Published on

Published in: Business, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. Privacy and Security in Library RFID Issues, Practices, and Architectures Presented by: Bin Ni Matthew Baker University of South Carolina
  2. 2. News <ul><li>Wal-mart asks the top 100 suppliers to provide RFID tag by the 01/01/2005 </li></ul><ul><li>DHL starts developing a global IT infrastructure to let it use RFID tags to track more than a billion packages a year by 2015. </li></ul><ul><li>State-Department decides to imbed radio frequency into passport. </li></ul>
  3. 3. Here’s Mr. Jones in 2020… 1500 Euros in wallet Serial numbers: 597387,389473… Wig model #4456 (cheap polyester) 30 items of lingerie Das Kapital and Communist-party handbook Replacement hip medical part #459382
  4. 4. Outline <ul><li>Introduction of RFID </li></ul><ul><li>Library RFID issue </li></ul><ul><li>Several serious vulnerabilities </li></ul><ul><li>New architectures without compromising privacy </li></ul><ul><li>Conclusion </li></ul>
  5. 5. RFID (1/3) <ul><li>What is Automatic Identification </li></ul><ul><li>- a host of technologies that help machines identify objects </li></ul><ul><li>- coupled with automatic data capture </li></ul><ul><li>- increase efficiency, reduce data entry errors, and free up staff </li></ul><ul><li>What is RFID </li></ul><ul><li>- R adio F requency Id entification </li></ul><ul><li>- technologies using radio wave to automatically identify objects </li></ul><ul><li>How does an RFID system work </li></ul><ul><li>- a tag : made up of a microchip with an antenna </li></ul><ul><li>- reader : sends waves </li></ul>
  6. 7. RFID (2/3) <ul><li>History of RFID </li></ul><ul><li>- in the war time : used with radar in War II </li></ul><ul><li>- recent days : warehouse ,library , tracking pets and so on </li></ul><ul><li>The type of tags </li></ul><ul><li>- active tags : have a battery to run the circuitry and broadcast </li></ul><ul><li>- passive tags : have no power ,draw power from the reader </li></ul><ul><li>Collision </li></ul><ul><li>- reader collision :signal from one reader can interfere other </li></ul><ul><li>- tag collision : more than one chip reflects back a signal </li></ul>
  7. 8. RFID (3/3) <ul><li>RFID Benefits Vs. Barcode </li></ul><ul><li>- No line-of-sight requirement </li></ul><ul><li>- The tag can stand a harsh environment. </li></ul><ul><li>- Long read range </li></ul><ul><li>Some restrictions </li></ul><ul><li>- Tag is powered only when within range of a reader </li></ul><ul><li>- RFID has few gates, many of these are taken up by logic required for basic operation, no physical security </li></ul><ul><li>Even a half cent of tag difference matters </li></ul>
  8. 9. <ul><li>Summary of current RFID types </li></ul>
  9. 10. Why RFID <ul><li>Read/Write </li></ul><ul><li>- Ability to add information directly to tags enables each unique asset to carry its own unique history </li></ul><ul><li>Non-contact Reads </li></ul><ul><li>- Ability to read tags at a distance, under a variety of environmental conditions, without physical manipulation of the asset </li></ul><ul><li>Fast Read </li></ul><ul><li>- Ability to simultaneously read large numbers (1000-1750 tags/sec) of items </li></ul><ul><li>Automation </li></ul><ul><li>- Requires less human intervention </li></ul><ul><li>Authenticity </li></ul><ul><li>- Each RFID chip is unique and can not be replicated </li></ul>
  10. 11. Library RFID issue <ul><li>Library RFID applications may be the first major deployment of item-level tagging. </li></ul><ul><li>- University of Nevada, Las Vegas Library and so on </li></ul><ul><li>- In Taiwan ,first library without staff </li></ul><ul><li>A plan to install radio frequency identification tags in items at the San Francisco Public Library (SFPL) has been rejected. </li></ul>
