Radio Frequency Identification

1
Radio Frequency Identification

• Foundations of Privacy 2010Guy Katz

2
Planned Topics

• Introduction to RFID
• How does it work
• Threats to user privacy
• Possible solutions

3
Introduction to RFID
4
Radio Frequency Identification

• Wireless Identification System
• Consists of
• Tag
• Small transponder
• Attached to a physical object
• Transceiver
• Reads (writes) data from tags
• Connected to some database

5
Origins

• RFID has been around for 60 years
• Friend or Foe systems in WW II
• German pilots would roll their planes when coming
  back to base
• The British put basic transmitters on theirs
• Theft prevention (1970s)
• Trucks in Los Alamos laboratory had transponders
• Toll payments
• Agriculture

6
Recent Developments

• A large increase in deployment since year 2000
• Reasons
• Tags and readers much smaller and cheaper
• World wide standardization (ISO)

7
Current Uses

• Supply Chain Management
• From production to customer replaces bar codes
• Payment systems
• Toll roads, cafeterias, Rav-Kav
• Access Control
• Weizmann Institute of Science
• Theft Prevention
• Anti-Counterfeiting
• Passports, Money Bills
• Implanted Tags

8
Implanted RFID tags
9
RFID Tags vs. Barcodes
10
How does it work?
11
Tags

• Contain an antenna and a small circuit
• Purpose in life broadcast an ID
• Usually 128 bits
• Very small - a few millimeters
• Cost Barrier 5 cent per tag
• Two subgroups
• Active Tags
• Passive Tags

Integrated Circuit 4 x 4 mm
12
Active Tags

• Can initiate communication on their own
• Transmit, looking for a reader
• Range can be over 100 meters
• Require a power source
• Consequently, expensive

Active RFIF Tag Part of a monitoring system6.5 x
4 x 2 cm
13
Passive Tags

• No power source
• Consequently, very cheap
• Energy extracted from RF signal
• Cant initiate communication on their own
• Need to receive energy before they can answer
• Range up to 10 meters

14
Readers

• Power tags through RF signals
• Usually connected to some database
• Singulation (Anti-Collision)
• Communicate with many tags at once
• Still a bit expensive
• Cheapest ones around 500

15
Singulation

• A method used by readers
• Goal discover all present tags
• Difficulty If many tags answer together, answers
  get mixed up
• The reader cant separate their answers
• Does know that more than one tag responded
• Need a way to solve collisions

16
Tree Walking

• The standard singulation protocol
• Each round, readers looks for a n-bit prefix
• Asks Who starts with 1010?
• Tags answer with their next digit
• If multiple tags answer, recurse on both (n1)
  bits prefixes
• For n tags and k identity bits, O(nk)
• In practice, a few seconds for a shopping cart

17
Tree Walking - Example
Who has ?
Who has 1?
Who has 10?
Who has 0?
Who has 00?
Who has 01?
18
Frequencies

• Various ranges
• From 120 KHz to 10.6 GHz
• Dictate passive read range
• From 10cm to 10 meters, accordingly.
• Can be used to ignore more distant tags

19
Threats to user privacy
20
Possible Attacks on RFID

• Sniffing/Eavesdropping
• Spoofing/Cloning
• Tracking
• Replay
• Denial Of Service
• Not all attacks related to privacy!

21
Privacy Concern Unique Identification

• Tags contain an identification code
• EPC usually consists of 64-128 bits
• Some bits indicate vendor and product ID
• Others form a unique product ID
• Tags becomes associated with a person!
• Dont even need to know item type

22
Privacy Concern Unique Identification
(Continued)

• Reading is done silently and remotely
• Personal information can be gathered
• Information about individuals habits where you
  go, what you buy
• Physical tracking of people
• Military and Corporate Espionage
• Track down parts and components
• Implanted Tags
• Big Brother?

23
The Difficulty

• Need to keep the tags cheap
• A wide range of systems and uses
• No single solution suits everyone
• Need to only block malicious readings
• Defining the typical adversary
• What sort of equipment? Readers, tags, scanners,
  etc
• What sort of abilities?
• Can impersonate a reader? Connect to the DB?
• Always present?

