MIXNET for Radio Frequency Identification Jaanus Uudmae, Harshitha Sunkara, Dale R. Thompson, Sean Bruce, and Jayamadhuri ...
Related Activities <ul><li>Member of GS1 EPCglobal Hardware Action Group Product Data Protection ad hoc Committee (Dec. 20...
University of Arkansas RFID Research Center <ul><li>Fully student staffed with 24 industry members, which recently became ...
What is RFID? <ul><li>Stands for Radio Frequency Identification </li></ul><ul><li>Uses radio waves for identification </li...
RFID system
RFID reader <ul><li>Also known an interrogator </li></ul><ul><li>Reader powers passive tags with RF energy </li></ul><ul><...
RFID tags <ul><li>Tag is a device used to transmit information such as a serial number to the reader in a contact less man...
UHF passive tag
Supply Chain Management <ul><li>RFID adds visibility as the items flow through the supply chain from the manufacturer, shi...
Electronic Product Code (EPC)  96-bit Version <ul><li>Every product has unique identifier </li></ul><ul><li>96 bits can un...
Physical Tracking
 
MIXNET using Universal Re-encryption <ul><li>ElGamal: </li></ul><ul><li>A conventional cryptosystem, permits re-encryption...
ElGamal <ul><li>Key Generation: </li></ul><ul><li>Alice:  </li></ul><ul><li>A random prime p, generator element g and priv...
Universal Re-encryption <ul><li>Re-encrypts the ciphertext without the knowledge of the public key using a random encrypti...
Universal Re-encryption Example <ul><li>P = 23, g = 19, x = 17 </li></ul><ul><li>Y = 19 ^ 17 mod 23 = 21 </li></ul><ul><li...
Universal Re-encryption Example <ul><li>Re-encryption: </li></ul><ul><li>Input:  </li></ul><ul><li>Random re-encryption fa...
 
 
 
Future Work <ul><li>Extend simulation to a system of security agents </li></ul><ul><li>Add MIXNET agent to open source Tag...
RFID-related publications <ul><li>M. Byers, A. Lofton, A. K. Vangari-Balraj, and D. R. Thompson, “Brute force attack of EP...
Contact Information <ul><li>Dale R. Thompson, Ph.D., P.E. </li></ul><ul><li>Associate Professor </li></ul><ul><li>Computer...
Upcoming SlideShare
Loading in …5
×

slides

322 views

Published on

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
322
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • The RFID Research Center , a 7,800 sq ft laboratory that officially opened in June 2005, conducts research into the most efficient use of RFID and other wireless and sensor technologies throughout the supply chain, with special interest on the retail supply chain [65]. The Center contains the latest RFID technology (tags, antennas, readers and conveyance systems) from a variety of industrial sponsors and vendors. The laboratory was the first public laboratory to pass accreditation criteria established by EPCglobal Inc., the global not-for-profit standards organization commercializing the Electronic Product Code (EPC) and RFID worldwide [64]. Sponsors include (strategic) ACNielsen, Deloitte, Cisco-Eagle, Hytrol Conveyor Co., Intel, and Microsoft; (business) ABF Freight System, Campbell Soup, E.&amp;J. Gallo Winery, Hanna&apos;s Candle Company, J.B. Hunt Transport Services, Tyson Foods, and Wal-Mart Stores; (technology) Avery-Dennison, Alien Technology, ConnecTerra, Entest, epcSolutions, Hugg &amp; Hall, IBM, OATSystems, Omron Electronics, Printronix, UPM Rafsec, RFID Global Solutions, RFID Journal, Symbol Technologies, ThingMagic, Weber Marking Systems, Zebra Technologies, and Zero Mountain.
  • Wal-Mart Forges Ahead with RFID By Renee Boucher Ferguson March 6, 2006
  • slides

