1 department of computer science university of virginia new directions in reliability, security and...
TRANSCRIPT
![Page 1: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/1.jpg)
1
Department of Computer Science
University of Virginia
New Directions in Reliability, Security and Privacy
in Radio Frequency Identification Systems
Leonid Bolotnyy
[email protected] www.cs.virginia.edu/~lb9xk
Gabriel Robins
[email protected] www.cs.virginia.edu/robins
![Page 2: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/2.jpg)
2
Talk Outline• Introduction to RFID
• Reliable Object Identification– Multi-Tag RFID Systems
• Physical Security and Privacy– PUF-Based Algorithms
• Inter-Tag Communication– Generalized Yoking-Proofs
• Common Themes and Conclusion
![Page 3: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/3.jpg)
3
Talk Outline• Introduction to RFID
• Reliable Object Identification– Multi-Tag RFID Systems
• Physical Security and Privacy– PUF-Based Algorithms
• Inter-Tag Communication– Generalized Yoking-Proofs
• Common Themes and Conclusion
![Page 4: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/4.jpg)
4
General RFID System
Tag IDTag ID
TagsReader
Local Server
![Page 5: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/5.jpg)
5
Introduction to RFID
passive semi-passive active
• Tags types:
• Frequencies: Low (125KHz), High (13.56MHz), UHF (915MHz)
• Coupling methods:
readerantenna
signal signal
Inductive coupling Backscatter coupling
![Page 6: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/6.jpg)
6
RFID History
1935 1973
1999
199920042006
1960
What’s next?
![Page 7: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/7.jpg)
7
Talk Outline• Introduction to RFID
• Reliable Object Identification– Multi-tag RFID Systems
• Physical Security and Privacy– PUF-Based Algorithms
• Inter-Tag Communication– Generalized Yoking-Proofs
• Common Themes and Conclusion
![Page 8: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/8.jpg)
8
Obstacles of Reliable Identification
• Bar-codes vs. RFID– line-of-sight– scanning rate
• Object detection obstacles– radio noise is ubiquitous– liquids and metals are opaque to RF
• milk, water, juice• metal-foil wrappers
– temperature and humidity– objects/readers moving speed– object occlusion– number of objects grouped together– tag variability and receptivity– tag aging
![Page 9: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/9.jpg)
9
Case Studies
• Defense Logistics Agency trials (2001)– 3% of moving objects did not reach destination– 20% of tags recorded at every checkpoint– 2% of a tag type detected at 1 checkpoint– some tags registered on arrival but not departure
• Wal-Mart experiments (2005)– 90% tag detection at case level– 95% detection on conveyor belts– 66% detection inside fully loaded pallets
![Page 10: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/10.jpg)
10
Multi-Tag RFID
Use Multiple tags per object to increase reliability of object detection/identification
![Page 11: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/11.jpg)
11
The Power of an Angle• Inductive coupling: distance ~ (power)1/6
• Far-field propagation: distance ~ (power)1/2
61.86
47.98
58.11
32.7
30
35
40
45
50
55
60
65
1 2 3 4# of Tags
Exp
ecte
d a
ng
le (
Deg
rees
)
22
1 20 0
180 1[ , ]sin( )
2
Max d d
22
0 0
180 1( )sin( )
2 2
d d
• Optimal Tag Placement:
1
4
32
B-field
β
power ~ sin2(β)
![Page 12: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/12.jpg)
12
Equipment and Setup
• Setup– empty room– 20 solid non-metallic & 20 metallic and liquid objects– tags positioned perpendicular to each other– tags spaced apart– software drivers
• Equipment
x1
x1x8
x4
x100’s x100’s
![Page 13: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/13.jpg)
13
Experiments• Read all tags in reader’s field• Randomly shuffle objects• Compute average detection rates
• Variables– reader type– antenna type– tag type– antenna power– object type– number of objects– number of tags per object– tags’ orientation– tags’ receptivity
