Cryptanalaysis of an EPCC1G2 Standard Compliant Ownership Transfer Scheme Jorge Munilla Fuchun Guo · Willy Susilo

429 views

Published on

Cryptanalaysis of an EPCC1G2 Standard Compliant Ownership Transfer Scheme Jorge Munilla Fuchun Guo · Willy Susilo

Published in: Education, Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
429
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Cryptanalaysis of an EPCC1G2 Standard Compliant Ownership Transfer Scheme Jorge Munilla Fuchun Guo · Willy Susilo

  1. 1. Wireless Pers Commun DOI 10.1007/s11277-013-1011-5 Cryptanalaysis of an EPCC1G2 Standard Compliant Ownership Transfer Scheme Jorge Munilla · Fuchun Guo · Willy Susilo © Springer Science+Business Media New York 2013 Abstract Recently, Chen and Chien have proposed a novel ownership transfer scheme with low implementation costs and conforming to the EPC Class-1 Generation-2 standard. The authors claimed that the proposed scheme is able to resist all attacks, and hence it has better security and performance than its predecessors. However, in this paper we show that the protocol fails short of its security objectives, and it is even less secure than the previously proposed schemes. In fact, we describe several attacks which allow to recover all the secret information stored in the tag. Obviously, once this information is known, tags can be easily traced and impersonated. Keywords RFID · EPCC1G2 · Ownership transfer · Cryptanalysis 1 Introduction Radio frequency identification (RFID) is a technology that is widely deployed for supplychain and inventory managements, retail operations and more generally for automatic identifications. The advantage of RFID over barcode technology is that it is wireless and there is no necessity of direct line-of-sight reading. Furthermore, RFID readers can interrogate tags at greater distances, faster and concurrently [1]. Typical RFID architecture involves three main components: (i) Tags or transponders, which are electronic data storages that are attached to the objects to be identified; (ii) Readers J. Munilla (B ) E.T.S.I. Telecomunicación, University of Málaga, Málaga, Spain e-mail: munilla@ic.uma.es F. Guo · W. Susilo School of Computer Science and Software Engineering, University of Wollongong, Wollongong, Australia e-mail: fuchun@uow.edu.au W. Susilo e-mail: wsusilo@uow.edu.au 123
  2. 2. J. Munilla et al. or interrogators, which manage tag population, read data from and write data to tags; and (iii) A back-end Server, which is a trusted entity that processes private tag data. Tags are inactive till they pass through the electromagnetic field generated by a reader, which is tuned to the same frequency [2]. The reader receives the tag’s signal and transfers data to the Backend Server, which processes this information according to the specific intended application. Initial designs of RFID identification protocols focused on performance issues with lesser attention paid to resilience and security. However, this technology has matured and it is used in many secure applications [3]. These applications require implementation of security mechanisms which: (i) take into account its special characteristics; e.g. vulnerabilities of the radio channel, power-constrained devices, low-cost tags with limited functionalities and reply upon request, and (ii) make them resistant to the different risks that they face; such as lack of privacy or confidentiality, malicious traceability and loss of data integrity. Apart from the aforementioned requirements, key management becomes an issue when the owner of a tagged item changes [4]. Thus, some RFID applications could also require a secure tag ownership transfer. An ownership transfer protocol allows transferring the rights over a tag from the current owner to the new one in a secure and private way. Additionally, they can provide other properties as Ownership Delegation [5] and Authorization Recovery [6]. When designing this kind of protocols the main issue is to prevent that the current owner can access the tag once it has been transferred to the new owner. In general, these protocols can be categorized into two types [7–9]: those which assume an external entity (TPP) to coordinate the transaction, and those which assume a secure (isolated) environment where, after the private information have been transferred, the new owner can update the keys without being eavesdropped by an adversary. Both assumptions