Upcoming SlideShare
Loading in...5







Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

ppt ppt Presentation Transcript

  • Privacy and Security in Library RFID Issues, Practices, and Architectures Presented by: Bin Ni Matthew Baker University of South Carolina
  • News
    • Wal-mart asks the top 100 suppliers to provide RFID tag by the 01/01/2005
    • DHL starts developing a global IT infrastructure to let it use RFID tags to track more than a billion packages a year by 2015.
    • State-Department decides to imbed radio frequency into passport.
  • Here’s Mr. Jones in 2020… 1500 Euros in wallet Serial numbers: 597387,389473… Wig model #4456 (cheap polyester) 30 items of lingerie Das Kapital and Communist-party handbook Replacement hip medical part #459382 View slide
  • Outline
    • Introduction of RFID
    • Library RFID issue
    • Several serious vulnerabilities
    • New architectures without compromising privacy
    • Conclusion
    View slide
  • RFID (1/3)
    • What is Automatic Identification
    • - a host of technologies that help machines identify objects
    • - coupled with automatic data capture
    • - increase efficiency, reduce data entry errors, and free up staff
    • What is RFID
    • - R adio F requency Id entification
    • - technologies using radio wave to automatically identify objects
    • How does an RFID system work
    • - a tag : made up of a microchip with an antenna
    • - reader : sends waves
  • RFID (2/3)
    • History of RFID
    • - in the war time : used with radar in War II
    • - recent days : warehouse ,library , tracking pets and so on
    • The type of tags
    • - active tags : have a battery to run the circuitry and broadcast
    • - passive tags : have no power ,draw power from the reader
    • Collision
    • - reader collision :signal from one reader can interfere other
    • - tag collision : more than one chip reflects back a signal
  • RFID (3/3)
    • RFID Benefits Vs. Barcode
    • - No line-of-sight requirement
    • - The tag can stand a harsh environment.
    • - Long read range
    • Some restrictions
    • - Tag is powered only when within range of a reader
    • - RFID has few gates, many of these are taken up by logic required for basic operation, no physical security
    • Even a half cent of tag difference matters
    • Summary of current RFID types
  • Why RFID
    • Read/Write
    • - Ability to add information directly to tags enables each unique asset to carry its own unique history
    • Non-contact Reads
    • - Ability to read tags at a distance, under a variety of environmental conditions, without physical manipulation of the asset
    • Fast Read
    • - Ability to simultaneously read large numbers (1000-1750 tags/sec) of items
    • Automation
    • - Requires less human intervention
    • Authenticity
    • - Each RFID chip is unique and can not be replicated
  • Library RFID issue
    • Library RFID applications may be the first major deployment of item-level tagging.
    • - University of Nevada, Las Vegas Library and so on
    • - In Taiwan ,first library without staff
    • A plan to install radio frequency identification tags in items at the San Francisco Public Library (SFPL) has been rejected.
  • Library RFID issue
    • RFID tags used in libraries operate on the 13.56 MHz
    • Companies
    • - Checkpoint and TAGSYS make proprietary tags
    • - integrator: 3M, TechLogic, VTLS
    • standards for RFID
    • - ISO 15693
    • - ISO 18000-3: Mode 1 Mode 2
    • - EPCglobal :supply chain not for libary
  • Current Library RFID Arch.
    • Libraries make use of a bibliographic database to track circulation information about items in a collection
    • Extra information on the tag, such as shelf location, last checked out date, author, and title
    • Check-in and check-out
  • Current Library RFID Arch.
    • RFID tag also acts as a security device.
    • Exit sensors are placed at the exit of a library, just as the magnetic strip anti-theft devices.
    • Security check is achieved in two ways
    • - Store the status on the tag
    • - Reader query the database for status, which introduces latency
  • Attacks
    • Static tag data and no access control
    • - identifier will never changes throughout the lifetime
    • Collision-avoidance IDs
    • - Many tags use a globally unique and static collision ID
    • Write locks, race conditions and security bit denial of service
    • - Some methods must be used to prevent adversaries form writing to the tag
    • Tag password management
    • Summary of attacks
  • Static tag data and no access control
    • The adversary may determine which library owns the book and infer the origin of the person carrying the book
    • Any static identifier can be used both to track and hotlist books
    • Tags can be read without access control at two library deployment of RFID.
  • Collision-avoidance IDs
