Low-Cost Untraceable Authentication Protocols for RFID Yong Ki Lee, Lejla Batina, Dave Singelée, Ingrid Verbauwhede BCRYPT workshop on RFID Security February.

Slides:

Advertisements

Similar presentations

Click to edit Master title style KATHOLIEKE UNIVERSITEIT LEUVEN | COSIC 1 Compact Implementations for RFID and Sensor Nodes L. Batina, K. Sakiyama and.

Advertisements

CS 854 – Hot Topics in Computer and Communications Security Fall 2006 Introduction.

Cryptanalysis of a Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol Source: Information Sciences in review Presenter: Tsuei-Hung.

Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

Cryptographic Security Presented by: Josh Baker October 9 th, CS5204 – Operating Systems.

Timo Kasper Crete, Greece May 10, 2007 An Embedded System for Practical Security Analysis of Contactless Smartcards Timo Kasper, Dario Carluccio and Christof.

A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme Divyan M. Konidala, Zeen Kim, Kwangjo Kim {divyan, zeenkim, International.

Implementation of LSI for Privacy Enhancing Computation Kazue Sako, Sumio Morioka

A lightweight mutual authentication protocol for RFID networks 2005 IEEE Authors : Zongwei Luo, Terry Chan, Jenny S. Li Date : 2006/3/21 Presented by Hung.

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

FIT3105 Smart card based authentication and identity management Lecture 4.

1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.

RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.

Security in RFID Presented By… NetSecurity-Spring07

CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

#1 Privacy in pervasive computing What can technologists do? David Wagner U.C. Berkeley In collaboration with David Molnar, Andrea Soppera, Ari Juels.

Real World Applications of RFID Mr. Mike Rogers Bryan Senior High School Omaha, NE.

R R FID Authentication : M inimizing Tag Computation CHES2006 Rump Session, Yokohama. Japan Ph.D. Jin Kwak Kyushu University, JAPAN

1 An Elliptic Curve Processor Suitable for RFID-Tags L. Batina 1, J. Guajardo 2, T. Kerins 2, N. Mentens 1, P. Tuyls 2 and I. Verbauwhede 1 Katholieke.

Project supported by YESS 2009 Young Engineering Scientist Symposium « Identity Management » Cryptography for the Security of Embedded Systems Ambient.

SSH Secure Login Connections over the Internet

SECURE SYMMETRIC AUTHENTICATION FOR RFID TAGS

Security Considerations for Wireless Sensor Networks Prabal Dutta (614) Security Considerations for Wireless Sensor Networks.

Radio Frequency Identification By Bhagyesh Lodha Vinit Mahedia Vishnu Saran Mitesh Bhawsar.

Panagiotis Rizomiliotis and Stefanos Gritzalis Dept. of Information and Communication Systems Engineering University of the Aegean, Greece GHB#: A Provably.

Wireless Network Security By Patrick Yount and CIS 4360 Fall 2009 CIS 4360 Fall 2009.

Cryptanalysis of Two Dynamic ID-based Authentication

Guomin Yang et al. IEEE Transactions on Wireless Communication Vol. 6 No. 9 September

多媒體網路安全實驗室 An Efficient RFID Authentication Protocol for Low-cost Tags Date ： Reporter : Hong Ji Wei Authors : Yanfei Liu From : 2008 IEEE/IFIP.

Network Security - IT653 Deepti Agrawal KReSIT, IIT Bombay

1 Optimal Mail Certificates in Mail Payment Applications Leon Pintsov Pitney Bowes 2nd CACR Information Security Workshop 31 March 1999.

Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.

- 1 - RFID Security and Privacy: A Research Survey Ari Juels RSA Laboratories IEEE Journal on Selected Areas in Communication (J-SAC) in 2006 Taesung Kim.

Computer Networks with Internet Technology William Stallings Network Security.

CS 627 Elliptic Curves and Cryptography Paper by: Aleksandar Jurisic, Alfred J. Menezes Published: January 1998 Presented by: Sagar Chivate.

RFID Payment Terminal Presented by: Rohit Kale. Introduction RFID: an automatic identification method, relying on storing and remotely retrieving data.

LOGO Hardware side of Cryptography Anestis Bechtsoudis Patra 2010.

Códigos y Criptografía Francisco Rodríguez Henríquez Security Attacks: Active and Passive Active Masquerade (impersonation) Replay Modification of message.

EPCglobal Network Security: Research Challenges and Solutions Yingjiu Li Assistant Professor School of Information Systems Singapore Management University.

Primitive Operations. Communication Operations –Reader to tag Read Write –Tag to Tag Read Write Hash and Encryption Operations –Hash: MD5, Sha-1, Sha-256,

Physically Unclonable Function– Based Security and Privacy in RFID Systems Leonid Bolotnyy and Gabriel Robins Dept. of Computer Science University of Virginia.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.

Some Perspectives on Smart Card Cryptography

Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions Shaoying Cai 1 Yingjiu Li 1 Tieyan Li 2 Robert H. Deng 1 1 Singapore.

Daniel W. Engels, PhD Chief Technology Officer Revere Security.

Shanti Bramhacharya and Nick McCarty. This paper deals with the vulnerability of RFIDs A Radio Frequency Identifier or RFID is a small device used to.