![Page 14: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/14.jpg)
14
Linear Antennas
Antenna Pair #1, Power = 31.6dBm
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
Object Number
Det
ecti
on
Pro
bab
ilit
y
1Tag: 58%
2Tags: 79%
3Tags: 89%
4Tags: 93%
![Page 15: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/15.jpg)
15
Circular Antennas
Antenna Pair #1, Power = 31.6dBm
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
Object Number
Det
ecti
on
Pro
bab
ilit
y
1Tag: 75%
2Tags: 94% 3Tags: 98%
4Tags: 100%
![Page 16: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/16.jpg)
16
Linear Antennas vs. Multi-tags
Power = 31.6dBm
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
Object Number
De
tec
tio
n P
rob
ab
ilit
y
1 Reader, 1 Tag 58.0%
2 Readers, 1 Tag 64.9%
1 Reader, 2 Tags 79.3%
2 Readers, 2 Tags 84.5%
Δ=21.3%
Δ=19.8%Δ= 5.2%
Δ=14.4%
Δ= 6.9%
![Page 17: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/17.jpg)
17
Importance of Tag Orientation
1 Tag 2 Tags 1 Tag 2 Tags180-same 0.55 0.37180-diff 0.74 0.5290-same 0.67 0.5290-diff 0.80 0.63
Circular Linear
0.47 0.3321%
-7%12%25%
![Page 18: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/18.jpg)
18
Detection in Presence of Metals & Liquids
Power=31.6dBm, No Liquids/Metals Power=31.6dBm, With Liquids/Metals
Power=27.6dBm, No Liquids/Metals Power=27.6dBm, With Liquids/Metals
Circular Antenna
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
1 2 3 4
Number of Tags
Det
ecti
on
Pro
bab
ilit
y
• Decrease in solid/non-liquid object detection• Significant at low power• Similar results for linear antennas
![Page 19: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/19.jpg)
19
Varying Number of Objects
Experiment 1: 15 solid non-metallic & 15 liquids and metals
Experiment 2: 20 solid non-metallic & 20 liquids and metals
Effect of the Number of Objects on Detection Probability
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1 Tag 2 Tags 3 Tags 1 Tag 2 Tags 3 Tags 1 Tag 2 Tags 3 Tags 1 Tag 2 Tags 3 Tags
1 Antenna 2 Antennas 3 Antennas 4 Antennas
Det
ecti
on
Pro
bab
ilit
y
15/15 experiment
20/20 experiment
15/15 experiment
20/20 experiment
Metals & Liquids∆ : 3%-13%
![Page 20: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/20.jpg)
20
Applications of Multi-TagsReliability Availability
Safety
Localization
![Page 21: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/21.jpg)
21
More Applications
Tagging Bulk MaterialsPackaging
Theft PreventionSecurity
![Page 22: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/22.jpg)
22
Economics of Multi-TagsPassive Tag Cost Trend
$0.00$0.20$0.40$0.60$0.80$1.00
2001 2002 2003 2004 2005 2006 2007 2008 2011
Year
Ta
g C
os
t
Historical Cost Prediction Cost
2001 $1.042002 $0.812003 $0.452004 $0.192005 $0.132006 $0.082007 $0.062008 $0.052011 $0.01
Year Cost
• Rapid decrease in passive tag cost• 5 cent tag expected in 2008• 1 penny tag in a few years
![Page 23: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/23.jpg)
23
Cost Trends
Time
![Page 24: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/24.jpg)
24
Multi-Tag Conclusion• Unreliability of object detection
– radio noise is ubiquitous– liquids and metals are opaque to RF
• milk, water, juice• metal-foil wrappers
– temperature and humidity– objects/readers moving speed– object occlusion– number of objects grouped together– tag variability and receptivity– tag aging
• Many useful applications
• Favorable economics$0.00
$0.20
$0.40
$0.60
$0.80
$1.00
2001 2002 2003 2004 2005 2006 2007 2008 2011
Historical Cost Prediction Cost
![Page 25: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/25.jpg)
25
Talk Outline• Introduction to RFID
• Reliable Object Identification– Multi-tag RFID Systems
• Physical Security and Privacy– PUF-Based Algorithms
• Inter-Tag Communication– Generalized Yoking-Proofs
• Common Themes and Conclusion
