The Outer Limits of RFID Security Ari Juels RSA Laboratories CHES 2006 All slides © 2006 RSA Laboratories
RFID (Radio-Frequency IDentication)   takes many forms…
“ RFID” really denotes a  spectrum of devices Automobile  ignition key Mobile phone Toll payment plaque Basic “ smart labe...
“ Smart labels”: EPC (Electronic Product Code) tags Barcode EPC tag Line-of-sight Radio contact Specifies object type Uniq...
<ul><li>30 April: RFID-tagged cow “Bessie” produces milk </li></ul>2030: Week in the life of a milk carton <ul><li>30 Apri...
<ul><li>6 May 0953h: Supermarket transfers carton tag ownership to Alice’s smart home </li></ul><ul><li>6 May 1103h: Alice...
<ul><li>6 May 0953h: Supermarket transfers carton tag ownership to Alice’s smart home </li></ul><ul><li>6 May 1103h: Alice...
Proximity cards RFID Today: IN Your POcket Note: Often just emit static identifiers, i.e., they are just smart labels!
Automobile ignition keys <ul><li>RFID helps secure hundreds of millions of automobiles </li></ul><ul><ul><li>Cryptographic...
Payment devices <ul><li>ExxonMobil Speedpass TM </li></ul>in your pocket <ul><li>RFID now offered in all major credit card...
<ul><li>Cattle </li></ul>“ Not Really Mad” in ANIMALs <ul><li>Housepets </li></ul>The cat came back,  the very next day… 5...
<ul><li>Schools </li></ul><ul><li>Amusement parks </li></ul><ul><li>Hospitals </li></ul><ul><li>In the same vein: mobile p...
<ul><li>Dozens of countries issuing or soon to issue RFID-enabled passports </li></ul><ul><li>Other identity documents, e....
NFC (Near-Field Consortium) <ul><li>Also, ticket purchases, payments, comparison shopping Phone can act as reader or tag <...
<ul><li>Talk in 2003-4 of planting RFID tags in 10,000 Yen banknotes and Euro banknotes </li></ul><ul><li>Talk has dissipa...
<ul><li>Medical compliance: Greater independence (and privacy!), particularly for elderly </li></ul><ul><li>Anti-counterfe...
The consumer privacy problem Here’s Mr. Jones in 2020… 1500 Euros in wallet Serial numbers: 597387,389473… Wig model #4456...
…and the tracking problem <ul><li>Mr. Jones pays with a credit card; his RFID tags now linked to his identity; determines ...
Suica Image courtesy of Kevin Fu
Suica Images courtesy of Kevin Fu
What data are vulnerable? Image courtesy of Kevin Fu CURRENT BALANCE Travel history: visited stations and dates  Details o...
RFID privacy <ul><li>Only definitive way to achieve privacy is: </li></ul><ul><ul><li>Emit an identifier only  </li></ul><...
RFID privacy <ul><li>Only definitive way to achieve privacy is: </li></ul><ul><ul><li>Emit only an identifier </li></ul></...
RFID privacy <ul><li>Only definitive way to achieve privacy is: </li></ul><ul><ul><li>Emit only an identifier </li></ul></...
The authentication problem 1500 Euros in wallet Serial numbers: 597387,389473… Replacement hip medical part #459382 Good r...
Won’t crypto solve our problems? <ul><li>We can do: </li></ul><ul><li>Challenge-response for authentication </li></ul><ul>...
Simple authentication: Possession is the law <ul><li>How does Alice’s refrigerator get read/write privileges for the histo...
Simple authentication: Possession is the law <ul><li>But what if the tag is on Alice’s wristwatch?  </li></ul><ul><ul><li>...
The VeriChip TM ??? + = Human-implantable RFID
The VeriChip TM <ul><li>Proposed for medical-patient identification </li></ul><ul><li>Also  proposed and used as an authen...
The VeriChip TM <ul><li>Physical coercion and attack </li></ul><ul><ul><li>In 2005, a man in Malaysia had his fingertip cu...
