RFID Security and Privacy Presented by: Shahryar Ali
Contents.. Introduction Introduction Problem identification Problem identification Research methodology Research methodology Pros and cons Pros and cons Conclusion Conclusion
Introduction.. RFID Tag RFID Reader . RFID is an electronic identification technique. Used to identify any kind of object through radio frequency.
Tag contains a unique identification number or code. Two types of tags: – Active tags – Passive tags
RFID reader.. Purpose of the Reader is to identify the EPC-number of the tag. Reading of tag depends on the operating frequency. Methods of transferring power to the tag: – Magnetic induction – Electromagnetic wave capture. Power is typically between 10 microwatt and 1 miliwatt.
Problem Identification.. RFID can be used for human tracking. Shopkeepers can trace customers. Procter and gamble has been caught spying on its customers. Gillette has hidden RFID tags in shaving products. Tag’s in people’s home will be read by a passing car.
RFID Security and Privacy By Charalampos Zois University of Amsterdam May 2007 Computer cryptographers and programmers have proposed many countermeasures against these dangers. Main challenge is to provide significant improvement in privacy without raising cost.
Kill RFID Tag.. If you don’t want RFID Tag, then physically disable it. Once you remove it, you can never re-activate it.Faraday Cages .. Faraday cage is a type of foil or metal. It is resistant to some radio frequencies. We cannot place every product in a faraday cage.
Cryptographic approaches.. Tags interact with reader by public-key protocol. Strong public key is too heavy-weight for the tagsClipped tags… Separate the RFID code area from the antenna. Customer gets the visual evidence of deactivation. Tag reactivates through some electromechnical means.
Hash based access control..Randomized hash based access control.. Generate a random number on tag instead of a fixed number. Increases the complexity of RFID tags
Blocker Tags.. Blocker tag breaks the communication between the reader and itself. Tree-walking singulation algorithm is used. Economical and easy to implement.Silent Tree Walking... Strong eavesdropper can listen into the signal. We dont broadcast each and every bit of an RFID tag in the process of tree walking.
Tag Identification algorithm.. Matrix multiplication. Both reader and tag use two matrices of same size. X=k.M1Privacy through Trusted Computing… Use of trusted reader: – Reader core – Policy engine – Consumer agent
The RFID Guardian.. Device which controls the communication between RFID reader and tags. Portable and battery inside it. Complete privacy: – Auditing – Key management – Access control – Authentication
RFID Jamming Guido R. Kok• Harmful to the ones privacy and personal space• How to avoid unnecessary detection and information querying
Techniques to prevent Privacy..• Radio Jamming• The blocker tag• Selective blocker tag• Selective RFID jamming
Radio Jamming..• Signal of high power and of same frequency is generated.• Mobile jamming device is required.• All communication at that frequency is blocked.Blocker tag..• Simultaneous query of multiple tags can block the RF reader.• Use of walking tree protocol.
Walking Tree Protocol..• Tag database is saved in a Binary Tree.• Bit by bit enquiry of EPC is done.• In case of collision the “Left Search 1st technique ” is applied.• At each point when the RF reader asks for the next bit. Both ‘1’ and ‘0’ are sent.• So 2^96 collision, it will block the reader easily.
Selective Blocker Tag..• Only certain tags or group of tags are blocked
Selective RFID jamming..• The jamming signal is used to block the unwanted queries.• But only the unauthenticated requests are blocked.• The jammer used is a bit smarter and looks into the ACL for authentication.Access control list..• Holds information about the RF readers, that which particular one is authorized.
Pros and Cons..RFID security and privacy:Pros: More than 12 methods of privacy prevention. Cryptographic techniques are also explained.Cons: Laws and regulations under which RFID systems work are not explained. Blocker tag method is not explained in detail.
RFID Jamming:Pros: Drawbacks of each technique are explained.Cons: Laws and regulation regarding the use of RFID are not mentioned. Cryptographic Techniques are not mentioned.
Conclusion:Which is the best method to improve security andprivacy?We think, it is RFID Guardian.But..• Blocker tag is the most practical solution.• it’s economical and suitable for existing RFID market in the world.