    1. 1. MIXNET for Radio Frequency Identification Jaanus Uudmae, Harshitha Sunkara, Dale R. Thompson, Sean Bruce, and Jayamadhuri Penumarthi Dale R. Thompson, Ph.D., P.E. Associate Professor Computer Science and Computer Engineering Dept. University of Arkansas
    2. 2. Related Activities <ul><li>Member of GS1 EPCglobal Hardware Action Group Product Data Protection ad hoc Committee (Dec. 2006 – present) </li></ul><ul><li>Affiliated with University of Arkansas RFID Research Center (http://itri.uark.edu/rfid/) (Feb. 2005 – present) </li></ul><ul><li>Lightweight Authentication for RFID (Aug. 2006 – present) </li></ul><ul><li>Categorizing RFID Privacy Threats with STRIDE (July 2006) </li></ul><ul><li>Taught RFID Communications class (May – June 2006) </li></ul><ul><li>RFID Security Threat Model (Mar. 2006) </li></ul><ul><li>Brute Force Attack of EPCglobal UHF Class-1 Generation-2 RFID Tag (Jan. – May 2006) </li></ul><ul><li>Attack Graphs for EPCglobal RFID (Jan. – May 2006) </li></ul><ul><li>MIXNET Using Universal Re-encryption for Radio Frequency Identification (RFID) (Aug. 2005 – Dec. 2006) </li></ul><ul><li>RFID Technical Tutorial and Threat Modeling Project (Jun. – Dec. 2005) </li></ul>
    3. 3. University of Arkansas RFID Research Center <ul><li>Fully student staffed with 24 industry members, which recently became the first open laboratory to be accredited by EPCglobal Inc. </li></ul>
    4. 4. What is RFID? <ul><li>Stands for Radio Frequency Identification </li></ul><ul><li>Uses radio waves for identification </li></ul><ul><li>New frontier in the field of information technology </li></ul><ul><li>One form of Automatic Identification </li></ul><ul><li>Provides unique identification or serial number of an object (pallets, cases, items, animals, humans) </li></ul>
    5. 5. RFID system
    6. 6. RFID reader <ul><li>Also known an interrogator </li></ul><ul><li>Reader powers passive tags with RF energy </li></ul><ul><li>Can be handheld or stationary </li></ul><ul><li>Consists of: </li></ul><ul><ul><li>Transceiver </li></ul></ul><ul><ul><li>Antenna </li></ul></ul><ul><ul><li>Microprocessor </li></ul></ul><ul><ul><li>Network interface </li></ul></ul>Reader Antenna
    7. 7. RFID tags <ul><li>Tag is a device used to transmit information such as a serial number to the reader in a contact less manner </li></ul><ul><li>Classified as : </li></ul><ul><ul><li>Passive – energy from reader </li></ul></ul><ul><ul><li>Active - battery </li></ul></ul><ul><ul><li>Semi-passive – battery and energy from reader </li></ul></ul>
    8. 8. UHF passive tag
    9. 9. Supply Chain Management <ul><li>RFID adds visibility as the items flow through the supply chain from the manufacturer, shippers, distributors, and retailers. </li></ul><ul><li>The added visibility can identify bottlenecks and save money. </li></ul><ul><li>Wal-Mart requested in June 2003 that their top 100 suppliers use RFID at the pallet and case level by January 2005. </li></ul>
    10. 10. Electronic Product Code (EPC) 96-bit Version <ul><li>Every product has unique identifier </li></ul><ul><li>96 bits can uniquely label all products for the next 1,000 years </li></ul><ul><li>2^96 = 79,228,162,514,264,337,593,543,950,336 </li></ul>36 bits 24 bits 28 bits 8 bits Serial Number Object Class (Product) EPC Manager (Manufacturer) Version
    11. 11. Physical Tracking
    12. 13. MIXNET using Universal Re-encryption <ul><li>ElGamal: </li></ul><ul><li>A conventional cryptosystem, permits re-encryption if the public key is known at each MIXNET </li></ul><ul><li>Ciphertext C’ represents re-encryption of C if both decrypt to the same plaintext. </li></ul><ul><li>Privacy is because the ciphertext pair (C, C’) is </li></ul><ul><li>indistinguishable from (C, R) for a random cipher R. </li></ul><ul><li>The tag pseudonym, a false name for the original identity is re-encrypted each time it passes a MIXNET. </li></ul>