make sense depending on the application. The centralized scheme is valid when all tags are identified by readers belonging to the same company, but a trust issue arises when this is not the case. On the other hand, the existence of an insolated environment is often not realistic [10]. To promote the adoption of RFID technology and to support interoperability, EPCGlobal [11] and the International Organization for Standards (ISO) [12] have been actively engaged in defining standards for tags, readers, and the communication protocols. A recently ratified standard is the EPC Class-1 Generation-2, or simply EPCC1G2. This defines a platform for the interoperability of RFID protocols, by supporting efficient tag reading, flexible bandwidth use, multiple read/write capabilities and basic reliability guarantees, provided by an on-chip 16-bit Pseudo-random Number Generator (PRNG) and a 16-bit Cyclic Redundancy Code (CRC). EPCC1G2 is designed to strike a balance between cost and functionality, with little consideration about security issues. Recently, Chen and Chien [13] proposed a novel ownership transfer scheme with low implementation costs and conforming to EPCC1G2. More specifically, they proposed a secure system framework based on the mobile RFID technology, where smart phones or personal digital assistants (PDA) equipped with RFID modules can exchange information with RFID tags. The authors reviewed some previous ownership transfer protocols [6,14] pointing out their weaknesses and claimed that their scheme is the only scheme that is resistant against all attacks. Furthermore, this is accomplished with less computational cost. However, in this paper we show several attacks on this scheme, which allow to impersonate, trace and eventually recover all the secret information stored in the tag. The rest of the paper is organized as follows. Section 2 presents Chen and Chien’s scheme, describing its different phases, and highlighting the set of flows that are used for authentication between the reader and the tag. Then, in Sect. 3 we analyze the security of this 123
  3. 3. EPCC1G2 Standard Compliant Ownership Transfer Scheme protocol and show that it is subject to several attacks. And finally, Sect. 4 concludes the paper. 2 Chen and Chien’s Protocol In Chen and Chien’s scheme, there are six entities defined as follows: Server (S): Stores all the necessary information, such as a mobile reader’s ID, privacy information, tag EPC codes and unique secret keys. Cash Register (CR): A device placed in the market, so that when users want to purchase products, they use their mobile readers to communicate with the server through the cash register to complete the transactions. Mobile Reader (MR): A device which can query tag information and interact with the cash registers and server to complete transactions. Tag (T): Attached to products so that users can query the related information. All tags are required to conform to the EPCC1G2 standard. User (U): A member of a market who can derive service from the market and make an ownership transfer with another user. Authorized Agent (AA): If the user’s product requires after-sale service, the authorized agent forwards the related product information to the server for authentication, to verify whether or not the product is legal. Chen and Chien’s scheme consists of the following five phases. (1) Registration Phase, (2) Query and Authentication Phase, (3) Purchase Phase, (4) Product Authentication Phase, and (5) Ownership Transfer Phase. The three phases (2)(3)(4) require a tag authentication protocol, which we claim that it is subject to different attacks, and thus they are insecure. We revisit the second phase to clearly present the authentication protocol. In this phase, users apply their mobile readers to query product information, while the tags and the server perform mutual authentication to verify whether or not a specific user is legal. This phase is illustrated in Fig. 1 and Table 1 introduces the notation used thorough the paper. Before this Query and Authentication Phase, all involved parties store the secret state in the Registration phase, using the notations in Table 1 as follows: User (Pw, F j ) MobileReader (I D M R j , SY M j ) C1 = h(I D M R j ||h(S K )) ⊕ h(Pw||F j ) V1 = h h(I D M R j ||h(S K )) ( f j ) Tag. (E PCi , K i , M) Server. (S K , SY M j ) Query and authentication phase Step 1: When a user wants to query product information via his or her mobile reader, he or she must be authenticated by the mobile reader. The user inputs his or her password, Pw, and fingerprint template, F j , into the mobile reader, and the mobile reader computes h(I D M R j ||h(S K )) = C1 ⊕ (Pw||F j ) 123
