Modelling Privacy for Off-line RFID Systems Flavio Garcia Radboud University Nijmegen together with Peter van Rossum RFIDSec 2009.

Slides:

Advertisements

Similar presentations

SeND Hash Threat Analysis CSI WG Ana Kukec, Suresh Krishnan, Sheng Jiang.

Advertisements

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.

Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –

1 Hardware Security Organisational stuff Lejla Batina & Erik Poll Digital Security Radboud University Nijmegen.

Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.

1 An Ultra-lightweight Authentication Protocol in RFID Speaker: 魏家惠.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.

TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.

Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.

From: Cryptographers’ Track of the RSA Conference 2008 Date: Reporter: Yi-Chun Shih 1.

Serverless Search and Authentication Protocols for RFID Chiu C. Tan, Bo Sheng and Qun Li Department of Computer Science College of William and Mary.

Efficient Private Techniques for Verifying Social Proximity Michael J. Freedman and Antonio Nicolosi Discussion by: A. Ziad Hatahet.

A lightweight mutual authentication protocol for RFID networks 2005 IEEE Authors : Zongwei Luo, Terry Chan, Jenny S. Li Date : 2006/3/21 Presented by Hung.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.

1 Security analysis of an enhanced authentication key exchange protocol Authors ： H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date ： 2005/5/20.

SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.

RFID Security and Privacy Part 2: security example.

Overview of Cryptography Anupam Datta CMU Fall A: Foundations of Security and Privacy.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

#1 Privacy in pervasive computing What can technologists do? David Wagner U.C. Berkeley In collaboration with David Molnar, Andrea Soppera, Ari Juels.

YA-TRAP: Yet Another Trivial RFID Authentication Protocol Gene Tsudik International Conference on Pervasive Computing and Communications, PerCom 2006.

SIA: Secure Information Aggregation in Sensor Networks Dhiman Barman Authors: Bartosz Przydateck, Dawn Song, and Adrian Perrig CMU SenSys 2003.

Persistent Security for RFID Mike Burmester & Breno de Medeiros RFIDSec’07.

CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.

- 1 - Secure and Serverless RFID Authentication and Search Protocols Chiu C. Tan, Bo Sheng, and Qun Li IEEE Transactions on Wireless Communication APRIL.

Secure Localization Algorithms for Wireless Sensor Networks proposed by A. Boukerche, H. Oliveira, E. Nakamura, and A. Loureiro (2008) Maria Berenice Carrasco.

Computer Science Secure Hierarchical In-network Data Aggregation for Sensor Networks Steve McKinney CSC 774 – Dr. Ning Acknowledgment: Slides based on.

多媒體網路安全實驗室 An Efficient RFID Authentication Protocol for Low-cost Tags Date ： Reporter : Hong Ji Wei Authors : Yanfei Liu From : 2008 IEEE/IFIP.

Cryptography on Non-Trusted Machines Stefan Dziembowski.

CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.

EPCglobal Network Security: Research Challenges and Solutions Yingjiu Li Assistant Professor School of Information Systems Singapore Management University.

RFID Privacy: An Overview of Problems and Proposed Solutions Maxim Kharlamov (mkha130, #13) S. Garfinkel, A. Juels, R. Pappu, “RFID Privacy: An Overview.

Network Security Lecture 23 Presented by: Dr. Munam Ali Shah.

Secure Authentication Scheme with Anonymity for Wireless Communications Speaker : Hong-Ji Wei Date :

Physically Unclonable Function– Based Security and Privacy in RFID Systems Leonid Bolotnyy and Gabriel Robins Dept. of Computer Science University of Virginia.

Attacks and Improvements to an RFID Mutual Authentication Protocol and its Extensions Shaoying Cai 1 Yingjiu Li 1 Tieyan Li 2 Robert H. Deng 1 1 Singapore.

CIS 640-2, Presenter: Yun Mao1 Security for Structured Peer- to-peer Overlay Networks By Miguel Castro et al. OSDI ’ 02 Presented by Yun Mao in CIS640.

Shanti Bramhacharya and Nick McCarty. This paper deals with the vulnerability of RFIDs A Radio Frequency Identifier or RFID is a small device used to.

Low-Cost Untraceable Authentication Protocols for RFID Yong Ki Lee, Lejla Batina, Dave Singelée, Ingrid Verbauwhede BCRYPT workshop on RFID Security February.

