563.9.2 RFID Security

1
563.9.2RFID Security Privacy

• Matt Hansen
• University of Illinois
• Fall 2007

2
Outline

• RFID Overview
• Tags, Readers, and Applications
• Tag Singulation
• Security Privacy Threats
• Proposed Solutions
• Public Concerns

2
3
RFID Overview
02.3DFEX4.78AF51
EasyToll card 816
Radio signal (contactless) Range from 3-5 inches
to 3 yards
Tags (transponders) Attached to objects, call
out identifying data on a special radio frequency
Reader (transceiver) Reads data off the
tags without direct contact
Database Matches tag IDs to physical objects
Shmatikov 05
4
Tag Types

• Passive
• All power comes from a readers signal
• Tags are inactive unless a reader activates them
• Cheaper and smaller, but shorter range
• Semi-passive
• On-board battery, but cannot initiate
  communication
• Can serve as sensors, collect information from
  environment for example, smart dust for
  military applications
• Active
• On-board battery power
• Can record sensor readings or perform
  calculations in the absence of a reader
• Longer read range

Fong 05
5
Security Challenge

• Low cost RFID tags have very limited resources
• Typically have only 500-5,000 gates
• May have up to a few hundred bits of storage
• Tags cannot perform complex computations
• Most tags simply emit a static identifier when
  prompted
• Tags do not have the resources to allow for
  public-key or symmetric-key encryption systems
• EPC tags 0.05, 250 1000 gates
• AES requires 20,000 30,000 gates

Fong 05
6
Applications

• Supply-chain management
• logistics, inventory control, retail check-out
• Payment systems
• ExxonMobil SpeedPass
• I-Pass/EZ-Pass toll systems
• Credit Cards
• Access Control
• Passports
• Library books
• Animal Tracking

Fong 05
7
Reading Tags

• The read process starts when an RFID reader sends
  out a query message
• Invites all tags within range to respond
• More than one RFID tag may respond at the same
  time
• Tags cannot generally hear one another
• This causes a collision
• Reader cannot accurately read information from
  more than one tag at a time
• Reader must engage in a special singulation
  protocol to talk to each tag separately

Shmatikov 05
8
Singulation Algorithms

• Deterministic
• Binary tree-walking scheme
• Reader sorts through tags based on tag ID
• Reader performs a depth-first search of the tag
  ID space
• Probabilistic
• Slotted Aloha scheme
• Time is divided into discrete intervals
• Tags respond in randomly generated times
• Process does not depend on tag ID

Sarma, Weis, Engels 02
9
Tree Walking
prefix0
prefix1
Reader broadcasts current prefix
Each tag with this prefix responds with its next
bit
prefix00
prefix01
prefix10
prefix11
If responses dont collide, reader adds 1 bit to
current prefix, otherwise tries both
possibilities
000
001
010
011
100
101
110
111
Every tag has a k-bit identifier
This takes O(k ? number of tags)
Shmatikov 05
10
Threats

• Eavesdropping

Anti-collision scheme
Reader
Tag
Eavesdropper
Backward Channel Range (5m)
Forward Channel Range (100m)
Fong 05
11
Threats

• Tracking
• Unauthorized use of a tags ID in order to gain
  information about the location of a person or
  object
• In a retail environment, a user can be associated
  with an item at purchase time
• Cloning/Replay
• Tags that emit static identifiers are very
  vulnerable
• A thief could replace/rewrite a tag on an
  expensive item
• Denial-of-service
• Conflicting RF signals can prevent legitimate tag
  communication
• Physical attacks
• Probing a tag to determine private data

Fong 05
12
Security Goals

• Tags should not compromise privacy of holders
• Information should not be leaked to unauthorized
  readers
• Should not be possible to build long-term
  tracking associations
• Holders should be able to detect and disable tags
  they carry
• Private tag contents should be protected by
  access control and encryption
• Spoofing tags or readers should be difficult