  11. 12. Library RFID issue <ul><li>RFID tags used in libraries operate on the 13.56 MHz </li></ul><ul><li>Companies </li></ul><ul><li>- Checkpoint and TAGSYS make proprietary tags </li></ul><ul><li>- integrator: 3M, TechLogic, VTLS </li></ul><ul><li>standards for RFID </li></ul><ul><li>- ISO 15693 </li></ul><ul><li>- ISO 18000-3: Mode 1 Mode 2 </li></ul><ul><li>- EPCglobal :supply chain not for libary </li></ul>
  12. 13. Current Library RFID Arch. <ul><li>Libraries make use of a bibliographic database to track circulation information about items in a collection </li></ul><ul><li>Extra information on the tag, such as shelf location, last checked out date, author, and title </li></ul><ul><li>Check-in and check-out </li></ul>
  13. 14. Current Library RFID Arch. <ul><li>RFID tag also acts as a security device. </li></ul><ul><li>Exit sensors are placed at the exit of a library, just as the magnetic strip anti-theft devices. </li></ul><ul><li>Security check is achieved in two ways </li></ul><ul><li>- Store the status on the tag </li></ul><ul><li>- Reader query the database for status, which introduces latency </li></ul>
  14. 15. Attacks <ul><li>Static tag data and no access control </li></ul><ul><li>- identifier will never changes throughout the lifetime </li></ul><ul><li>Collision-avoidance IDs </li></ul><ul><li>- Many tags use a globally unique and static collision ID </li></ul><ul><li>Write locks, race conditions and security bit denial of service </li></ul><ul><li>- Some methods must be used to prevent adversaries form writing to the tag </li></ul><ul><li>Tag password management </li></ul>
  15. 16. <ul><li>Summary of attacks </li></ul>
  16. 17. Static tag data and no access control <ul><li>The adversary may determine which library owns the book and infer the origin of the person carrying the book </li></ul><ul><li>Any static identifier can be used both to track and hotlist books </li></ul><ul><li>Tags can be read without access control at two library deployment of RFID. </li></ul>
  17. 18. Collision-avoidance IDs <ul><li>ISO 18000-3 MODE 1 tags </li></ul><ul><li>- a globally unique,64-bit “MFR Tag ID” </li></ul><ul><li>- operate in two modes: slotted or non-slotted </li></ul><ul><li>ISO 18000-3 MODE 2 tags </li></ul><ul><li>- a 32-bit LFST is used </li></ul><ul><li>- a weak PRNG is used ,tags can be identified </li></ul><ul><li>EPC 915 MHz tags </li></ul><ul><li>- three different modes ,controlled by the reader </li></ul><ul><li>- no authentication, reader can simply ask the tag to use EPC ID </li></ul>
  18. 19. Write locks, race conditions and security bit denial of service <ul><li>In deployment with rewritable tags, writing to the tag must be prevented. </li></ul><ul><li>- erasing tag data </li></ul><ul><li>- switching two books’ RFID data </li></ul><ul><li>- changing the security status of tags </li></ul><ul><li>Several current specifications have write protection architectures that are problematic in the library application. </li></ul>
  19. 20. Write locks, race conditions and security bit denial of service <ul><li>EPC 13.56 MHz, ISO 18000-3 MODE 1, </li></ul><ul><li>- “write” and a “lock” command, but no “unlock” command </li></ul><ul><li>- Write command is not protect by password </li></ul><ul><li>- Consistent with the supply chain, no need to rewrite </li></ul><ul><li>Once locked, memory can’t be unlocked </li></ul><ul><li>- security bit needs to be unlocked when check in and check out </li></ul><ul><li>- adversary can change the security bit and lock the memory </li></ul><ul><li>- irrevocable locking security bit denial of service </li></ul>
  20. 21. Write locks, race conditions and security bit denial of service <ul><li>There exists unlocked memory on the tag </li></ul><ul><li>- an adversary can write its own globally unique identifier and track tags based on this ID </li></ul><ul><li>- RE-DUMP software makes this a one-click operation </li></ul><ul><li>In real library deployment with ISO 15693 </li></ul><ul><li>- None of the tag data blocks were locked </li></ul><ul><li>- Tag blocks could be locked irrevocably on these tags, enabling security bit denial of service </li></ul>
