Upcoming SlideShare
Loading in...5

Like this? Share it with your network








Total Views
Views on SlideShare
Embed Views



1 Embed 1

http://www.slideshare.net 1



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

[PPT] Presentation Transcript

  • 1. Written by: Ari Juels Presented by Carlos A. Lopez
  • 2. Outline 1. Introduction 2. Basic RFID Tags 3. Symetric-Key Tags 4. RFID News
  • 3. Definition  RFID: Is a technology for automated identification of objetcs and people  RFID devices are called “RFID Tags”  Small Microchip (Itachi Mu-chip 0.002x0.002in)  Transmit data over the air  Responds to interrogation  Possible successor of barcodes  EPCGlobal Inc Oversees the development of standards
  • 4. RFID Overview ID:2342341456734 Credit Card #8163 3534 9234 9876 Radio signal (contactless) Range: from 3-5 inches to 3 yards Tags (transponders) Reader (transceiver) Database Attached to objects, Reads data off the tags Matches tag IDs to “call out” identifying data without direct contact physical objects on a special radio frequency
  • 5. Reading Tags  The read process starts when an RFID reader sends out a query message  Invites all tags within range to respond  More than one RFID tag may respond at the same time ○ This causes a collision  Reader cannot accurately read information from more than one tag at a time  Reader must engage in a special singulation protocol to talk to each tag separately
  • 6. Barcode Replacement  Unique Identification ○ Type of Object Vs. Unique among millions ○ Act as a pointer to a database  Automation ○ Optically scanned  Line-of-sight  Contact with readers  Careful physical position  Requires human intervention
  • 7. RFID Standards Some standards that have been made regarding RFID technology include:  ISO 14223/1 – RFID of Animals, advanced transponders  ISO 14443: HF (13.56 MHz) RFID-enabled passports under ICAO 9303.  ISO 15693: HF (13.56 MHz) used for non-contact smart payment and credit cards  ISO/IEC 18000 - 7 different Parts  ISO 18185: "e-seals" for tracking cargo containers using the 433 MHz and 2.4 GHz frequencies.  EPCglobal - Most likely to undergo International Standardization according to ISO rules as with all sound standards in the world.
  • 8. Tag Types  Passive:  All power comes from a reader’s signal  Tags are inactive unless a reader activates them  Cheaper and smaller, but shorter range  Semi-passive  On-board battery, but cannot initiate communication  Can serve as sensors, collect information from environment: for example, “smart dust” for military applications  Active:  On-board battery power  Can record sensor readings or perform calculations in the absence of a reader  Longer read range LF HF UHF Microwave Freq. Range 125 - 134KHz 13.56 MHz 866 - 915MHz 2.45 - 5.8 GHz Read Range 10 cm 1M 2-7 M 1M Application Smart Cards, Ticketing, Small item management, Transportation vehicle Transportation vehicle ID animal tagging, supply chain, ID, Access/Security, (tolls), Access/Security, Access Control Anti-theft, library, large item management, large item management, transportation supply chain supply chain
  • 9. Applications  Supply-chain management  logistics, inventory control, retail check-out  Payment systems  ExxonMobil SpeedPass  I-Pass/EZ-Pas/Smart Tag toll systems  Credit Cards  Access Control  Passports  Library books Human-implantable RFID  Hospital and Health Centers  Money - Yen and Euro banknoter anti-counterfeiting  Animal Tracking - and Human???
  • 10. The consumer privacy problem Here’s Wig Replacement hip model #4456 Mr. BOB medical part #459382 (cheap polyester) in 2015… Das Kapital and Communist- party handbook 1500 Euros in wallet Serial numbers: 30 items 597387,389473 of lingerie …
  • 11. …the tracking problem Wig serial #A817TS8  Mr. Bob pays with a credit card - his RFID tags now linked to his identity determines level of customer service  Mr. Bob attends a political rally - law enforcement scans his RFID tags  Mr. Jones wins Award - physically tracked by paparazzi via RFID  Read ranges of a tag  Nominal Range – Range intend to operate  Rogue Scanning Range –Powerful antenna amplifies the read range  Tag-To-Reader Eavesdropping range – A second reader can monitor the resulting tag emission  Reader-to-Tag eavesdropping range - Sometimes the reder send information with a greater power than the tags.
  • 12. CURRENT BALANCE Travel history: visited stations and dates WMATA Smart Trip RFID
  • 13. …and the authentication problem  Privacy: Misbehaving readers Wig harvesting information from well- serial #A817TS8 behaving tags  Authentication: Well-behaving readers harvesting information from misbehaving tags, particularly counterfeit ones
  • 14. Basic RFID tags Vs. Symmetric Key tags  Cannot:  Execute standards cryptographic operations  Strong Pseudorandom number generation  Hashing  Low-cost tags  EPC tags  Used in most gates