Private identification <ul><li>A very simple scheme allows for  simultaneous  cloneability and privacy </li></ul><ul><li>E...
Private identification <ul><li>Our simple scheme: </li></ul>SK “ Proceed to  authenticate Officer  Alice ” Officer  Alice ...
Private identification <ul><li>Take two: </li></ul>SK Officer  Alice “ Proceed to  authenticate Officer  Alice ” “ Who are...
Private identification <ul><li>Semantic security  ->  An attacker who intercepts  C  and  C’  cannot tell if they come fro...
Attacker’s perspective Alice’s chip “ Who are you?” C
Attacker’s perspective “ Proceed to  authenticate Officer  Alice ” <ul><li>Attacker can simulate Alice’s chip, but… </li><...
The covert-channel problem <ul><li>Suppose there is a secret sensor… </li></ul>SK Officer  Alice “ Officer  Alice has low ...
The covert-channel problem <ul><li>Suppose there is a secret sensor… </li></ul>SK Officer  Alice “ Officer  Alice recently...
The covert-channel problem <ul><li>Suppose there is a secret sensor… </li></ul>SK Officer  Alice “ Mercury switch indicate...
How can we ensure no covert channels? <ul><li>Must make outputs deterministic </li></ul><ul><li>Can also, e.g., give PRNG ...
Covert-freeness detector A A’ “ No  covert channel” “ Yes , covert channel suspected”
Here’s a covert channel! <ul><li>Create identifier for Bob </li></ul><ul><ul><li>Bob need not actually own a chip </li></u...
Suppose we detect  the covert channel… “ No  covert channel” A A’
Suppose we detect  the covert channel… “ Yes , covert channel suspected ” A B
Then we can distinguish between Alice and Bob: Privacy is broken! “ Yes , covert channel suspected ” A B
Then we can distinguish between Alice and Bob: Privacy is broken! “ A and B represent different people ” A B
<ul><li>Let’s change (relax) the definition of privacy! </li></ul><ul><li>If non-sequential tag outputs are checked, detec...
Covert-freeness  and  privacy? <ul><li>Detector can do  pairwise  check only… </li></ul>READ EVENTS <ul><li>Achievable “ef...
Covert-freeness  and  privacy? <ul><li>Privacy is largely preserved because of  locality </li></ul><ul><li>Covert-freeness...
Returning to basic issue of privacy: Kill codes <ul><li>EPC tags have a “kill” function </li></ul><ul><ul><ul><li>On recei...
Problem 1:  Post-consumer uses of tags k Dead tags perhaps not harmful, but certainly not beneficial…
Problem 2: RF signatures <ul><li>Y. Oren and A. Shamir attacked EPC kill passwords via over-the-air power analysis </li></...
So what might solve our problems? <ul><li>The fact that privacy is not RFID specific </li></ul><ul><li>Laws and policy </l...
So what might solve our problems? <ul><li>Higher-powered intermediaries like mobile phones </li></ul><ul><ul><li>RFID “Gua...
So what might solve our problems? <ul><li>Cryptography! </li></ul><ul><ul><li>Urgent need for cheaper hardware for primiti...
To learn more <ul><li>Largely collaborative work within RFID CUSP </li></ul><ul><ul><li>www.rfid-cusp.org </li></ul></ul><...
