A Gen2-Based RFID Authentication Protocol for Security and Privacy Sunil Kumar R.M 3 rd  sem ,M.Tech (QIP)    CSE. RVCE. U...
Overview <ul><li>Radio Frequency Identification (RFID) </li></ul><ul><li>Security Threats. </li></ul><ul><li>End user’s Co...
RFID Architecture <ul><li>three key phases. </li></ul><ul><li>Firstly items-tag are scanned by reader; </li></ul><ul><li>S...
TAGS Paper thin 2X2inch  in size. Read-only or  Read/writable   Storage capacity of 2KB data that contain 96bits serial nu...
RFID Tags are of three types <ul><li>Active tags. </li></ul><ul><li>Semi passive tags. </li></ul><ul><li>Passive tags. </l...
Security Threats. <ul><li>Eaves dropping      listens to all the communications through RF and dumps them for later crack...
End users concern <ul><li>In future each items will have an RFID and a person needs a reader to manage all his items. </li...
Classification of RFID protocols <ul><li>Secure solutions: </li></ul><ul><ul><li>Uses  hash value as Meta ID . To verify a...
Generation 2 protocol <ul><li>Here the tags contains the pseudorandom number generator (PRGN). </li></ul><ul><li>CRC16 use...
Duc’s CRC Based protocol  <ul><li>R   reader T   tag S   server/backend K i     key value. </li></ul><ul><li>1. R  T:...
<ul><ul><li>1   select </li></ul></ul><ul><ul><li>1-4    inventory. </li></ul></ul><ul><ul><li>5-7     access  stage. <...
Secured Gen2 protocol
<ul><li>Key pool: tag shares a L-word long random string. </li></ul><ul><li>Ck  l  :  16 bit divided address </li></ul><ul...
Central key (CK)
Tags-to-Reader Authenticity <ul><li>If the reader is valid it can check the validity of the tag by reading its key pool & ...
Security analysis <ul><li>The readers can be classified in to four types: </li></ul><ul><ul><li>Associate reader:   reader...
Gen 2 + protocol against different Attacks <ul><li>Against tracing attack </li></ul><ul><li>=malicious active +malicious p...
Against skimming attack <ul><li>It is  malicious passive logger </li></ul><ul><ul><li>Its goal is to filter out informatio...
Against the spoofing attack  <ul><li>Here attacker tries to reply previously logged sessions so that the legal reader will...
Conclusion <ul><li>RFID technology is taking off in increasingly rapid pace.  Though there are few libraries employing thi...
Future Research <ul><li>Low cost hardware implementation  w/o computational loss. </li></ul><ul><li>Adaptation of symmetri...
REFERENCES <ul><li>http://www.epcglobalinc.org </li></ul><ul><li>http://eprint.iacr.org/ </li></ul><ul><li>http://www.rfid...
THANK YOU
Upcoming SlideShare
Loading in …5
×

A gen2 based rfid authentication protocol

1,179 views

Published on

RFID authentication protocol,security

Published in: Education, Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,179
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
48
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

