Download presentation
Presentation is loading. Please wait.
Published byLeo Murphy Modified over 9 years ago
2
1 /11 Pascal URIEN, IETF 77 th, Monday March 22 nd Anaheim, California draft-urien-hip-tag-03.txt HIP support for RFID Pascal.Urien@telecom-paristech.fr http://www.telecom-paristech.fr
3
2 /11 Pascal URIEN, IETF 77 th, Monday March 22 nd Anaheim, California Open Issues for the Internet Of Thing What is a thing?, from draft-urien-hip-iot-00.txt Two classes of things Things that are full computers equipped with communication interfaces. Things that are not full computers (i.e. TAGS, RFIDs), but who are associated with objects. What is the identifier of a thing? They are several proposals: A serial number, such as the EPC code. An IP address. Other, for example a fix hash value, or adhoc naming scheme.
4
3 /11 Pascal URIEN, IETF 77 th, Monday March 22 nd Anaheim, California Open issues Identity Protection Things can be used to track people or objects, which are identified by a set of things. Identity protection enforces privacy by hiding things identities thanks to cryptographic means. Communication Protocol A thing communicates with the Internet network by various interfaces Via MAC (OSI2) radio protocols, as defined by EPC GLOBAL Thanks the IP protocol, in that case the thing is an IP node, and is natively plugged in the Internet Cloud. Other, for example the Host Identity Protocol Things to Things communications In some cases, things communicate with other things. If identity protection is required, the associated infrastructure is complex from a cryptographic or physical point of view, because classical routing techniques can't be used.
5
4 /11 Pascal URIEN, IETF 77 th, Monday March 22 nd Anaheim, California HIP Tags for the IoT Project funded by the French National Research Agency (ANR) Modified BEX exchange The HIT is a true random number HIP-Tags never expose their identity in clear text, but hide this value (typically an EPC-Code) by a particular equation (f) that can be only solved by a dedicated entity, referred as the portal. f(r1,r2, EPC-Code) HIP exchanges occurred between HIP-Tags and PORTALs; they are shuttled by IP packets, through the Internet cloud.
6
5 /11 Pascal URIEN, IETF 77 th, Monday March 22 nd Anaheim, California Identity Protection for Tags Privacy issues EPC-Code MUST be protected EPC-Code is a solution of f(r1,r2,EPC-Code) Example Many f proposal in the scientific literature f(r1,r2, EPC-Code) = SHA1 (r1 | r2 | EPC-Code) Reader Tag EPC-Code r1 r2, f(r1,r2, EPC-Code) S. Weis, S. Sarma, R. Rivest and D. Engels. "Security and privacy aspects of low-cost radio frequency identification systems." In D. Hutter, G. Muller, W. Stephan and M. Ullman, editors, International Conference on Security in Pervasive Computing - SPC 2003, volume 2802 of Lecture Notes in computer Science, pages 454- 469. Springer-Verlag, 2003.
7
6 /11 Pascal URIEN, IETF 77 th, Monday March 22 nd Anaheim, California HIP-TAGS Architecture Main Ideas The TAG runs a modified version of HIP HIP Only! – NO IP stack HIT is a true 16 bytes random number generated by the TAG The Reader is an IP node It acts as a docking host for HIP tag The Reader is not able to solve the f equation The identity solver entity is located in a node called the PORTAL HIP dialog between Tag and Portal HIP packets MAY be encapsulated by a HAT (HIP Address Translation) layer.
8
7 /11 Pascal URIEN, IETF 77 th, Monday March 22 nd Anaheim, California HIP-Tags Architecture IP MAC PHY IP MAC PHY RFID-MAC RFID-PHY RFID-MAC RFID-PHY HIP PortalTagReader HAT HIP Identity Solver SPI-I SPI-R EPC-Code
9
8 /11 Pascal URIEN, IETF 77 th, Monday March 22 nd Anaheim, California T-Transform 0001 - HMAC K = HMAC-SHA1(r1 | r2, EPC-Code) F-T = HMAC-SHA1(K, CT1 | "Type 0001 key ") CT1 = 0x00000001 (32 bits) K-AUTH-KEY = HMAC-SHA1(K, CT2 | "Type 0001 key") CT2 = 0x00000010 (32 bits)
10
9 /11 Pascal URIEN, IETF 77 th, Monday March 22 nd Anaheim, California Example, with T-Transform = 0001 HEAD 3b04401100000000 sHIT 6a682e53516b516f2f58ce6025421ae6 dHIT 00000000000000000000000000000000 Tag Portal HEAD 3b0a411100000000 sHIT 00000000000000000000000000000000 dHIT 6a682e53516b516f2f58ce6025421ae6 ATT 0400 20 bytes 276d034ddd2d52793b172cb95bcd0297e2df6115 ATT 0402 04 bytes 00010000 EPC-CODE 0123456789abcdefcdab I1-T R1-T I2-T r1 r2 f Signature HEAD 3b13401100000000 sHIT 6a682e53516b516f2f58ce6025421ae6 dHIT 00000000000000000000000000000000 ATT 0402 04 bytes 00010000 ATT 0400 20 bytes c5958b236b9b0eaa7abb25f27d24c5046e89199e ATT 0404 20 bytes 801dbc55c5f39789f83c6cba1450187d83833caf ATT 0406 20 bytes 2a2368932bf73abec46bddb83f1b3f7f9ded8b83
11
10 /11 Pascal URIEN, IETF 77 th, Monday March 22 nd Anaheim, California T-Transform 0002 – Tree F-T = H1 | H2 | Hi | Hn Hi = HMAC-SHA1(r1 | r2, Ki | CT1 ),or Hi = HMAC-SHA1(r1 | r2, Ki | CT2 ) CT1 = 0x00000001, CT2 = 0x00000002 Notation: H i CTk Ki k=1,2 i=1...n K-AUTH-KEY = HMAC-SHA1(K, CT1 | "Type 0002 key") K = HMAC-SHA1(r1 | r2, EPC-Code) CT1 = 0x00000001 (32 bits) EPC-Code = 010…. F-T = H 1 CT1 K1 H 2 CT2 K2 H 3 CT1 K1 H 1 CT1 K1 H 1 CT2 K1 01 H 2 CT2 K2 H 3 CT1 K1 1 0
12
11 /11 Pascal URIEN, IETF 77 th, Monday March 22 nd Anaheim, California Open Java Resources http://perso.telecom-paristech.fr/~urien/hiptag Java code for portal. Java card code for tags. ISO 14443 tags work at 13,56 MHz. Java card are widely deployed, about 1 billion devices per year. Thanks to the NFC technology, HIP-TAG could be supported by billions of mobile phones. http://gforge.cnam.fr/gf/project/t2tit Code source of the T2TIT project, funded by the French National Research Agency (ANR). Papers: HIP-Tags Architecture Implementation for the Internet of Things Pascal Urien, Simon Elrharbi, Dorice Nyamy, Hervé Chabanne, Thomas Icart, François Lecocq, Cyrille Pépin, Khalifa Toumi, Mathieu Bouet, Guy Pujolle, Patrice Krzanik, Jean-Ferdinand Susini " HIP-Tags Architecture Implementation for the Internet of Things ", First Asian Himalayas International Conference on Internet AH-ICI2009, 3-5 November, 2009, Kathmandu, Nepal, Available at IEEE Explorer.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.