24
Possible Solutions
25
Our Scope

• We focus on EPC (Electronic Product Code) RFID
  tags
• Goal prevent the adversary from associating a
  tag with a person

26
Physical Blocks

• Physically prevent RFID tags from transmitting
• Aluminum foil lined wallets
• Special cases for smart passports
• Take off covers when transmission needed
• Problem only suitable for specific RFID tags
• Led lined supermarket bags?
• Commercial products already available

Passport Case Available for 18
27
Zombie Tags

• Tags contain a kill command
• A supermarket might disable tags on checkout
• Zombie tags dont answer readers
• Prevents association of people with their tags
• Covers most privacy concerns
• Problems
• Some applications need the tag alive
• Alices milk carton
• Return products to stores
• Toll payment tags, implanted tags

28
Privacy Bits

• An approach proposed by Juels and Brainard (2004)
• Tags broadcast a privacy bit its ok/not ok to
  read me
• Problem readers may choose to obey policy
• Corrupt readers risk being caught
• How does the owner configure the tags?
• Naïve solution

29
The obvious answer Crypto!

• Cryptographic solutions inherently expensive
• Require computational power
• Require more memory
• Sometimes require source of randomness
• Three approaches have been proposed
• Hash-Lock
• Re-Encryption
• Silent Tree Walking
• So far, all too expensive to be practical
• But well have a look anyway

30
Hash-Lock (Weis et al, 2003)

• Similar to a password
• A tag can be locked by a reader
• Locked tags dont transmit until unlocked
• Locked tags have an ID y
• Can only be unlocked by x s.t. h(x) y
• h standard one-way hash function
• The consumer knows x, can unlock at home
• When locked, cannot be associated with the owner

31
Hash-Lock (Continuted)

• Problems
• Tags still need to calculate h(x)
• Expensive
• Many tags, hard to manage
• Consumer might not be aware of all the tags hes
  carrying

32
Re-Encryption (Juels Pappu 2003)

• Mechanism to prevent counterfeiting of money
  bills
• The idea
• Put an RFID tag inside the bill
• Every bill has a unique ID
• Encrypt the ID with a police public key
• Periodically re-encrypt it
• Cant link different appearances of a given tag

33
Re-Encryption (Continued)

• Re-encryption done by external agents (in big
  stores, banks, etc)
• Problems
• Costly infrastructure
• Burdensome process
• Often need to re-encrypt
• People naturally lazy
• Unclear just how effective the process is

34
Silent Tree Walking(Weis et al, 2003)

• Readers use singulation protocols
• Most common Tree Walking
• It is sufficient to eavesdrop the reader to
  identify the tag (up to last bit)
• A reader transmits much louder
• Can be heard from further away
• The idea encrypt the readers requests
• Makes eavesdropping harder

35
Silent Tree Walking (Continued)

• Problem How to encrypt?
• Tags have limited resources and no randomness
• Need a shared reader-tag key beforehand
• Makes the system impractical
• Still, might be useful combined with other
  solutions

36
Blocker Tags(Juels, Rivest and Szydlo, 2003)

• Using an exterior device to block tag readers
• Enables a user to block the adversary
• One blocker suffices for all tags
• Cheap
• Same price as a tag
• Dont have to change existing RFID tags
• Can turn off at home

37
How do blocker tags work?

• The idea disrupt the singulation protocol
• Trick the reader - make it think all tags are
  present
• Makes reading useless
• For instance, a tag that disrupts the tree
  walking algorithm
• Always answers both 0 and 1
• Might require two antennas
• The reader doesnt know which tags exist

38
Partial Blocking Private Branch

• The blocker will disrupt any reading around it
• Can be configured to only disrupt private
  branches
• Specific IDs defined as private
• Readers have no right to read them
• Can change the tree walking algorithm to avoid
  unneeded queries

39
Tree Walking with a Blocker
Who has ?
Who has 1?
Who has 10?
Who has 0?
Who has 00?
Who has 01?
Blocker Blocks 0
Blocker Blocks 0
40
Other Blocker Tag Issues

• Can the blocker itself pose a privacy breech?
• Can track a unique private zone
• Allow only a few privacy policies?
• Bobs blocker may disrupt Alices readings
• Can use a random private zone to avoid
  conflicts
• Tradeoff with the previous bullet
• Tailored for the tree walking algorithm
• However, should be adjustable to any other
  algorithm as well
• Can be used in Denial of Service attacks

41
Conclusions

• RFID is becoming cheap and widespread
• It can easily disclose private information
• Partial solutions
• Physical blocks
• Zombie tags
• Privacy Bits
• Encryption schemes are effective, but require
  expensive tags and infrastructure
• Only suitable for specific cases
• Blocker tags are a cheap, effective solution for
  EPC RFID tags

42
Thank you!
43
References

• Squealing Euros Privacy-Protection in
  RFID-Enabled Banknotes by Juels and Pappu, 2003
• Security and Privacy Aspects of Low-Cost Radio
  Frequency Identification Systems by Weis et al,
  2003
• Selective Blocking of RFID Tags for Consumer
  Privacy by Juels, Rivest Szydlo, 2003
• RFID Privacy An Overview of Problems and
  Proposed Solutions by Garfinkel, Juels Pappu,
  2005
• RFID, presentation by Alon Rosen