A Dynamic Mutual RFID Authentication Model Preventing Unauthorized Third Party Access

586
-1

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
586
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Focus on the first five
  • Physical Uncloneable Function (PUF)
  • Ratio 10:1
  • POP: product flow with ownership-transfer.
  • Product Identifying: responses change, no tracking of EPC possible, deriving of products/customersIllegal Access: EPC not replied to every request, need current pw to initiate Tag actionEavesdropping/Sniffing: Does obtain clear PW, but requires knowledge of PUF.Tag Spoofing: impossible to simulate responses for all PRNsTag Impersonation: need knowledge about internals of tag to impersonateReader Impersonation: OTP algorithm per reader known by enterprise middlewareReplay Attacks: mainly prevented, but precise shielding possible
  • A Dynamic Mutual RFID Authentication Model Preventing Unauthorized Third Party Access

    1. 1. A Dynamic Mutual RFID Authentication Model Preventing Unauthorized Third Party Access<br />4th Int’l Conference on Network and System Security<br />1-3 Sep, 2010 - Melbourne, Australia<br />Matthieu-P. Schapranow<br />Hasso Plattner Institute<br />
    2. 2. Agenda<br />Key Facts about the Hasso Plattner Institute<br />European Pharmaceutical Supply Chain<br />Security Threats<br />Authentication Model<br />Processing Steps<br />Benchmark Setup<br />Cost Evaluation<br />Security Evaluation<br />NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010<br />2<br />
    3. 3. Key Facts about the Hasso Plattner InstituteInternals<br />Founded as a public-private partnershipin 1998 in Potsdam near Berlin, Germany<br />Institute belongs to theUniversity of Potsdam<br />Ranked 1st in CHE 2009<br />500 B.Sc. and M.Sc. students<br />10 professors, 92 PhD students<br />Course of study: IT Systems Engineering <br />NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010<br />3<br />
    4. 4. Key Facts about the Hasso Plattner Institute Research Group Hasso Plattner / Alexander Zeier<br />Research focus: real customer data for enterprisesoftware and design of complex applications<br />In-Memory Data Management for Enterprise Applications <br />Human-Centered Software Design and Engineering <br />Maintenance and Evolution of SOA Systems <br />Integration of RFID Technology in Enterprise Platforms <br />Cooperations<br />Academic: Stanford, MIT, etc.<br />Industry: SAP, Siemens, Audi, etc.<br />NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010<br />4<br />
    5. 5. Key Facts about the Hasso Plattner InstituteWhat can we do for you?<br />Network between industry andacademia,e.g. European section of the <br />Curriculum<br />RFID seminars for graduate / undergraduate students<br />Trends & concepts lecture (Prof. Hasso Plattner)<br />Enterprise Application Architecture Laboratory<br />Enterprise software, e.g. SAP, Microsoft, etc.<br />Equipped RFID Lab, e.g. deister electronic, noFilis, etc.<br />Concrete sizing and simulation of customer supply chains<br />NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010<br />5<br />
    6. 6. European Pharma Supply ChainManufacturing<br />NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010<br />6<br />
    7. 7. European Pharma Supply ChainCounterfeits<br />NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010<br />7<br />
    8. 8. European Pharma Supply ChainBusiness-level Security<br />NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010<br />8<br />
    9. 9. European Pharma Supply ChainBusiness-level Security<br />NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010<br />9<br />
    10. 10. European Pharma Supply ChainRoles<br />Main Roles<br />Manufacturers: ~2.2k<br />Wholesalers: ~50k<br />Retailers: ~140k<br />Other Roles<br />Logistics Providers<br />End Consumers<br />NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010<br />10<br />
    11. 11. European Pharma Supply ChainData Sizing Assumptions<br />~15 billion pharmaceuticals on prescription per year<br />~9 events per unique item<br />1 x manufacturer (create + ship)<br />2 x wholesaler (receive + ship) <br />1 x retailer (receive + sell)<br />1 x end consumer (check)<br />Assuming 364 days production results in ~4,300 events/second within the European supply chain<br />NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010<br />11<br />
    12. 12. Security Threats<br />Product Identification: Trace of<br />Pharmaceuticals or<br />Customers, and vice versa<br />Illegal Access: manipulate valid EPC, KILL, etc.<br />Eavesdropping/Sniffing:<br />Get EPC of similar products,<br />Derive product class<br />Tag Spoofing: behave like a tag of an authentic pharmaceutical<br />Tag Impersonation: simulate responses of an existing tag <br />Reader Impersonation: simulate responses of an existing reader<br />Replay Attacks: re-use data from former communication, e.g. KILL<br />NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010<br />12<br />
    13. 13. Authentication ModelProcessing Steps<br />Distributor Middleware<br />Separates current company and manufacturer<br />Detects faked tags<br />Enterprise Middleware<br />Stores details about all issued EPCs<br />Contains details about tag-specific PUF<br />NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010<br />13<br />
    14. 14. Authentication ModelBenchmark Setup<br />NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010<br />14<br /><ul><li>Java Prototype for distributor and enterprise middleware
    15. 15. Based on SAP’s In-Memory Database
    16. 16. 2 Intel E5450, 4 cores, 3GHz, 6MB L2 cache, 8 x 4GB RAM</li></li></ul><li>Authentication ModelCost Evaluation<br />On-tag requirements for our protocol<br />42 bit read-only (RO) storage<br />18 bit EP_ID, i.e. 262,141 enterprises<br />24 bit T_ID, i.e. 16,777,216 activated tags each<br />30 bit readable and writable (RW) storage for OTP<br />H-Present-128 as hash function (4,256 GEs)<br />Other Protocols, e.g. Product-flow with Ownership-transfer Protocol (POP): up to 512 bit of RW tag storage <br />NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010<br />15<br />
    17. 17. Authentication ModelCost Evaluation (cont’d)<br />Protocol overhead compared to existing RFID communication<br />To Tag:<br />Step 1: 30 bit PRN<br />Step 9: 30 bit h(PW) + 20 bit PW* <br />To Reader: 18 bit EP_ID + 24 bit T_ID + 30 bit h(PW)<br />Sum: 152 bit<br />Other Protocols, e.g. POP: 288 bit per authentication <br />NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010<br />16<br />
    18. 18. Authentication ModelSecurity Evaluation<br />NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010<br />17<br />
    19. 19. Thank you for your interest!Keep in contact with us.<br />Responsible: Deputy Prof. of Prof. Hasso PlattnerDr. Alexander Zeierzeier@hpi.uni-potsdam.de<br />Matthieu-P. Schapranow, M.Sc.<br />matthieu.schapranow@hpi.uni-potsdam.de<br />Hasso Plattner InstituteEnterprise Platform & Integration ConceptsMatthieu-P. SchapranowAugust-Bebel-Str. 8814482 Potsdam, Germany<br />NSS10, A Dynamic Mutual RFID Authentication Model, Schapranow, Sep 1, 2010<br />18<br />

    ×