  4. 4. J. Munilla et al. Fig. 1 Overview of the query and authentication phase and verifies V1 as ? V1 = h h(I D M R j ||h(S K )) ( f j ). If the equality holds, it means that the user is legal. When the user wants to use the mobile reader to query the tag information, first he or she uses the mobile reader to generate a random number, R1 , and encrypts the mobile reader identity, I D M R j , and R1 by the server’s public key, P K , as follows: C2 = E P K (I D M R j , R1 ). The user then uses his or her mobile reader to send the message, C2 , to the server. Step 2: After receiving message C2 , the server uses its secret key, S K , to decrypt message C2 by (I D M R j , R1 ) = D S K (C2 ) and gets the mobile reader’s identity, I D M R j . The server uses the mobile reader’s identity, I D M R j to search the corresponding symmetric key, SY M j , and generates a random number, R2 . After that, the server uses the mobile reader’s symmetric key, SY M j , to encrypt the value as follows: C3 = E SY M j [R2 ⊕ M] 123
  5. 5. EPCC1G2 Standard Compliant Ownership Transfer Scheme Table 1 Notations I DM R j The jth mobile reader’s unique identity Pw The user’s password Fj The jth user’s fingerprint template h(·) One-way hash function fi The hash value of the user’s fingerprint template, where f i = h(Fi ) Ki The ith tag’s unique secret key PK The server’s public key SK The server’s secret key SY M j The jth user’s mobile reader symmetric key M The hash value of the market trademark, where M = h(T − mar k) is Info. Detailed information of product (including specifications, price, E PCi 96-bits EPC (Electronic Product Code) of the ith tag known by the server and all tags transaction serial number, etc.) R2 , R3 The random numbers generated by server and tag respectively ⊕ XOR operation + Addition operation C RC(·) A Cyclic Redundancy Check function H D(·) Hamming Distance Pr [H ] Probability of the event H A( j) The jth bit of the binary vector A, with A(1) being the LSB A The complement of the binary vector A ∨ OR logical operation ∧ AND logical operation and then uses ciphertext C3 and random number R1 to compute S1 , S1 = C RC(C3 ⊕ R1 ). Finally, the server sends the messages (C3 , S1 ) to the mobile reader. Step 3: When the mobile reader receives the messages (C3 , S1 ) from the server, the user uses ciphertext C3 and random number R1 to verify S1 as follows: ? S1 = C RC(C3 ⊕ R1 ) If the equality holds, the user uses the mobile reader’s symmetric key to decrypt ciphertext C3 , S2 = D SY M S j (C3 ) = R2 ⊕ M and sends the query messages, (Quer y, S2 ) to the specific tag. Step 4: Once the messages (Quer y, S2 ) are received from the mobile reader, the tag uses the hash values M = h(T − mar k), to obtain the random number R2 generated by the server by the following calculation: R2 = S2 ⊕ M 123
  6. 6. J. Munilla et al. The tag then generates a random number, R3 , and uses R3 and the hash value M = h(T − mar k), to compute T1 as follows: T1 = R3 ⊕ M Finally, the tag uses its Electric Product Code, E PCi , secret key K i and random numbers R2 and R3 to calculate T2 and T3 as follows, T2 = (R2 ⊕ E PCi ) + R3 , T3 = C RC(R2 ∧ K i ∧ R3 ) and sends the messages (T1 , T2 , T3 ) to the mobile reader. Step 5: After receiving the messages (T1 , T2 , T3 ) from the tag, the user uses his or her mobile reader to encrypt the mobile reader identity, I D M R j , and the messages (T1 , T2 , T3 ) by the server’s public key, P K , as follows: C4 = E P K (I D M R j , T1 , T2 , T3 ) The user then uses the mobile reader to send ciphertext C4 to the server. Step 6: Upon receiving message C4 , the server uses its secret key, S K , to decrypt message C4 as follows: (I D M R j , T1 , T2 , T3 ) = D S K (C4 ) The server uses message T1 and the hash value, M = h(T − mar k), to compute: R3 = T1 ⊕ M and gets random number R3 . The server then uses message T2 and random numbers R2 and R3 to compute the tag’s EPC code, E PCi , as follows: E PCi = (T2 − R3 ) ⊕ R2 The server uses the tag’s EPC code, E PCi , to find the tag’s corresponding secret key, K i , in the database, and uses random numbers R2 and R3 and the retrieved tag’s secret key, K