© copyright NTT Information Sharing Platform Laboratories Cryptographic Approach to “Privacy-Friendly” Tags Miyako Ohkubo, Koutarou Suzuki, and Shingo.

SPEAKER: HONG-JI WEI DATE: Secure Anonymous Authentication Scheme with Roaming for Mobile Networks.

Qinghan Xiao, Cam Boulet and Thomas Gibbons Second International Conference on Availability, Reliability and Security, 2007 Speaker : 黃韋綸 RFID Security.

Overview of the security weaknesses in Bluetooth Dave Singelée COSIC seminar 11/06/2003.

1 /10 Pascal URIEN, IETF 76 th, Monday November 9 th Hiroshima Japan draft-urien-hip-iot-00.txt HIP support for RFID

Azam Supervisor : Prof. Raj Jain

Research Overview Nitesh Saxena Research areas: computer and network security, applied cryptography.

SPEAKER: HONG-JI WEI DATE: Efficient and Secure Anonymous Authentication Scheme with Roaming Used in Mobile Networks.

Cryptography services Lecturer: Dr. Peter Soreanu Students: Raed Awad Ahmad Abdalhalim

Security of the Internet of Things: perspectives and challenges

Network Security Overview

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.

1 Security problems on RFID tags (short introduction) Sakurai Lab., Kyushu Univ. Junichiro SAITO

網路環境中通訊安全技術之研究 Secure Communication Schemes in Network Environments

What is a Radio-Frequency Identification (RFID) tag?

Zahra Ahmadian Recursive Linear and Differential Cryptanalysis of Ultra-lightweight Authentication Protocols Zahra Ahmadian

RFID & applications گردآوری: بیتا تدین

Security and Privacy in Pervasive/Ubiquitous Computing Systems

An Improved Novel Key Management Protocol for RFID Systems

Presentation transcript:

Low-Cost Untraceable Authentication Protocols for RFID Yong Ki Lee, Lejla Batina, Dave Singelée, Ingrid Verbauwhede BCRYPT workshop on RFID Security February 5, 2010, Leuven

Outline of the talk Challenges in RFID networks Security problems Privacy problems Cryptographic building blocks ECC-based authentication protocols Search protocol Hardware architecture Conclusion

RFID technology Radio Frequency Identification as we explain it to Dave’s tech-savvy grandmother: 1. Passive tag 2. Battery assisted (BAP) 3. Active tag with onboard power source

RFID applications Asset tracking Barcode replacement RFID passports Mobile credit card payment systems Transportation payment systems Sporting events (timing / tracing) Animal identification …

RFID security problems (I) Impersonation attacks Genuine readers Malicious tags => Tag-to-server authentication

RFID security problems (II) Eavesdropping Replay attacks Man-in-the-middle attacks Cloning Side-channel attacks …

RFID privacy problems (I) [A. Juels. RSA Laboratories] Mr. Jones in 2020

RFID privacy problems (II) [A. Juels. RSA Laboratories] Mr. Jones in 2020 Wig model #4456 (cheap polyester) Das Kapital and Communist- party handbook 1500 Euros in wallet Serial numbers: , … 30 items of lingerie Replacement hip medical part #459382

RFID privacy problems (III) RFID Privacy problem Malicious readers Genuine tags => Untraceability

RFID privacy problems (IV) Untraceability Inequality of two tags: the (in)equality of two tags must be impossible to determine Theoretical framework of Vaudenay [ASIACRYPT ‘07] : Narrow vs wide privacy Weak vs strong privacy

Cryptographic authentication protocol Tag proves its identity Security (entity authentication) Privacy Challenge-response protocol ReaderTag Challenge Response

Technological requirements Scalability Implementation issues Cheap implementation Memory Gate area Lightweight Efficient => Influence on cryptographic building blocks

Implementation cost Symmetric encryption AES: 3-4 kgates Cryptographic hash function SHA-3: 10 – 30 kgates) [ECRYPT II: SHA-3 Zoo] Public-key encryption Elliptic Curve Cryptography (ECC): kgates =>Public key cryptography is suitable for RFID

ECC-based authentication protocols Rely exclusively on ECC !!! Wide-strong privacy Two sub-modules ID-transfer scheme Pwd-transfer scheme Combination => 3 protocols Computational requirements Security requirements

System parameters

16 Example: Secure ID Transfer Server: y Tag: x 1, Y=yP T1T1 T2T2 r t1 € ZT 1 ← r t1 P r s1 € Z T 2 ←( r t1 + x 1 )P (y -1 T 2 – T 1 ) ( ) -1 = x 1 P

ID-transfer scheme (protocol 1)

ID + Pwd-transfer scheme (protocol 3)

Search protocol (I) Linear search: scalability issues Search for one particular tag Design requirements: One-round authentication Dedicated authentication Security against replay attacks Wide-weak privacy Combine with ECC-based authentication protocol

Search protocol (II)

Hardware architecture

Performance comparison Circuit Area (Gate Eq.)14,566 Cycles for EC point multiplication59,790 Frequency700 KHz Power13.8 µW Energy for EC point multiplication1.18 µJ

Conclusion Security & privacy in RFID networks Challenging research problem Public-key cryptography is suitable for RFID tags ECC hardware implementation Wide-strong authentication protocols Search protocol

Questions??

EXTRA SLIDES

Pwd-transfer scheme

ID + Pwd-transfer scheme (protocol 2)