RFID Security

1
RFID Security
B. Karthik
MTech 05 KReSIT, IIT Bombay
2
What is RFID?

• Radio-Frequency Identification Tag

• Holds a small amount of unique data a serial
  number or other unique attribute of the item
• The data can be read from a distance no contact
  or even line of sight necessary

Antenna
Chip
3
How Does RFID Work?
02.3DFEX4.78AF51
EasyToll card 816
Radio signal (contactless) Range from 3-5 inches
to 3 yards
Tags (transponders) Attached to objects, call out
their (unique) name and/or static data on a
special radio frequency
Reader (transceiver) Reads data off the
tags without direct contact
Database Matches tag IDs to physical objects
4
RFID Tag Power Sources

• Passive (this is what mostly used now)
• Tags are inactive until the readers
  interrogation signal wakes them up
• Cheap, but short range only
• Semi-passive
• On-board battery, but cannot initiate
  communication
• Can serve as sensors, collect information from
  environment for example, smart dust for
  military applications
• More expensive, longer range
• Active
• On-board battery, can initiate communication

5
The capabilities of a basic RFID tag

• Little memory
• Static 64-to-128-bit identifier in current
  ultra-cheap generation
• Little computational power
• A few thousand gates
• Static keys for read/write permission
• Not enough resources to support public- or
  symmetric-key cryptography
• Cannot support modular arithmetic (RSA, DSS),
  elliptic curves, DES, AES
• Hash functions barely feasible
• Recent progress on putting AES on RFID tag

6
RFID is the Barcode of the Future
Barcode
RFID
Fast, automated scanning (object doesnt have to
leave pocket, shelf or container)

• Line-of-sight reading
• Reader must be looking at the barcode

• Reading by radio contact
• Reader can be anywhere within range

• Write Capabilities
• Products carry updated info as they move through
  the supply chain

• Static Data
• No cryptographic operations possible

• Specifies object type
• E.g., I am a pack of Juicy Fruit

• Specifies unique object id
• E.g., I am a pack of Juicy Fruit 86715-A

Can look up this object in the database
7
Commercial Applications of RFID

• Physical-access cards
• Inventory control
• Gillette Mach3 razor blades, pet tracking
• Logistics and supply-chain management
• Track a product from manufacturing through
  shipping to the retail shelf
• Gas station and highway toll payment
• Libraries
• Euro banknotes

8
The consumer privacy problem
9
and the tracking problem
Wig serial A817TS8

• Mr. Jones pays with a credit card his RFID tags
  now linked to his identity determines level of
  customer service
• Think of car dealerships using drivers licenses
  to run credit checks
• Mr. Jones attends a political rally law
  enforcement scans his RFID tags

10
Risks

• Personal privacy
• Ill furtively scan your briefcase and learn how
  much cash you are carrying and which prescription
  medications you are taking
• Corporate espionage Privacy is not just a
  consumer issue
• Track your competitors inventory
• Skimming read your tag and make my own
• In February, JHU-RSA Labs team skimmed and cloned
  Texas Instruments RFID device used in car
  anti-theft protection and SpeedPass gas station
  tokens

11
Blocking Unwanted Scanning

• FARADAY CAGE
• Container made of foil or metal mesh,
  impenetrable by radio signals of certain
  frequencies
• May be works for a wallet, but huge hassle in
  general locomotion difficult

12
Blocking Unwanted Scanning (Contd.)

• KILL tag after purchase
• Special command permanently de-activates tag
  after the product is purchased
• RFID tags are much too useful in live state
  Disables many futuristic applications.

13
Futuristic Applications

• Tagged products
• Clothing, appliances, CDs, etc. tagged for store
  returns and locatable in house
• Smart appliances
• Refrigerators that automatically create shopping
  lists and when milk expires
• Closets that tell you what clothes you have
  available, and search the Web for advice on
  current styles, etc.
• Washing machines that detect improper wash cycle
• Smart print
• Airline tickets that indicate your location in
  the airport
• Business cards
• Recycling
• Plastics that sort themselves
• Consumers will not want their tags killed,
  but should still have a right to privacy!