i , to verify T3 as follows: ? T3 = C RC(R2 ∧ K i ∧ R3 ) If the equality holds, it means that the tag is legal. The server then uses the mobile reader’s symmetric key, SY M j , to encrypt the tag information, I n f o., as follows: C5 = E SY M j [I n f o.] and uses ciphertext C5 and random number R1 to compute S3 as follows: S3 = C RC(C5 ⊕ R1 ) Finally, the server sends the messages (C5 , S3 ) to the mobile reader. Step 7: After receiving the messages (C5 , S3 ), the mobile user uses ciphertext C5 and random number R1 to compute S3 as follows: ? S3 = C RC(C5 ⊕ R1 ) If the equality holds, it means that the server is legal and ciphertext C5 was not tampered with during the transaction. The user then uses the mobile reader’s symmetric key, SY M j , to decrypt ciphertext C5 and gets the tag information as follows: I n f o. = D SY M j [C5 ] 123
  7. 7. EPCC1G2 Standard Compliant Ownership Transfer Scheme We have completed the description of the Query and Authentication Phase. This phase requires tag authentication (Step 4 to Step 6). We notice that the same authentication protocol is also adopted in the Purchase Phase and Product Authentication Phase. In the next section, we show that this tag authentication is not secure, which we mark with gray color in Fig. 1. 3 Attacks on Tag Authentication This section analyzes the most relevant weaknesses of Chen and Chien’s Protocol. We focus on the tag authentication process pointed out in the previous section. 3.1 Server/Reader Impersonation According to the authors, the scheme achieves mutual authentication. Unfortunately, this is not entirely correct. The mobile reader authenticates the server, and the server authenticates tags, but tags do not authenticate the server. Each tag shares private information with the server: M = h(T − mar k), which is known by the server and all tags; E PCi , the 96-bits EPC code of the ith tag; and K i the ith tag’s unique secret key. As these data are combined in bit-wise operations, we can assume that all of them have the same bitlength n. It must be also noted that reader is a naive element, which simply relays the messages between server and tag, and therefore we can identify server and reader as a unique entity from the cryptographic point of view. Lemma 1 In Chen and Chien’s Protocol, an attacker is able to supplant a legitimate server and get new messages T1 , T2 and T3 computed by a tag. Proof a Step 1: The attacker sends any value S2 to a tag. a a Step 2: The tag then computes R2 = S2 ⊕ M, generates a new random number R3 , and a computes and sends the corresponding messages T1 = R3 ⊕ M, T2 = (R2 ⊕ a ∧ K ∧ R ). E PCi ) + R3 and T3 = C RC(R2 i 3 a Step 3: The attacker receives these values computed by using R2 and R3 . 3.2 Recovering the Secret System Parameter M Lemma 2 Given = A − B and X = A ⊕ B, for two unknown binary numbers (A, B) ∈ {0, 1}n with A > B, it is possible to compute A( j) and B( j) with 1 ≤ j ≤ n for those j where X ( j) = 1. Proof The substraction of two binary numbers A, B with A > B can be written as: A − B = A ⊕ B ⊕ C = X ⊕ C, where C is the carry vector. The carry vector, C = = ⊕ X , can be also computed as: C( j + 1) = 1 if (X ( j) ∧ B( j)) ∨ (X ( j) ∧ C( j)) 0 otherwise (1) where the least significant bit C(1) = 0. Note also that the most significant bit C(n + 1) = 0 provided that A > B. 123
  8. 8. J. Munilla et al. Thus, one can compute the value of B( j) (and A( j)) for all those positions jth where X ( j) = 1. In fact, if X ( j) = 1: B( j) = A( j) = 1 if C( j + 1) = 1 0 if C( j + 1) = 0 (2) As a result, H D(X ) bits of B( j) (and A( j)) are disambiguated. A simple example: Let’s assume two numbers A = A(8) . . . A(1) = 10001011 and B = B(8) . . . B(1) = 01101101, with A > B, and the corresponding vectors = 00011110 and X = 11100110. According to Lemma 2, given and X we can know the values of the positions jth of A and B where X ( j) = 1. We compute the vector C = C(8) . . . C(1) = ⊕ X = 11111000 and we also include C(9) = 0 as A > B. Now, we apply Eq.