Uploaded on

 

More in: Business , Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
718
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
6
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Privacy and Security in Library RFID Issues, Practices, and Architectures Presented by: Bin Ni Matthew Baker University of South Carolina
  • 2. News
    • Wal-mart asks the top 100 suppliers to provide RFID tag by the 01/01/2005
    • DHL starts developing a global IT infrastructure to let it use RFID tags to track more than a billion packages a year by 2015.
    • State-Department decides to imbed radio frequency into passport.
  • 3. Here’s Mr. Jones in 2020… 1500 Euros in wallet Serial numbers: 597387,389473… Wig model #4456 (cheap polyester) 30 items of lingerie Das Kapital and Communist-party handbook Replacement hip medical part #459382
  • 4. Outline
    • Introduction of RFID
    • Library RFID issue
    • Several serious vulnerabilities
    • New architectures without compromising privacy
    • Conclusion
  • 5. RFID (1/3)
    • What is Automatic Identification
    • - a host of technologies that help machines identify objects
    • - coupled with automatic data capture
    • - increase efficiency, reduce data entry errors, and free up staff
    • What is RFID
    • - R adio F requency Id entification
    • - technologies using radio wave to automatically identify objects
    • How does an RFID system work
    • - a tag : made up of a microchip with an antenna
    • - reader : sends waves
  • 6.  
  • 7. RFID (2/3)
    • History of RFID
    • - in the war time : used with radar in War II
    • - recent days : warehouse ,library , tracking pets and so on
    • The type of tags
    • - active tags : have a battery to run the circuitry and broadcast
    • - passive tags : have no power ,draw power from the reader
    • Collision
    • - reader collision :signal from one reader can interfere other
    • - tag collision : more than one chip reflects back a signal
  • 8. RFID (3/3)
    • RFID Benefits Vs. Barcode
    • - No line-of-sight requirement
    • - The tag can stand a harsh environment.
    • - Long read range
    • Some restrictions
    • - Tag is powered only when within range of a reader
    • - RFID has few gates, many of these are taken up by logic required for basic operation, no physical security
    • Even a half cent of tag difference matters
  • 9.
    • Summary of current RFID types
  • 10. Why RFID
    • Read/Write
    • - Ability to add information directly to tags enables each unique asset to carry its own unique history
    • Non-contact Reads
    • - Ability to read tags at a distance, under a variety of environmental conditions, without physical manipulation of the asset
    • Fast Read
    • - Ability to simultaneously read large numbers (1000-1750 tags/sec) of items
    • Automation
    • - Requires less human intervention
    • Authenticity
    • - Each RFID chip is unique and can not be replicated
  • 11. Library RFID issue
    • Library RFID applications may be the first major deployment of item-level tagging.
    • - University of Nevada, Las Vegas Library and so on
    • - In Taiwan ,first library without staff
    • A plan to install radio frequency identification tags in items at the San Francisco Public Library (SFPL) has been rejected.
  • 12. Library RFID issue
    • RFID tags used in libraries operate on the 13.56 MHz
    • Companies
    • - Checkpoint and TAGSYS make proprietary tags
    • - integrator: 3M, TechLogic, VTLS
    • standards for RFID
    • - ISO 15693
    • - ISO 18000-3: Mode 1 Mode 2
    • - EPCglobal :supply chain not for libary
  • 13. Current Library RFID Arch.
    • Libraries make use of a bibliographic database to track circulation information about items in a collection
    • Extra information on the tag, such as shelf location, last checked out date, author, and title
    • Check-in and check-out
  • 14. Current Library RFID Arch.
    • RFID tag also acts as a security device.
    • Exit sensors are placed at the exit of a library, just as the magnetic strip anti-theft devices.
    • Security check is achieved in two ways
    • - Store the status on the tag
    • - Reader query the database for status, which introduces latency
  • 15. Attacks
    • Static tag data and no access control
    • - identifier will never changes throughout the lifetime
    • Collision-avoidance IDs
    • - Many tags use a globally unique and static collision ID
    • Write locks, race conditions and security bit denial of service
    • - Some methods must be used to prevent adversaries form writing to the tag
    • Tag password management
  • 16.
    • Summary of attacks
  • 17. Static tag data and no access control
    • The adversary may determine which library owns the book and infer the origin of the person carrying the book
    • Any static identifier can be used both to track and hotlist books
    • Tags can be read without access control at two library deployment of RFID.