Upcoming SlideShare
Loading in …5
×

The Outer Limits of RFID Security

439 views

Published on

Published in: Business, Health & Medicine
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
439
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
15
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

The Outer Limits of RFID Security

  1. 1. The Outer Limits of RFID Security Ari Juels RSA Laboratories CHES 2006 All slides © 2006 RSA Laboratories
  2. 2. RFID (Radio-Frequency IDentication) takes many forms…
  3. 3. “ RFID” really denotes a spectrum of devices Automobile ignition key Mobile phone Toll payment plaque Basic “ smart label” passive passive semi-passive no crypto no crypto some crypto few cm to few meters range several meters range several cm range
  4. 4. “ Smart labels”: EPC (Electronic Product Code) tags Barcode EPC tag Line-of-sight Radio contact Specifies object type Uniquely specifies object Fast, automated scanning Provides pointer to database entry for every object, i.e., unique, detailed history
  5. 5. <ul><li>30 April: RFID-tagged cow “Bessie” produces milk </li></ul>2030: Week in the life of a milk carton <ul><li>30 April: Milk transferred to RFID-tagged tank </li></ul><ul><ul><li>Cow identity and milking time recorded in tank-tag database </li></ul></ul><ul><li>1 May: RFID portal on truck records loading of refrigeration tanks </li></ul><ul><ul><li>Truck also has active RFID (+GPS) to track geographical location and RFID transponder to pay tolls </li></ul></ul><ul><li>2 May: Chemical-treatment record written to database record for milk barrel </li></ul><ul><ul><li>Bessie’s herd recorded to have consumed mustard grass; compensatory sugars added to milk </li></ul></ul><ul><li>3 May: Milk packaged in RFID-tagged carton; milk pedigree recorded in database associated with carton tag </li></ul><ul><li>4 May: RFID portal at supermarket loading dock records arrival of carton </li></ul><ul><li>5 May: “Smart” shelf records arrival of carton in customer area </li></ul><ul><li>5 May 0930h: “Smart” shelf records removal of milk </li></ul><ul><li>5 May 0953h: Point-of-sale terminal records sale of milk (to Alice) </li></ul>
  6. 6. <ul><li>6 May 0953h: Supermarket transfers carton tag ownership to Alice’s smart home </li></ul><ul><li>6 May 1103h: Alice’s refrigerator records arrival of milk </li></ul><ul><li>6 May 1405h: Alice’s refrigerator records removal of milk; refrigerator looks up database-recorded pedigree and displays: “ Woodstock, Vermont, Grade A, light pasturization, artisanal, USDA organic, breed: Jersey, genetic design #81726 ” </li></ul><ul><li>6 May 1807h: Alice’s “smart” home warns domestic robot that milk has been left out of refrigerator for more than four hours </li></ul><ul><li>6 May 1809h: Alice’s refrigerator records replacement of milk </li></ul><ul><li>7 May 0530h: Domestic robot uses RFID tag to locate milk in refrigerator; refills baby bottle </li></ul>2030: Week in the life of a milk carton
  7. 7. <ul><li>6 May 0953h: Supermarket transfers carton tag ownership to Alice’s smart home </li></ul><ul><li>6 May 1103h: Alice’s refrigerator records arrival of milk </li></ul><ul><li>6 May 1405h: Alice’s refrigerator records removal of milk; refrigerator looks up database-recorded pedigree and displays: “ Woodstock, Vermont, Grade A, light pasturization, artisanal, USDA organic, breed: Jersey, genetic design #81726 ” </li></ul><ul><li>6 May 1807h: Alice’s “smart” home warns domestic robot that milk has been left out of refrigerator for more than four hours </li></ul><ul><li>6 May 1809h: Alice’s refrigerator records replacement of milk </li></ul><ul><li>7 May 0530h: Domestic robot uses RFID tag to locate milk in refrigerator; refills baby bottle </li></ul><ul><li>7 May 2357h: Recycling center scans RFID tag on carton; directs carton to paper-brick recycling substation </li></ul><ul><li>7 May 0531h: Robot discards carton; “Smart” refrigerator notes absence of milk; transfers order to Alice’s PDA/phone/portable server grocery list </li></ul>2030: Week in the life of a milk carton
  8. 8. Proximity cards RFID Today: IN Your POcket Note: Often just emit static identifiers, i.e., they are just smart labels!
