RFID: The Problems of Cloning and Counterfeiting Ari Juels RSA Laboratories 19 October 2005
RFID devices take many forms
“RFID” really denotes a spectrum of devices Automobile ignition key Mobile phone Toll payment plaque Basic “smart label”
“Smart label” RFID tag Passive device – receives power from reader Range of up to several meters Simply calls out (unique) name and static data “74AB8” “5F8KJ3” “Evian bottle #949837428”
Capabilities of “smart label” RFID tag Little memory Static 96-bit+ identifier in current ultra-cheap tags Hundreds of bits soon Little computational power Several thousand gates (mostly for basic functionality) No real cryptographic functions possible Pricing pressure may keep it this way for a while, i.e., Moore’s Law will have delayed impact
The grand vision: EPC (Electronic Product Code) tags Barcode EPC tag Fast, automated scanning Line-of-sight Radio contact Provides pointer to database entry for every object, i.e., unique, detailed history Specifies object type Uniquely specifies object
Impending explosion in (EPC) RFID use EPCglobal Joint venture of UCC and EAN Wal-Mart, Procter & Gamble, DoD, etc. Recently ratified new EPC-tag standard (Class 1 Gen 2) Pallet and case tagging first Item-level retail tagging, automated tills, seem years away Estimated costs 2008: $0.05 per tag; hundreds of dollars per reader (?) Beyond: $0.01 per tag; several dollars per reader (?)
Other forms of RFID Automobile immobilizers Payment devices Currency?
Other forms of RFID “Not Really Mad” Tracking cattle Passports
Other forms of RFID Medical compliance RFID readers in mobile handsets Showtimes: 16.00, 19.00
The privacy problem Mr. Jones in 2015 Bad readers, good tags Wig model #4456 (cheap polyester) Das Kapital and Communist-party handbook 1500 Euros in wallet Serial numbers: 597387,389473… 30 items of lingerie Replacement hip medical part #459382
The authentication problem Good readers, bad tags Mr. Jones’s car! Mr. Jones in 2015 Counterfeit! Replacement hip medical part #459382 Counterfeit! 1500 Euros in wallet Serial numbers: 597387,389473… Mad-cow hamburger lunch
RFID and sensors will underpin critical infrastructure Authentication therefore has many facets: Physical security Consumer goods and pharmaceuticals safety Transaction security Brand value …but it’s getting short shrift I’ll talk about three different projects on RFID authentication
The Digital Signature Transponder (DST) Joint work with S. Bono, M. Green, A. Stubblefield, A. Rubin, and M. Szydlo USENIX Security ‘05
The Digital Signature Transponder (DST) “I’m tag #123” f 40-bit challenge C Car #123 24-bit response R = fK(C) (simplified) Helps secure tens of millions of automobiles Philips claims more than 90% reduction in car theft thanks to RFID! (TI did at one point.) Also used in millions of payment transponders
The Digital Signature Transponder (DST) “I’m tag #123” f 40-bit challenge C Car #123 24-bit response R = fK(C) (simplified) The key K is only 40 bits in length!
The Digital Signature Transponder (DST) “I’m tag #123” f 40-bit challenge C Car #123 24-bit response R = fK(C) (simplified) Our aim: Demonstrate security vulnerability by cloning real DSTs
The Digital Signature Transponder (DST) “I’m tag #123” f 40-bit challenge C Car #123 24-bit response R = fK(C) f (simplified) But what is the cryptographic function f ???
Black-box cryptanalysis key K f? C R = fK(C) Programmable DST
Not implemented this way! Texas Instruments DST40 cipher (not original schematic) ??? Challenge register Routing Network ??? f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15 f16 f17 f21 f18 f19 f20 Routing Network Key register Not implemented this way! 400 clocks / 3 cycles
Not implemented this way! f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15 f16 Routing Network f17 f18 f19 f20 f21 Challenge register Key register 400 clocks / 3 cycles Texas Instruments DST40 cipher (not original schematic) ??? Not implemented this way! f17 f18 f19 f20 f21
Black-box cryptanalysis
One internal wire Case A
Or two internal wires? Case B
Black-box cryptanalysis 1 1
2 possible values 4 possible values Case A Case B
Same principle applies to more complex structures… f17 f21 f18 f19 f20
Same principle applies to more complex structures…
Consider two particular input wires…
Or do two inputs go to same box? Case A
Do two inputs go to different boxes? Case B
One internal wire Two internal wires Case A Case B
Not implemented this way! ??? ??? f Not implemented this way!
The full cloning process Skimming Key cracking Simulation
The full cloning process Step 1: Skimming Step 1: Skimming Obtain responses r1,r2 to two challenges, c1, c2 Takes only 1/4 second!
The full cloning process Step 2: Key cracking C Find secret key k such that r1=fk(c1) and r2 = fk(c2) (30 mins. on 16-way parallel cracker; Faster with Hellman table)
The full cloning process Step 3: Simulation Simulate radio protocols with computation of fk
“Human” authentication for RFID tags Joint work with Steve Weis Crypto ‘05
RFID tags are a little like people ≈ Very limited memory for numbers Very limited ability for arithmetic computation
Hopper-Blum (HB) Human Identification Protocol
Hopper-Blum (HB) Human Identification Protocol Challenge A Response f(X,A) Secret X
Hopper-Blum (HB) Human Identification Protocol Challenge A R = (X • A) + Nη modular dot product noise w.p. η Secret X
HB Protocol Example, mod 10 (0, 4, 7) R = 5 7 X = (3,2,1)
Learning Parity in the presence of Noise (LPN) Given multiple rounds of protocol, find X (or other equally good secret) Given q challenge-response pairs (A1,R1)…(Aq,Rq) ,, find X’ such that Ri = X’ • Ai on at most ηq instances, for constant η > 0 Binary values Note that noise is critical! LPN is NP-hard – even within approx. of 2 Theoretical and empirical evidence of average-case hardness Poly. adversarial advantage in HB protocol → LPN
Problem: Not secure against HB Protocol C R X X Problem: Not secure against active adversaries!
