Presentation is loading. Please wait.

Presentation is loading. Please wait.

Handling Security Threats to the RFID System of EPC Networks J. Garcia-Alfaro, M. Barbeau, E. Kranakis Presenter Gicheol Wang.

Published byBenedict Ray Modified over 9 years ago

Similar presentations

Presentation on theme: "Handling Security Threats to the RFID System of EPC Networks J. Garcia-Alfaro, M. Barbeau, E. Kranakis Presenter Gicheol Wang."— Presentation transcript:

1 Handling Security Threats to the RFID System of EPC Networks J. Garcia-Alfaro, M. Barbeau, E. Kranakis Presenter Gicheol Wang

2 presented by gcwang RFID Tags  Radio frequency devices that transmit information (e.g., serial numbers) to compliant readers in a contactless manner  Classified in the literature as:  Passive: transmission power is derived from reader  Active: energy comes from on-board battery  Semi-passive: battery powered chips, but transmission powered by reader  Electronic Product Code (EPC) tags  Main kind of low-cost tags in use on today’s RFID supply chain applications  Passive UHF RFID tags  EPCglobal inc: Main organization controlling EPC development 2 10/18/2015

3 presented by gcwang Sample representation of an EPC number 3 ELECTRONIC PRODUCT CODE HeaderManager numberObject classSerial number RFID Tag 10/18/2015

4 presented by gcwang Back-end services Middleware Readers Security Problems  Threats to and from front-end components (i.e., tags and readers)  Privacy concerns during the receiving of information  Lack of authentication between readers & tags  Necessity of a fine grained access control for the interaction of principals 4 Tags Secure wired channel Insecure wireless channel Security threats 10/18/2015

5 presented by gcwang Threat Analysis Methodology 5 Possible Likely HighModerateLow Motivation None Solvable Strong Unlikely Difficulty HighMediumLow Impact Unlikely Possible Likely Likelihood Minor Major Critical 10/18/2015  Likelihood and risk function  this framework was proposed by ETSI

6 presented by gcwang EPC Inventory Protocol  Lack of authentication between readers & tags -16-bit random sequences (denoted as RN16) to acknowledge the process  Any compatible reader can obtain the code -Illicit readers can impersonate legal readers 6 4. Tag ID 1. Query 3. ACK(RN16) 2. RN16 ReaderTag 10/18/2015

7 presented by gcwang Rogue Scanning  Powering the tag to obtain tag ID -The use of special hardware (e.g., highly sensitive receivers and high gain antennas) can ease the attack. 7 Reader Tag Reader Illicit MotivationDifficultyLikelihoodImpactRisk HighSolvablePossibleHighCritical 10/18/2015

8 presented by gcwang Reader Tag Reader Illicit Eavesdropping Reader Channel  Passive observation or recording of the communication -The distance at which an attacker can eavesdrop the signal of an EPC reader can be much longer than the operating environment of the tag. -Some data items (e.g., 16-bit random sequences) can be eavesdropped at long distances. 8 MotivationDifficultyLikelihoodImpactRisk HighSolvablePossibleHighCritical 10/18/2015

9 presented by gcwang Cloning of Tags  Using the codes eavesdropped or scanned, an attacker may successfully clone the tags 9 MotivationDifficultyLikelihoodImpactRisk ModerateSolvablePossibleMediumMajor Tag Reader Illicit 1. TagID 2. write TagID 10/18/2015

10 presented by gcwang Location Tracking  Adversaries can distinguish any given tag by just getting the EPC  Correlating reader’s position, adversary can trace location of bearers  It can also provide useful data for fingerprinting and profiling 10 MotivationDifficultyLikelihoodImpactRisk ModerateSolvablePossibleMediumMajor Illicit Reader TagID 10/18/2015

11 presented by gcwang Tampering of Data (1/3)  Gen2 tags are required to be writable  Although this feature can be protected with a 32-bit password, bypassing the protection is solvable 11 1. Query 2. RN16 3. ACK(RN16) 4. Tag ID 5. Req_RN(RN16) 6. Handle ReaderTag 10/18/2015

12 presented by gcwang Tampering of Data (2/3)  Gen2 tags are required to be writable  Although this feature can be protected with a 32-bit password, bypassing the protection is solvable 12 ReaderTag 7. Req_RN(Handle) 8. RN16' 9. Access(PIN 31:16 RN16') 10. Handle 11. Req_RN(Handle) 10/18/2015

