RFID SECURITY

1
RFID SECURITY

2
How Does RFID Work?
02.3DFEX4.78AF51
EasyToll card 816
Radio signal (contactless) Range from 3-5 inches
to 3 yards
Tags (transponders) Attached to objects, call out
their (unique) name and/or static data on a
special radio frequency
Reader (transceiver) Reads data off the
tags without direct contact
Database Matches tag IDs to physical objects
3
Asymmetric channels
Range of Reader (Forward Channel)
100 m
READER
TAG
EAVESDROPPER
5 m
Tags Range (Backward Channel)
4
Applications

• Tracking/Identification
• Library Books
• Children
• Pets
• Auto Parts
• Inventory management in a Supply Chain
• Contactless Smart Cards

5
A Generic Supply Chain
6
Key Decisions

• When to order
• How much to order
• As order quantity increases, holding cost
  increases
• As order quantity decreases, stockout cost
  increases
• From whom to order

7
The Problem - Motivation

• Basic problem with RFID tags
• Can be remotely scanned
• Respond to query by any reader
• This leads to security and privacy risk
• Resource constraints
• Limited power and computing resources
• Hence classical cryptographic mechanisms not
  feasible
• The RFID security challenge
• How to obtain maximum security with almost no
  resources?

8
The Problems of Privacy and Security

• RFID privacy concerns the problem of misbehaving
  readers harvesting information from well-behaving
  tags.
• Risks
• Leakage of personal information (prescriptions,
  brand/size of clothes etc.).
• Location privacy Tracking the physical location
  of individuals by their RFID tags.
• RFID authentication concerns the problem of well
  behaving readers receiving information from
  misbehaving tags, particularly counterfeit ones.
• Risks
• Forgery
• Sabotage

9
Cost and capability

• The strength and flavor of proposed security
  solutions will depend on the allowed tag cost for
  different applications
• 50 cent tags. Low-end tags will be 10 cent, 5
  cent and 2 cent in about 5 years

10
Challenge

• Tens of research ideas have been proposed in the
  past two years
• Propose improvements over the existing privacy
  enhancing protocols for the extremely resource
  constrained RFID systems

11
Security Attacks

• Spoofing
• Imitating the behavior of a genuine tag
• Denial of Service
• Man in the middle attack
• Modify the response of the tag to the reader or
  vice versa
• Replay Attack
• Eavesdrop message from the tag (reader)
  re-transmit the message to the legitimate reader
  (tag).
• Traffic Analysis
• Monitoring of comm. between reader tag allows
  adversary to perform traffic analysis generate
  statistical data.

12
Security and Privacy Requirements

• Anonymity
• Tag output should not give idea about ID
• Untraceability
• Tag output should be varying
• Indistinguishibility
• Tag output should be truly random, i.e. variation
  should not be predictable
• Forward Security
• Adversary should not be able to associate the
  current output with past output
• Mutual Authentication
• Tag-to-reader and reader-to-tag authentication

13
Backend Requirements

• Efficiency and scalability
• Order of computation/precomputation required as a
  function of number of tags
• Flexibility
• Changes required with addition/removal of tags

14
Hash Lock
Rivest, Weis, Sharma, Engels
Goal Authenticate reader to the RFID tag
Reader
RFID tag
Compute hash(key) and compare with stored metaID
Stores metaIDhash(key)
Stores key hash(key) for any tag Unique key for
each tag
15
Hash Lock Analysis

• PROS
• Relatively cheap to implement Tag has to store
  hash function implementation and metaID
• Security based on weak collision-resistance of
  hash function
• Scalable due to low key look-up overhead
• CONS
• Constant tag output enables traceability
• Motivates Randomization
• Too many messages/rounds
• Requires reader to know all keys

16
Randomized Hash Lock
Weis et al.
Goal Authenticate reader to the RFID tag
Reader
RFID tag
Generate random R
Compute hash(R,IDi) for every known IDi and
compare
Stores its own IDk
Stores all IDs ID1, ,IDn
17
Randomized Hash Lock Analysis

• PROS
• Randomized response prevents tracking
• Tag needs to store hash implementation and
  pseudo-random number generator
• CONS
• Inefficient brute force key look-up
• No Forward security
• Motivates updating tag ID on each read
• Security Flaw - Adversary can impersonate tag by
  learning a valid tag response.

18
OSK Scheme
Ohkubo, Suzuki and Kinoshita
Goal Enable reader to identify the RFID tag,
change tag identifier on each read
Database
Tag
Reader
Query
AiG(Si)
AiG(Si)
Compute Hash Chain
Si1H(Si)
Tag ID
19
OSK Analysis

• PROS
• Different random like values on every read
  operation prevents tracking
• Forward Security ensured due to one way hash
  property
• Tag needs to store only 2 hash implementations,
  hence low cost
• Minimal number of transmissions
• CONS
• Not scalable for large scale applications due to
  brute force search
• Motivates reducing computation time at
  reader/backend
• Susceptible to DoS attacks
• May lead to problem due to hash collisions.

20
Summary

• RFIDs have many useful applications related to
  tracking and identification
• But there are some important issues of security
  and privacy
• Small number of gates for S/P makes the design of
  such protocols challenging
• Tens of schemes proposed for security/privacy but
  subtle drawbacks with many of them. Much more
  work needed in this area