Your SlideShare is downloading. ×
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply



Published on

Published in: Business, Technology

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Written by: Ari Juels Presented by Carlos A. Lopez
  • 2. Outline 1. Introduction 2. Basic RFID Tags 3. Symetric-Key Tags 4. RFID News
  • 3. Definition  RFID: Is a technology for automated identification of objetcs and people  RFID devices are called “RFID Tags”  Small Microchip (Itachi Mu-chip 0.002x0.002in)  Transmit data over the air  Responds to interrogation  Possible successor of barcodes  EPCGlobal Inc Oversees the development of standards
  • 4. RFID Overview ID:2342341456734 Credit Card #8163 3534 9234 9876 Radio signal (contactless) Range: from 3-5 inches to 3 yards Tags (transponders) Reader (transceiver) Database Attached to objects, Reads data off the tags Matches tag IDs to “call out” identifying data without direct contact physical objects on a special radio frequency
  • 5. Reading Tags  The read process starts when an RFID reader sends out a query message  Invites all tags within range to respond  More than one RFID tag may respond at the same time ○ This causes a collision  Reader cannot accurately read information from more than one tag at a time  Reader must engage in a special singulation protocol to talk to each tag separately
  • 6. Barcode Replacement  Unique Identification ○ Type of Object Vs. Unique among millions ○ Act as a pointer to a database  Automation ○ Optically scanned  Line-of-sight  Contact with readers  Careful physical position  Requires human intervention
  • 7. RFID Standards Some standards that have been made regarding RFID technology include:  ISO 14223/1 – RFID of Animals, advanced transponders  ISO 14443: HF (13.56 MHz) RFID-enabled passports under ICAO 9303.  ISO 15693: HF (13.56 MHz) used for non-contact smart payment and credit cards  ISO/IEC 18000 - 7 different Parts  ISO 18185: "e-seals" for tracking cargo containers using the 433 MHz and 2.4 GHz frequencies.  EPCglobal - Most likely to undergo International Standardization according to ISO rules as with all sound standards in the world.
  • 8. Tag Types  Passive:  All power comes from a reader’s signal  Tags are inactive unless a reader activates them  Cheaper and smaller, but shorter range  Semi-passive  On-board battery, but cannot initiate communication  Can serve as sensors, collect information from environment: for example, “smart dust” for military applications  Active:  On-board battery power  Can record sensor readings or perform calculations in the absence of a reader  Longer read range LF HF UHF Microwave Freq. Range 125 - 134KHz 13.56 MHz 866 - 915MHz 2.45 - 5.8 GHz Read Range 10 cm 1M 2-7 M 1M Application Smart Cards, Ticketing, Small item management, Transportation vehicle Transportation vehicle ID animal tagging, supply chain, ID, Access/Security, (tolls), Access/Security, Access Control Anti-theft, library, large item management, large item management, transportation supply chain supply chain
  • 9. Applications  Supply-chain management  logistics, inventory control, retail check-out  Payment systems  ExxonMobil SpeedPass  I-Pass/EZ-Pas/Smart Tag toll systems  Credit Cards  Access Control  Passports  Library books Human-implantable RFID  Hospital and Health Centers  Money - Yen and Euro banknoter anti-counterfeiting  Animal Tracking - and Human???
  • 10. The consumer privacy problem Here’s Wig Replacement hip model #4456 Mr. BOB medical part #459382 (cheap polyester) in 2015… Das Kapital and Communist- party handbook 1500 Euros in wallet Serial numbers: 30 items 597387,389473 of lingerie …
  • 11. …the tracking problem Wig serial #A817TS8  Mr. Bob pays with a credit card - his RFID tags now linked to his identity determines level of customer service  Mr. Bob attends a political rally - law enforcement scans his RFID tags  Mr. Jones wins Award - physically tracked by paparazzi via RFID  Read ranges of a tag  Nominal Range – Range intend to operate  Rogue Scanning Range –Powerful antenna amplifies the read range  Tag-To-Reader Eavesdropping range – A second reader can monitor the resulting tag emission  Reader-to-Tag eavesdropping range - Sometimes the reder send information with a greater power than the tags.
  • 12. CURRENT BALANCE Travel history: visited stations and dates WMATA Smart Trip RFID
  • 13. …and the authentication problem  Privacy: Misbehaving readers Wig harvesting information from well- serial #A817TS8 behaving tags  Authentication: Well-behaving readers harvesting information from misbehaving tags, particularly counterfeit ones
  • 14. Basic RFID tags Vs. Symmetric Key tags  Cannot:  Execute standards cryptographic operations  Strong Pseudorandom number generation  Hashing  Low-cost tags  EPC tags  Used in most gates