Sarma, Weis, Engels 02
13
Potential Solutions

• Disable tags permanently
• Kill bit/sleeping
• Blocker/privacy tag
• Prevent tags from being read
• Shielding
• Jamming
• Prevent unauthorized parties from listening to
  tag communication
• Cryptography
• Distance/Power Level measurements
• Enact laws governing RFID use
• Policy and Legislation

14
Kill bit, Shielding, and Jamming

• Kill tag after purchase
• Special command permanently de-activates tag
  after the product is purchased
• Disables many futuristic applications
• Alternative set tag to sleep
• Shielding - Faraday cage
• Container made of foil or metal mesh,
  impenetrable by radio signals of certain
  frequencies
• Shoplifters are already known to use foil-lined
  bags
• Maybe works for a wallet, but huge hassle in
  general
• Active jamming
• Disables all RFID, including legitimate
  applications

Shmatikov 05
15
Blocker Tag

• A form of jamming broadcast both 0 and 1 in
  response to any request from an RFID reader
• Guarantees collision no matter what tags are
  present
• To talk to a tag, reader must traverse every tree
  path
• With 128-bit IDs, reader must try 2128 values
• Privacy tag a special case of the blocker tag
• Blocks reading of protected tags, but does not
  disrupt normal RFID communication
• Blocks only certain ID ranges and prevents
  illegitimate blocking
• E.g., blocker tag blocks all IDs with first bit1
• Items on supermarket shelves have first bit0
• Cant block tags on unpurchased items
  (anti-shoplifting)
• After purchase, flip first bit on the tag from 0
  to 1

Juels, Rivest, Szydlo 03 Shmatikov 05
16
More Possible Security Measures

• Distance/Power Level measurements
• Majority of hostile reads occur when attacker is
  physically distant
• Signal strength measurements and noise analysis
  can be used to estimate distance to the reader
• Cryptography
• Required hardware not feasible on low-cost tags
• Other methods use one-way hash functions and
  pseudo-random number generation
• Physical Protection
• A combination of means (security cameras,
  sensors, etc.) to prevent tampering of RFID
  devices
• Policy and Legislation
• Legal requirements on RFID use
• Does not prevent attackers from unauthorized use

Fishkin, Roy, Jiang 04
17
Public Privacy Concerns

• Tracking
• Libraries, retail, auto
• Even if unique serial numbers are disabled at
  purchase time, tracking is still possible by
  associating constellations of tags
• Intelligent theft
• Human Tagging
• Baja Beach Club, Spain
• RFID Watchdog Groups
• CASPIAN - (Consumers Against Supermarket Privacy
  Invasion and Numbering)
• Spychips.com
• Electronic Privacy Information Center
• Consumer Backlash
• Gillette Razors
• Benetton Clothing

Shmatikov 05
18
References Recommended Readings

• Papers
• K. P. Fishkin, S. Roy, and B. Jiang, Some Methods
  for Privacy in RFID Communication, In 1st
  European Workshop on Security in Ad-Hoc and
  Sensor Networks (ESAS 2004), 2004.
• A. Juels, RFID Security and Privacy A Research
  Survey, Condensed version to appear in 2006 in
  the IEEE Journal on Selected Areas in
  Communication, 2006.
• A. Juels, R. L. Rivest, and M. Szydlo, The
  Blocker Tag Selective Blocking of RFIDTags for
  Consumer Privacy, 8th ACM Conference on Computer
  and Communications Security, pp. 103-111, ACM
  Press, 2003.
• S. Sarma, S. Weis, and D. Engels, RFID Systems
  and Security and Privacy Implications, Workshop
  on Cryptographic Hardware and Embedded Systems,
  2002.
• S. A. Weis, S. E. Sarma, R. L. Rivest, and D. W.
  Engels, Security and Privacy Aspects of Low-Cost
  Radio Frequency Identification Systems, Security
  in Pervasive Computing, 2003.
• Presentations
• Vitaly Shmatikov, RFID Security and Privacy,
  University of Texas Lecture, 2005.
• Kenny Fong, RFID Security, Southern Illinois
  University Lecture, 2005.

18