Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 /14 Pascal URIEN, IETF 75 th, Tuesday July 28th Stockholm, Sweden draft-urien-hip-tag-02.txt HIP support for RFID

Published byAnastasia Anthony Modified over 9 years ago

Similar presentations

Presentation on theme: "1 /14 Pascal URIEN, IETF 75 th, Tuesday July 28th Stockholm, Sweden draft-urien-hip-tag-02.txt HIP support for RFID"— Presentation transcript:

1

2 1 /14 Pascal URIEN, IETF 75 th, Tuesday July 28th Stockholm, Sweden draft-urien-hip-tag-02.txt HIP support for RFID Pascal.Urien@telecom-paristech.fr http://www.telecom-paristech.fr

3 2 /14 Pascal URIEN, IETF 75 th, Tuesday July 28th Stockholm, Sweden Summary This document describes an architecture based on the Host Identity Protocol (HIP) for active tags, i.e. RFIDs that include tamper resistant computing resources. HIP-Tags never expose their identity in clear text, but hide this value (typically an EPC-Code) by a particular equation (f) that can be only solved by a dedicated entity, referred as the portal. HIP exchanges occurred between HIP-Tags and PORTALs; they are shuttled by IP packets, through the Internet cloud.

4 3 /14 Pascal URIEN, IETF 75 th, Tuesday July 28th Stockholm, Sweden Identity Protection Privacy issues EPC-Code MUST be protected EPC-Code is a solution of f(r1,r2,EPC-Code) Example Many f proposal in the scientific literature f(r1,r2, EPC-Code) = SHA1 (r1 | r2 | EPC-Code) Reader Tag EPC-Code r1 r2, f(r1,r2, EPC-Code) S. Weis, S. Sarma, R. Rivest and D. Engels. "Security and privacy aspects of low-cost radio frequency identification systems." In D. Hutter, G. Muller, W. Stephan and M. Ullman, editors, International Conference on Security in Pervasive Computing - SPC 2003, volume 2802 of Lecture Notes in computer Science, pages 454- 469. Springer-Verlag, 2003.

5 4 /14 Pascal URIEN, IETF 75 th, Tuesday July 28th Stockholm, Sweden Main Ideas The TAG runs a modified version of HIP HIP Only! – NO IP stack HIT is a true 16 bytes random number generated by the TAG The Reader is an IP node It acts as a docking host for HIP tag The Reader is not able to solve the f equation The identity solver entity is located in a node called the PORTAL HIP dialog between Tag and Portal HIP packets MAY be encapsulated by a HAT (HIP Address Translation) layer.

6 5 /14 Pascal URIEN, IETF 75 th, Tuesday July 28th Stockholm, Sweden HIP-Tags Architecture IP MAC PHY IP MAC PHY RFID-MAC RFID-PHY RFID-MAC RFID-PHY HIP PortalTagReader HAT HIP Identity Solver SPI-I SPI-R EPC-Code

7 6 /14 Pascal URIEN, IETF 75 th, Tuesday July 28th Stockholm, Sweden T-BEX Exchange, I1-T HIT-I A random value generated by the tag HIT-R A known HIT A null value Tag Portal HIT-I, HIT-R

8 7 /14 Pascal URIEN, IETF 75 th, Tuesday July 28th Stockholm, Sweden T-BEX Exchange, R1-T r1, random value generated by the Portal. HIT-T-Transforms, list of f functions and associated parameters. ESP-Transforms, optional list of ESP- Transforms, used when a secure communication channel is requested. Tag Portal HIT-R, HIT-I, HIT-R(r1), HIT-T-Transforms, [ESP-Transforms]

9 8 /14 Pascal URIEN, IETF 75 th, Tuesday July 28th Stockholm, Sweden T-BEX Exchange, I2-T r2, random value generated by the Tag. HIT-T-Transform, selected f function. F-T, equation to solve f(r1,r2, EPC-Code) ESP-Transform, optional selected ESP-Transform ESP-Info, optional info about ESP transform, includes the SPI-I value. Signature-T, signature of the I2-T message KI-Auth-key = g(r1, r2, EPC-Code) Tag Portal HIT-I, HIT-R, HIT-R(r2), HIT-T-Transform, F-T = f(r1,r2,EPC-Code), [ESP-Transform], [ESP-Info], Signature-T

10 9 /14 Pascal URIEN, IETF 75 th, Tuesday July 28th Stockholm, Sweden T-BEX Exchange, R2-T (Optional) ESP-Info, optional info about ESP transform, includes the SPI-R value. Signature-T, signature of the I2-T message r1, random value generated by the Portal. Tag Portal HIT-R, HIT-I, [ESP-Info], T-Signature Optional ESP Dialog

11 10 /14 Pascal URIEN, IETF 75 th, Tuesday July 28th Stockholm, Sweden T-Transform 0001 - HMAC K = HMAC-SHA1(r1 | r2, EPC-Code) F-T = HMAC-SHA1(K, CT1 | "Type 0001 key ") CT1 = 0x00000001 (32 bits) K-AUTH-KEY = HMAC-SHA1(K, CT2 | "Type 0001 key") CT2 = 0x00000010 (32 bits)