A gen2 based rfid authentication protocol

  1. 1. A Gen2-Based RFID Authentication Protocol for Security and Privacy Sunil Kumar R.M 3 rd sem ,M.Tech (QIP) CSE. RVCE. Under the guidance of Anjun kumar K
  2. 2. Overview <ul><li>Radio Frequency Identification (RFID) </li></ul><ul><li>Security Threats. </li></ul><ul><li>End user’s Concern. </li></ul><ul><li>Classification of RFID protocols. </li></ul><ul><li>Generation 2 protocol. </li></ul><ul><li>Duc ’s CRC Based protocol . </li></ul><ul><li>Secured Gen2 protocol . </li></ul><ul><li>Tags-to-Reader Authenticity . </li></ul><ul><li>Security analysis. </li></ul><ul><li>Gen 2 + protocol against different Attacks. </li></ul><ul><li>Conclusion . </li></ul>
  3. 3. RFID Architecture <ul><li>three key phases. </li></ul><ul><li>Firstly items-tag are scanned by reader; </li></ul><ul><li>Secondly in backend transmitted data coming through antenna (RF-wave) are being recognized by RFID-based system PC. It acts as a middleware communication gateway among items, reader and system database; </li></ul><ul><li>And at the end it filters out and store data in RFID-databases for checking the data fault and relevant operation. </li></ul>Tags Reader Gateway Database Database Application User Interface Backend Fig.1. A General Overview of RFID Architecture Scanned
  4. 4. TAGS Paper thin 2X2inch in size. Read-only or Read/writable Storage capacity of 2KB data that contain 96bits serial number. Tags come in many flavors: passive, battery assisted, active, different frequencies, various anti-collision technologies, printed/wire wounded antenna etc.
  5. 5. RFID Tags are of three types <ul><li>Active tags. </li></ul><ul><li>Semi passive tags. </li></ul><ul><li>Passive tags. </li></ul><ul><li>Reading range of tags: </li></ul><ul><li>Class-0 tag : 5 to 10 cm </li></ul><ul><li>Class-1 tag: several meters. </li></ul>
  6. 6. Security Threats. <ul><li>Eaves dropping  listens to all the communications through RF and dumps them for later cracking. </li></ul><ul><li>Reply attack  attacker repeats the same messages logged from eaves dropping. </li></ul><ul><li>Cloning. </li></ul><ul><li>Tag tracing  attacker can easily trace the tag n communicate with it. </li></ul><ul><li>Invading privacy. </li></ul><ul><li>Data forging  data about the several items may be changed by the attackers. </li></ul>
  7. 7. End users concern <ul><li>In future each items will have an RFID and a person needs a reader to manage all his items. </li></ul><ul><li>RFID provides three functions about an item: </li></ul><ul><ul><li>The price of an item </li></ul></ul><ul><ul><ul><ul><li>Luxurious items. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Handful items. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Cheap consumable items. </li></ul></ul></ul></ul><ul><ul><li>The effective reading range </li></ul></ul><ul><ul><li>class-0 13.56 MHz  3.52 meters. </li></ul></ul><ul><ul><li>class-1 915 MHz  3 meters. </li></ul></ul><ul><ul><li>forward channel  100 meters. </li></ul></ul><ul><ul><li>The popularity of RFID tags : lots of companies are applying RFID for better flow control and quality control and try to benefit from high speed. </li></ul></ul>
  8. 8. Classification of RFID protocols <ul><li>Secure solutions: </li></ul><ul><ul><li>Uses hash value as Meta ID . To verify a tag a verifier needs to search the back end DB and compute some Hashed value. The DB looks for the TID & sends it back it to the reader. </li></ul></ul><ul><ul><li>Provides forward security. </li></ul></ul><ul><ul><li>Here the cost of the hash function is usually higher than the XOR,AND,OR operations. </li></ul></ul><ul><li>Light weight solutions: </li></ul><ul><ul><li>It uses XOR operation as a basic operation. </li></ul></ul><ul><ul><li>This method cannot prevent the active attacks. </li></ul></ul><ul><ul><li>Here the person can have a common same reader id. </li></ul></ul><ul><ul><li>Attackers can easily access the tags. </li></ul></ul>
  9. 9. Generation 2 protocol <ul><li>Here the tags contains the pseudorandom number generator (PRGN). </li></ul><ul><li>CRC16 used to establish the protection message integrity. </li></ul><ul><li>Memory : </li></ul><ul><ul><li>Reserved memory. </li></ul></ul><ul><ul><li>EPC memory. </li></ul></ul><ul><ul><li>TID memory. </li></ul></ul><ul><ul><li>User Memory. </li></ul></ul><ul><ul><li>Here the time complexity of the exhaustive search is given by O(2 32 ) </li></ul></ul><ul><ul><li>Note: These cannot perform complex computations . </li></ul></ul>