  9. 9. Automobile ignition keys <ul><li>RFID helps secure hundreds of millions of automobiles </li></ul><ul><ul><li>Cryptographic challenge-response </li></ul></ul><ul><ul><li>Philips claims more than 90% reduction in car theft thanks to RFID! </li></ul></ul><ul><ul><li>Note: some devices, e.g., Texas Instruments DST, are weak… </li></ul></ul>in your pocket f
  10. 10. Payment devices <ul><li>ExxonMobil Speedpass TM </li></ul>in your pocket <ul><li>RFID now offered in all major credit cards in U.S.… </li></ul>
  11. 11. <ul><li>Cattle </li></ul>“ Not Really Mad” in ANIMALs <ul><li>Housepets </li></ul>The cat came back, the very next day… 50 million+
  12. 12. <ul><li>Schools </li></ul><ul><li>Amusement parks </li></ul><ul><li>Hospitals </li></ul><ul><li>In the same vein: mobile phones with GPS… </li></ul>on People
  13. 13. <ul><li>Dozens of countries issuing or soon to issue RFID-enabled passports </li></ul><ul><li>Other identity documents, e.g., drivers’ licenses, to follow </li></ul>In PAssports
  14. 14. NFC (Near-Field Consortium) <ul><li>Also, ticket purchases, payments, comparison shopping Phone can act as reader or tag </li></ul><ul><li>NFC is a general-purpose protocol </li></ul><ul><li>Already available in some models </li></ul>In Mobile phones Showtimes: 16.00, 19.00
  15. 15. <ul><li>Talk in 2003-4 of planting RFID tags in 10,000 Yen banknotes and Euro banknotes </li></ul><ul><li>Talk has dissipated </li></ul><ul><li>Main interest: anti-counterfeiting </li></ul>In Currency?
  16. 16. <ul><li>Medical compliance: Greater independence (and privacy!), particularly for elderly </li></ul><ul><li>Anti-counterfeiting: Better supply-chain visibility means less fraud </li></ul><ul><ul><li>U.S. govt. urging RFID to combat counterfeiting of drugs </li></ul></ul>In pharmaceuticals
  17. 17. The consumer privacy problem Here’s Mr. Jones in 2020… 1500 Euros in wallet Serial numbers: 597387,389473… Wig model #4456 (cheap polyester) 30 items of lingerie Das Kapital and Communist-party handbook Replacement hip medical part #459382
  18. 18. …and the tracking problem <ul><li>Mr. Jones pays with a credit card; his RFID tags now linked to his identity; determines level of customer service </li></ul><ul><ul><li>Think of car dealerships using drivers’ licenses to run credit checks… </li></ul></ul><ul><li>Mr. Jones attends a political rally; law enforcement scans his RFID tags </li></ul><ul><li>Mr. Jones wins Turing Award; physically tracked by paparazzi via RFID </li></ul>Wig serial #A817TS8
  19. 19. Suica Image courtesy of Kevin Fu
  20. 20. Suica Images courtesy of Kevin Fu
  21. 21. What data are vulnerable? Image courtesy of Kevin Fu CURRENT BALANCE Travel history: visited stations and dates Details of merchandise purchase
  22. 22. RFID privacy <ul><li>Only definitive way to achieve privacy is: </li></ul><ul><ul><li>Emit an identifier only </li></ul></ul><ul><ul><li>Change identifier across reads </li></ul></ul>Wig serial #A817TS8u
  23. 23. RFID privacy <ul><li>Only definitive way to achieve privacy is: </li></ul><ul><ul><li>Emit only an identifier </li></ul></ul><ul><ul><li>Change identifier across reads </li></ul></ul>#A817TS8u
  24. 24. RFID privacy <ul><li>Only definitive way to achieve privacy is: </li></ul><ul><ul><li>Emit only an identifier </li></ul></ul><ul><ul><li>Change identifier across reads </li></ul></ul>#Z87d68aK
  25. 25. The authentication problem 1500 Euros in wallet Serial numbers: 597387,389473… Replacement hip medical part #459382 Good readers, bad tags Mr. Jones in 2020 Mad-cow hamburger lunch Counterfeit! Counterfeit! Mr. Jones’s car is stolen!
