Published on

Published in: Business, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. RFID Security and Privacy A Research Survey Shruti Pathak CS 585 Spring ‘09
  2. 2. What is RFID? <ul><li>Radio Frequency IDentification: RFID </li></ul><ul><li>Automated identification of objects and people </li></ul><ul><li>It labels objects uniquely and explicitly </li></ul>
  3. 3. What is an RFID tag? <ul><li>Small microchip designed for wireless data transmission </li></ul><ul><li>Attached to an antenna: resembles a sticker </li></ul><ul><li>Contactless and unique identification of products and people </li></ul><ul><li>Microchip can be as small as a grain of sand (0.4mm 2 ) </li></ul>
  4. 4. Types of RFID tags <ul><li>‘Passive’ tags (inexpensive) which derive their power from interrogating reader </li></ul><ul><li>‘Semi-Passive’ tags whose batteries power their circuitry when they are interrogated </li></ul><ul><li>‘Active’ tags whose batteries power their transmission </li></ul>
  5. 5. An EPC RFID tag used by Walmart <ul><li>© </li></ul>
  6. 6. How does it work?
  7. 7. How does it work? <ul><li>RFID reader sends high frequent energy with optional encoded information to the transponder </li></ul><ul><li>The energy gets converted into electrical charge and gets saved </li></ul><ul><li>Transponder responses with unique encoded information </li></ul><ul><li>Reader receives the information and processes it </li></ul>
  8. 8. RFID tag (..contd) <ul><li>Successor to the optical barcode, which can be seen on any product </li></ul>
  9. 9. Advantages of RFID over barcodes <ul><li>Unique Identification </li></ul><ul><li>Barcode identifies type of object while the RFID identifies the object uniquely </li></ul><ul><li>Example: When product is purchased at Walmart and is scanned for billing the information that is scanned can be said to be as “Kleenex tissue pack-10 count” </li></ul><ul><li>In fact each identical pack will scan the same information </li></ul><ul><li>Whereas the RFID tag would scan the same pack as “Kleenex tissue pack-10 count serial no. ABC1239086” and each pack thus will generate unique information(identification). </li></ul>
  10. 10. Advantages of RFID over barcodes (..contd) <ul><li>Automation </li></ul><ul><li>Optically scanned hence line-of-sight contact with reader required. </li></ul><ul><li>Example: Difficulty while self-checking out the items! </li></ul><ul><li>RFID tags overcome these shortcomings! They can scan 100 of items per second. </li></ul><ul><li>Example: Items in warehouses. </li></ul>
  11. 11. RFID today and tomorrow
  12. 12. RFID today <ul><li>Proximity Cards (contactless cards) </li></ul><ul><li>Automated toll-payment transponders </li></ul><ul><li>Ignition keys of automobiles (theft-deterrent) </li></ul><ul><li>Payment tokens (SpeedPass TM , American Express ExpressPay TM , Mastercard PayPass TM ) </li></ul><ul><li>Many house pets have RFID tags implanted in their bodies to facilitate their safe-return home </li></ul>
  13. 13. <ul><ul><ul><ul><li>© </li></ul></ul></ul></ul>
  14. 14. RFID tomorrow <ul><li>Smart Appliances: </li></ul><ul><li>Washing Machines and refrigerators, even shopping list to home delivery service </li></ul><ul><li>Shopping: </li></ul><ul><li>Check-out by rolling just the card under point of sale and automatic credit to your account. Also would facilitate the return of items without receipts </li></ul><ul><li>Interactive Objects: </li></ul><ul><li>Interaction through mobile phones. Scan movie posters and an item for sale! </li></ul><ul><li>Medication Compliance: </li></ul><ul><li>To verify whether the medications are taken in a timely manner </li></ul>
  15. 15. Formal definition of RFID Any RFID is a device that is mainly used for identification of an object or a person
  16. 16. Security Problems <ul><li>Two main Privacy concerns </li></ul><ul><li>Clandestine (concealed) Tracking </li></ul><ul><li>Readers interrogate and tags respond without the owner’s knowledge </li></ul><ul><li>Serious threat when the reader can retrieve your personal information during this process! </li></ul><ul><li>Inventorying (making itemized list of supplies) </li></ul><ul><li>Reader can harvest important information from the tags related to what type of medication a person is carrying thus what illness he/she may have. </li></ul><ul><li>Personal preferences with respect to clothing and other accessories. </li></ul>
  17. 17. Privacy Problems (concerns of everyday life) <ul><li>Toll-payment transponders </li></ul><ul><li>Small plaques positioned in windshield corners </li></ul><ul><li>Euro Banknotes </li></ul><ul><li>Embedding RFID tags in banknotes as an anti-counterfeiting measure </li></ul><ul><li>Libraries </li></ul><ul><li>Facilitate check-out and inventorying of books </li></ul><ul><li>Passports </li></ul><ul><li>An international organization known as International Civil Aviation Organization officially announced the guidelines for RFID enabled passports and other travel documents </li></ul><ul><li>Human Implantation </li></ul><ul><li>VeriChip is a human implantable RFID tag. It can be used for medical record indexing by scanning a patient’s tag </li></ul>