Computer Science CSC 774 Adv. Net. Security1 Presenter: Tong Zhou 11/21/2015 Practical Broadcast Authentication in Sensor Networks.

Authentication Issues and Solutions CSCI 5857: Encoding and Encryption.

Group-based Source Authentication in VANETs You Lu, Biao Zhou, Fei Jia, Mario Gerla UCLA {youlu, zhb, feijia,

Chien-Ming Chen, Yue-Hsun Lin, Ya-Ching Lin, and Hung-Min Sun IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 23, NO. 4, APRIL 2012 Citation:42.

On The Untraceability of Anonymous RFID Authentication Protocol with Constant Key-Lookup Presented By Professor LI Yingjiu.

Shambhu Upadhyaya 1 Ad Hoc Networks – Network Access Control Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 20)

Presented by Sharan Dhanala

Authenticated Key Exchange I. Definitions I. MAP I. matching conversations II. oracles II. (I)KA II. AKEP2 III. AKEP2 Security I. Session Keys II. Perfect.

PROACTIVE SECRET SHARING Or: How to Cope With Perpetual Leakage Herzberg et al. Presented by: Avinash Ravi Kevin Skapinetz.

1 Key-Exchange Protocol Using Pre-Agreed Session-ID Kenji Imamoto Kyushu University, JAPAN.

1 Protecting Your Privacy with a Mobile Agent Device in RFID Environment Authors: Sang-Soo Yeo, Soo-Cheol Kim, Sung Kwon Kim, Gilcheol Park, Seok Soo Kim,

Toward Resilient Security in Wireless Sensor Networks Rob Polak Feb CSE 535.

CS555Spring 2012/Topic 151 Cryptography CS 555 Topic 15: HMAC, Combining Encryption & Authentication.

Secure Biometric Authentication for Weak Computational Devices Mikhail Atallah (Purdue),Keith Frikken (Purdue), Michael Goodrich (UC- Irvine), Roberto.

Intrusion Resilience via the Bounded-Storage Model Stefan Dziembowski Warsaw University and CNR Pisa.

Changshe Ma, Yingjiu Li, Robert Deng, Tieyan Li

Efficient CRT-Based RSA Cryptosystems

January 15th Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Security protocol for Body area networks]

Revisting Unpredictability-Based RFID Privacy Models

IT IS 6200/8200.

Amar B. Patel , Shushan Zhao

Randomized PRF Tree Walking Algorithm for Secure RFID

刘振上海交通大学计算机科学与工程系电信群楼3-509

Henri Gilbert1, Matthew Robshaw1, and Hervé Sibert2

Presentation transcript:

Modelling Privacy for Off-line RFID Systems Flavio Garcia Radboud University Nijmegen together with Peter van Rossum RFIDSec 2009

Outline Current RFID privacy models A new model for off-line RFID systems that considers reader corruption Forward and self-stabilizing backwards privacy Protocols Conclusions

RFID Systems

Current RFID Models Permanent secure connexion Juels and Weis (2006) Vaudenay (2007) Avoine (2005) Fwd-Privacy

SafeUn-Safe Time

Narrow-FWD Private protocol [OSK03]

Many real systems are more complex Periodic connexion What kind of security can still be guaranteed? More information on the readers

Consider off-line systems where readers can be compromised

An adversary is a PPTA with access to the set of oracles O: CreateReader(R) CreateTag(T) Launch(R) Send(m,A) Result() CorruptTag(T) Sync() O+ = O  {DestroyReader(R)}

Fwd and Bwd-Privacy Safe Un-Safe Unachievable! (Unless extra assumptions are made) Safe

Forward privacy

Self-stabilizing backwards privacy

Forward and Self-stabilizing Backwards Private Protocol (idea) new day! BO K ← h(k’+1) K’ ← h(k’) K ← h(k) MAC using k’ K to `talk’ with the reader K’ to `talk’ with the BO

Forward and Self-stabilizing Backwards Private Protocol

Previous protocol is vulnerable to de- synchronization attacks Problem

Forward and Self-stabilizing Backwards Private Protocol

Verify key update Improvement

Improving synchronization

But still de-syncs if a reader is compromised Almost there

Improving synchronization

What to do Take special measures when a reader is compromised. Only update k’’s in BO if no reader corruption Con: this extends the privacy lost by one time slot

Conclusions model for (off-line) RFID systems in the presence of reader corruption forward and self-stabilizing backwards private protocols that uses only hash functions. De-sync resilience