12 11 /14 Pascal URIEN, IETF 75 th, Tuesday July 28th Stockholm, Sweden Example, with T-Transform = 0x0001 HEAD 3b04401100000000 sHIT f91b71c8b2e30415666015486f59970e dHIT 00000000000000000000000000000000 Tag Portal HEAD 3b0a411100000000 sHIT 00000000000000000000000000000000 dHIT f91b71c8b2e30415666015486f59970e ATT 0400 20 bytes f228cb0c58eaffb0542fa95295f1646ea6c52553 ATT 0402 04 bytes 00010000 HEAD 3b13401100000000 sHIT f91b71c8b2e30415666015486f59970e dHIT 00000000000000000000000000000000 ATT 0402 04 bytes 00010000 ATT 0400 20 bytes 0f4b4490b6404f099e26c9419bc0b722bfe3b3ee ATT 0404 20 bytes de4fbb1e49447b7ceaa7afb613e62d0c950da321 ATT 0406 20 bytes 45b94565fac69f07e163d525ff3b4fbe56e44613 EPC-CODE 0123456789abcdefcdab I1-T R1-T I2-T r1 r2 f Signature

13 12 /14 Pascal URIEN, IETF 75 th, Tuesday July 28th Stockholm, Sweden T-Transform 0002 – Tree (early proposal) F-T = H1 | H2 | Hi | Hn Hi = HMAC-SHA1(r1 | r2, Ki | CT1 ),or Hi = HMAC-SHA1(r1 | r2, Ki | CT2 ) CT1 = 0x00000001, CT2 = 0x00000010 Notation: H i CTk Ki k=1,2 i=1...n K-AUTH-KEY = HMAC-SHA1(K, CT1 | "Type 0002 key") K = HMAC-SHA1(r1 | r2, EPC-Code) CT1 = 0x00000001 (32 bits) EPC-Code = 010…. F-T = H 1 CT1 K1 H 2 CT2 K2 H 3 CT1 K1 H 1 CT1 K1 H 1 CT2 K1 01 H 2 CT2 K2 H 3 CT1 K1 1 0

14 13 /14 Pascal URIEN, IETF 75 th, Tuesday July 28th Stockholm, Sweden Open Resources http://perso.telecom-paristech.fr/~urien/hiptag Java code for portal. Java card code for tags. ISO 14443 tags work at 13,56 MHz. Java card are widely deployed, about 1 billion devices per year. Thanks to the NFC technology, HIP-TAG could be supported by billions of mobile phones. http://gforge.cnam.fr/gf/project/t2tit Code source of the T2TIT project, funded by the French National Research Agency (ANR). Papers: HIP-tags, a new paradigm for the Internet Of Things Urien, P.; Elrharbi, S.; Nyamy, D.; Chabanne, H.; Icart, T.; Pepin, C.; Bouet, M.; Cunha, D.; Guyot, V.; Krzanik, P.; Susini, J.-F.; Wireless Days, 2008. WD '08. 1st IFIP, 24-27 Nov. 2008 Page(s):1 – 5. Available at IEEE Explorer.

15 14 /14 Pascal URIEN, IETF 75 th, Tuesday July 28th Stockholm, Sweden Conclusion Is Internet Of Thing a working item for the IRTF? Is HIP a good candidate for the IoT ? Is privacy a main request for the IoT ? Is it acceptable to have fix identifier for the IoT?

Download ppt "1 /14 Pascal URIEN, IETF 75 th, Tuesday July 28th Stockholm, Sweden draft-urien-hip-tag-02.txt HIP support for RFID"

Similar presentations

Keiji Maekawa Graduate School of Informatics, Kyoto University Yasuo Okabe Academic Center for Computing and Media Studies, Kyoto University.

Keiji Maekawa Graduate School of Informatics, Kyoto University Yasuo Okabe Academic Center for Computing and Media Studies, Kyoto University.
M2M Architecture Inge Grønbæk, Telenor R&I ETSI Workshop on RFID and The Internet Of Things, 3rd and 4th December 2007.

M2M Architecture Inge Grønbæk, Telenor R&I ETSI Workshop on RFID and The Internet Of Things, 3rd and 4th December 2007.
Secure Mobile IP Communication

Secure Mobile IP Communication
UWB UWB: High speed(>100Mbps), small area(WPAN), accurate positioning and distance measuring. Blue tooth: although it’s low speed, it has a more mature.

UWB UWB: High speed(>100Mbps), small area(WPAN), accurate positioning and distance measuring. Blue tooth: although it’s low speed, it has a more mature.
IPv4 to IPv6 Migration strategies. What is IPv4  Second revision in development of internet protocol  First version to be widely implied.  Connection.

IPv4 to IPv6 Migration strategies. What is IPv4  Second revision in development of internet protocol  First version to be widely implied.  Connection.
IPv6-The Next Generation Protocol RAMYA MEKALA UIN:01008672.

IPv6-The Next Generation Protocol RAMYA MEKALA UIN:
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC)

1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 “draft-urien-eap-smartcard-type-00.txt” EAP Smart Card Protocol (EAP-SC)
Computer Networking Revision Dr Sandra I. Woolley.

Computer Networking Revision Dr Sandra I. Woolley.
2.1 Chapter 2 Network Models Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

2.1 Chapter 2 Network Models Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Doc.: IEEE 802.15-xxxxx Submission doc. : IEEE 802. 15-13-0011-00-0008 Slide 1 Junbeom Hur and Sungrae Cho, Chung-Ang University Project: IEEE P802.15.

Doc.: IEEE xxxxx Submission doc. : IEEE Slide 1 Junbeom Hur and Sungrae Cho, Chung-Ang University Project: IEEE P
2.1 Chapter 2 Network Models Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

2.1 Chapter 2 Network Models Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.

1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.
Intercepting Mobiles Communications: The Insecurity of 802.11 Danny Bickson ACNS Course, IDC Spring 2007.

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.

Similar presentations

Ads by Google