Your SlideShare is downloading. ×
  • Like
Overview of the latest in RFID Research at the Auto-ID Lab ...
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Overview of the latest in RFID Research at the Auto-ID Lab ...

  • 375 views
Published

 

Published in Business , Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
375
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
3
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • Here are the locations of the six Auto-ID Laboratories, originally founded and supported by the Auto-ID Centre, and now supported in part by EPC global.
  • Use a simple system model to look a various vulnerabilities. The most significant problems arise from the ability to eaves drop on the three communication channels Eavesdropping: Corporate Espionage Cloning Fraud: Counterfeiting RFID-tagged items. Theft: Replace merchandise with decoy tags. Denial of Service Corrupt data with fake tags. Disrupt RFID-dependent infrastructures.
  • Each of the vulnerabilities identified previously leads to various security risks Such as corporate espionage where competitors may Eavesdropping on warehouse transmissions or Scan shelves for sales data. It is also possible for thieves to produce counterfeit RFID items for market forgeries of valuable items. It is also possible to replace an item with a decoy label while the item is stolen. Another concern is the possibility of a DoS attack where a larger number of fake labels may be employed to disrupt an RFID system.
  • Low Cost RFID presents a unique environment to work in and thus it is important to define the limitation presented within that frame work before a security or privacy proposal is made.. The most important thing to realize is that it is an extremely resource scare environment and the addition of an extra gate on silicon can result in millions and millions of recurring costs companies. In a Low Cost RFID label the number of gates available is expected to increase as over the years the manufacturing techniques and process improvements are made to silicon fabrication. Another important consideration is that the long term security of any data stored on a label cannot be guaranteed as the label are not tamper resistant or tamper proof. Since performance of low cost RFID systems are vastly determined by the power consumption of the RFID labels the power utilization of any proposed security engine should me minimal.
  • There has been a number of proposals to eliminate the security and privacy threat. One such option was to destroy the label at a checkout counter. But the labels are too useful to be destroyed, customers may want to use them to build their own applications or they can use used in the recycling process to sort items and the potential to have smart applications are out the window. An alternative suggestion was the delete the part of the EPC that acted like a serial number but leaving behind the product type, and manufacturer data still on there. However this still allowed tracking as a constellation of EPC may now be used to associate an individual. It is clear from the previous slide cost limitations and power consumption limitations prevent the use of a broad range of cryptographic tools available out there. Even a system that is optimized for smart cards are too expensive for RFID, for instance an implementation of an Advanced Encryption Standard requires gates of the order of 20,000 to 30,000 while a low Cost RFID label only has around 200-4000 gates available for security.
  • We have presented three proposals to address these issues of security and privacy. I will discuss each of the methods in more detail in the following slides.
  • A simple challenge-response mechanism would work like this, however in order to implement such a system requires the use of a one way hash function of a cryptographically secure Pseudorandom number generator. Either of these implementation are too costly for low cost RFID use. However a more cost effective method to generate responses to a challenge is outlines in the next slide.
  • We have presented three proposals to address these issues of security and privacy. I will discuss each of the methods in more detail in the following slides.
  • A Physically Unclonable Function exploits process variation in a silicon fabrication process to generate a bit response to a each challenge presented to the PUF circuit. This is achieved by starting a race between a rising edge that is fed into a series of switches. The signal is routed depending on the challenge bit at each switch and depending on whether the signal on the top rail or the bottom rail arriving first the arbiter outputs a 1 or a 0. Same challenge on most occations will not produce the same response from chip to chip due to propagations and delay variations in the circuit components. Thus a PUF circuit can be used to characterise each label IC and the fabrications variation tend to from the secret key. Thus it is possible to authenticate each IC by observing the response of the PUF circuit to a set of challenges. It has been evaluated that around 800 challenges reponse pairs are enough to uniquely identify around a billions chips.