(11) for the positions jth where X ( j) = 1: X (2) = 1 and C(3) = 0, then: A(2) = 1 and B(2) = 0 X (3) = 1 and C(4) = 1, then: A(3) = 0 and B(3) = 1 X (6) = 1 and C(7) = 1, then: A(6) = 0 and B(6) = 1 X (7) = 1 and C(8) = 1, then: A(7) = 0 and B(7) = 1 X (8) = 1 and C(9) = 0, then: A(8) = 1 and B(8) = 0 This way, 5 (= H D(X )) positions of A = 100x x01x and B = 011x x10x are determined. Lemma 3 In Chen and Chien’s Protocol, an active attacker can know every bit of M with 1 probability Pbit M = 1 − ( 2 ) p , where ( p + 1) is the number of interactions with a tag. Proof a Step 1: The attacker queries a tag with any value S2 , and receives the messages T10 , T20 and 0 computed by the tag for a generated value R 0 (cf. Lemma 1). T3 3 a Step 2: The attacker queries again the tag with the same value S2 , and receives the messages 1 , T 1 and T 1 computed by the tag for a newly generated value R 1 (cf. Lemma 1). T1 2 3 3 Step 3: The attacker checks T20 and T21 to subtract the lower value from the higher one. If we assume, without lost of generality, that T21 > T20 , then the adversary computes the vectors: 1 0 = T21 − T20 (= R3 − R3 ) X = C = T11 ⊕ T10 (= ⊕X 1 R3 ⊕ 0 R3 ) (3) (4) (5) 1 Step 4: The attacker uses Lemma 2 to disambiguate H D(X ) bits of R3 (when X ( j) = 1). 1 ( j) ⊕ R 1 ( j) for the positions jth of R 1 that Step 5: Then the attacker computes M( j) = T1 3 3 were disambiguated in the previous step. k Step 6: The attacker repeat ( p − 1) times the Step 2 to Step 5 for different values of R3 with 2 ≤ k ≤ p until she determines every bit of M. The probability that the adversary 0 knows the jth bit of M after p + 1 interactions (the first one in Step 1 with R3 and the following p interactions in Step 2) is the probability that the same bit value is k 0 not repeated for these ( p + 1) interactions; Pr [R3 ( j) = R3 ( j) for any k ∈ [1, p]]. If we assume that bits drawn by tags are uniformly distributed, then this happens 1 with probability Pbit M = 1 − ( 2 ) p . 123
  9. 9. EPCC1G2 Standard Compliant Ownership Transfer Scheme It is straightforward from this Lemma to compute the probability that an attacker knows all the bits n of M after ( p + 1) interactions: p n 1 2 PM = (Pbit M )n = 1 − (6) Theorem 1 In Chen and Chien’s Protocol, to know the n bits of the secret M, an active attacker needs in average (1 + E[ p]) interactions with the tag, where E[ p] = ∞ p · p=1 1 (1 − 21p )n − (1 − 2 p−1 )n . k Proof Given p + 1 random numbers R3 with 0 ≤ k ≤ p, where each of them consists of n k bits: R3 = bk (1)bk (2)bk (3) . . . bk (n). We can define the function F( j, p) as follows: F( j, p) = F(b0 ( j), b1 ( j), . . . , b p ( j)) = 1 if b0 ( j) ⊕ bk ( j) = 1 for any k ∈ [1, p] 0 if b0 ( j) ⊕ bk ( j) = 0 for all k ∈ [1, p] (7) According to Lemma 3, the attacker to compute all the bits of M, requires that F( j, p) = 1 for all j ∈ [1, n] and for some p. If she requires ( p + 1) interactions, it means that there p must exist at least one index I ∈ [1, n] in R3 such that, b0 (I ) ⊕ b j (I ) = 0 for all j ∈ [1, p − 1], and b0 (I ) ⊕ b p (I ) = 1. This further means that: F(I, p) = 1 and F(I, p − 1) = 0, which happens with probability 1/2 p . On the other hand, the probability that F( j, p −1) = 1 can be computed as (cf. Lemma 3): Pr [F( j, p − 1) = 1] = 1 − 1/2 p−1 . Now, we can compute the probability that the attacker requires ( p + 1) queries as the sum of the probabilities that there are from 1 to n indexes I in the last interaction. That is: n 1 1 · p · 1 − p−1 1 2 2 Pr [( p + 1) queries required] = n 1 2 1 · · 1 − p−1 2 2p 2 n 1 n 1 = + 1 − p−1 − p 0 2 2 n 1 1 = 1− p − 1 − p−1 2 2 n−2 + n · n + ··· + 1− 1 n−1 1 2p n n 2 p−1 n (8) And from Eq. (8), we can compute the expected average value for p as follows: p=∞ E[ p] = p · (1 − p=1 1 n 1 ) − (1 − p−1 )n 2p 2 (9) Figure 2 compares the values E[ p] for different bitlenghts n when computed by using Eq. (9) and by simulation (10,000 cases). Thus, it is shown that for n = 96, an attacker, in average, only needs to query any tag less than 9 times (E[ p] = 7.9) to recover the value M. It must be highlighted here that the parameter M is not a private secret of a specific tag, but shared by every tag and the server, which means that this attack compromises all the tags belonging to the system. 123