  26. 26. Won’t crypto solve our problems? <ul><li>We can do: </li></ul><ul><li>Challenge-response for authentication </li></ul><ul><li>Mutual authentication and/or encryption for privacy </li></ul>Side-channel countermeasures <ul><li>But: </li></ul><ul><li>Moore’s Law vs. pricing pressure </li></ul><ul><li>Beyond simple “terrestrial” problems, basic cryptography may not be enough… </li></ul><ul><li>This is the theme of our talk! </li></ul>AES
  27. 27. Simple authentication: Possession is the law <ul><li>How does Alice’s refrigerator get read/write privileges for the history for the milk carton bearing tag T ? </li></ul><ul><li>The straightforward approach: </li></ul><ul><ul><li>A central registry R shares symmetric key k with the tag T </li></ul></ul><ul><ul><li>Alice’s refrigerator acts as authentication proxy between R and T </li></ul></ul><ul><ul><li>Tag T authenticates via challenge-response </li></ul></ul>c r = f k ( c ) k Registry R k c r = f k ( c )
  28. 28. Simple authentication: Possession is the law <ul><li>But what if the tag is on Alice’s wristwatch? </li></ul><ul><ul><li>Should any nearby reader be able to read tag history? </li></ul></ul><ul><ul><li>Should any nearby reader be able to modify tag history? </li></ul></ul><ul><li>What if registry R is unavailable? </li></ul><ul><ul><li>Will the tag carry information on board? </li></ul></ul><ul><ul><li>If so, who can access it? </li></ul></ul><ul><ul><li>Does Alice’s baby get its milk? </li></ul></ul>
  29. 29. The VeriChip TM ??? + = Human-implantable RFID
  30. 30. The VeriChip TM <ul><li>Proposed for medical-patient identification </li></ul><ul><li>Also proposed and used as an authenticator for physical access control, a “prosthetic biometric” </li></ul><ul><ul><li>E.g., Mexican attorney general purportedly used for access to secure facility </li></ul></ul><ul><li>What kind of cryptography does it have? </li></ul><ul><ul><li>None: It can be easily cloned </li></ul></ul><ul><li>So shouldn’t we add a challenge-response protocol? </li></ul><ul><li>Cloning may actually be a good thing </li></ul>+ = Human-implantable RFID
  31. 31. The VeriChip TM <ul><li>Physical coercion and attack </li></ul><ul><ul><li>In 2005, a man in Malaysia had his fingertip cut off by thieves stealing his biometric-enabled Mercedes </li></ul></ul><ul><ul><li>What would happen if the VeriChip were used to access ATM machines and secure facilities? </li></ul></ul><ul><li>Perhaps it is better then if tags can be cloned and are not used for authentication— only for identification </li></ul><ul><li>But if a tag is cloneable, and used for identification, does that mean that privacy is impossible? </li></ul><ul><ul><li>I.e., does cloneability imply an ability to track? </li></ul></ul>
  32. 32. Private identification <ul><li>A very simple scheme allows for simultaneous cloneability and privacy </li></ul><ul><li>El Gamal public-key cryptosystem: </li></ul><ul><ul><li>Randomized scheme: C = E PK , r [ m ] </li></ul></ul><ul><ul><li>Semantic security : Cannot distinguish between ciphertexts C and C’ on known plaintexts without knowledge of SK </li></ul></ul><ul><li>Adversary cannot distinguish between C = E PK , r [ Alice ] and C’ = E PK , r’ [ Bob ] </li></ul>
  33. 33. Private identification <ul><li>Our simple scheme: </li></ul>SK “ Proceed to authenticate Officer Alice ” Officer Alice “ Who are you?” C = E PK , r [ Alice ]