  • 15. Privacy  Killing and Sleeping  Re-naming approach  Relabeling  Minimalist cryptography  Encryption  The proxy approach  Watchdog Tag  RFID Guardian  Distance Measurement  Blocking  Soft-blocking  Trusted Computing
  • 16. Returning to basic issue of privacy: Kill codes  EPC tags have a “kill” function ○ On receiving password, tag self-destructs ○ Tag is permanently inoperative ○ No post-purchase benefits  Developed for EPC to protect consumers after point of sale ○ “Dead tags tell no tales” ○ Privacy is preserve  Why not sleep them? ○ Would be difficult to manage in practice – Users might have to manage her PIN for her tags
  • 17. Privacy (Cont 2)  Re-naming approach  Even if the tag has no intrinsic meaning it can still enable tracking (Solution: Change over time) ○ Relabeling  Consumer are equipped to re-label tags with new identifier, but able to reactive old information ○ Minimalist cryptography  Change names each time is interrogated ○ Encryption  Re-Encryption - Public Key cryptosystem - Periodically re-encrypted by law enforcement  Universal Re-encryption
  • 18. Privacy (Cont 3)  The proxy approach  Watchdog Tag  RFID Guardian
  • 19. So what might solve our problems?  Higher-powered intermediaries like mobile phones  RFID “Guardian” and RFID REP (RFID Enhancer Proxy) Please show reader certificate and privileges
  • 20. Privacy (Cont 4)  Distance Measurement  Distance as a measure of trust ○ A tag might release general information “I’m attached to a bottle of water” when scanned at a distance, but release more specific information, like unique identifier at a close range.
  • 21. Privacy (Cont 5)  Blocking  Scheme depends on the incorporation of a modifiable bit called a privacy bit  It uses a blocking tag which prevents unwanted scanning of tag on a private zone  Soft-blocking -On the reader “Do not scan tags whose privacy is on”  Trusted Computing
  • 22. Authentication  ECP tags Class-1 Gen-2 have no explicit anti-counterfeiting features  Yoking: Is a protocol that provides cryptographic proof that 2 tags have been scanned simultaneously to try to solve that the reader actually reads what is trying to scan.
  • 23. Symmetric-Key Tags (capable of computing symmetric key)  Cloning  With a simple challenge-response protocol a tag T, can authenticate itself to a reader that shares the key Ki 1. The tag transmit Ti 2. The reader generates a random bit string R 3. The tag computes H=h(Ki,R) and transmits H 4. The reader verifies H =h(Ki,R)  Digital Signature Transponders ( created by Texas Instrument and used by Speedpass) ○ Based on the secrecy of the algorithm “Security through obscurity” was crack by student at Johns Hopkins  Reverse-Engineering  Key cracking  Simulation  Reverse - Engineering and side channels  Relay Attacks ○ Man-in-the-middle attacks can bypass any cryptographic protocol
  • 24. Privacy  Symmetric-Key Management Problem  Leads to a paradox ○ A tag identifies itself before authenticating the readers ○ The tag emits it identifier Ti ○ So the reader can learn the identity of the tag ○ Privacy unachievable  Tag emits E f kTi [P] where P is a input value  Once receiving E, the reader searches all the spaces of tags keys, trying to decrypt E under every key K until its obtains P (The reader has all the tag’s key on it)
  • 25. Privacy  Literature  Tree approach ○ Proposed approach where a tag contains more than one symmetric key in a hierarchical structure define by a tree S.  Every node has a unique key  Each tag is assigned to a unique leaf  It contains the key defined by the path from the root S to the leaf ○ Can be useful for:  A tag holder can transfer ownership of an RFID tag to another party, while history remains private  A centralized authority with full tag information can provision readers to scan particular tags over limited windows time  Synchronization approach  Symmetric-key primitive  The European network for excellence in cryptographic is evaluating 21 candidates stream ciphers
  • 26. So what might solve our problems?  Cryptography!  Urgent need for cheaper hardware for primitives and better side- channel defenses  Some of talk really in outer limits, but basic caveats are important:  Pressure to build a smaller, cheaper tags without cryptography  RFID tags are close and personal, giving privacy a special dimension  RFID tags change ownership frequently  Key management will be a major problem ○ Think for a moment after this talk about distribution of kill passwords…  Are you ready for the Verichip?
  • 27. RFDI News  RFID Passports cracked - http://blog.wired.com/sterling/2006/11/arphid_w atch_fi.html  Can Aluminum Shield RFID Chips? - http://www.rfid-shield.com/info_doesitwork.php  RFID chips can carry viruses - http://arstechnica.com/news.ars/post/20060315 -6386.html  Nightclub allows entry by RFID’ - http://www.prisonplanet.com/articles/april2004/0 40704bajabeachclub.htm  Demo: Cloning a Verichip - http://cq.cx/verichip.pl