![Page 26: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/26.jpg)
26
Motivation• Digital crypto implementations require 1000’s of gates
• Low-cost alternatives– Pseudonyms / one-time pads– Low complexity / power hash function designs– Hardware-based solutions
MD4
7350
MD5
8400
SHA-256
10868
Yuksel
1701
AES
3400
algorithm
# of gates
![Page 27: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/27.jpg)
27
PUF-Based Security
• Physical Unclonable Function [Gassend et al 2002]• PUF security is based on
– wire delays– gate delays– quantum mechanical fluctuations
• PUF characteristics– uniqueness– reliability– unpredictability
• PUF assumptions– Infeasible to accurately model PUF– Pair-wise PUF output-collision probability is constant– Physical tampering will modify PUF
![Page 28: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/28.jpg)
28
Individual Privacy in RFID
• Privacy
A B C
Alice was here: A, B, C
privacy
![Page 29: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/29.jpg)
29
Hardware Tampering Privacy Models
1. Restrict memory tampering functions- allow bit flips
read-proof
tamper-proof
Allow adversary to tamper with tag’s memory
3. Detect privacy compromise - detect PUF modification
2. Purely physical privacy - no digital secrets
Cannot provide privacy without restricting adversary - simple secret overwrite allows tag tracking
![Page 30: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/30.jpg)
30
Private Identification Algorithm
• Assumptions– no denial of service attacks (e.g., passive adversaries, DoS
detection/prevention mechanisms)– physical compromise of tags not possible
• It is important to have – a reliable PUF– no loops in PUF chains– no identical PUF outputs
ID
Requestp(ID)
ID
Database
ID1, p(ID1), p2(ID1), …, pk(ID1)
...IDn, pn(IDn), pn
2(IDn), …, pnk(IDn)
![Page 31: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/31.jpg)
31
PUF-Based Ownership Transfer
• Ownership Transfer
• To maintain privacy we need– ownership privacy– forward privacy
• Physical security is especially important
• Solutions– public key cryptography (expensive)– knowledge of owners sequence– short period of privacy– trusted authority
![Page 32: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/32.jpg)
32
PUF-Based MAC Algorithms
• MAC based on PUF– Motivation: “yoking-proofs”, signing sensor data– large keys (PUF is the key)– cannot support arbitrary messages
• MAC = (K, τ, υ)
K
K
• valid signature σ : υ (M, σ) = 1
• forged signature σ’ : υ (M’, σ’) = 1, M = M’
• Assumptions– adversary can adaptively learn poly-many (m, σ) pairs– signature verifiers are off-line– tag can store a counter (to timestamp signatures)
![Page 33: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/33.jpg)
33
Large Message Space
σ (m) = c, r1, ..., rn, pc(r1, m), ..., pc(rn, m)
Assumption: tag can generate good random numbers (can be PUF-based)
Signature verification• requires tag’s presence• password-based or in radio-protected environment (Faraday Cage)• learn pc(ri, m), 1 ≤ i ≤ n• verify that the desired fraction of PUF computations is correct
To protect against hardware tampering• authenticate tag before MAC verification• store verification password underneath PUF
Key: PUF
![Page 34: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/34.jpg)
34
Small Message SpaceAssumption: small and known a priori message space
Key[p, mi, c] = c, pc(1)(mi), ..., pc
(n) (mi)
PUFmessage
counter
σ(m) = c, pc(1)(m), ..., pc
(n) (m),
..., c+q-1, pc+q-1
(1)(m), pc+q-1(n)(m)
sub-signature
Verify that the desired number of sub-signatures are valid
PUF reliability is again crucial
![Page 35: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/35.jpg)
35
Attacks on MAC Protocolsoriginal clone
• Impersonation attacks– manufacture an identical tag– obtain (steal) existing PUFs
• Hardware-tampering attacks– physically probe wires to learn the PUF– physically read-off/alter keys/passwords
• Side-channel attacks– algorithm timing– power consumption