HB+ Protocol C D (D • Y) + + Nη R = (C • X) X,Y X,Y
HB+ Protocol D (D • Y) + + Nη X,Y X,Y
HB+ Protocol C D X,Y X,Y R = (C • X) (D • Y) + + Nη Intuition: Add extra HB protocol with prover-generated challenge Adversary effectively cannot choose challenge here
In the paper Most of paper elaborates security reduction from HB+ to LPN Implementation of algorithm seems very practical – just linear number of ANDs and XORs and a little noise! Looks like EPC might be amenable, but…
Further work Security reduction is concrete, but very loose What concrete security parameters – key length and communications complexity – yield adequate security? Limited model: “We win if counterfeiter detected” Assume counterfeiter aims to duplicate tag without alerting verifier, i.e., detection model Appropriate for centralized verifier (with DoS controls), e.g., prox cards, casino chips, etc. Gilbert, Robshaw, and Sibert demonstrate man-in-the-middle attack in stronger prevention model Can HB techniques be extended to prevention model?
Addressing Cloning of EPC Tags WiSe ‘05
Inevitable reliance on EPC tags for anti-counterfeiting Drug tracing / anti-counterfeiting Made in Canada EPC (Class-1 Gen-2) is easy to countefeit: It’s basically just a wireless barcode! Tight tracking is useful per se in combating counterfeiting, e.g., via duplicate detection But integrity of tag is needed where data coordination is loose What can we do today to prevent cloning of EPC tags? We can use the “kill” feature!
“morituri te salutamus” The kill function “Kill” + 32-bit PIN K’ K = K’ “morituri te salutamus” Kill PIN K Only mandatory EPC security feature is for privacy! Idea: Cause tags on consumer items to self-destruct before they leave shop
The kill function “Kill” + 32-bit PIN K’ K ≠ K’ Bad PIN; [Reset] Kill PIN K “Kill” authenticates reader, but not very useful for tag authentication since it kills tags!
K ≠ K’ Low signal strength “Kill” + 32-bit PIN K’ Bad PIN; [Reset] Kill PIN K
Good PIN; insufficient power! Low signal strength “Kill” + 32-bit PIN K’ K = K’ Good PIN; insufficient power! Kill PIN K Tag achieves accept/reject function for PINs: “Good PIN” is accept “Bad PIN” is reject
How to authenticate a tag with low signal strength “Kill” + PIN K “Kill” + random PIN K’ Kill PIN K If tag accepts K and rejects K’, then tag is good; otherwise bad Counterfeit EPC tag will fail with high probability “Intelligent” counterfeit tag succeeds with probability at most ½! (Can boost detection probability with more bogus PINs, but expensive)
Implementing this Scheme Calibrating signal strength from reader would be hard Manufacturer can exchange privacy kill feature for authentication kill feature Just set tag power threshold required for “kill” very high Tag always thinks signal strength is too low Still complies with EPC standard, which does not specify power threshold Does not comply with conformance specifications Prob. ½ detection not high for individual clone, but very high for broad supply chain A little like scheme for detecting fraudulent ballots Shortcomings: Vulnerable to short-range eavesdropping Limited execution on untrusted readers But much better than no authentication!
Conclusions
Moral 1: Standard crypto modeling fails for cheap RFID Welcome to Hell IT Department 011001010010
Welcome to Hell IT Department A cheap RFID tag cannot survive here… but worst case often isn’t reality for RFID Welcome to Hell IT Department 011001010010
We need new primitives and flexible modeling Low-cost tags will probably not be able to do full-blown crypto for some time Moore’s Law opposed by pricing pressure… Crypto community should not take black and white view, e.g., abandon crypto-challenged tags to wolves (EPC Class-1 type) We need new primitives: E.g., can we build good PRFs with really low gate count, e.g., hundreds of gates? And new modeling: What special characteristics do RFID tags present to attackers? E.g., physical and radio layers What security properties can we sacrifice in the real world? Learning to cut the right corners…
Moral 2 “We have not received one reported incident of fraud in the eight years [the DST] has been used by consumers and we are confident the systems remain secure.” - Texas Instruments, 10 February 2005 1980: Not one reported incident of a computer virus in the wild 1999: Not one reported incident of a major DDoS attack on the Internet “This year TI will begin ramping [up] production of its 128-bit encrypted RFID chips first introduced in early 2003…”
Moral 2 “We have not received one reported incident of fraud in the eight years [the DST] has been used by consumers and we are confident the systems remain secure.” - Texas Instruments, 10 February 2005 1980: Not one reported incident of a computer virus in the wild 1999: Not one reported incident of a multi-pronged DDoS attack on the Internet “This year TI will begin ramping [up] production of its 128-bit encrypted RFID chips first introduced in early 2003…” RFID is a new critical infrastructure in the making We should learn from the history of the Internet, where phishing, spam, etc. are crippling e-commerce Security community must promote and address security in RFID systems before problems become costly and pervasive
To learn more Primers and current RFID news: RSA Labs RFID Web site: www.rfidjournal.com RSA Labs RFID Web site: www.rsasecurity.com/go/rfid www.rfid-security.com (unofficial) JHU/RSA RFID Web site: www.rfidanalysis.org New survey (and all papers described here) at www.ari-juels.com