  10. 10. J. Munilla et al. 8.5 E[p]: expected value of p 8 7.5 Computed Simulated 7 6.5 6 5.5 5 4.5 0 20 40 60 80 100 120 n: bitlength of the key Fig. 2 Computed and simulated values for E[ p] 3.3 Traceability Although there are many different RFID privacy models for RFID (e.g. [15–17]), most of these are based on a game with two phases, which take place in two different intervals of time, and a final guess. During the first phase (learning phase), an adversary interacts with—or eavesdrops on—tags belonging to the system and records these communications. Later, in the second phase (challenge phase), the adversary interacts again with tags and she must try to link these messages with the messages exchanged during the first phase. A protocol guarantees untraceability—or privacy—if the adversary has negligible advantage to decide if two messages taken from the two different intervals were sent by the same tag or not [18]. The election of these intervals—chosen or given, the set of tags that the adversary can interact with—every tag or only a group of them, and the number and kind of operations that she can execute—e.g. corrupt a tag or not—are the main differences between the models. Here we analyze two cases: a very simple case where the adversary interrogates the tag only once, and therefore she does not know M; and the general case where the adversary can query tags enough times to determine the value of M. Theorem 2 In Chen and Chien’s Protocol, an attacker who obtains two set of messages ˆ ˆ ˆ for tag and tag: [S2 , T1 , T2 , T3 ] and [S2 , T1 , T2 , T3 ] respectively; is able to determine with advantage non-negligible if tag = tag. In particular, the adversary can know if m bits of E PCi and E PCi coincide, for m 1. Proof Step 1: The attacker eavesdrops on an authentication session of tag and stores the messages: [S2 , T1 , T2 , T3 ]; computed by using R2 and R3 . Step 2: Later, the attacker queries tag with the value S2 . ˆ ˆ ˆ ˆ Step 3: tag computes R2 = S2 ⊕ M, picks a new value R3 and replies with T1 , T2 and T3 , ˆ computed by using R2 and R3 . 123
  11. 11. EPCC1G2 Standard Compliant Ownership Transfer Scheme ˆ ˆ ˆ Step 4: The attacker computes X = T1 ⊕ T1 (= R3 ⊕ R3 ), and then decides if E PCi (1) = E PCi (1) as follows: ˆ If X (1) = 1 ˆ E PCi (1) = E PCi (1) if T2 (1) = T2 (1) ˆ E PCi (1) = E PCi (1) if T2 (1) = T2 (1)( i.e. tag = tag) ˆ If X (1) = 0 ˆ E PCi (1) = E PCi (1) if T2 (1) = T2 (1); repeat for E PCi (2) (11) ˆ E PCi (1) = E PCi (1) if T2 (1) = T2 (1) (i.e. tag = tag) (10) ˆ ˆ While X ( j) = 0 (and T2 ( j) = T2 ( j)), the adversary can increase her advantage by repeating the process for the next bit. If the adversary is allowed to challenge tag once more, she can also use the following strategy. After querying again with S2 , the adversary will get a new set of messages ˆ ˆ ˆ ˆ [T1 , T2 , T3 ], computed by using R2 and a new generated value R3 . The adversary assumes ˆ ˆ that E PCi = E PC i and combines the messages to have [ ˆ = R3 − R3 (= T2 − T2 ), ˆ ˆ ˆ ˆ ˆ ˆ ˆ ˆ X = R3 ⊕ R3 (= T1 ⊕ T1 )] and [ ˆ = R3 − R3 (= T2 − T2 ), X = R3 ⊕ R3 (= T1 ⊕ T1 )]. The attacker then uses these two sets of values to disambiguate bits of R3 (Lemma 2). If the disambiguated bits do not coincide in both cases, then tag = tag (the assumption E PCi = E PC i was incorrect); otherwise, if they do, the probability that tag = tag is higher. In the general case, if the adversary can challenge tag (or any other tag) enough times to compute M, the traceability is complete since, as proved next, she can compute the values of E PCi and E PC i and check if they match. Theorem 3 In Chen and Chien’s Protocol, an attacker who knows M can compute the E PC code of any tag and thus trace it. Proof a Step 1: The attacker sends any value S2 to the target tag. a = S a ⊕ M, picks a new value R and replies with T , T and Step 2: The tag computes R2 3 1 2 2 a T3 computed by using R2 and R3 . Step 3: The attacker, who already knows M, computes the value of E PCi as follows: a a E PCi = (T2 − R3 ) ⊕ R2 = (T2 − (T1 ⊕ M)) ⊕ (S2 ⊕ M). (12) 3.4 Tag Impersonation In this section we show two different but related attacks. Firstly, we show how an attacker can also recover the secret key K i of a tag. From this point on the attacker knows all the information stored in the tag and therefore, from a cryptographic point of view the server will no longer be able to distinguish the attacker from the genuine tag. However, the attacker does not need to know K i to impersonate a tag. We show that the way to check the authenticity of a tag is not adequate (Step 6 of the Query and Authentication Phase). Theorem 4 In Chen and Chien’s Protocol, an active attacker who knows M can determine 1 a bit of K i with probability Pbit K = 1 − ( 2 ) p , where p is the number of interactions with the tag. 123