    • ISO 18000-3 MODE 1 tags
    • - a globally unique,64-bit “MFR Tag ID”
    • - operate in two modes: slotted or non-slotted
    • ISO 18000-3 MODE 2 tags
    • - a 32-bit LFST is used
    • - a weak PRNG is used ,tags can be identified
    • EPC 915 MHz tags
    • - three different modes ,controlled by the reader
    • - no authentication, reader can simply ask the tag to use EPC ID
  • Write locks, race conditions and security bit denial of service
    • In deployment with rewritable tags, writing to the tag must be prevented.
    • - erasing tag data
    • - switching two books’ RFID data
    • - changing the security status of tags
    • Several current specifications have write protection architectures that are problematic in the library application.
  • Write locks, race conditions and security bit denial of service
    • EPC 13.56 MHz, ISO 18000-3 MODE 1,
    • - “write” and a “lock” command, but no “unlock” command
    • - Write command is not protect by password
    • - Consistent with the supply chain, no need to rewrite
    • Once locked, memory can’t be unlocked
    • - security bit needs to be unlocked when check in and check out
    • - adversary can change the security bit and lock the memory
    • - irrevocable locking security bit denial of service
  • Write locks, race conditions and security bit denial of service
    • There exists unlocked memory on the tag
    • - an adversary can write its own globally unique identifier and track tags based on this ID
    • - RE-DUMP software makes this a one-click operation
    • In real library deployment with ISO 15693
    • - None of the tag data blocks were locked
    • - Tag blocks could be locked irrevocably on these tags, enabling security bit denial of service
  • Tag password management
    • Do not seem to use read passwords, but write passwords are employed
    • If a single password is used, a compromise of any tag compromises the entire system
    • If different passwords per tag are used, then the reader must determine which password should be used for which tag.
  • Private RFID Architectures
    • Tags can be uniquely identified by their collision avoidance behavior
    • Impossible to build privacy-preserving protocol with current tag architecture
    • Solution: Tags with Private RFID Architectures
  • Random Transaction ID’s
    • On checkout: reader picks random number r
    • Reader pairs random number with tag ID D, stores <r, D> internally and writes r to tag
    • On check-in: reader reads r, writes D back to tag
    • Keeps tag ID secret
  • Persistent State
    • s - Secret password, cmd - Command to execute, r - Random nonce
  • Private Authentication
    • Motivation / Previous Work
    • PRF Authentication Scheme
    • Tree-Based Private Authentication
    • Two-phase Tree Scheme
  • Motivation and Previous Work
    • How to share secret auth. key without revealing identities to adversary?
    • Issue in RFID’s because of need for collision avoidance
    • Private: unable to distinguish tags with different secret keys
    • Secure: tag or reader only accept if sender knows secret key
  • Motivation / Previous Work (cont.)
    • Weis et al. suggest randomized hash lock protocol
    • Tags given secret key and unique ID
    • Reader has DB storing these values
    • Tag sends message (r,f s (r) XOR ID)
    • Reader finds <s,ID> unique pair, authenticates by sending back tag’s ID
  • Basic PRF Private Auth. Scheme
  • Tree-based Authentication
    • Tags as leaves in balanced tree (not necessarily binary)
    • Tag stores lg n secrets corresponding to path from root to tag
    • Reader must authenticate to tag on every node in path to tag’s leaf
    • If reader fails on any level in path, tag rejects communication
  • Two-Phase Tree Scheme
    • 1 st Phase: Run tree scheme using previous design with a limited number of levels
    • Trade off branching factor of tree and size of key parameter to balance security and misidentification
    • 2 nd Phase: Once tag is identified in first tree, must authenticate using second tree
  • Related Work
    • Weis et al. look at security assuming passive listener can hear reader to tag channel, but not tag to reader
    • Also focus on hash lock protocols
    • Abadi and Fournet address private authentication using public-key cypto.
    • O, S, and K propose hash chaining for changing RFID identities
  • Related Work (cont)
    • Ohkubo et al. suggest tags with periodically rewritten random numbers
    • Juels suggest one-time authenticators for RFID tags on check-in / check-out
    • Multiple papers on increasing library RFID’s
  • Conclusion
    • Current RFID tags do not prevent unauthorized reading of tags
    • Static identifiers allow for hotlisting and tracking
    • Because of collision avoidance, true security with RFID tags seems impossible
    • … Does anyone who matters really care?