – Public key on Tag Strong system protection – breaking one Tag doesnt compromise the supply chain Was considered not feasible for RFID chain due to high resource consumption on tag side and long execution times! 4

Cryptographic anti-counterfeiting protocol Non-secret Public key (Tag, reader) Private key (Reader only) 5

Asymmetric cryptographic approach Tag bears only a partial (public) key -> can only encrypt messages System not compromised even if a certain tag is Reader possesses both key parts -> can encrypt and decrypt Only one private key is required for entire chain No need for a constant link to a central server 6

A system view of the suggested public- key based anti-counterfeiting system Only Tag Integrator possesses all encryption and decryption keys Tag manufacturer has no signing key Unable to create arbitrary signed TIDs not from Integrators list Reader has private decryption key but no signing key Can only verify tags but unable to forge new ones o System can operate completely offline once keys are delivered 7

IAIK Demotag EPC C1G2 fully compliant UHF tag ATMega128 AVR controller Integral 128kB Flash, 4kB SRAM 16MHz crystal oscillator Communication interfaces JTAG UART RFID Analog Front End 8

Experimental System Setup IAIK UHF Demotag with a WIPR algorithm mounted on it CAEN RFID EPC1G2 Reader with MATLAB SCA toolkit 2 PC Workstations 9

10 Full WIPR Protocol flow

Seamless protocol integration with standard EPC Class I Generation II commands 11

Tag Firmware Architecture 12

Tag resources usage 13

Implementation results – message encryption time as f(heap size) Message encryption time shortened from initial 7 seconds down to 180 milliseconds using optimizations! Will be checked on existing ASIC implementation for the same dramatic effect of RAM usage on performance Y (ms) X (bytes) 14

Response time as a function of block read size Reader-tag maximum wireless link speed 15kbps After each data transaction reader shuts down the link – inefficient reader implementation slows the link down Reading out large chunks of data ensures fastest response time 15

16

Response time as a function of block read size – cont. Reading out large chunks of data ensures fastest response time 17

Optimizations 18

Optimizations Total systems performance further improved from 840ms to 265ms with full link pipelining 19 Total link time

Summary A full strength Public key Crypto system is implemented on standard EPC C1 G2 Tag for RFID supply chain! RAM usage presents a resource vs. message encrypt time latency trade-off. A better use of air interface by the reader side squeeze the total execution time down to 0.265s for full pipelining. System designed for fully off-line operation can be further strengthened by use of standard reader track-and-trace with no additional cost on Tag side. 20

Future Work Adding a small amount of RAM to existing ASIC implementation to compare performances and benchmarking Integrate suggested anti-counterfeiting solution with current EPC C1G2 tag chips Work with other reader vendors to see if they handle a standard EPC Class I Generation II more efficiently 21

Thank You! תודה רבה ! 22

WIPR algorithm on Tag 1. Reader challenge Rr received 2. Tag generates two random bit strings 1. Rt,1 – bit padding for Plaintext 2. Rt,2 – bit padding for Public key n 3. Tag forms response message 1. P=BYTE_MIX(Rr||Rt1||(Tag ID)) 2. M=P*P+Rt,2*n (encrypted message) 3. Encrypted message length = 276 Bytes 23