• Modeling attacks– build a PUF model to predict PUF’s outputs
![Page 36: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/36.jpg)
36
Conclusions and Future Work
Hardware primitive for RFID security
Identification, MAC, Ownership Transfer, and Tag Authentication Algorithms
• Properties:– Physical keys– Protect tags from physical attacks– New attack models
• Future Work:– Design new PUF– Manufacture and test PUF– Develop PUF theory– New attack models
![Page 37: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/37.jpg)
37
Talk Outline• Introduction to RFID
• Reliable Object Identification– Multi-tag RFID Systems
• Physical Security and Privacy– PUF-Based Algorithms
• Inter-Tag Communication– Generalized Yoking-Proofs
• Common Themes and Conclusion
![Page 38: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/38.jpg)
38
Inter-Tag Communication in RFID
• Idea: Heterogeneity in ubiquitous computing
• Applications:
![Page 39: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/39.jpg)
39
“Yoking-Proofs”
• Applications – verify that:– medicine bottle sold together with instructions– tools sold together with safety devices– matching parts were delivered together
– several forms of ID were presented
• Problem Statement: Generate proof that a group of passive tags were identified nearly-simultaneously
• Key Observation: Passive tags can communicate with each other through reader
• Yoking: joining together / simultaneous presence of multiple tags
![Page 40: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/40.jpg)
40
Assumptions and Goals• Assumptions
– Tags are passive– Tags have limited computational abilities– Tags can compute a keyed hash function– Tags can maintain some state– Verifier is trusted and powerful
• Solution Goals– Allow readers to be adversarial– Make valid proofs improbable to forge– Allow verifier to verify proofs off-line– Detect replays of valid proofs
• Timer on-board a tag– Capacitor discharge can implement timeout
![Page 41: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/41.jpg)
41
Generalized “Yoking-Proof” Protocol
1
3
2
45
Anonymous Yoking: tags keep their identities private
Idea: construct a chain of mutually dependent MACs
![Page 42: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/42.jpg)
42
Related Work on “Yoking-Proofs”
• Saito and Sakurai [2005]– solution relies on timestamps generated by trusted database– violates original problem statement– one tag is assumed to be more powerful than the others– vulnerable to “future timestamp” attack
• Piramuthu [2006]– discusses inapplicable replay-attack problem of Juels’ protocol– independently observes the problem with Saito/Sakurai protocol– proposed fix only works for a pair of tags– violates original problem statement
• Juels [2004]– protocol is limited to two tags
– no timely timer update (minor/crucial omission)
![Page 43: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/43.jpg)
43
Talk Outline• Introduction to RFID
• Reliable Object Identification– Multi-tag RFID Systems
• Physical Security and Privacy– PUF-Based Algorithms
• Inter-Tag Communication– Generalized Yoking-Proofs
• Common Themes and Conclusion
![Page 44: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/44.jpg)
44
Generalized “Yoking-Proofs”
Multi-Tags PUF-BasedSecurity and Privacy
RFID
Common Themes
![Page 45: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/45.jpg)
45
Conclusion and Future Research
• Contributions
• Future Research– More multi-tag tests– Object localization using multi-tags– Split tag functionality between tags– Prevent adversarial merchandize inventorization– PUF design– More examples of inter-tag communication– Applications of RFID
![Page 46: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/46.jpg)
46
Publications• L. Bolotnyy and G. Robins, Multi-tag Radio Frequency Identification Systems, IEEE Workshop on Automatic
Identification Advanced Technologies (Auto-ID), Oct. 2005.