13 presented by gcwang Tampering of Data (3/3)  Gen2 tags are required to be writable  Although this feature can be protected with a 32-bit password, bypassing the protection is solvable 13 MotivationDifficultyLikelihoodImpactRisk ModerateSolvablePossibleHighCritical 12. RN16'' 13. Access(PIN 15:0 RN16'') 14. Handle 15. Write(membank, wordptr,data, handle) 16. Header, Handle ReaderTag 10/18/2015

14 presented by gcwang Denial of Service  Tag data destruction or interference by attacks such as (1) attacks targeting writing or self-destruction routines and (2) use of jamming or strong electromagnetic pulses. 14 MotivationDifficultyLikelihoodImpactRisk ModerateSolvablePossibleMediumMajor Tag Illicit Reader write/kill command (1) (2) Tag Jamming device 10/18/2015

15 presented by gcwang Evaluation of Threats (Summary) 15 ThreatsMotivationDifficultyLikelihoodImpactRisk Eavesdropping, Rogue Scanning HighSolvablePossibleHighCritical Cloning of Tags, Location Tracking ModerateSolvablePossibleMediumMajor Tampering of Data ModerateSolvablePossibleHighCritical Destruction of Data, Denial of Service ModerateSolvablePossibleMediumMajor 10/18/2015

16 presented by gcwang How to deal with these threats ? Shielding or jamming the signal  It may work on some other RFID applications, but not on EPC setups  Third party blockers or guardians  Requires the management of new components  Use of lightweight countermeasures, such as:  Message Authentication Codes  Lock-based Access Control Schemes  Random Pseudonyms  Threshold Cryptography  Physically Unclonable Functions 10/18/2015 16

17 presented by gcwang Message Authentication Codes 17 Keyed Hash Function MessageSecret Reader Tag MAC {Message, MAC} Keyed Hash Function Secret Message Output MAC ? Tags & readers share a secret that allows the verification of the integrity and authenticity of exchanged messages 10/18/2015

18 presented by gcwang Simplified Scheme: – Readers and tags share a common secret – When a tag receives a proof ownership of the secret (e.g., a hash of it), it locks itself  when interrogated, it only answers with this pseudo ID – Tag unlocks itself when it receives the secret Lock-based Access Control Schemes hash(secret) Reader Ta g secret Reader Ta g (1) (2) 10/18/2015 18

19 presented by gcwang Random Pseudonyms 19 Tags storing a pseudonym, or a list of pseudonyms, instead of the real object or tag identifier (i.e., EPC number) To handle the location tracking threat, pseudonyms must be generated at random and they must change frequently Authorized readers must know how to match the pseudonyms to the real tag identifiers 10/18/2015

20 presented by gcwang Threshold Cryptography  Exploit the natural movement of tag populations on the supply chain to distribute secrets and enforce privacy 20 T1T1 … k out of n tags can reconstruct the secret … T2T2 TkTk TnTn Secret 10/18/2015 Secret Sharing

21 presented by gcwang Physically Unclonable Functions (1/2) 21 Originated from optical mechanisms for generating unique secrets in the form of physical variations E.g.: Light Binary output 10/18/2015

22 presented by gcwang Physically Unclonable Functions (2/2) 22 Promising for the implementation of challenge-response protocols in low-cost EPC tags. Optical designs have been improved towards new schemes exploiting other physical random variations -Delays of wires and logic gates of integrated circuits -SRAM startup values as origin of randomness Can be used to handle the authentication threat, as well as the cloning and location tracking threats 10/18/2015

23 presented by gcwang 23 2015-10-18 Secret Sharing(I)  Motivation of Secret Sharing My colleagues and I accidentally discovered a map that would lead us to a treasure island. We agreed to start the trip together tomorrow. The problem is who possesses the map until the start time They don’t really trust one another Now, They can happily go home

24 presented by gcwang 24 2015-10-18 Secret Sharing(II)  Problem of Secret Sharing  in above example, if someone who has the part of the map burns his(hers) intentionally  they never go to the treasure island  (n, t) Secret Sharing = threshold cryptography  greater than or equal to t parties can recover original s  less than t parties have no information about s You have never imagine I’m a spy. I’ll destroy my key.

