Presentation is loading. Please wait.

Presentation is loading. Please wait.

Low-Cost Untraceable Authentication Protocols for RFID Yong Ki Lee, Lejla Batina, Dave Singelée, Ingrid Verbauwhede BCRYPT workshop on RFID Security February.

Published byMark West Modified over 8 years ago

Similar presentations

Presentation on theme: "Low-Cost Untraceable Authentication Protocols for RFID Yong Ki Lee, Lejla Batina, Dave Singelée, Ingrid Verbauwhede BCRYPT workshop on RFID Security February."— Presentation transcript:

1 Low-Cost Untraceable Authentication Protocols for RFID Yong Ki Lee, Lejla Batina, Dave Singelée, Ingrid Verbauwhede BCRYPT workshop on RFID Security February 5, 2010, Leuven

2 Outline of the talk Challenges in RFID networks Security problems Privacy problems Cryptographic building blocks ECC-based authentication protocols Search protocol Hardware architecture Conclusion

3 RFID technology Radio Frequency Identification as we explain it to Dave’s tech-savvy grandmother: 1. Passive tag 2. Battery assisted (BAP) 3. Active tag with onboard power source

4 RFID applications Asset tracking Barcode replacement RFID passports Mobile credit card payment systems Transportation payment systems Sporting events (timing / tracing) Animal identification …

5 RFID security problems (I) Impersonation attacks Genuine readers Malicious tags => Tag-to-server authentication

6 RFID security problems (II) Eavesdropping Replay attacks Man-in-the-middle attacks Cloning Side-channel attacks …

7 RFID privacy problems (I) [A. Juels. RSA Laboratories] Mr. Jones in 2020

8 RFID privacy problems (II) [A. Juels. RSA Laboratories] Mr. Jones in 2020 Wig model #4456 (cheap polyester) Das Kapital and Communist- party handbook 1500 Euros in wallet Serial numbers: 597387,389473 … 30 items of lingerie Replacement hip medical part #459382

9 RFID privacy problems (III) RFID Privacy problem Malicious readers Genuine tags => Untraceability

10 RFID privacy problems (IV) Untraceability Inequality of two tags: the (in)equality of two tags must be impossible to determine Theoretical framework of Vaudenay [ASIACRYPT ‘07] : Narrow vs wide privacy Weak vs strong privacy

11 Cryptographic authentication protocol Tag proves its identity Security (entity authentication) Privacy Challenge-response protocol ReaderTag Challenge Response

12 Technological requirements Scalability Implementation issues Cheap implementation Memory Gate area Lightweight Efficient => Influence on cryptographic building blocks

13 Implementation cost Symmetric encryption AES: 3-4 kgates Cryptographic hash function SHA-3: 10 – 30 kgates) [ECRYPT II: SHA-3 Zoo] Public-key encryption Elliptic Curve Cryptography (ECC): 11-15 kgates =>Public key cryptography is suitable for RFID

14 ECC-based authentication protocols Rely exclusively on ECC !!! Wide-strong privacy Two sub-modules ID-transfer scheme Pwd-transfer scheme Combination => 3 protocols Computational requirements Security requirements

15 System parameters

16 16 Example: Secure ID Transfer Server: y Tag: x 1, Y=yP T1T1 T2T2 r t1 € ZT 1 ← r t1 P r s1 € Z T 2 ←( r t1 + x 1 )P (y -1 T 2 – T 1 ) ( ) -1 = x 1 P

17 ID-transfer scheme (protocol 1)

18 ID + Pwd-transfer scheme (protocol 3)

19 Search protocol (I) Linear search: scalability issues Search for one particular tag Design requirements: One-round authentication Dedicated authentication Security against replay attacks Wide-weak privacy Combine with ECC-based authentication protocol

20 Search protocol (II)

21 Hardware architecture

22 Performance comparison Circuit Area (Gate Eq.)14,566 Cycles for EC point multiplication59,790 Frequency700 KHz Power13.8 µW Energy for EC point multiplication1.18 µJ

23 Conclusion Security & privacy in RFID networks Challenging research problem Public-key cryptography is suitable for RFID tags ECC hardware implementation Wide-strong authentication protocols Search protocol

24 Questions??

25 EXTRA SLIDES

26 Pwd-transfer scheme

27 ID + Pwd-transfer scheme (protocol 2)

Download ppt "Low-Cost Untraceable Authentication Protocols for RFID Yong Ki Lee, Lejla Batina, Dave Singelée, Ingrid Verbauwhede BCRYPT workshop on RFID Security February."

Similar presentations

Click to edit Master title style KATHOLIEKE UNIVERSITEIT LEUVEN | COSIC 1 Compact Implementations for RFID and Sensor Nodes L. Batina, K. Sakiyama and.

Click to edit Master title style KATHOLIEKE UNIVERSITEIT LEUVEN | COSIC 1 Compact Implementations for RFID and Sensor Nodes L. Batina, K. Sakiyama and.
CS 854 – Hot Topics in Computer and Communications Security Fall 2006 Introduction.

CS 854 – Hot Topics in Computer and Communications Security Fall 2006 Introduction.
Cryptanalysis of a Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol Source: Information Sciences in review Presenter: Tsuei-Hung.

Cryptanalysis of a Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol Source: Information Sciences in review Presenter: Tsuei-Hung.
Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.

Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Cryptographic Security Presented by: Josh Baker October 9 th, 2012 1CS5204 – Operating Systems.

Cryptographic Security Presented by: Josh Baker October 9 th, CS5204 – Operating Systems.
Timo Kasper Crete, Greece May 10, 2007 An Embedded System for Practical Security Analysis of Contactless Smartcards Timo Kasper, Dario Carluccio and Christof.

Timo Kasper Crete, Greece May 10, 2007 An Embedded System for Practical Security Analysis of Contactless Smartcards Timo Kasper, Dario Carluccio and Christof.
A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme Divyan M. Konidala, Zeen Kim, Kwangjo Kim {divyan, zeenkim, International.

A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme Divyan M. Konidala, Zeen Kim, Kwangjo Kim {divyan, zeenkim, International.
Implementation of LSI for Privacy Enhancing Computation Kazue Sako, Sumio Morioka 2011.2.10

Implementation of LSI for Privacy Enhancing Computation Kazue Sako, Sumio Morioka
A lightweight mutual authentication protocol for RFID networks 2005 IEEE Authors : Zongwei Luo, Terry Chan, Jenny S. Li Date : 2006/3/21 Presented by Hung.

A lightweight mutual authentication protocol for RFID networks 2005 IEEE Authors : Zongwei Luo, Terry Chan, Jenny S. Li Date : 2006/3/21 Presented by Hung.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.

1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.
RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.

RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.
Security in RFID Presented By… NetSecurity-Spring07

Security in RFID Presented By… NetSecurity-Spring07
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
#1 Privacy in pervasive computing What can technologists do? David Wagner U.C. Berkeley In collaboration with David Molnar, Andrea Soppera, Ari Juels.

#1 Privacy in pervasive computing What can technologists do? David Wagner U.C. Berkeley In collaboration with David Molnar, Andrea Soppera, Ari Juels.
Real World Applications of RFID Mr. Mike Rogers Bryan Senior High School Omaha, NE.

Real World Applications of RFID Mr. Mike Rogers Bryan Senior High School Omaha, NE.

Similar presentations

Ads by Google