• L. Bolotnyy and G. Robins, Randomized Pseudo-Random Function Tree Walking Algorithm for Secure Radio-Frequency Identification, IEEE Workshop on Automatic Identification Advanced Technologies (Auto-ID), Oct. 2005.
• L. Bolotnyy and G. Robins, Generalized “Yoking Proofs” for a Group of Radio Frequency Identification Tags , International Conference on Mobile and Ubiquitous Systems (Mobiquitous), San Jose, CA, July 2006.
• L. Bolotnyy and G. Robins, Physically Unclonable Function -Based Security and Privacy in RFID Systems , IEEE International Conference on Pervasive Computing and Communications (PerCom), New York, March 2007.
• L. Bolotnyy, S. Krize, and G. Robins, The Practicality of Multi-Tag RFID Systems, International Workshop on RFID Technology - Concepts, Applications, Challenges (IWRT), Madeira, Portugal, June 2007.
• L. Bolotnyy and G. Robins, The Case for Multi-Tag RFID Systems, International Conference on Wireless Algorithms, Systems and Applications (WASA), Chicago, Aug. 2007.
• L. Bolotnyy and G. Robins, Multi-Tag RFID Systems, International Journal of Internet and Protocol Technology, Special issue on RFID: Technologies, Applications, and Trends, 2(3/4), 2007.
• 1 conference and 1 journal paper in submission
• 2 invited book chapters in preparationSecurity in RFID and Sensor Networks, to be published by Auerbach Publications, CRC Press, Taylor&Francis Group
![Page 47: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/47.jpg)
47
More Successes
• Deutsche Telekom (largest in EU) offered to patent our multi-tags idea.
• Received $450,000 NSF Cyber Trust grant, 2007 (PI: Gabriel Robins).
• Technical Program Committee member:International Workshop on RFID Technology - Concepts, Applications, Challenges (IWRT), Barcelona, Spain, June 2008.
• Our papers and presentation slides used in lecture-based undergraduate/graduate courses (e.g., Rice University,
George Washington University).
![Page 48: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/48.jpg)
48
![Page 49: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/49.jpg)
49
Thank You!
Questions?
Dissertation Committee: Gabriel Robins (advisor), Dave Evans, Paul Reynolds, Nina Mishra, and Ben Calhoun
Stephen Wilson, Blaise Gassend, Daihyun Lim,Karsten Nohl, Patrick Graydon, and Scott Krize
[email protected] www.cs.virginia.edu/~lb9xk
![Page 50: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/50.jpg)
50
BACK UP SLIDESNOT USED DURING
PRESENTATION
![Page 51: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/51.jpg)
51
Types of Multi-Tags
• Triple-Tags
• n-Tags
• Dual-Tags– Own Memory Only– Shared Memory Only– Own and Shared Memory
• Redundant Tags
• Complimentary Tags
![Page 52: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/52.jpg)
52
Controlling Variables1. Radio noise
2. Tag variability
3. Reader variability
4. Reader power level
5. Distance to objects &type, # of antennas
![Page 53: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/53.jpg)
53
Circular Antennas vs. Multi-Tags
Power = 31.6dBm
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
Object Number
Det
ecti
on
Pro
bab
ility
1 Reader, 1 Tag 75.9%
2 Readers, 1 Tag 91.0%
1 Reader, 2 Tags 94.2%
2 Readers, 2 Tags 99.4%
Δ=18.3%
Δ=8.4%Δ= 5.2%
Δ=3.2%
Δ= 15.1%
![Page 54: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/54.jpg)
54
Linear Antennas
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
31.6 30.6 29.6 28.6 27.6 26.6 25.6
Power (dBm)
Det
ectio
n P
rob
abili
ty
Circular Antennas
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
31.6 30.6 29.6 28.6 27.6 26.6 25.6
Power (dBm)D
etec
tion
Pro
bab
ility
1 Tag 2 Tags 3 Tags 4 Tags
Power