  • Here are the locations of the six Auto-ID Laboratories, originally founded and supported by the Auto-ID Centre, and now supported in part by EPC global.
  • Encryption controlled by the label owner. Hence it is independent of the other parties in the supply chain. Individual establishments can define a security policy that suits them. Such as when encryption is performed how to handle the tag contents at point of sale. Level of security to commensurate the data/ item being protected.
  • Time stamping allow the same secret to be used again. There is potential for a physical attack, but that would only reveal the details of a single label and will not Provide any information about the secrets stored on other labels. A degree of risk management. Hierachy.

Transcript

  • 1. Overview of the latest RFID Research at Auto-ID Lab, ADELAIDE Alfio Grasso Deputy Director, Auto-ID Lab, Adelaide
  • 2. Overview
    • Auto-ID Lab, Adelaide
    • Security
      • Anti-Counterfeiting and Security
      • Authentication
      • Lightweight Cryptography
    • Specialised RFID Tag Antenna Design
    • Conclusions
  • 3. Adelaide, Auto-ID Lab
  • 4. The Auto-ID Laboratories
  • 5. Auto-ID Labs
    • One of 7 Auto-ID Labs around the world
      • MIT, USA
      • Cambridge, UK
      • Adelaide, Australia
      • Keio, Japan
      • Fudan, China
      • St Gallen, Switzerland
      • ICU, Korea
  • 6. Three entities
    • Auto-ID Lab
      • EPCglobal research
        • via sub-award from MIT
    • RFID Automation
      • Contract Research
        • Eight Consultancies
        • One Research Contract
        • One Research Project
    • Australasian Adoption Research Initiative
      • RFID adoption, Networking, Resources
  • 7. Contract Research
    • Separate from the EPCglobal funded work
    • Commercial Infrastructure
      • Adelaide Research & Innovation Pty Ltd
    • Intellectual Property Protection
    • Pork CRC Research Contract
    • Joint Strike Fighter
  • 8. Auto-ID Lab, Personnel
    • Prof. Peter Cole
    • Mr. Alfio Grasso
    • Dr. Behnam Jamali
    • Mr. Damith Ranasinghe
    • Mr. Kin Seong Leong
    • Ms. Mun Leng Ng
    • Mr. Raja Ghosal
    • Mr. Manfred Jantscher (visiting)
  • 9. Anti-counterfeiting and Security Authentication Lightweight Cryptography
  • 10. Auto-ID Labs
    • In 2006 Global Auto-ID Labs launched the Flagship Project
    • Anti-Counterfeiting and Secure Supply-Chain
      • Focuses on protection against counterfeiting and on product traceability.
      • The main emphasis is on EPC technology without neglecting other methods.
      • In addition to the technology, topics include the impacts on processes within an enterprise, the assessment of customer acceptance and the analysis of business cases in order to examine operational efficiency.
    • http://www.autoidlabs.org/publications/page.html
  • 11. RFID Channels Insecure communication channel Authorised Interrogator Powering channel Forward channel (Reader to Tag commands) Backward channel (Tag to Reader responses) Legitimate Tag Physical channel
  • 12. Security and Privacy Concepts
    • Security aims
      • Confidentiality
      • Integrity
      • Authentication
      • Non-reputation
      • Availability
    • Privacy aims
      • Anonymity
      • Unlinkability
  • 13. Security Models
    • Unconditional security
      • Perfect security, assumes unrestricted computational power of an adversary
    • Computational security
      • No known algorithm to break it within polynomial time
    • Practical security
      • No breaking algorithm within N operations, with N chosen to be high. Modern primitives offer practical security.