  18. 18. Read ‘ ranges’ of tags <ul><li>Nominal read range </li></ul><ul><li>ISO 14443 specifies a nominal read range of 10 cm </li></ul><ul><li>Rogue scanning range </li></ul><ul><li> 5 times the nominal read range, i.e.,50 cm </li></ul><ul><li>Tag-to-reader eavesdropping range </li></ul><ul><li> Once the tag is powered by a reader then a second reader can read information from the same tag from a much more larger distance than rogue scanning range </li></ul><ul><li>Reader-to-tag eavesdropping range </li></ul><ul><li>Readers transmit tag specific information to the tag in some RFID protocols. They are subject to eavesdropping to kilometers of distances </li></ul><ul><li>NOTE: RFID tags can foul systems with excessively long range. In some extreme cases, one person might pay for another person’s groceries! </li></ul>
  19. 19. Authentication <ul><li>Issues concerning well behaving readers extracting information from misbehaving tags </li></ul><ul><li>Scanning and replication of RFID tags is another problem </li></ul>
  20. 20. Nomenclature and Organization <ul><li>Basic Tags </li></ul><ul><li> Those that cannot execute standard cryptographic operations like encryption and hashing </li></ul><ul><li>Symmetric-key tags </li></ul><ul><li> Can perform symmetric cryptographic operations hence cost a little more </li></ul>
  21. 21. Basic RFID tags <ul><li>Low cost </li></ul><ul><li>Lack cryptographic operations </li></ul><ul><li>Couple of thousand gates devoted mainly to basic operations </li></ul><ul><li>Another hundreds for security functionality </li></ul>
  22. 22. Privacy <ul><li>‘ Killing’ and ‘Sleeping’: </li></ul><ul><li>When an EPC tag receives a ‘kill’ command from the reader, it becomes inoperative permanently. These commands are PIN protected </li></ul><ul><li> Alternatively, tags are put to “sleep” which means they are temporarily made inactive </li></ul><ul><li>Renaming Approach </li></ul><ul><li>Tag identifiers are suppressed to disable tracking and hence protect privacy </li></ul>
  23. 23. Privacy (…contd) <ul><li>The Proxying approach </li></ul><ul><li>Consumers might carry their own individual privacy protection devices instead of depending on readers for the same </li></ul><ul><li>Distance measurement </li></ul><ul><li>With some additional low-cost circuitry we can roughly measure the distance between the reader and the tag on the basis of which we can judge the authentication </li></ul><ul><li>Blocking </li></ul><ul><li>Incorporation of modifiable bit called as ‘privacy bit’ into tags </li></ul><ul><li>0 bit : unrestricted public scanning </li></ul><ul><li>1 bit : ‘privacy zone’ </li></ul>
  24. 24. Authentication <ul><li>Using ‘kill pins’ to authenticate tags to the reader </li></ul><ul><li>‘ Yoking’ is a RFID protocol which provides cryptographic proof that two items were scanned simultaneously within physical proximity. </li></ul><ul><li>Example: Medication + instruction booklet scanned manually </li></ul><ul><li>Physical one-way functions called POWF are tiny glass beads. On scanning those, unique pattern is revealed. POWF enables: (i) destroying information on physical tampering of RFID devices (ii) manufacturing duplicate POWF is almost impossible </li></ul>
  25. 25. The problem of PIN distribution <ul><li>Privacy and authentication features both depend on tag-specific PINs </li></ul><ul><li>Extremely necessary to secure point of sale terminals with the pin while we use the ‘kill’ command </li></ul>
  26. 26. Symmetric-Key Tags <ul><li>Cloning </li></ul><ul><li>Prevents the tag cloning by a simple challenge-response protocol </li></ul><ul><li>Privacy </li></ul><ul><li>Secure authentication of a RFID tag relies on the symmetric key shared between tag and the reader </li></ul><ul><li>The Literature </li></ul><ul><li>The use of key-search mechanism is very costly and efforts are being made to reduce this cost </li></ul><ul><li>Implementing symmetric-key primitives </li></ul><ul><li>Several different solutions for efficiently designing and implementing these primitives are being proposed </li></ul><ul><li> </li></ul>
  27. 27. More on Privacy in Symmetric key Tags <ul><li>If tag identifies itself prior to the interrogation from the reader, privacy is unachievable </li></ul><ul><li>If the reader authenticated to the tag first, then the tag cannot easily identify itself to the reader </li></ul><ul><li>Thus, it becomes difficult to find out the key between the reader and the tag </li></ul><ul><li>Solution to this problem: Letting the reader identify the tags using a ‘key search’ </li></ul>
  28. 28. Conclusion <ul><li>RFID tag gives rise to lot of security and privacy issues especially between the tag and the reader that have been discussed </li></ul><ul><li>Sensors are small hardware devices similar in flavor to RFID tags </li></ul><ul><li>Sensors are more expensive than RFID tags </li></ul><ul><li>User perception on RFID tags </li></ul>
  29. 29. References <ul><li>A. Juels, &quot;RFID security and privacy: a research survey,&quot; IEEE Journal on Selected Areas in Communications, vol. 24, pp. 381-394, 2006 </li></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.