  12. 12. J. Munilla et al. Proof a a Step 1: The attacker, to determine the jth bit of K i , chooses a number R2 such that R2 ( j) = 1 a (z) = 0 for all z = j ∈ [1, n]; i.e. H D(R a ) = 1. Then, the attacker computes and R2 2 a a S2 = R2 ⊕ M and sends it to the tag. a 1 Step 2: The tag recovers R2 , draws a random number R3 , and computes and sends T11 , T21 1. and T3 1 Step 3: The attacker receives T11 , T21 and T31 and computes the jth bit of R3 as follows: 1 1 R3 ( j) = T11 ( j) ⊕ M( j). If this bit is zero, R3 ( j) = 0, then the attacker repeats the p k attack from the Step 1 for different values of R3 with k = 2, 3, . . . until R3 ( j) = 1. p p When R3 ( j) = 1, the adversary checks T3 , which will have one out of two possible p p a values: T3 = C RC(0), which means that K i ( j) = 0, or T3 = C RC(R2 ), meaning that K i ( j) = 1. Thus, after p interaction the probability to know the jth bit of K i is 1 k the probability to get R3 ( j) = 1 for any k ∈ [1, p]: Pbit K = 1 − ( 2 ) p . 1 Since the average number of attempts to guess a bit of the key is 2 (E[ p] = 1/2 ), an attacker needs in average 2n interactions with the tag to recover the n bits of the key. However, as mentioned earlier, an attacker does not need to know K i to impersonate a tag. Theorem 5 In Chen and Chien’s Protocol, an active attacker who knows M (Theorem 1) and E PCi (Theorem 3) can impersonate the ith tag of the system without knowing K i . Proof Step 1: The reader queries the adversary (impersonating the tag) with a value S2 . a Step 2: The adversary computes R2 = S2 ⊕ M, and chooses a random number R3 such that a a a (R 2 ∧ R3 ) = 0. Then, the attacker computes T1 = R3 ⊕ M, T2 = (R2 ⊕ E PCi )+ R3 ) and T3 = C RC(0) and sends them to the reader. a Step 3: Upon receiving these values, the reader computes R3 and E PCi , and retrieves the a ) = 0, it means that C RC(0∧K ) = corresponding K i from the database. As (R2 ∧R3 i C RC(0) = T3 and therefore the reader will accept the tag as valid. If the attacker knows some bits of the key, then she can modify the attack by choosing a a a value for R3 such that (R2 ∧ R3 ) = 0 for all or some of those positions where she knows the values of K i , and reply to the reader with a correctly computed T3 . 4 Conclusions EPCC1G2 has become the de facto standard for low-cost RFID tags, and many authors have proposed schemes to improve its weak security. Apart from security and privacy issues, the ability to change or share ownership of these tags is also relevant. Therefore, in 2012, a new ownership transfer scheme using mobile RFIDs and conforming EPCC1G2 has been proposed by Chen and Chien. In this paper, the security of this scheme was scrutinized and we showed how an attacker is able to trace, impersonate and eventually recover all the information stored in tags with very few interactions with them. For n = 96 bits, an attacker only needs 9 queries, in average, to recover the value M. The value M is shared by every tag in the system and therefore after only nine interactions with any tag, all the system is compromised. By knowing M, the adversary is able to trace any tag of the system since she can recover its E PCi code with a simple query. Finally, once 123
  13. 13. EPCC1G2 Standard Compliant Ownership Transfer Scheme M and E PCi of a tag i are known, the adversary is able to impersonate it without resort to recover K i . However, the attacker can also recover K i by querying the tag 2n times in average. In view of the not very high security levels reached, we refrain to propose an improved version of this protocol, and we suggest to look for alternative solutions, whose security have been not questioned yet, in the quite extensive research literature for RFID security. More specifically, we can refer the reader to a EPCGen2 compliant authentication protocol [18] which could be used to authenticate the tag in a secure way, and to the references [7–9] where complete Ownership Transfer Schemes are described. Acknowledgments This work has been partially supported by Ministerio de Ciencia e Innovación (Spain) and the European FEDER Fund under project TIN2011-25452. References 1. Finkenzeller, K. (2003). RFID Handbook: Fundamentals and applications in contactless smart cards and identification (2nd ed.). London: Wiley. 2. Paret, D. (2005). RFID and contactless smart card applications. London: Wiley. 3. Zhang, Y., & Kitsos, P. (2009). Security in RFID and sensor networks. Boston, MA: Auerbach Publications. 4. Menezes, A. J., Vanstone, S. A., & Van Oorschot, P. C. (1996). Handbook of applied cryptography. Boca Raton, FL: CRC Press. 