    • Provable security
      • Possible to show the complexity of breaking a primitive is equivalent to solving a well know supposedly hard mathematical problem
  • 14. Security Services
    • Confidentiality
      • Only authorised parties receive information
    • Authentication
      • The ability of a party to be sure the message is from a claimed source
    • Integrity
      • Assures us a message is not altered on the way
    • Non-reputation
      • Proof of transmission and reception
    • Access Control
      • Restricts and controls access to a system
    • Availability
      • Provides means to assure a system is available when needed
  • 15. Attacks
    • Ciphertext-only attack
    • Known-plaintext attack
    • Chosen-plaintext attack
    • Adaptive chosen-plaintext attack
    • Chosen-ciphertext attack
    • Adaptive chosen-ciphertext attack
    • Known-key attack
    • Man-in-the-middle attack
    • Replay attack
    • Impersonation attack
    • Dictionary attack
    • Incomplete session attack
  • 16. Some Security Issues
    • Eavesdropping
      • Corporate espionage.
      • Victim of theft
    • Cloning and Physical attacks
      • Fraud: counterfeiting RFID-labeled items.
      • Theft: replace merchandise with decoy label.
    • Denial of service.
      • Corrupt data with fake tags.
      • Disrupt RFID-dependent infrastructures.
    • Communication layer weaknesses
      • Insecurities from tag generated random numbers
      • Power analysis of the powering channel
  • 17. Some Privacy Issues
    • Profiling
      • Identify a person’s interest by the RFID items they carry
    • Tracking
      • Any RFID item can potentially identify the person
      • If a payment is made via a credit card, any tags on that person can be used to identify that person, and track them
      • Once the identity is known they can be tracked.
      • RFID enabled currency can be used to determine cash on a target.
  • 18. RFID Security Framework
    • Low cost labels.
      • 200-4000 gates available for security (cost limitation).
      • Time available for operations : 5 -10 ms.
      • Label reading speeds: 1000-1500 labels/s.
      • Data transmission rates: in the order of 100kbps.
      • Labels reveal their presence through a non-identifying signal.
    • The long term security of label contents can not be guaranteed.
    • Power utilization of security related silicon should not exceed the tag power consumption range of 50-100 microwatts.
  • 19. Initial Proposals
    • Kill tags at checkout.
      • Customers may want to build applications.
    • Erase unique identifiers at checkout.
      • Still allows tracking by tag “constellations”.
    • Restrict and detect unauthorized reads.
      • Cheap to build, hard to always detect.
      • Some scope is found with security schemes designed with reader distance based trust
    • Use strong cryptography to protect tags.
      • Too expensive for low-cost (5-cent) tags.
  • 20. Cryptography
  • 21. Kerchoff’s principle
    • Do not rely on keeping an algorithm secret.
      • Even if you think no one will think of it, someone almost certainly will.
    • Publish an algorithm but keep the key secret.
      • That key should be chosen from amongst a large number of possible keys, that could be used.
    • Have some mathematical foundation for the belief that it will be hard to extract the key from what can be overheard.
  • 22. Shannon insights
    • Add confusion and diffusion
      • Confusion: encoding the information, e.g.
        • Swapped (A -> X), shifted (A +3 =D), or A c (mod p),
      • Diffusion: spreading the information, adding redundant information, or noise
  • 23. Public Key Cryptography
    • Public key ciphers
    • Examples
      • RSA
      • Diffie-Hellman
      • ECC
    • Digital signatures
      • These form the second group of keyed cryptographic tools. Based on key pairs instead a single shared key. Only one key need be kept secret. Sometimes called asymmetric key systems. The receiving party issues the public encrypting key and keeps to itself the decrypting key.
  • 24. Public Key Encryption The key pair used in the example is the secret key SBob of Bob and the public key PBob of Bob.
  • 25. Precautions needed
    • In practice P is prime of 300 digits and a and b are at least 100 digits long
    • Is vulnerable to man in the middle attack
    • Cure is to digitally sign what is sent if a public key infrastructure is available, or use a pre-shared password.