25 presented by gcwang 25 2015-10-18 Secret Sharing(III)  Design of (n,t) secret sharing  generate a polynomial f(x)=ax (t-1) + bx (t-2) … + cx + M (mod p)  a prime ‘p’ which is larger than the number of shares required  ‘t’ is the number of shares necessary to reconstruct the secret  ‘a’, …, ‘c’ are random secret coefficients which are discarded once the data has been distributed  ‘M’ is the secret to be distributed  evaluate f(x) at x=1, x=2, …, x=n  distribute the resulting f(1), f(2), …, f(n) values as the shared data  any ‘t’ shares can be used to create the same polynomial f(x)  a linear algebra(Lagrange Interpolation) can be used to solve for M

26 presented by gcwang 26 2015-10-18 Secret Sharing(IV)  Example of (n,t) secret sharing  generate a polynomial ax 2 + bx + M (mod p)  Assumption  a (5,3) threshold scheme is employed  M=5, a=4, b=6, and p=13  f(x) = 4x 2 + 6x + 5 (mod 13)  f(1) = 4+6+5 (mod 13)=2, f(2)=16+12+5 (mod 13)=7, f(3)=7, f(4)=2, f(5)=5  {x, f(x)} is distributed to any five nodes  any node which gets three of these shares(for example share 1, 3, 5) can acquire the original polynomial through the following equation.

27 presented by gcwang 27 2015-10-18 Secret Sharing(V)  Lagrange interpolation  We can compute the lagrange interpolation polynomial using four points,,, as the following

28 presented by gcwang 28 2015-10-18  An Example of secret sharing (3,2) threshold signature K/k m s1s1 s2s2 s3s3 c server 1 server 2 server 3 PS(m, s 1 ) PS(m, s 3 ) k m : message PS : partial signature Ex) PS(m, s 1 ) is a partial signature of m via share s 1 c : combiner k : fully signature of m signed by private key Secret Sharing(VI) Return

Download ppt "Handling Security Threats to the RFID System of EPC Networks J. Garcia-Alfaro, M. Barbeau, E. Kranakis Presenter Gicheol Wang."

Similar presentations

By Md Emran Mazumder Ottawa University Student no: 6282845.

By Md Emran Mazumder Ottawa University Student no:
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Physical Unclonable Functions and Applications

Physical Unclonable Functions and Applications
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Cryptography and Network Security Chapter 1

Cryptography and Network Security Chapter 1
A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme Divyan M. Konidala, Zeen Kim, Kwangjo Kim {divyan, zeenkim, International.

A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme Divyan M. Konidala, Zeen Kim, Kwangjo Kim {divyan, zeenkim, International.
Security for RFID Department of Information Management, ChaoYang University of Technology. Speaker : Che-Hao Chen ( 陳哲豪 ) Date:2006/01/18.

Security for RFID Department of Information Management, ChaoYang University of Technology. Speaker : Che-Hao Chen ( 陳哲豪 ) Date:2006/01/18.
Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley.

Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
A lightweight mutual authentication protocol for RFID networks 2005 IEEE Authors : Zongwei Luo, Terry Chan, Jenny S. Li Date : 2006/3/21 Presented by Hung.

A lightweight mutual authentication protocol for RFID networks 2005 IEEE Authors : Zongwei Luo, Terry Chan, Jenny S. Li Date : 2006/3/21 Presented by Hung.
Groups 23 & 24. What is it? Radio frequency identification Small electronic device consisting of a microchip or antenna containing up to 2 KB of data.

Groups 23 & 24. What is it? Radio frequency identification Small electronic device consisting of a microchip or antenna containing up to 2 KB of data.
RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.

RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.
1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.

1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Cryptographic Technologies

Cryptographic Technologies
Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems Stephen A. Weis, Sanjay E. Sarma, Ronald L. Rivest and Daniel W. Engels.

Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems Stephen A. Weis, Sanjay E. Sarma, Ronald L. Rivest and Daniel W. Engels.
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
YA-TRAP: Yet Another Trivial RFID Authentication Protocol Gene Tsudik International Conference on Pervasive Computing and Communications, PerCom 2006.

YA-TRAP: Yet Another Trivial RFID Authentication Protocol Gene Tsudik International Conference on Pervasive Computing and Communications, PerCom 2006.

Similar presentations

Ads by Google