RFID Security without Extensive Cryptography Sindhu Karthikeyan Mikhail Nesterenko Kent State University SASN November 07, 2005.

Slides:



Advertisements
Similar presentations
The Diffie-Hellman Algorithm
Advertisements

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.
Lecture 5: Cryptographic Hashes
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
1 Security in Wireless Protocols Bluetooth, , ZigBee.
Technical Issues Regarding Near Field Communication Group 16 Tyler Swofford Matthew Kotan.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Sri Lanka Institute of Information Technology
Interlock Protocol - Akanksha Srivastava 2002A7PS589.
A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme Divyan M. Konidala, Zeen Kim, Kwangjo Kim {divyan, zeenkim, International.
CMPE208 Presentation Terminal Access Controller Access Control System Plus (TACACS+) By MARVEL (Libing, Bhavana, Ramya, Maggie, Nitin)
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.
Adaptive Splitting Protocols for RFID Tag Collision Arbitration Jihoon Myung and Wonjun Lee ACM Mobihoc 06.
SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.
RFID Security and Privacy Part 2: security example.
INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.
Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems Stephen A. Weis, Sanjay E. Sarma, Ronald L. Rivest and Daniel W. Engels.
#1 Privacy in pervasive computing What can technologists do? David Wagner U.C. Berkeley In collaboration with David Molnar, Andrea Soppera, Ari Juels.
Applied Cryptography for Network Security
Lesson 1-What Is Information Security?. Overview History of security. Security as a process.
RFID Cardinality Estimation with Blocker Tags
Parking Space Finder Lucia Wiguno April 8,
LEAP: Efficient Security Mechanisms for Large-Scale Distributed Sensor Networks By: Sencun Zhu, Sanjeev Setia, and Sushil Jajodia Presented By: Daryl Lonnon.
R R FID Authentication : M inimizing Tag Computation CHES2006 Rump Session, Yokohama. Japan Ph.D. Jin Kwak Kyushu University, JAPAN
Security Management.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
David Molnar, David Wagner - Authors Eric McCambridge - Presenter.
Public Key Model 8. Cryptography part 2.
RFID – An Introduction Murari Raghavan UNC-Charlotte.
Applied Cryptography Spring 2015 Digital signatures.
Chapter 10: Authentication Guide to Computer Network Security.
Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.
Radio Frequency Identification By Bhagyesh Lodha Vinit Mahedia Vishnu Saran Mitesh Bhawsar.
“Security Weakness in Bluetooth” M.Jakobsson, S.Wetzel LNCS 2020, 2001 The introduction of new technology and functionality can provides its users with.
Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Storage & Revoking.
- 1 - RFID Security and Privacy: A Research Survey Ari Juels RSA Laboratories IEEE Journal on Selected Areas in Communication (J-SAC) in 2006 Taesung Kim.
1 Presented by July-2013, IIM Indore. 2  RFID = Radio Frequency IDentification.  RFID is ADC (Automated Data Collection) technology that:-  uses radio-frequency.
General Key Management Guidance. Key Management Policy  Governs the lifecycle for the keying material  Hope to minimize additional required documentation.
CHAPTER 6 Cryptography. An Overview It is origin from the Greek word kruptos which means hidden. The objective is to hide information so that only the.
Lecture 11: Strong Passwords
Proposal for device identification PAR. Scope Unique per-device identifiers (DevID) Method or methods for authenticating that device is bound to that.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Information Security -- Part II Public-Key Encryption and Hash Functions Frank Yeong-Sung Lin Information Management Department National Taiwan University.
Key Management. Given a computer network with n hosts, for each host to be able to communicate with any other host would seem to require as many as n*(n-1)
Shanti Bramhacharya and Nick McCarty. This paper deals with the vulnerability of RFIDs A Radio Frequency Identifier or RFID is a small device used to.
Encryption Questions answered in this lecture: How does encryption provide privacy? How does encryption provide authentication? What is public key encryption?
PAWS: Security Considerations Yizhuang WU, Yang CUI PAWS WG
IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Encryption No. 1  Seattle Pacific University Encryption: Protecting Your Data While in Transit Kevin Bolding Electrical Engineering Seattle Pacific University.
Merkle trees Introduced by Ralph Merkle, 1979 An authentication scheme
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
Secure Communication between Set-top Box and Smart Card in DTV Broadcasting Authors: T. Jiang, Y. Hou and S. Zheng Source: IEEE Transactions on Consumer.
Focus On Bluetooth Security Presented by Kanij Fatema Sharme.
Establishing authenticated channels and secure identifiers in ad-hoc networks Authors: B. Sieka and A. D. Kshemkalyani (University of Illinois at Chicago)
Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy
Wired Equivalent Privacy (WEP) Chris Overcash. Contents What is WEP? What is WEP? How is it implemented? How is it implemented? Why is it insecure? Why.
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
K. Salah1 Security Protocols in the Internet IPSec.
 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Fourth Edition by William Stallings Lecture slides by Lawrie Brown
NETWORK SECURITY Cryptography By: Abdulmalik Kohaji.
B. R. Chandavarkar CSE Dept., NITK Surathkal
Presentation transcript:

RFID Security without Extensive Cryptography Sindhu Karthikeyan Mikhail Nesterenko Kent State University SASN November 07, 2005

211/7/2005 SASN RFIDs: Current State RFIDs allow effective identification of a large number of tagged items without physical or visual contact. RFID systems reduce the time and cost of processing tagged items adopters:  Wal-Mart stores use RFID tags for tracking and maintaining their inventory  Boeing and Airbus plan to use RFID tags to simplify identifying and tracking the airplane parts  Kodak uses RFID to track reusable containers in its manufacturing facilities  libraries use RFID tags to track books circulation  toll booths can automatically collect toll by inspecting a tag attached to the windshield of a car currently: crate/palette tagging even more effective: individual item tagging

