- 1 - rfid security and privacy: a research survey ari juels rsa laboratories ieee journal on...
TRANSCRIPT
- 1 -
RFID Security and Privacy:A Research Survey
Ari JuelsRSA Laboratories
IEEEJournal on Selected Areas in Communication (J-SAC) in 2006
Taesung Kim2008.10.28
- 2 -
Contents
• RFID Overview– Tags, Readers, and Applications– Tag Singulation
• Security & Privacy Threats• Proposed Solutions
- 3 -
RFID Overview
3
Tags (transponders)Attached to objects, “call out” identifying dataon a special radio frequency
02.3DFEX4.78AF51
EasyToll card #816
Reader (transceiver)Reads data off the tagswithout direct contact
Radio signal (contactless)Range: from 3-5 inches to 3 yards
DatabaseMatches tag IDs tophysical objects
- 4 -
Tag Types
• Passive:– All power comes from a reader’s signal– Tags are inactive unless a reader activates them– Cheaper and smaller, but shorter range
• Semi-passive– On-board battery, but cannot initiate communication– Can serve as sensors, collect information from environment: for exam-
ple, “smart dust” for military applications• Active:
– On-board battery power– Can record sensor readings or perform calculations in the absence of a
reader– Longer read range
LF HF UHF
Freq. Range 125 - 134KHz 13.56 MHz 866 - 915MHz
Read Range 10 cm 1M 2-7 M
Application Smart Cards, Ticketing, animal tagging,Access Control
Small item management, supply chain,Anti-theft, library, transportation
Transportation vehicle ID, Access/Security, large item management, supply chain
- 5 -
Applications
• Supply-chain management– logistics, inventory control, retail check-out
• Payment systems– ExxonMobil SpeedPass– I-Pass/EZ-Pass toll systems– Credit Cards
• Access Control– Passports
• Library books• Animal Tracking
- 6 -
Security Challenge
• Low cost RFID tags have very limited re-sources– Typically have only 500-5,000 gates– May have up to a few hundred bits of storage– Tags cannot perform complex computations
• Most tags simply emit a static identifier when prompted
• Tags do not have the resources to allow for public-key or symmetric-key encryption systems
• EPC tags: $0.05, 250 – 1000 gates• AES requires 20,000 – 30,000 gates
- 7 -
Consumer Privacy Problem
- 8 -
Threats
• Tracking– Unauthorized use of a tag’s ID in order to gain informa-
tion about the location of a person or object– In a retail environment, a user can be associated with an
item at purchase time• Cloning/Replay
– Tags that emit static identifiers are very vulnerable– A thief could replace/rewrite a tag on an expensive item
• Denial-of-service– Conflicting RF signals can prevent legitimate tag com-
munication• Physical attacks
– Probing a tag to determine private data
- 9 -
RFID Security Research
Blocking approachPractical approach
Cryptographic protocolapproach
“kill”“sleep/wake”Faraday CageActive JammingRe-labelling
Clipped TagMinimalistProxy model
Blocker TagHash-LockRandomized Hash-Lock
OSK modelMW modelHM modelLK model
Human authenticationapproach
HB and HB+ protocolHB++(first attempt) and HB++ protocolHB++ protocol by S. PiramuthuHB#
- Watchdog Tag- RFID Guardian- RFID Enhancer
- 10 -
“kill” 기법과 “ sleep/wake” 기법
• “kill” and “sleep/wake” approach– “kill”
• Stop tag’s operation• Throw up the convenience of RFID system
– “sleep/wake”• Stop tag’s operation• Reused through wake command
- 11 -
Re-Labelling 기법
• Inoue and Yarsuura’s approach– Splitting product-type identifiers and unique identifiers
across two RFID tags• Karjoth & Moskowiz’s approach
- 12 -
Minimalist 기법
……
가명 5
가명
4가
명 3
가명 2가명 1
가명
nrequest request
response 가명 8 response 가명 2
가명 2
ID = 가명 8
……
가명 5
가명
4가
명 3
가명 2가명 1
가명
nrequest request
response 가명 n response 가명 5
? ? ? ? ?
가명 5<Tag 에 대한 첫 번째 request>
<Tag 에 대한 두 번째 request>
- 13 -
Blocker Tag 기법
- 14 -
Hash-Lock 기법
• Hash-Lock approach– Step 1 : Lock
ReaderTag DatabaseID
Select randomkey K and operate
Hash Function metaID = HK(ID)metaID
State of the tagchanges to
Lock
Tag
metaID, KStores metaIDand key K setto identify tags
(metaID1, K1)(metaID2, K2)
…(metaIDn, Kn)
- 15 -
Hash-Lock 기법
• Hash-Lock approach– Step 2 : Unlock
ReaderTag Databasequery
metaIDTag state : Lock(metaID)
Tag
metaID
(metaID1, K1)(metaID2, K2)
…(metaIDn, Kn)
Finds key, ID set
by metaID
Key, IDKey
IDTag state : Unlock(ID)
Give pure informationof this tag
- 16 -
RFID Guardian
• Scan logging : 인접 리더의 쿼리에 대한 감시• Tag logging : 태그의 ownership 제공 및 새로운
태그의 출현 감지• Tag-reader mediation
– Selective jamming
• Context-awareness – 시간 / 장소에 따라 알맞은 context 로 갱신
- 17 -
Thank you!