  • 26. Elliptic Curve Cryptography
    • Uses the discrete log problem
      • but over a finite abelian group of points x, y on an elliptic curve
      • y 2 = x 3 + a*x + b mod (p)
    • ECC keys can be shorter for the same security when compared with other systems
    • No mathematical proof of the difficulty has been published but the scheme is accepted as a standard by USA National Security Agency.
    • Keys must be large enough.
      • A 109 bit key has been broken (roughly same security to RSA 640)
      • 160 bits ECC - same security as RSA 1024 bits.
      • 224 bits ECC - same security as RSA 2048 bits.
  • 27. One Time Codes
  • 28. Need for something simpler
    • RFID tags cannot support the computing burdens of the usual systems that are supported by significant computing power at both ends of a communication link, nor even of the lightweight protocols listed above.
    • There is a need for something significantly simpler
    • One Time Codes
      • Only proven security method by Shannon Entropy (1949)
      • Provides Perfect Secrecy
  • 29. One time codes: 1
    • Have available a set of purely random numbers in the tag and matching tag dependent number in a secure data based
    • Some are to authenticate the tag to a reader, some to authenticate a reader to a tag, some might be to permit authenticated change of tag identity to prevent trace of items
    • Use certain of these to XOR with tag identities to disguise them from eavesdroppers.
  • 30. One time codes: 2
    • Need a large supply to cater for many authentications
    • Options
      • Reserve a pair for final authentication by end user
      • Recharge in a secure environment
      • Assume an eavesdropper cannot be every where and use old codes for identity change for fresh reader or tag authentications
      • Better to use a shrinking function
  • 31. Shrinking Generators
  • 32. The Shrinking Function
    • Two linear shift registers, A (data) and S (sampling), with different seeds, clocked together.
    • Outputs are combined as follows
      • If S is 1, output is A
      • If S is 0, there is no output and another clock is applied
    • This scheme has been resistant to cryptanalysis for 12 years.
    • No known attacks if
      • feedback polynomials are secret and
      • registers are too long for an exhaustive search.
  • 33. Shrinking Generator
    • Shrinking Generator
      • Minimal hardware complexity
      • Shrink the output from LFSR R1
      • Produce irregular sequence K
      • Practical alternative to a one time pads
      • Known attacks have exp time complexity
        • Keep connection polynomials secret
        • Use maximum length LFSRs
    LFSR R2 LFSR R1 Output ( K ) CE CLK D Q Buffer Clock
  • 34. Physically Uncloneable Functions in RFID
  • 35. Simple challenge-response protocol
    • Reader chooses a challenge, x, which is a random number and transmits it to the label.
    • The label computes and transmits the value y to the reader (here e is the encryption rule that is publicly known and K is a secret key known only to the reader and the particular label).
    • The reader then computes .
    • Then the reader verifies that .
    ) ( x e y K 
  • 36. A lightweight primitive
    • Physically Uncloneable Functions
      • Easy to compute but hard to predict
      • Alternative to storing keys on insecure hardware devices
    f( c 1 , c 2 , c 3 ,…, c m , k) { c 1 ,c 2 ,c 3 ,…,c m } } 1 , 0 { ) , . . . , , , ( 3 2 1   n c c c c c where { r } } 1 , 0 { ) , . . . , , , ( 3 2 1   m r r r r r k ={ gate and wire delay variations due to IC fabrication process variations}
  • 37.