• Decrease in detection with decrease in power• More rapid decrease in detection for circular antennas
![Page 55: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/55.jpg)
55• Low detection probabilities• Drop in detection at low power
• Linear antennas outperform circular• Multi-tags better than multiple readers
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1 Tag 2 Tags 3 Tags 1 Tag 2 Tags 3 Tags 1 Tag 2 Tags 3 Tags
Antenna #1 Antenna #2 Antenna #1 and #2
Number of Tags
De
tec
tio
n P
rob
ab
ilit
y
Power=31.6dBm, Circular AntennasPower=31.6dBm, Linear AntennasPower=27.6dBm, Circular AntennasPower=27.6dBm, Linear Antennas
Multi-Tags on Metals and Liquids
![Page 56: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/56.jpg)
56
Detection Delta
Change in Detection Based on # of Antennas and Tags
0
0.02
0.04
0.06
0.08
0.1
0.12
0.14
0.16
1 Antenna 2 Antennas 3 Antennas 4 Antennas
Ch
ang
e in
Det
ecti
on
Pro
bab
ilit
y
1 tag
2 tags
3tags
1 tag
2 tags
3tags
1 tag
2 tags
3tags
1 tag
2 tags
3tags
0.036
0.030
0.029
0.014
![Page 57: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/57.jpg)
57
Anti-Collision Algorithms
Binary No Effect No Effect
Binary Variant No Effect No Effect
Randomized Linear Increase** No Effect*
STAC Causes DoS No Effect*
Slotted Aloha Linear Increase** No Effect*
Algorithm Redundant Tags Connected-Tags
* Assuming tags communicate to form a single response** If all tags are detected
![Page 58: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/58.jpg)
58
Business Case for RFID
• Costs & benefits (business case)– Moore’s law– higher employee productivity– automated business processes– workforce reduction
• Tag manufacturing yield and testing– 30% of chips damaged during manufacturing– 15% damaged during printing [U.S. GAO]– 20% tag failure rate in field [RFID Journal]– 5% of tags purchased marked defective
![Page 59: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/59.jpg)
59
RFID Tag Demand
• Demand drivers– tag cost– desire to stay competitive
• Cost effective tag design techniques– memory design (self-adaptive silicon)– assembly technology (fluidic self assembly)– antenna design (antenna material)
Increase in RFID tag demand
Decrease in RFID tag cost
![Page 60: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/60.jpg)
60
Thesis
Multi-tags can considerably improve reliability in RFID systems at a reasonable cost;
effective PUF implementations can enable hardware-tampering resistant algorithms for RFID security and privacy;
generalized yoking-proofs can provide auditing mechanisms for the near-simultaneous reading of multiple RFID tags.
![Page 61: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/61.jpg)
61
Related Work on PUF
• Optical PUF [Ravikanth 2001]
• Silicon PUF [Gassend et al 2002]– Design, implementation, simulation, manufacturing– Authentication algorithm– Controlled PUF
• PUF in RFID– Identification/authentication [Ranasinghe et al 2004]– Off-line reader authentication using public key cryptography
[Tuyls et al 2006]
![Page 62: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/62.jpg)
62
Privacy Model
1. A passive adversary observes polynomially-many rounds of reader-tag communications with multiple tags
2. An adversary selects 2 tags
3. The reader randomly and privately selects one of the 2 tags and runs one identification round with the selected tag
4. An adversary determines the tag that the reader selected
Experiment:
Definition: The algorithm is privacy-preserving if an adversary can notdetermine reader selected tag with probability substantially greater than ½
Theorem: Given random oracle assumption for PUFs,an adversary has no advantage in the above experiment.
