Presentation is loading. Please wait.

Presentation is loading. Please wait.

© copyright NTT Information Sharing Platform Laboratories Cryptographic Approach to “Privacy-Friendly” Tags Miyako Ohkubo, Koutarou Suzuki, and Shingo.

Published byCharles Matthews Modified over 9 years ago

Similar presentations

Presentation on theme: "© copyright NTT Information Sharing Platform Laboratories Cryptographic Approach to “Privacy-Friendly” Tags Miyako Ohkubo, Koutarou Suzuki, and Shingo."— Presentation transcript:

1 © copyright NTT Information Sharing Platform Laboratories Cryptographic Approach to “Privacy-Friendly” Tags Miyako Ohkubo, Koutarou Suzuki, and Shingo Kinoshita NTT Laboratories Nippon Telegraph and Telephone Corporation 2003.11.15 RFID Privacy Workshop @ MIT

2 © copyright NTT Information Sharing Platform Laboratories OutlineOutline 1.Introduction (RFID System and RFID Privacy Problem) 2.Our Contribution 1. Stronger security model Indistinguishability, forward security 2. A new scheme providing stronger security low-cost and forward secure based on hash chain 3.Conclusion

3 © copyright NTT Information Sharing Platform Laboratories RFID System Radio Frequency IDentification (RFID) Each tag has a unique ID. Anyone can read the ID through radio connection. Our Concern What if the tag is linked to your identity? What if someone is tracing the tag? VERY USEFUL FOR GOODS FLOW CONTROL PRIVACY VIOLATION (BIG BROTHER PROBLEM)

4 © copyright NTT Information Sharing Platform Laboratories RFID Privacy Problems Leakage of personal belongings data Leak data regarding belongings without awareness of user. ID tracing Monitor tag owner’s activity. What do they have? Consumers Adversary

5 © copyright NTT Information Sharing Platform Laboratories OutlineOutline 1.Introduction (RFID System and RFID Privacy Problem) 2.Our Contribution 1. Stronger security model Indistinguishability, forward security 2. A new scheme providing stronger security low-cost and forward secure based on hash chain 3.Conclusion

6 © copyright NTT Information Sharing Platform Laboratories Formal Security Requirement Indistinguishability The output from tag A cannot be distinguished from that from tag B. The ouput from tag A at time T cannot be distinguished from that of at time T’. Tag A Reader Tag B 1234567890 time T ’ 5709136824 6123789035 time T

7 © copyright NTT Information Sharing Platform Laboratories secret information Stronger Property Forward Security Once the secret in the tag is stolen, all past activities can be traced by searching past logs.  Forward security ensures that the latest memory in the tag does not give a hint to guess past outputs. So the past activities can be protected from tampering. time ? ? ? Tag A Tampering!

8 © copyright NTT Information Sharing Platform Laboratories Known Approaches (1/2) ID Encryption (against personal belongings data leakage) Hide ID by encryption so that only designated Reader can read it. Re-encryption (against ID tracing) Re-encrypt the encrypted IDs to vary the ciphertext from time to time. [KHKFO03] “Anonymous ID Scheme” [JP03] “Re-encryption scheme” Costly encryption is done by on-line Reader. But off-line schemes (that allow the tags to protect privacy by themselves) are more useful.

9 © copyright NTT Information Sharing Platform Laboratories Known Approaches (2/2) ID Randomization approach Using Hash function that is much less costly than encryption. Allows tag to protect ID without any help of Reader. [WSRE03] using Randomized Hashing Simple No forward security [This work] using Randomized Hash Chain Simple Forward secure!

10 © copyright NTT Information Sharing Platform Laboratories Hash Functions Functionality One-way (Preimage-free): hard to guess the input from the ouput Existing Schemes SHA-1, MD5,... Hardware Implementation 12 KGates for SHA-1 while 165KGates for Elliptic Curve Enciphering Security module should be < 2.5KGates to get a tag < 5 cents. Currently, it is hard to meet with 2.5KG boundary but hash functions are much more promising than public-key encryption. H

11 © copyright NTT Information Sharing Platform Laboratories Known Approaches (2/2) ID Randomization approach Using Hash function that is much less costly than encryption. Allows tag to protect ID without any help of Reader. [WSRE03] using Randomized Hashing Simple No forward security [This work] using Randomized Hash Chain Simple Forward secure!