  34. 34. Private identification <ul><li>Take two: </li></ul>SK Officer Alice “ Proceed to authenticate Officer Alice ” “ Who are you?” C’ = E PK , r’ [ Alice ]
  35. 35. Private identification <ul><li>Semantic security -> An attacker who intercepts C and C’ cannot tell if they come from the same chip </li></ul><ul><ul><li>Attacker cannot identify or track Alice </li></ul></ul><ul><li>But attacker can still clone Alice’s chip! </li></ul><ul><li>El Gamal re-encryption (homomorphism): </li></ul><ul><ul><li>Let U = E PK , r [1] have uniformly random r </li></ul></ul><ul><ul><li>Then given C = E PK , r’ [ m ], the distribution CxU is uniform over ciphertexts on m </li></ul></ul><ul><li>Clone chip selects U and outputs C x U </li></ul><ul><li>Clone chip is indistinguishable from Alice’s! </li></ul>
  36. 36. Attacker’s perspective Alice’s chip “ Who are you?” C
  37. 37. Attacker’s perspective “ Proceed to authenticate Officer Alice ” <ul><li>Attacker can simulate Alice’s chip, but… </li></ul><ul><ul><li>He cannot track Alice </li></ul></ul><ul><ul><li>He may not even know whose chip he’s cloned! </li></ul></ul>“ Who are you?” C x U
  38. 38. The covert-channel problem <ul><li>Suppose there is a secret sensor… </li></ul>SK Officer Alice “ Officer Alice has low blood pressure and high blood-alcohol ” “ Who are you?” C
  39. 39. The covert-channel problem <ul><li>Suppose there is a secret sensor… </li></ul>SK Officer Alice “ Officer Alice recently passed near the RFID reader of a casino ” “ Who are you?” C
  40. 40. The covert-channel problem <ul><li>Suppose there is a secret sensor… </li></ul>SK Officer Alice “ Mercury switch indicates that Officer Alice took a nap this afternoon. ” “ Who are you?” C
  41. 41. How can we ensure no covert channels? <ul><li>Must make outputs deterministic </li></ul><ul><li>Can also, e.g., give PRNG keys to Alice </li></ul><ul><li>But can we: </li></ul><ul><ul><li>Allow Alice to verify covert-freeness without exposing secret keys to her? </li></ul></ul><ul><ul><li>Enable a third party to verify covert-freeness? </li></ul></ul><ul><li>It turns out that privacy and such verifiable covert-freeness are contradictory! </li></ul>
  42. 42. Covert-freeness detector A A’ “ No covert channel” “ Yes , covert channel suspected”
  43. 43. Here’s a covert channel! <ul><li>Create identifier for Bob </li></ul><ul><ul><li>Bob need not actually own a chip </li></ul></ul><ul><li>Alice’s chip does following: </li></ul><ul><ul><li>If no nap, output ciphertexts A, A’, A’’, etc. with Alice’s identity </li></ul></ul><ul><ul><li>If Alice has taken a nap, output ciphertexts B,B’,B’’, etc. with Bob’s identity </li></ul></ul>
  44. 44. Suppose we detect the covert channel… “ No covert channel” A A’
  45. 45. Suppose we detect the covert channel… “ Yes , covert channel suspected ” A B
  46. 46. Then we can distinguish between Alice and Bob: Privacy is broken! “ Yes , covert channel suspected ” A B
  47. 47. Then we can distinguish between Alice and Bob: Privacy is broken! “ A and B represent different people ” A B
  48. 48. <ul><li>Let’s change (relax) the definition of privacy! </li></ul><ul><li>If non-sequential tag outputs are checked, detector learns nothing… </li></ul>Covert-freeness and privacy? READ EVENTS “ ?????”