  21. 22. Tag password management <ul><li>Do not seem to use read passwords, but write passwords are employed </li></ul><ul><li>If a single password is used, a compromise of any tag compromises the entire system </li></ul><ul><li>If different passwords per tag are used, then the reader must determine which password should be used for which tag. </li></ul>
  22. 23. Private RFID Architectures <ul><li>Tags can be uniquely identified by their collision avoidance behavior </li></ul><ul><li>Impossible to build privacy-preserving protocol with current tag architecture </li></ul><ul><li>Solution: Tags with Private RFID Architectures </li></ul>
  23. 24. Random Transaction ID’s <ul><li>On checkout: reader picks random number r </li></ul><ul><li>Reader pairs random number with tag ID D, stores <r, D> internally and writes r to tag </li></ul><ul><li>On check-in: reader reads r, writes D back to tag </li></ul><ul><li>Keeps tag ID secret </li></ul>
  24. 25. Persistent State <ul><li>s - Secret password, cmd - Command to execute, r - Random nonce </li></ul>
  25. 26. Private Authentication <ul><li>Motivation / Previous Work </li></ul><ul><li>PRF Authentication Scheme </li></ul><ul><li>Tree-Based Private Authentication </li></ul><ul><li>Two-phase Tree Scheme </li></ul>
  26. 27. Motivation and Previous Work <ul><li>How to share secret auth. key without revealing identities to adversary? </li></ul><ul><li>Issue in RFID’s because of need for collision avoidance </li></ul><ul><li>Private: unable to distinguish tags with different secret keys </li></ul><ul><li>Secure: tag or reader only accept if sender knows secret key </li></ul>
  27. 28. Motivation / Previous Work (cont.) <ul><li>Weis et al. suggest randomized hash lock protocol </li></ul><ul><li>Tags given secret key and unique ID </li></ul><ul><li>Reader has DB storing these values </li></ul><ul><li>Tag sends message (r,f s (r) XOR ID) </li></ul><ul><li>Reader finds <s,ID> unique pair, authenticates by sending back tag’s ID </li></ul>
  28. 29. Basic PRF Private Auth. Scheme
  29. 30. Tree-based Authentication <ul><li>Tags as leaves in balanced tree (not necessarily binary) </li></ul><ul><li>Tag stores lg n secrets corresponding to path from root to tag </li></ul><ul><li>Reader must authenticate to tag on every node in path to tag’s leaf </li></ul><ul><li>If reader fails on any level in path, tag rejects communication </li></ul>
  30. 31. Two-Phase Tree Scheme <ul><li>1 st Phase: Run tree scheme using previous design with a limited number of levels </li></ul><ul><li>Trade off branching factor of tree and size of key parameter to balance security and misidentification </li></ul><ul><li>2 nd Phase: Once tag is identified in first tree, must authenticate using second tree </li></ul>
  31. 32. Related Work <ul><li>Weis et al. look at security assuming passive listener can hear reader to tag channel, but not tag to reader </li></ul><ul><li>Also focus on hash lock protocols </li></ul><ul><li>Abadi and Fournet address private authentication using public-key cypto. </li></ul><ul><li>O, S, and K propose hash chaining for changing RFID identities </li></ul>
  32. 33. Related Work (cont) <ul><li>Ohkubo et al. suggest tags with periodically rewritten random numbers </li></ul><ul><li>Juels suggest one-time authenticators for RFID tags on check-in / check-out </li></ul><ul><li>Multiple papers on increasing library RFID’s </li></ul>
  33. 34. Conclusion <ul><li>Current RFID tags do not prevent unauthorized reading of tags </li></ul><ul><li>Static identifiers allow for hotlisting and tracking </li></ul><ul><li>Because of collision avoidance, true security with RFID tags seems impossible </li></ul><ul><li>… Does anyone who matters really care? </li></ul>