![Page 63: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/63.jpg)
63
Improving Reliability of Responses• Run PUF multiple times for same ID & pick majority
μm(1-μ)N-m )kR(μ, N, k) ≥ (1 - ∑
N Nm
N+12
m=
number of runs
chain lengthunreliabilityprobability
overallreliability
R(0.02, 5, 100) ≥ 0.992
• Create tuples of multi-PUF computed IDs &identify a tag based on at least one valid position value
∞expected numberof identifications
S(μ, q) = ∑ i [(1 – (1-μ)i+1)q - (1 – (1-μ)i)q]i=1
tuple size
S(0.02, 1) = 49, S(0.02, 2) = 73, S(0.02, 3) = 90
(ID1, ID2, ID3)
![Page 64: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/64.jpg)
64
Choosing # of PUF Computations
α < probv ≤ 1 and probf ≤ β ≤ 1
0 ≤ t ≤ n-1
i=t+1
μi(1-μ)n-iprobv(n, t, μ) = 1 - ∑
nni
j=t+1
τj(1-τ)n-jprobf(n, t, τ) = 1 - ∑
nnj
probv(n, 0.1n, 0.02)
probf(n, 0.1n, 0.4)
![Page 65: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/65.jpg)
65
MAC Large Message Space Theorem
Given random oracle assumption for a PUF, the probability that an adversary could forge a signature for a message is bounded from above by the tag impersonation probability.
![Page 66: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/66.jpg)
66
MAC Small Message Space Theorem
Given random oracle assumption for a PUF, the probability that an adversary could forge a signature for a message is bounded by the tag impersonation probability times the number of sub-signatures.
![Page 67: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/67.jpg)
67
Purely Physical Ownership Transfer
oid = h(counter)
r1, a = hs(r0, r1)
r0, c1, ..., cn
(r1, a)
Challenges sent to tag in increasing order
counter = counter - 1hs(r1, new)
• Properties:– All PUF computations must be correct– PUF-based random number generator– Physical write-once counter– oid is calculated for each identification– Inherently limited # of owners
s = poid(v1) ... poid(vn)
v1 = h(c1), ..., vn = h(cn)
++
![Page 68: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/68.jpg)
68
s2,4
s1,2
s3,9
s2,5
s3,10s3,8
Using PUF to Detect and Restore Privacy of Compromised System
1. Detect potential tag compromise2. Update secrets of affected tags
s1,0
s2,0
s1,1
s2,1
s3,1
s2,2 s2,3
s3,0 s3,4 s3,5s3,2 s3,3 s3,7s3,6
![Page 69: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/69.jpg)
69
PUF vs. Digital Hash Function
• Reference PUF: 545 gates for 64-bit input– 6 to 8 gates for each input bit– 33 gates to measure the delay
• Low gate count of PUF has a cost– probabilistic outputs– difficult to characterize analytically– non-unique computation– extra back-end storage
• Different attack target for adversaries– model building rather than key discovery
• Physical security– hard to break tag and remain undetected
MD4
7350
MD5
8400
SHA-256
10868
Yuksel
1701
PUF
545
AES
3400
algorithm
# of gates
![Page 70: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/70.jpg)
70
PUF Design• Attacks on PUF
– impersonation– modeling– hardware tampering– side-channel
• Weaknesses of existing PUF
• New PUF design– no oscillating circuit– sub-threshold voltage
• Compare different non-linear delay approaches
reliability
![Page 71: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/71.jpg)
71
PUF Contribution and Motivation
Contribution• Physical privacy models• Privacy-preserving tag identification algorithm• Ownership transfer algorithm• Secure MAC algorithms• Comparison of PUF with digital hash functions
Motivation• Digital crypto implementations require 1000’s of gates• Low-cost alternatives
– Pseudonyms / one-time pads– Low complexity / power hash function designs– Hardware-based solutions
![Page 72: 1 Department of Computer Science University of Virginia New Directions in Reliability, Security and Privacy in Radio Frequency Identification Systems Leonid](https://reader036.vdocuments.us/reader036/viewer/2022062516/56649dce5503460f94ac2355/html5/thumbnails/72.jpg)
72
Speeding Up The Yoking Protocol
starting / closing tags
Idea: split cycle into several sequences of dependent MACs
Requires– multiple readers or multiple antennas
– anti-collision protocol