311/7/2005 SASN Security Problems of Individual Item Tagging major obstacle to individual item tagging: personal privacy  intruder can read tags without authorization or  eavesdrop on reader-tag communication novel types of security threats [MW04] intruder may  track: learn the itinerary of tag holder by periodically querying tag or eavesdropping on communications between tag and reader  hotlist: compile list of items of particular interest and then singles out individuals in possession of these items  profile: learn what items a particular individual has

411/7/2005 SASN How to Deal with Privacy Threat? erase info from tag after scanning  does not allow repeated use of tag and thus limits the utility of the technology periodically use secure channels for trust establishment or key refresh  limits use of technology blocker tag  requires the user to carry and manipulate the blocker which may not be practical use (classic) cryptography  due to tag resource limits crypto primitives (such as encode/ decode, digital sigs, crypto hash, quality random numbers) are not available tag-side

511/7/2005 SASN Our Proposal secure tag authentication algorithm based on matrix multiplication, does not use extensive crypto  modest tag-side storage and computation requirements  can be implemented using currently available RFID technology secure against  known-ciphertext attacks  RFID-specific attacks multiple tag sequencing  extends the algorithm so that the reader can concurrently identify multiple tags

611/7/2005 SASN Outline security identification algorithm  RFID system outline  algorithm description  security discussion multiple tag sequencing resource requirements estimate extensions and future work

711/7/2005 SASN tagged item RFID System Overview RFID tag – a miniature electronic circuit (500 to 5000 gates) capable of elementary information storage, processing and radio communication RFID reader – device designed to identify the tag  connected to database containing information about tag and tagged item tag and reader communicate over radio channel intruder - an entity who tries to compromise the RFID system  has complete access to radio channel radio channel database intruder has access to channel cannot access memory of reader/tag/database tag stores a limited amount of data performs elementary operations such as byte-size integer addition and multiplication runs a timer reader has sizable communication and storage facilities tag reader

811/7/2005 SASN Secure Tag Authentication tag stores square p×p matrices: M 1 and M 2 -1, reader maintains another two matrices: M 2 and M 1 -1 of same size tag and reader share a key K – a vector of size q = rp X= KM 1 uniquely identifies the tag when reader receives X, it can obtain the rest of information about tag and tagged item from its database if reader authentication fails or the reader fails to respond before the timeout expires, the tag stops further communication until reset readertag identify tag by matching X hello start timer X compute X ← KM 1 K, M 1, M 2 -1 K, M 1 -1, M 2 phase I Y, Z verify YM 2 -1 = (K 1  K 2  …  K r ), get fresh key K ← ZM 2 -1 stop timer phase II pick K new, compute Y← (K 1  K 2  …  K r ) M 2 Z← K new M 2

911/7/2005 SASN Security Discussion recovering the multiplicand or multiplier from the product of matrix multiplication is computationally difficult  the intruder can not discover the key or the matrices used by the tag and the reader  assume no known plaintext  can’t find tag id  can’t mount hotlisting or profiling attacks  as the intruder cannot deduce either the key or the matrices, he cannot authenticate himself to the tag:  any identification session with the intruder is aborted  can’t do effective tracking

1011/7/2005 SASN Outline security identification algorithm  RFID system outline  algorithm description  security discussion multiple tag sequencing resource requirements estimate extensions and future work

1111/7/2005 SASN Problem Statement & Assumptions problem  tags share channel  don’t have channel arbitration capabilities assume  can detect collision  can send key one bit at a time

1211/7/2005 SASN Proposed Scheme augments our tag identification algorithm to enable the reader to communicate with multiple tags phase I run concurrently  the reader learns the keys of all the tags present  each tag learns its key's position in the order (e.g., ascending) of the keys of the tags participating in the identification session phase II  the reader broadcasts the messages for the tags in the order of their keys  each tag receives the message sent specifically to it and ignores the rest

1311/7/2005 SASN a 0 b d f 011 c e h g path from root to leaf – tag’s key growth point – part of path already learned trial – discover next bit on path after growth point & determine if the paths split collision Reader-Side Sequencing

1411/7/2005 SASN Resource Requirements Estimate key size of 8 bytes provides sufficient key space for most RFID applications. the matrices of 4×4 bytes provide adequate security. a few byte-size integer counters are necessary to implement multiple tag sequencing. during the identification session, the reader and the tag exchange a hello- message and two messages of 8 and 9 bytes respectively the storage requirements of our algorithm are modest most of the chip-space is occupied by the byte-multiplier the requirements are within the current capabilities of RFID tags

1511/7/2005 SASN Extensions and Future Work denial of service attack possible  intruder can block the tags from further identification by botching authentication sessions  need protection need secure channel to unblock tags and refresh tag-side info  may be time/resource consuming, especially if items are hard to access (airplane parts?)  need effective secure channel or way to avoid using it possible compromise if intruder can track tag over multiple sessions outside radio channel  additional key to generate longer non-repeating keys brute-force guessing attack potentially possible  may need to increase size of matrix/key

RFID Security without Extensive Cryptography Sindhu Karthikeyan Mikhail Nesterenko thank you

1711/7/2005 SASN Tag-Side Sequencing the tag has to participate in trials as well as determine its position in the sequence of keys to be able to do that, the tag maintains the number of growth points in front and behind the growth point that leads to its own key. the tag keeps track as to which growth point is being examined at the current trial. if there is a collision the appropriate number of growth points is incremented. after the entire tree is descended the growth points terminate in the concrete keys and the tag learns its position in the key sequence.