    13. 14. ElGamal <ul><li>Key Generation: </li></ul><ul><li>Alice: </li></ul><ul><li>A random prime p, generator element g and private key x. </li></ul><ul><li>Generate public key </li></ul><ul><li>Publicize (p, g, y) and x as the private key. </li></ul><ul><li>Encryption: </li></ul><ul><li>Bob: </li></ul><ul><li>Chooses random k to send message m and computes a ciphertext pair </li></ul><ul><li>(c1, c2): </li></ul><ul><li>and </li></ul><ul><li>Decryption: </li></ul><ul><li>To decrypt ciphertext (c1, c2), Alice computes </li></ul>
    14. 15. Universal Re-encryption <ul><li>Re-encrypts the ciphertext without the knowledge of the public key using a random encryption factor. </li></ul><ul><li>Re-encryption is based on a homomorphic property, </li></ul><ul><li>Allows external anonymity which provides total privacy protection for data being transmitted </li></ul><ul><li>Encrypts under the public key and random encryption factor </li></ul><ul><li>Appends an identity element to the ciphertext encrypted based on ElGamal. </li></ul><ul><li>First decrypts the identity element to confirm the intended message. </li></ul>
    15. 16. Universal Re-encryption Example <ul><li>P = 23, g = 19, x = 17 </li></ul><ul><li>Y = 19 ^ 17 mod 23 = 21 </li></ul><ul><li>Publicize ( y, g) = (21, 19) </li></ul><ul><li>m = 20 , random encryption factor </li></ul><ul><li>Encryption: </li></ul><ul><li>= [(20,2),(7,19)] </li></ul><ul><li>Decryption: </li></ul>
    16. 17. Universal Re-encryption Example <ul><li>Re-encryption: </li></ul><ul><li>Input: </li></ul><ul><li>Random re-encryption factor : </li></ul><ul><li>Ciphertext </li></ul><ul><li>= [(3,21), (19,21)] </li></ul><ul><li>To Verify decryption of : </li></ul><ul><li>(Plaintext) </li></ul>
    17. 21. Future Work <ul><li>Extend simulation to a system of security agents </li></ul><ul><li>Add MIXNET agent to open source TagCentric </li></ul><ul><li>Implement MIXNET on a reader </li></ul><ul><li>Implement traditional MIXNET between readers and databases to hide location of tags from the database </li></ul>
    18. 22. RFID-related publications <ul><li>M. Byers, A. Lofton, A. K. Vangari-Balraj, and D. R. Thompson, “Brute force attack of EPCglobal UHF class-1 generation-2 RFID tag,” in Proc. IEEE Region 5 Technical Conf., Fayetteville, Arkansas, April 20-21, 2007, to appear. </li></ul><ul><li>S. C. G. Periaswamy, S. Bharath, M. Chagarlamudi, S. Estes, D. R. Thompson, “Attack graphs for EPCglobal RFID,” in Proc. IEEE Region 5 Technical Conf., Fayetteville, Arkansas, April 20-21, 2007, to appear. </li></ul><ul><li>J. Uudmae, H. Sunkara, D. R. Thompson, S. Bruce, and J. Penumarthi, “MIXNET for radio frequency identification,” in Proc. IEEE Region 5 Technical Conf., Fayetteville, Arkansas, April 20-21, 2007, to appear. </li></ul><ul><li>D. R. Thompson, J. Di, H. Sunkara, and C. Thompson, “Categorizing RFID privacy threats with STRIDE,” in Proc. ACM Symposium on Usable Privacy and Security (SOUPS), Carnegie Mellon University, Pittsburgh, Pennsylvania, July 12-14, 2006. </li></ul><ul><li>D. R. Thompson, “RFID technical tutorial,” The Journal of Computing Sciences in Colleges, vol. 21, no. 5, pp. 8-9, May, 2006. </li></ul><ul><li>D. R. Thompson, N. Chaudhry, and C. W. Thompson, “RFID security threat model,” in Proc. Acxiom Laboratory for Applied Research (ALAR) Conf. on Applied Research in Information Technology, Conway, Arkansas, Mar. 3, 2006. </li></ul><ul><li>N. Chaudhry, D. R. Thompson, and C. Thompson, RFID Technical Tutorial and Threat Modeling, ver. 1.0, tech. report, Dept. of Computer Science and Computer Engineering, University of Arkansas, Fayetteville, Arkansas, Dec. 8, 2005. Available: http://csce.uark.edu/~drt/rfid </li></ul>
    19. 23. Contact Information <ul><li>Dale R. Thompson, Ph.D., P.E. </li></ul><ul><li>Associate Professor </li></ul><ul><li>Computer Science and Computer Engineering Dept. </li></ul><ul><li>University of Arkansas </li></ul><ul><li>311 Engineering Hall </li></ul><ul><li>Fayetteville, Arkansas 72701 </li></ul><ul><li>Phone: +1 (479) 575-5090 </li></ul><ul><li>FAX: +1 (479) 575-5339 </li></ul><ul><li>E-mail: d.r.thompson@ieee.org </li></ul><ul><li>WWW: http://csce.uark.edu/~drt/ </li></ul>

    ×