12 © copyright NTT Information Sharing Platform Laboratories OutlineOutline 1.Introduction (RFID System and RFID Privacy Problem) 2.Our Contribution 1. Stronger security model Indistinguishability, forward security 2. A new scheme providing stronger security low-cost and forward secure based on hash chain 3.Conclusion

13 © copyright NTT Information Sharing Platform Laboratories Proposed Scheme – Tag Operation Overwrite G H One-way hash functions with different output distributions Tag 1. Receives a request from reader. 2. Calculates by applying hash function G to. 3. Calculates by applying hash function H to, and overwrite in memory i a i s 1  i s i s H G Output Memory

14 © copyright NTT Information Sharing Platform Laboratories Proposed Scheme - Back-end Server Operation Back-end server ( ID, s 1 ) DB : Tag’s output sent from reader Identify ID through comparison with calculation result ID Back-end server 1. Receives from reader. 2. For all ID,. 3. If the equation holds, identifies ID from database.

15 © copyright NTT Information Sharing Platform Laboratories Implementation Issues Saving server’s computation Cash latest value to reduce calculation cost, back- end server reduces calculation cost. Apply efficient computing method for hash chain [Coppersmith and Jakobsson02][Sella03]. Our scheme allows parallel computation on the server-side. RFID lifetime Using FRAM (100 million times) instead of simple memory, for example EPROM and RAM(hundred thousand times). i s

16 © copyright NTT Information Sharing Platform Laboratories Application to Auto-ID System Layout Operation 1. Reader sends an extended-EPC to the ONS server. 2. ONS server resolves address of back-end server and responds to reader. 3. Reader sends extended-EPC to back-end server. 4. Back-end server resolves extended-EPC to original-EPC and returns it to reader. 5. Next, the basic protocol in our scheme is performed. HeaderEPC managerObject classSerial number 8bits28bits24bits 36bits Version Manufacture code Article classification Serial number HeaderBack-end server EPC Extended code of our scheme

17 © copyright NTT Information Sharing Platform Laboratories ConclusionConclusion Defined security requirements Indistinguishability Forward security Proposed scheme Low-cost Security requirements are satisfied Secret information is renewed using hash chain. Output of tag is changed every requests and random. Future works Reduce the computational cost of back-end server Low-cost hash function

Download ppt "© copyright NTT Information Sharing Platform Laboratories Cryptographic Approach to “Privacy-Friendly” Tags Miyako Ohkubo, Koutarou Suzuki, and Shingo."

Similar presentations

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Queensland University of Technology CRICOS No. 00213J Mitigating Sandwich Attacks against a Secure Key Management in WSNs for PCS/SCADA Hani Alzaid, DongGook.

Queensland University of Technology CRICOS No J Mitigating Sandwich Attacks against a Secure Key Management in WSNs for PCS/SCADA Hani Alzaid, DongGook.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme Divyan M. Konidala, Zeen Kim, Kwangjo Kim {divyan, zeenkim, International.

A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme Divyan M. Konidala, Zeen Kim, Kwangjo Kim {divyan, zeenkim, International.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
Security for RFID Department of Information Management, ChaoYang University of Technology. Speaker : Che-Hao Chen ( 陳哲豪 ) Date:2006/01/18.

Security for RFID Department of Information Management, ChaoYang University of Technology. Speaker : Che-Hao Chen ( 陳哲豪 ) Date:2006/01/18.
Reusable Anonymous Return Channels

Reusable Anonymous Return Channels
Implementation of LSI for Privacy Enhancing Computation Kazue Sako, Sumio Morioka 2011.2.10

Implementation of LSI for Privacy Enhancing Computation Kazue Sako, Sumio Morioka
A lightweight mutual authentication protocol for RFID networks 2005 IEEE Authors : Zongwei Luo, Terry Chan, Jenny S. Li Date : 2006/3/21 Presented by Hung.

A lightweight mutual authentication protocol for RFID networks 2005 IEEE Authors : Zongwei Luo, Terry Chan, Jenny S. Li Date : 2006/3/21 Presented by Hung.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.

1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.
RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.

RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.
Micro-Payment Protocols and Systems Speaker: Jerry Gao Ph.D. San Jose State University URL:

Micro-Payment Protocols and Systems Speaker: Jerry Gao Ph.D. San Jose State University URL:
Cryptography Basic (cont)

Cryptography Basic (cont)
Security in RFID Presented By… NetSecurity-Spring07

Security in RFID Presented By… NetSecurity-Spring07
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems Stephen A. Weis, Sanjay E. Sarma, Ronald L. Rivest and Daniel W. Engels.

Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems Stephen A. Weis, Sanjay E. Sarma, Ronald L. Rivest and Daniel W. Engels.
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).

Similar presentations

Ads by Google