Slide 1 Vitaly Shmatikov CS 378 RFID Security and Privacy.

Slides:



Advertisements
Similar presentations
Victor K. Y. Wu Department of Electrical Engineering
Advertisements

SMUCSE 7349 RFID Security. SMUCSE 7349 Current Applications Logistics –Military supply logistics Gulf War I: Double orders to ensure arrival Gulf War.
TPS – UNIQUE HARDWARE ( Option 1: Transaction Processing Systems.
The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy A. Juels, R. L. Rivest, and M. Szydlo 8th ACM Conference on Computer and Communications.
Groups 23 & 24. What is it? Radio frequency identification Small electronic device consisting of a microchip or antenna containing up to 2 KB of data.
Lesson Title: Threats to and by an RFID system Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Slide 1 Vitaly Shmatikov CS 378 RFID Security and Privacy.
Slide 1 Author: Ari Juels Presenter: Yuliya Kopylova CSCE 790 RFID Security and Privacy.
RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.
Security in RFID Presented By… NetSecurity-Spring07
RFID Chris Harris Carey Mears Rebecca Silvers Alex Carper.
Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems Stephen A. Weis, Sanjay E. Sarma, Ronald L. Rivest and Daniel W. Engels.
Radio-Frequency Identification (RFID) Andrew Bowdle MD, PhD Professor of Anesthesiology and Pharmaceutics Chief of the Division of Cardiothoracic Anesthesiology.
#1 Privacy in pervasive computing What can technologists do? David Wagner U.C. Berkeley In collaboration with David Molnar, Andrea Soppera, Ari Juels.
RFID Security & Privacy Matt Hansen University of Illinois Fall 2007.
RADIO FREQUENCY IDENTIFICATION By Basia Korel. Automatic Identification Technology for identifying items Three step process 1) Identify people/objects.
RFID in Mobile Commerce and Security Concerns Chassica Braynen April 25, 2007.
RFID Cow Jewelry – or – Revolution Travis Sparks
Real World Applications of RFID Mr. Mike Rogers Bryan Senior High School Omaha, NE.
Foundations of Privacy 2010 Guy Katz.  Introduction to RFID  How does it work  Threats to user privacy  Possible solutions.
Physical-layer Identification of RFID Devices Authors: Boris Danev, Thomas S. Heyde-Benjamin, and Srdjan Capkun Presented by Zhitao Yang 1.
David Molnar, David Wagner - Authors Eric McCambridge - Presenter.
SECURE SYMMETRIC AUTHENTICATION FOR RFID TAGS
Radio Frequency Identification Annemarie Wegley and Emily Woesle.
RFID – An Introduction Murari Raghavan UNC-Charlotte.
What’s Happening with RFID? Faith Lamprey Aurora Technologies (401) NEMUG November, 2009.
Developing RFID Application In Supply Chain
Overview  What is RFID?  How to use it?  Relevant links  Future Trends  Bibliography.
Radio Frequency Identification By Bhagyesh Lodha Vinit Mahedia Vishnu Saran Mitesh Bhawsar.
OCR GCSE ICT DATA CAPTURE METHODS. LESSON OVERVIEW In this lesson you will learn about the various methods of capturing data.
RFID Tags: Privacy and Security without Cryptography Ari Juels RFID-Privacy Workshop at MIT 15 November 2003.
1 Ch. 17: Security of RFID slide 1. 2 Roles of RFID applications slide 2 TagsReaderServer(Database) Secure channel Slides modified from presentation by.
Authenticating Pervasive Devices with Human Protocols Presented by Xiaokun Mu.
RFID Security without Extensive Cryptography Sindhu Karthikeyan Mikhail Nesterenko Kent State University SASN November 07, 2005.
مدیریت تولید پیشرفته جلسه پنجم : Introduction: CIM, RFID
多媒體網路安全實驗室 An Efficient RFID Authentication Protocol for Low-cost Tags Date : Reporter : Hong Ji Wei Authors : Yanfei Liu From : 2008 IEEE/IFIP.
Using ISO tags for Authentication Eddie LaCost Embedded RF.
Network Security - IT653 Deepti Agrawal KReSIT, IIT Bombay
- 1 - RFID Security and Privacy: A Research Survey Ari Juels RSA Laboratories IEEE Journal on Selected Areas in Communication (J-SAC) in 2006 Taesung Kim.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
RFID Radio Frequency Identification By Lakshmi VS Pranav Pandit.
Radio-frequency identification (RFID) is an automatic identification method, relying on storing and remotely retrieving data using devices called RFID.
CS3900 Richard Emerson1 Radio Frequency ID Tags Smart labels that send/receive data via radio waves Usually works like a barcode – contains a product code.
R F I D Presented by Kerry Wong. What is RFID? Radio Frequency IDentification –Analogous to electronic barcode –Uses radio waves to send info Serial numbers.
Security Analysis of a Cryptographically- Enabled RFID Device Steve Bono, Matthew Green, Adam Stubblefield, Ari Juels, Avi Rubin, Michael Szydlo Usenix.
RFID: Radio Frequency Identification Amanda Di Maso Shreya Patel Tresit Tarko.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.
The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy Ari Juels, Ronald Rivest, and Michael Szydlo ACM CCS, October 2003 Presented by Himanshu.
Low-Cost Untraceable Authentication Protocols for RFID Yong Ki Lee, Lejla Batina, Dave Singelée, Ingrid Verbauwhede BCRYPT workshop on RFID Security February.
Radio Frequency Identification
THE INTERNET OF THINGS (IOT). THE INTERNET OF THINGS Objects can transmit and share information without any human intervention.
The Supply Chain Doctors Warehousing Fundamentals The Supply Chain Doctors Kimball Bullington, Ph.D. Cliff Welborn, Ph.D.
RFID SECURITY.
IDENTITY NUMBERS BY A.M.VILLAVAN M.TECH(COS). RFID Acronymn: Radio Frequency Identification Device RFID is a technology, whose origins are found in the.
RFID Technology Lecture for week 5 Dhruba Sen
RFID Lynsey Charles Kyle Jahnke Andrew Kangerga Jake Whitesides
What is RFID? Radio frequency identification (RFID) is a wireless form of automated identification technology. RFID is sometimes called dedicated short-range.
LIBRARY AUTOMATION USING RFID LIBRARY AUTOMATION USING RFID Presented by; Joju Mohan -67 Ninitha Xavier -68 Priyanka C.P -69 Rahul K.Raj -70.
What is a Radio-Frequency Identification (RFID) tag?
Radio Frequency Identification (RFID)
RFID Technology & It’s Uses
OCR GCSE ICT Data capture methods.
Team 7 Technical Presentation
Revisting Unpredictability-Based RFID Privacy Models
Radio Frequency Identification
Randomized PRF Tree Walking Algorithm for Secure RFID
Selective Blocking of RFID Tags for Consumer Privacy
- Dylan Leintz - Dr. Davies
Mobile Computing Lecture Materials By Bintang Eka Putera.
RFID used for real-time tracking Physics 490 seminar 4/15/2019
Presentation transcript:

slide 1 Vitaly Shmatikov CS 378 RFID Security and Privacy

slide 2 What is RFID? uRadio-Frequency Identification Tag Chip Antenna

slide 3 How Does RFID Work? Tags (transponders) Attached to objects, “call out” identifying data on a special radio frequency 02.3DFEX4.78AF51 EasyToll card #816 Reader (transceiver) Reads data off the tags without direct contact Radio signal (contactless) Range: from 3-5 inches to 3 yards Database Matches tag IDs to physical objects

slide 4 “The Barcode of the Future” BarcodeRFID Line-of-sight reading Reader must be looking at the barcode Specifies object type E.g., “I am a pack of Juicy Fruit” Reading by radio contact Reader can be anywhere within range Specifies unique object id E.g., “I am a pack of Juicy Fruit #86715-A” Fast, automated scanning (object doesn’t have to leave pocket, shelf or container) Can look up this object in the database

slide 5 Where Are RFID Used? uPhysical-access cards uInventory control Gillette Mach3 razor blades, ear tags on cows, kid bracelets in waterparks, pet tracking uLogistics and supply-chain management Track a product from manufacturing through shipping to the retail shelf uGas station and highway toll payment Mobil SpeedPass

slide 6 Commercial Applications of RFID uRFID cost is dropping dramatically, making it possible to tag even low-value objects Around 5c per tag, $100 for a reader uLogistics and supply-chain management is the killer application for RFID Shipping, inventory tracking, shelf stocking, anti- counterfeiting, anti-shoplifting uMassive deployment of RFID is in the works Wal-Mart pushing suppliers to use RFID at pallet level, Gillette has ordered 500,000,000 RFID tags

slide 7 Futuristic Applications uPrada store in New York City already uses RFID to display matching accessories on in-store screens uRefrigerator shelves that tell when milk expires uAirline tickets with RFIDs on them that help direct travelers through the airport uMicrowave ovens that read cooking directions from RFID tags on food packages uRFID tags on postage stamps uBusinesses may attach RFID tags to invoices, coupons, and return envelopes

slide 8 Privacy Issues (slide: Ari Juels)

slide 9 Risks uPersonal privacy FDA recommended tagging drugs with RFID “pedigrees”; ECB planned to add RFID tags to euro banknotes… –I’ll furtively scan your briefcase and learn how much cash you are carrying and which prescription medications you are taking uSkimming: read your tag and make my own In February 2005, JHU-RSA Labs team skimmed and cloned Texas Instruments’ RFID device used in car anti- theft protection and SpeedPass gas station tokens uCorporate espionage Track your competitor’s inventory

slide 10 Consumer Backlash

slide 11 RFID Tag Power Sources uPassive (this is what mostly used now) Tags are inactive until the reader’s interrogation signal “wakes” them up Cheap, but short range only uSemi-passive On-board battery, but cannot initiate communication –Can serve as sensors, collect information from environment: for example, “smart dust” for military applications More expensive, longer range uActive On-board battery, can initiate communication