14
Blocking Unwanted Scanning (Contd.)
The BLOCKER TAG Blocker simulates all
(billions of) possible tag serial numbers!!
15
Tree-walking anti-collision protocol for RFID
tags
0
1
00
01
10
11
000
010
111
101
001
011
100
110
16
Example Supermarket Cart
1. Prefixempty
prefix0
prefix1
1a. Prefix0
1b. Prefix1
2. Prefix00
2. Prefix11
prefix00
prefix01
prefix10
prefix11
000
001
010
011
100
101
110
111
17
What a protocol should posses?

• Untraceability
• Tag should reproduce different output every time
  it is queried
• Forward Security
• Compromise of Tag must not mean compromise of all
  its previous interactions
• Database Desynchronization
• Attacker desynchronizes the sequence followed by
  Tag and Backend Database

18
Weis, Sarma, Rivest, Engels Protocol
19
Attack on Weis, Sarma, Rivest, Engels Protocol

• Untraceability
• The tag gives no useful information when an
  adversary queries it or re-queries it
• Forward Security
• If the adversary break opens the tag, then the
  tags ID gets compromised

20
Ohkubu, Suzuki, and Kinoshita Protocol

• Internally, h2(ID) is stored as the next ID

21
Attack on Ohkubu, Suzuki, and Kinoshita Protocol

• Untraceability
• Response of the tag neither repeats nor is useful
  for the adversary
• Forward Security
• ID is not static
• Revealing the tag will only give out the current
  ID of the tag

22
Delegatable, Pseudonym Protocol

• David MolnarAndrea Soppera,and David Wagner

23
Tree of Secrets

• If n is the total number of tags, and b the
  branching factor, then d1 logb n
• Each of these nodes have a randomly generated key

24
How it works?

• On querying the tag responds with the following
• r, P r, F1(r), F2(r), F3(r),
• Here F1, F2, F3 encrypt r using the secrets
  along the path from root node to the current
  tags node
• TC proceeds by finding F(r) at each level
• Thus for a binary tree, the TC does (2d1)
  comparisons

25
Tree of Secrets (contd.)

• Every tag has a sub-tree of depth d2
• Nodes in this sub-tree get their key by
  performing PRF on their parent
• Tags store the path from the root node to the tag
  node and the tags sub-tree

26
The Protocol

• Tag maintains a counter to determine current leaf
  node
• On querying, Tag responds with
• r, P r, F1(r), F2(r), F3(r),
• Here F1, F2, F3 encrypt r using the secrets
  along the path from root node to the current leaf
  node
• The TC performs F(r) at each level and determines
  the next node to traverse

27
Why Delegation?

• Pseudonym Protocol
• Trusted Center TC authorizes the reader and
  gives out the ID
• Problem when readers continuously query the TC
• Solution is to delegate the authority to the
  readers
• Pass on a set of keys from the sub-tree to the
  readers

28
Attacking Molnars Protocol

• Untraceability
• Tag responds with (r, P) which is different every
  time
• Forward Security
• Tag stores the sub-tree used for encryption
• On Reveal, Tag loses all its secret, and hence
  all its previous interactions can be traced

29
References

• David Molnar, Andrea Soppera, and David Wagner. A
  scalable, delegatable pseudonym protocol enabling
  ownership transfer of RFID tags. In Bart Preneel
  and Stafford Tavares, editors, Selected Areas in
  Cryptography SAC 2005, Lecture Notes in
  Computer Science, Kingston, Canada, August 2005.
  Springer-Verlag.
• Gildas Avoine. Adversary model for radio
  frequency identification. Technical Report
  LASEC-REPORT-2005-001, Swiss Federal Institute of
  Technology (EPFL), Security and Cryptography
  Laboratory (LASEC), Lausanne, Switzerland,
  September 2005.
• Dirk Henrici and Paul Muller. Hash-based
  enhancement of location privacy for
  radiofrequency identification devices using
  varying identifiers. In Ravi Sandhu and Roshan
  Thomas, editors, International Workshop on
  Pervasive Computing and Communication Security
  PerSec 2004, pages 149153, Orlando, Florida,
  USA, March 2004. IEEE, IEEE Computer Society.
• Miyako Ohkubo, Koutarou Suzuki, and Shingo
  Kinoshita. Cryptographic approach to
  privacy-friendly tags. In RFID Privacy Workshop,
  MIT, MA, USA, November 2003.
• Stephen A. Weis, Sanjay E.Sarma, Ronald L.
  Rivest, and Daiel W. Engels. Security and privacy
  aspects of low-cost radio frequency
  identification systems. In First International
  Conference on Security in Pervasive Computing,
  2003.