  • 15. Privacy  Killing and Sleeping  Re-naming approach  Relabeling  Minimalist cryptography  Encryption  The proxy approach  Watchdog Tag  RFID Guardian  Distance Measurement  Blocking  Soft-blocking  Trusted Computing
  • 16. Returning to basic issue of privacy: Kill codes  EPC tags have a “kill” function ○ On receiving password, tag self-destructs ○ Tag is permanently inoperative ○ No post-purchase benefits  Developed for EPC to protect consumers after point of sale ○ “Dead tags tell no tales” ○ Privacy is preserve  Why not sleep them? ○ Would be difficult to manage in practice – Users might have to manage her PIN for her tags
  • 17. Privacy (Cont 2)  Re-naming approach  Even if the tag has no intrinsic meaning it can still enable tracking (Solution: Change over time) ○ Relabeling  Consumer are equipped to re-label tags with new identifier, but able to reactive old information ○ Minimalist cryptography  Change names each time is interrogated ○ Encryption  Re-Encryption - Public Key cryptosystem - Periodically re-encrypted by law enforcement  Universal Re-encryption
  • 18. Privacy (Cont 3)  The proxy approach  Watchdog Tag  RFID Guardian
  • 19. So what might solve our problems?  Higher-powered intermediaries like mobile phones  RFID “Guardian” and RFID REP (RFID Enhancer Proxy) Please show reader certificate and privileges
  • 20. Privacy (Cont 4)  Distance Measurement  Distance as a measure of trust ○ A tag might release general information “I’m attached to a bottle of water” when scanned at a distance, but release more specific information, like unique identifier at a close range.
  • 21. Privacy (Cont 5)  Blocking  Scheme depends on the incorporation of a modifiable bit called a privacy bit  It uses a blocking tag which prevents unwanted scanning of tag on a private zone  Soft-blocking -On the reader “Do not scan tags whose privacy is on”  Trusted Computing
  • 22. Authentication  ECP tags Class-1 Gen-2 have no explicit anti-counterfeiting features  Yoking: Is a protocol that provides cryptographic proof that 2 tags have been scanned simultaneously to try to solve that the reader actually reads what is trying to scan.
  • 23. Symmetric-Key Tags (capable of computing symmetric key)  Cloning  With a simple challenge-response protocol a tag T, can authenticate itself to a reader that shares the key Ki 1. The tag transmit Ti 2. The reader generates a random bit string R 3. The tag computes H=h(Ki,R) and transmits H 4. The reader verifies H =h(Ki,R)  Digital Signature Transponders ( created by Texas Instrument and used by Speedpass) ○ Based on the secrecy of the algorithm “Security through obscurity” was crack by student at Johns Hopkins  Reverse-Engineering  Key cracking  Simulation  Reverse - Engineering and side channels  Relay Attacks ○ Man-in-the-middle attacks can bypass any cryptographic protocol
  • 24. Privacy  Symmetric-Key Management Problem  Leads to a paradox ○ A tag identifies itself before authenticating the readers ○ The tag emits it identifier Ti ○ So the reader can learn the identity of the tag ○ Privacy unachievable  Tag emits E f kTi [P] where P is a input value  Once receiving E, the reader searches all the spaces of tags keys, trying to decrypt E under every key K until its obtains P (The reader has all the tag’s key on it)
  • 25. Privacy  Literature  Tree approach ○ Proposed approach where a tag contains more than one symmetric key in a hierarchical structure define by a tree S.  Every node has a unique key  Each tag is assigned to a unique leaf  It contains the key defined by the path from the root S to the leaf ○ Can be useful for:  A tag holder can transfer ownership of an RFID tag to another party, while history remains private  A centralized authority with full tag information can provision readers to scan particular tags over limited windows time  Synchronization approach  Symmetric-key primitive  The European network for excellence in cryptographic is evaluating 21 candidates stream ciphers
  • 26. So what might solve our problems?  Cryptography!  Urgent need for cheaper hardware for primitives and better side- channel defenses  Some of talk really in outer limits, but basic caveats are important:  Pressure to build a smaller, cheaper tags without cryptography  RFID tags are close and personal, giving privacy a special dimension  RFID tags change ownership frequently  Key management will be a major problem ○ Think for a moment after this talk about distribution of kill passwords…  Are you ready for the Verichip?
  • 27. RFDI News  RFID Passports cracked - atch_fi.html  Can Aluminum Shield RFID Chips? -  RFID chips can carry viruses - -6386.html  Nightclub allows entry by RFID’ - 40704bajabeachclub.htm  Demo: Cloning a Verichip -