  10. 10. Duc’s CRC Based protocol <ul><li>R  reader T  tag S  server/backend K i  key value. </li></ul><ul><li>1. R  T: Query. </li></ul><ul><li>2. T: Compute M1=CRC (TID Θ r) Θ Ki and C = CRC(M1 Θ r) </li></ul><ul><li>3. T  R  S: M1, C and r. </li></ul><ul><li>4. S: Search all possible tuple (TID, Ki) such that </li></ul><ul><li>M1 Θ Ki =CRC (TID Θr) </li></ul><ul><li>5. R  S, R  T: Update Ki+1=f (Ki) </li></ul>
  11. 11. <ul><ul><li>1  select </li></ul></ul><ul><ul><li>1-4  inventory. </li></ul></ul><ul><ul><li>5-7  access stage. </li></ul></ul><ul><ul><li>7  read, write , </li></ul></ul><ul><ul><ul><li>block write. </li></ul></ul></ul><ul><li>Note : here CRC is a mini Hash function that exists collisions. </li></ul>
  12. 12. Secured Gen2 protocol
  13. 13. <ul><li>Key pool: tag shares a L-word long random string. </li></ul><ul><li>Ck l : 16 bit divided address </li></ul><ul><li>R  T : Query. </li></ul><ul><li>T  R : Choose (a,b)=(0,4),hence, the segment is K[ a: b]=1234567890 h. </li></ul><ul><li>S  R : Assume the back-end database calculates the central key from the current DB and obtains ck I = 53 D8h . </li></ul><ul><li>R  T: ck I . </li></ul>Secured Gen2 protocol
  14. 14. Central key (CK)
  15. 15. Tags-to-Reader Authenticity <ul><li>If the reader is valid it can check the validity of the tag by reading its key pool & compare it with the record in the DB. </li></ul><ul><li>If the attacker tries to recover the whole key pool from previous captured sessions, the reader can update the tags key pool by memory write. </li></ul>
  16. 16. Security analysis <ul><li>The readers can be classified in to four types: </li></ul><ul><ul><li>Associate reader: reader is legal & works with back end & stores the information of the tag i.e. going to be read. </li></ul></ul><ul><ul><li>Semi friendly reader : reader is legal and works with back end servers. </li></ul></ul><ul><ul><li>Malicious active Reader : powerful but it will not have any information about tag but can interact with the tag. </li></ul></ul><ul><ul><li>Malicious passive logger : small device that logs all the RF signals & tries to obtain the information of the tag. </li></ul></ul>
  17. 17. Gen 2 + protocol against different Attacks <ul><li>Against tracing attack </li></ul><ul><li>=malicious active +malicious passive reader. </li></ul><ul><ul><li>Attacker actively scans the tag from a far distance & logs all the RF signals by small device near the tag. </li></ul></ul><ul><ul><li>The attacker may choose the random value ck l & interact with the tag every round. </li></ul></ul>
  18. 18. Against skimming attack <ul><li>It is malicious passive logger </li></ul><ul><ul><li>Its goal is to filter out information about the tag from logger RF signals. </li></ul></ul><ul><ul><li>Gen2+ tag will reply a 16bit message if it is accidentally queried by a semi friendly reader. Semi friendly readers will ignore the 16 bit message as if the protocols fails. </li></ul></ul>
  19. 19. Against the spoofing attack <ul><li>Here attacker tries to reply previously logged sessions so that the legal reader will take it as an approval. </li></ul><ul><li>In order to prevent this spoofing attack, the legal reader reads out the whole keypool. If the attacker wants to spoof the backend DB,he has obtain the keypool first. Then there is a second defense line which is the 32 bit access password (PIN) which is not easy. </li></ul>
  20. 20. Conclusion <ul><li>RFID technology is taking off in increasingly rapid pace. Though there are few libraries employing this technology today, but due to its customizable feature and continuing improvement the library communities are beginning to get involved in its development. It is easy to envision that, the RFID tags contents will increase in power, prices are expected to decline and tag will dramatically improve its efficiency, security and accuracy. Also major concerns need to be addressed for successfully implementing this technology. So that it will change our personal and work lives in library and adorns the conventional management with a new idea and usher for a bright future. </li></ul>
  21. 21. Future Research <ul><li>Low cost hardware implementation w/o computational loss. </li></ul><ul><li>Adaptation of symmetric encryption and public key algorithms from active tags into passive tags. </li></ul><ul><li>Power loss graceful recovery of tags </li></ul><ul><li>Research on smart cards and other embedded systems . </li></ul>
  22. 22. REFERENCES <ul><li>http://www.epcglobalinc.org </li></ul><ul><li>http://eprint.iacr.org/ </li></ul><ul><li>http://www.rfidjournal.com/article/view/1536/1/82 </li></ul>
  23. 23. THANK YOU

×