  49. 49. Covert-freeness and privacy? <ul><li>Detector can do pairwise check only… </li></ul>READ EVENTS <ul><li>Achievable “efficiently” with pairings-based cryptography (ECC) </li></ul>“ Covert-free pair”
  50. 50. Covert-freeness and privacy? <ul><li>Privacy is largely preserved because of locality </li></ul><ul><li>Covert-freeness checkable probabilistically, i.e., with spot checks </li></ul>READ EVENTS “ Covert-free pair”
  51. 51. Returning to basic issue of privacy: Kill codes <ul><li>EPC tags have a “kill” function </li></ul><ul><ul><ul><li>On receiving password, tag self-destructs </li></ul></ul></ul><ul><ul><ul><li>Tag is permanently inoperative </li></ul></ul></ul><ul><li>Developed for EPC to protect consumers after point of sale </li></ul><ul><ul><ul><li>“Dead tags tell no tales” </li></ul></ul></ul><ul><ul><ul><li>Privacy is preserved </li></ul></ul></ul><ul><li>Simple and categorical, but not a wholly satisfying solution… </li></ul>
  52. 52. Problem 1: Post-consumer uses of tags k Dead tags perhaps not harmful, but certainly not beneficial…
  53. 53. Problem 2: RF signatures <ul><li>Y. Oren and A. Shamir attacked EPC kill passwords via over-the-air power analysis </li></ul><ul><li>Found that dead tags are detectable! </li></ul><ul><ul><li>Backscatter from antennas </li></ul></ul><ul><li>Hypothesize manufacturer type may be learnable </li></ul><ul><li>Probably of limited significance, but still bears on privacy </li></ul><ul><li>Do tags possess uniquely detectable RF fingerprints? </li></ul><ul><ul><li>Device signatures a staple of electronic warfare </li></ul></ul><ul><li>Cryptography would not help here! </li></ul><ul><li>3 type A tags (merchandise) </li></ul><ul><li>2 type B tags (medication) </li></ul><ul><li>10 type C tags (500-Euro banknotes) </li></ul>
  54. 54. So what might solve our problems? <ul><li>The fact that privacy is not RFID specific </li></ul><ul><li>Laws and policy </li></ul><ul><li>RFID security as a database problem </li></ul><ul><ul><li>Reduces problem to access control, but: </li></ul></ul><ul><ul><li>Accept tracking of identifiers </li></ul></ul><ul><ul><li>Create further dependence on network connectivity </li></ul></ul>
  55. 55. So what might solve our problems? <ul><li>Higher-powered intermediaries like mobile phones </li></ul><ul><ul><li>RFID “Guardian” and RFID REP </li></ul></ul>Please show reader certificate and privileges
  56. 56. So what might solve our problems? <ul><li>Cryptography! </li></ul><ul><ul><li>Urgent need for cheaper hardware for primitives and better side-channel defenses </li></ul></ul><ul><li>Some of talk really in outer limits, but basic caveats are important: </li></ul><ul><ul><li>Pressure to build a smaller, cheaper tags without cryptography </li></ul></ul><ul><ul><li>RFID tags are close and personal, giving privacy a special dimension </li></ul></ul><ul><ul><li>RFID tags change ownership frequently </li></ul></ul><ul><ul><li>Key management will be a major problem </li></ul></ul><ul><ul><ul><li>Think for a moment after this talk about distribution of kill passwords… </li></ul></ul></ul><ul><ul><ul><li>Are there good hardware approaches to key distribution, e.g., proximity as measure of trust </li></ul></ul></ul>
  57. 57. To learn more <ul><li>Largely collaborative work within RFID CUSP </li></ul><ul><ul><li>www.rfid-cusp.org </li></ul></ul><ul><ul><li>Papers available on publications page </li></ul></ul><ul><li>Papers: </li></ul><ul><ul><li>“ RFID security and privacy: a research survey” </li></ul></ul><ul><ul><li>“ The security implications of VeriChip TM cloning,” </li></ul></ul><ul><ul><ul><li>Joint work with J. Halamka, A. Stubblefield, and J. Westhues </li></ul></ul></ul><ul><ul><li>“ Covert channels in privacy-preserving identification systems” </li></ul></ul><ul><ul><ul><li>Forthcoming joint work with Dan Bailey </li></ul></ul></ul><ul><ul><li>“ Power analysis of RFID tags” (on Internet; not RFID-CUSP) </li></ul></ul><ul><ul><ul><li>Y. Oren and A. Shamir </li></ul></ul></ul>

×