1 /11 Pascal URIEN, IETF 77 th, Monday March 22 nd Anaheim, California draft-urien-hip-tag-03.txt HIP support for RFID

2 /11 Pascal URIEN, IETF 77 th, Monday March 22 nd Anaheim, California Open Issues for the Internet Of Thing What is a thing?, from draft-urien-hip-iot-00.txt Two classes of things Things that are full computers equipped with communication interfaces. Things that are not full computers (i.e. TAGS, RFIDs), but who are associated with objects. What is the identifier of a thing? They are several proposals: A serial number, such as the EPC code. An IP address. Other, for example a fix hash value, or adhoc naming scheme.

3 /11 Pascal URIEN, IETF 77 th, Monday March 22 nd Anaheim, California Open issues Identity Protection Things can be used to track people or objects, which are identified by a set of things. Identity protection enforces privacy by hiding things identities thanks to cryptographic means. Communication Protocol A thing communicates with the Internet network by various interfaces Via MAC (OSI2) radio protocols, as defined by EPC GLOBAL Thanks the IP protocol, in that case the thing is an IP node, and is natively plugged in the Internet Cloud. Other, for example the Host Identity Protocol Things to Things communications In some cases, things communicate with other things. If identity protection is required, the associated infrastructure is complex from a cryptographic or physical point of view, because classical routing techniques can't be used.

4 /11 Pascal URIEN, IETF 77 th, Monday March 22 nd Anaheim, California HIP Tags for the IoT Project funded by the French National Research Agency (ANR) Modified BEX exchange The HIT is a true random number HIP-Tags never expose their identity in clear text, but hide this value (typically an EPC-Code) by a particular equation (f) that can be only solved by a dedicated entity, referred as the portal. f(r1,r2, EPC-Code) HIP exchanges occurred between HIP-Tags and PORTALs; they are shuttled by IP packets, through the Internet cloud.

5 /11 Pascal URIEN, IETF 77 th, Monday March 22 nd Anaheim, California Identity Protection for Tags Privacy issues EPC-Code MUST be protected EPC-Code is a solution of f(r1,r2,EPC-Code) Example Many f proposal in the scientific literature f(r1,r2, EPC-Code) = SHA1 (r1 | r2 | EPC-Code) Reader Tag EPC-Code r1 r2, f(r1,r2, EPC-Code) S. Weis, S. Sarma, R. Rivest and D. Engels. "Security and privacy aspects of low-cost radio frequency identification systems." In D. Hutter, G. Muller, W. Stephan and M. Ullman, editors, International Conference on Security in Pervasive Computing - SPC 2003, volume 2802 of Lecture Notes in computer Science, pages Springer-Verlag, 2003.

6 /11 Pascal URIEN, IETF 77 th, Monday March 22 nd Anaheim, California HIP-TAGS Architecture Main Ideas The TAG runs a modified version of HIP HIP Only! – NO IP stack HIT is a true 16 bytes random number generated by the TAG The Reader is an IP node It acts as a docking host for HIP tag The Reader is not able to solve the f equation The identity solver entity is located in a node called the PORTAL HIP dialog between Tag and Portal HIP packets MAY be encapsulated by a HAT (HIP Address Translation) layer.

7 /11 Pascal URIEN, IETF 77 th, Monday March 22 nd Anaheim, California HIP-Tags Architecture IP MAC PHY IP MAC PHY RFID-MAC RFID-PHY RFID-MAC RFID-PHY HIP PortalTagReader HAT HIP Identity Solver SPI-I SPI-R EPC-Code

8 /11 Pascal URIEN, IETF 77 th, Monday March 22 nd Anaheim, California T-Transform HMAC K = HMAC-SHA1(r1 | r2, EPC-Code) F-T = HMAC-SHA1(K, CT1 | "Type 0001 key ") CT1 = 0x (32 bits) K-AUTH-KEY = HMAC-SHA1(K, CT2 | "Type 0001 key") CT2 = 0x (32 bits)

9 /11 Pascal URIEN, IETF 77 th, Monday March 22 nd Anaheim, California Example, with T-Transform = 0001 HEAD 3b sHIT 6a682e53516b516f2f58ce ae6 dHIT Tag Portal HEAD 3b0a sHIT dHIT 6a682e53516b516f2f58ce ae6 ATT bytes 276d034ddd2d52793b172cb95bcd0297e2df6115 ATT bytes EPC-CODE abcdefcdab I1-T R1-T I2-T r1 r2 f Signature HEAD 3b sHIT 6a682e53516b516f2f58ce ae6 dHIT ATT bytes ATT bytes c5958b236b9b0eaa7abb25f27d24c5046e89199e ATT bytes 801dbc55c5f39789f83c6cba d83833caf ATT bytes 2a bf73abec46bddb83f1b3f7f9ded8b83

10 /11 Pascal URIEN, IETF 77 th, Monday March 22 nd Anaheim, California T-Transform 0002 – Tree F-T = H1 | H2 | Hi | Hn Hi = HMAC-SHA1(r1 | r2, Ki | CT1 ),or Hi = HMAC-SHA1(r1 | r2, Ki | CT2 ) CT1 = 0x , CT2 = 0x Notation: H i CTk Ki k=1,2 i=1...n K-AUTH-KEY = HMAC-SHA1(K, CT1 | "Type 0002 key") K = HMAC-SHA1(r1 | r2, EPC-Code) CT1 = 0x (32 bits) EPC-Code = 010…. F-T = H 1 CT1 K1 H 2 CT2 K2 H 3 CT1 K1 H 1 CT1 K1 H 1 CT2 K1 01 H 2 CT2 K2 H 3 CT1 K1 1 0

11 /11 Pascal URIEN, IETF 77 th, Monday March 22 nd Anaheim, California Open Java Resources Java code for portal. Java card code for tags. ISO tags work at 13,56 MHz. Java card are widely deployed, about 1 billion devices per year. Thanks to the NFC technology, HIP-TAG could be supported by billions of mobile phones. Code source of the T2TIT project, funded by the French National Research Agency (ANR). Papers: HIP-Tags Architecture Implementation for the Internet of Things Pascal Urien, Simon Elrharbi, Dorice Nyamy, Hervé Chabanne, Thomas Icart, François Lecocq, Cyrille Pépin, Khalifa Toumi, Mathieu Bouet, Guy Pujolle, Patrice Krzanik, Jean-Ferdinand Susini " HIP-Tags Architecture Implementation for the Internet of Things ", First Asian Himalayas International Conference on Internet AH-ICI2009, 3-5 November, 2009, Kathmandu, Nepal, Available at IEEE Explorer.