slide 12 RFID Capabilities uNo or very limited power uLittle memory Static 64- or 128-bit identifier in current 5-cent tags uLittle computational power A few thousand gates at most Static keys for read/write access control uNot enough resources to support public- or symmetric-key cryptography Cannot support modular arithmetic (RSA, DSS), elliptic curves, DES, AES; hash functions are barely feasible –Recent progress on putting AES on RFID tags

slide 13 Blocking Unwanted Scanning uKill tag after purchase Special command permanently de-activates tag after the product is purchased Disables many futuristic applications uFaraday cage Container made of foil or metal mesh, impenetrable by radio signals of certain frequencies –Shoplifters are already known to use foil-lined bags Maybe works for a wallet, but huge hassle in general uActive jamming Disables all RFID, including legitimate applications

slide 14 Hash Locks ReaderRFID tag Stores key; hash(key) for any tag Unique key for each tag Stores metaID=hash(key) Goal: authenticate reader to the RFID tag [Rivest, Weis, Sharma, Engels] “Who are you?” metaID key “My real ID is…” Compute hash(key) and compare with stored metaID Why is this not a perfect solution?

slide 15 Analysis of Hash Locks uRelatively cheap to implement Tag has to store hash implementation and metaID uSecurity based on weak collision-resistance of hash function umetaID looks random uProblem: tag always responds with the same value Attacker can track the same tag from place to place even if he cannot learn its real ID

slide 16 Randomized Hash Locks ReaderRFID tag Stores its own ID k Goal: authenticate reader to the RFID tag “Who are you?” R, hash(R,ID k ) “You must be ID k ” Compute hash(R,ID i ) for every known ID i and compare Stores all IDs: ID 1, …,ID n Generate random R [Weis et al.]

slide 17 Analysis of Randomized Hash Locks uTag must store hash implementation and pseudo-random number generator Low-cost PRNGs exist; can use physical randomness uSecure against tracking because tag response is different each time uReader must perform brute-force ID search Effectively, reader must stage a mini-dictionary attack to unlock the tag uAlternative: use a block cipher Need a very efficient implementation of AES

slide 18 HB Protocol ReaderRFID tag Goal: authenticate RFID tag to the reader k-bit random value a (a  x)  v Response correct if it is equal to (a  x) Generate random v: 1 with prob. , else 0 [Juels and Weis, based on Hopper and Blum] Knows secret x; parameter  Knows secret x; parameter   chance that response is incorrect repeat r times RFID tag is authenticated if fewer than  r responses are incorrect

slide 19 Active Adversary RFID tag non-random value a (a  x)  v Generate random v: 1 with prob. , else 0 Knows secret x; parameter  non-random value a (a  x)  v Generate random v: 1 with prob. , else 0 non-random value a … What does attacker learn?

slide 20 HB+ Protocol ReaderRFID tag Goal: authenticate RFID tag to the reader k-bit random value a (a  x)  (b  y)  v Generate random v: 1 with prob. , else 0 [Juels and Weis] Knows secrets x,y; parameter  Knows secrets x,y; parameter  repeat r times RFID tag is authenticated if fewer than  r responses are incorrect Response correct if it is equal to (a  x)  (b  y) blinding value b

slide 21 How Does the Reader Read a Tag? uWhen the reader sends a signal, more than one RFID tag may respond: this is a collision Reader cannot accurately read information from more than one tag at a time Example: every tagged item in a supermarket cart responds to the cashier’s RFID reader uReader must engage in a special singulation protocol to talk to each tag separately uTree-walking is a common singulation method Used by 915 Mhz tags, expected to be the most common type in the U.S.

slide 22 Tree Walking Every tag has a k-bit identifier prefix=0 prefix=00prefix=01 prefix=10prefix=11 prefix=1 Reader broadcasts current prefix Each tag with this prefix responds with its next bit If responses don’t collide, reader adds 1 bit to current prefix, otherwise tries both possibilities This takes O(k  number of tags)

slide 23 Example: Supermarket Cart prefix=0 prefix=00prefix=01 prefix=10prefix=11 prefix=1 1. Prefix=“empty” Next=0 Next=1 Collision! 1a. Prefix=0 Next=0 No collision 2. Prefix=00 1b. Prefix=1 2. Prefix=11 No collision Next=1 3. ID=001 Talk to tag 001 No collision Next=1 Collision! Next=1 Next=0 3a. ID=110 Talk to tag 110 3b. ID=111 Talk to tag 111

slide 24 Blocker Tag uA form of jamming: broadcast both “0” and “1” in response to any request from an RFID reader Guarantees collision no matter what tags are present To talk to a tag, reader must traverse every tree path –With 128-bit IDs, reader must try values – infeasible! uTo prevent illegitimate blocking, make blocker tag selective (block only certain ID ranges) E.g., blocker tag blocks all IDs with first bit=1 Items on supermarket shelves have first bit=0 –Can’t block tags on unpurchased items (anti-shoplifting) After purchase, flip first bit on the tag from 0 to 1 [Rivest, Juels, Szydlo]