  • 18. Collision-avoidance IDs
    • ISO 18000-3 MODE 1 tags
    • - a globally unique,64-bit “MFR Tag ID”
    • - operate in two modes: slotted or non-slotted
    • ISO 18000-3 MODE 2 tags
    • - a 32-bit LFST is used
    • - a weak PRNG is used ,tags can be identified
    • EPC 915 MHz tags
    • - three different modes ,controlled by the reader
    • - no authentication, reader can simply ask the tag to use EPC ID
  • 19. Write locks, race conditions and security bit denial of service
    • In deployment with rewritable tags, writing to the tag must be prevented.
    • - erasing tag data
    • - switching two books’ RFID data
    • - changing the security status of tags
    • Several current specifications have write protection architectures that are problematic in the library application.
  • 20. Write locks, race conditions and security bit denial of service
    • EPC 13.56 MHz, ISO 18000-3 MODE 1,
    • - “write” and a “lock” command, but no “unlock” command
    • - Write command is not protect by password
    • - Consistent with the supply chain, no need to rewrite
    • Once locked, memory can’t be unlocked
    • - security bit needs to be unlocked when check in and check out
    • - adversary can change the security bit and lock the memory
    • - irrevocable locking security bit denial of service
  • 21. Write locks, race conditions and security bit denial of service
    • There exists unlocked memory on the tag
    • - an adversary can write its own globally unique identifier and track tags based on this ID
    • - RE-DUMP software makes this a one-click operation
    • In real library deployment with ISO 15693
    • - None of the tag data blocks were locked
    • - Tag blocks could be locked irrevocably on these tags, enabling security bit denial of service
  • 22. Tag password management
    • Do not seem to use read passwords, but write passwords are employed
    • If a single password is used, a compromise of any tag compromises the entire system
    • If different passwords per tag are used, then the reader must determine which password should be used for which tag.
  • 23. Private RFID Architectures
    • Tags can be uniquely identified by their collision avoidance behavior
    • Impossible to build privacy-preserving protocol with current tag architecture
    • Solution: Tags with Private RFID Architectures
  • 24. Random Transaction ID’s
    • On checkout: reader picks random number r
    • Reader pairs random number with tag ID D, stores <r, D> internally and writes r to tag
    • On check-in: reader reads r, writes D back to tag
    • Keeps tag ID secret
  • 25. Persistent State
    • s - Secret password, cmd - Command to execute, r - Random nonce
  • 26. Private Authentication
    • Motivation / Previous Work
    • PRF Authentication Scheme
    • Tree-Based Private Authentication
    • Two-phase Tree Scheme
  • 27. Motivation and Previous Work
    • How to share secret auth. key without revealing identities to adversary?
    • Issue in RFID’s because of need for collision avoidance
    • Private: unable to distinguish tags with different secret keys
    • Secure: tag or reader only accept if sender knows secret key
  • 28. Motivation / Previous Work (cont.)
    • Weis et al. suggest randomized hash lock protocol
    • Tags given secret key and unique ID
    • Reader has DB storing these values
    • Tag sends message (r,f s (r) XOR ID)
    • Reader finds <s,ID> unique pair, authenticates by sending back tag’s ID
  • 29. Basic PRF Private Auth. Scheme
  • 30. Tree-based Authentication
    • Tags as leaves in balanced tree (not necessarily binary)
    • Tag stores lg n secrets corresponding to path from root to tag
    • Reader must authenticate to tag on every node in path to tag’s leaf
    • If reader fails on any level in path, tag rejects communication
  • 31. Two-Phase Tree Scheme
    • 1 st Phase: Run tree scheme using previous design with a limited number of levels
    • Trade off branching factor of tree and size of key parameter to balance security and misidentification
    • 2 nd Phase: Once tag is identified in first tree, must authenticate using second tree
  • 32. Related Work
    • Weis et al. look at security assuming passive listener can hear reader to tag channel, but not tag to reader
    • Also focus on hash lock protocols
    • Abadi and Fournet address private authentication using public-key cypto.
    • O, S, and K propose hash chaining for changing RFID identities
  • 33. Related Work (cont)
    • Ohkubo et al. suggest tags with periodically rewritten random numbers
    • Juels suggest one-time authenticators for RFID tags on check-in / check-out
    • Multiple papers on increasing library RFID’s
  • 34. Conclusion
    • Current RFID tags do not prevent unauthorized reading of tags
    • Static identifiers allow for hotlisting and tracking
    • Because of collision avoidance, true security with RFID tags seems impossible
    • … Does anyone who matters really care?