    • Use of PUFs on RFID tags to securely store keys
    • 800 challenge-response pairs to uniquely identify over 10 9 chips
    PUF structure
  • 38. Tag authentication
    • Use sets of challenges and responses to authenticate tags
      • The response bit string can be compared with that stored in a secure database
      • Similarly to a one time pad, challenges can not be used again
  • 39. Backend support
    • A secure backend database is required to store challenge response pairs
    • A secure method of distributing challenge response pairs are required
    • Labels need to be characterised prior to deployment
  • 40. Lightweight hardware
    • Use XOR operation to allow challenge sets to be reused
      • simple to implement and low computation complexity
  • 41. Mutual authentication
    • Use Reader generated Random numbers
    • Reuse hardware on tag (CRC generator)
    • Achieves mutual authentication and prevents unauthorised users from obtaining tag EPC
  • 42. Specialised RFID tag antenna design
    • Tag Constraints
    • Small UHF Animal Ear Tag (pigs)
    • Small HF Animal Ear Tags (pigs, sheep)
    • Compact Metal Mount Tags (UHF)
    • Dual Frequency Tag Antennas
  • 43. RFID Tag Constraints
    • Consist of Basic requirement: - Compact - Reliable - Inexpensive
  • 44. Small UHF Animal Ear Tags
  • 45. A Simple Loop Antenna Front view Back view
  • 46. UHF ear tag
  • 47. Small HF Animal Ear Tags
  • 48. HF ear tag
  • 49. Compact Metal Mount UHF Tag
  • 50. Metallic Environment
    • Metallic Environment
      • Surrounding
        • Warehouses full of metallic shelves
        • Industrial area with heavy machinery
      • Object to be identified
          • Canned food
          • Metallic mechanical parts
          • Metallic beer kegs
    • Challenge
      • To get sufficient fields to reach RFID tag antenna near metal.
  • 51. Common Tag for Metallic Objects
    • Conventional planar passive UHF RFID tags not suitable for metallic item identification.
    • Existing RFID tags
      • Normally big in area.
      • To be small, need high dielectric constant substrate which may be expensive.
  • 52. Design Concept
    • Small in size
      • Hrec = 10 mm, Lrec = 25 mm, Wrec = 5 mm
    • Exploits the theory of boundary conditions for better performance
  • 53. Compact UHF Metal Mount Tag
    • The UHF antenna design for tagging metallic objects
    • Small top loaded monopole above a ground with a series inductor to achieve a reasonable match to the RFID chip impedance.
  • 54. Dual Frequency Antenna UHF and HF
  • 55. Dual Frequency Antenna
    • Supply Chain uses UHF
      • Range
    • Some Item Level Tagging application require HF
      • Local Fields (reduced read range)
      • No known impact on materials,
        • Pharmaceuticals
    • Both UHF and HF Item Level Tagging workgroups defining an air interface protocol that is functionally equivalent
    • Chip designs may soon be released that conform to both EPCglobal’s HF and UHF specifications
    • Need for a two port dual frequency antenna
  • 56. Concept
    • Merge HF loop antenna and UHF dipole antenna, by providing a matching circuit
      • Transforms the UHF short circuit present at the HF antenna terminals to an open circuit at the UHF dipole
      • HF antenna consists of overlapping coils to provide capacitance
      • Gap on UHF antenna prevents short of HF antenna, but strip on underside provides a UHF path.
  • 57. Practical Example
  • 58. Conclusions
  • 59. Conclusions
    • Auto-ID Lab, Adelaide setup to provide assistance to Australasian Industry in adopting EPCglobal technology
    • Current research directed to RFID solutions in security, authentication, and anti-counterfeiting
      • Public Key Cryptography and or Secret Channel, Symmetric Key, (eg: DES, newer AES) are all well established but cannot be applied, directly to RFID tags
        • Severe cost constraints and other limitations restrains the use of complex security engines
      • Some approaches using one time codes, PUFs and shrinking functions are promising.
      • Vulnerabilities are still being researched.
    • Active research and development in small UHF and HF tag antennas
  • 60. Most papers and presentations on our website http://autoidlabs.eleceng.adelaide.edu.au/researchpapers.htm
  • 61. Questions
  • 62. Further Information
    • Alfio Grasso
    • Deputy Director
    • Auto-ID Lab, Adelaide
    • University of Adelaide
    • Web: autoidlab.eleceng.adelaide.edu.au /
    • Email : [email_address]
    • Ph: +61-8- 8303 6473
    • Mob: +61 402 037 968