5. Molnar, D., Soppera, A., & Wagner, D. (2005). A scalable, delegatable pseudonym protocol enabling ownership transfer of RFID tags. In B. Preneel & S. Tavares (Eds.), 12th international workshop on selected areas in cryptography—SAC, Lecture Notes in Computer Science (Vol. 3897, pp. 276–290), Kingston, ON, Canada. Berlin: Springer. 6. Song. B. (2008). RFID tag ownership transfer. In Proceedings of RFIDSec, 2008. 7. Ng, C. Y., Susilo, W., Mu, Y., & Safavi-Naini, R. (2011). Practical RFID ownership transfer scheme. Journal of Computer Security, 19(2), 319–341. 8. Fernàndez-Mir, A., Trujillo-Rasua, R., Castellà-Roca, J., & Domingo-Ferrer, J. (2011). A scalable RFID authentication protocol supporting ownership transfer and controlled delegation. RFIDSec-11 (pp. 146–162). 9. Kapoor, G., & Piramuthu, S. (2012). Single RFID tag ownership transfer protocols. IEEE Transaction on System, Man, and Cybernetics, Part C, 42(2), 164–173. 10. Kapoor, G., Zho, W., & Piramuthu, S. (2011). Multi-tag and multi-owner RFID ownership transfer in supply chains. Decision Support Systems, 52, 258–270. 11. EPC Global. EPC tag data standards. http://www.epcglobalinc.orgblock. 12. ISO/IEC. Standard # 18000—RFID Air Interface Standard. http://www.hightechaid.com/standards/ 18000.htm. 13. Chen, C. L., & Chien, C. F. (2012). An ownership transfer scheme using mobile RFIDs. Wireless Personal Communications, 1–27. doi:10.1007/s11277-012-0500-2. 14. Osaka, K., Takagi, T., Yamazaki, K., & Takahashi, O. (2006). An efficient and secure RFID security method with ownership transfer. In Proceedings of the 2006 international conference on computational intelligence and security (pp. 1090–1095), Guangzhou. 15. Avoine, G. (2005). Adversary Model for Radio Frequency Identification. Swiss Federal Institute of Technology (EPFL), Security and Cryptography Laboratory (LASEC), Lausanne, Switzerland: Technical Report LASEC-REPORT. 16. Juels, A., & Weis, S. (2007). Defining strong privacy for RFID. International conference on pervasive computing and communications PerCom 2007 (pp. 342–347), New York City, NY, USA. 17. Vaudenay, S. (2007). On privacy models for RFID. In Advances in cryptology. InASIACRYPT 2007, Vol. 4833 of Lecture Notes in Computer Science (p. 6887), Kuching, Malaysia. 18. Burmester, M., & Munilla, J. (2011). Lightweight RFID authentication with forward and backward security. ACM Transactions on Information and System Security, 14(1). 123
  14. 14. J. Munilla et al. Author Biographies Jorge Munilla was born in Málaga (Spain). He is a Telecommunication Engineer and he has worked in the IT industry in roles including analysis, design and technical support. Now, he works as an Associate Professor for the Communication Engineering Department of the University of Málaga. His research interests include cryptography, security in RFID, security in VANETs and mobile communications. He completed his Ph. D. at the University of Málaga in December of 2010 with his thesis “Advances in RFID Authentication Protocols”. For the time being, he collaborates with a project which involves the investigation of the security of NFC (Near Field Communication) technology, and the potential problems which arise with its convergence with the mobile phone technology. Fuchun Guo received his B.S. and M.S. degrees from Fujian Normal University in 2005 and 2008, respectively. Now, he is a doctoral student at the School of Computer Science and Software Enginnering, University of Wollongong. His research interests include public-key cryptography and network security, in particular, cryptographic protocols and applications. Willy Susilo received a Ph.D in Computer Science from University of Wollongong, Australia. He is a Professor at the School of Computer Science and Software Enginnering and the director of Centre for Computer and Information Security Research (CCISR) at the University of Wollongong. He is currently holding the prestigious ARC Future Fellow awarded by the Australian Research Council (ARC). His main research interests include cryptography and information security. His main contribution is in the area of digital signature schemes, in particular fail-stop signature schemes and short signature schemes. He has served as a program commitee member in dozens of international conferences. He has published numerous publications in the area of digital signature schemes and encryption schemes. 123

×