8/13/2019 92347686 RFID Security

1/49

 

RFID Systems and Securityand Privacy Implications

Sanjay E. SarmaStephen A. Weis

Daniel W. Engels

 Auto-ID Center 

Massachusetts Institute of Technology

www.autoicenter.org

8/13/2019 92347686 RFID Security

2/49

 

Auto-ID Center 

! International inustry-sponsoreresearch center 

! MIT" Cam#rige $ni%ersity" an$ni%ersity of Aelaie

! Design" e%elop" an eploy large-scale

fiel trials incluing &'ID projects

8/13/2019 92347686 RFID Security

3/49

 

Overview

! &aio 're(uency Ientification )&'ID*! E+C System

! Security ,enefits an Threats! 'uture

8/13/2019 92347686 RFID Security

4/49

 

Uses of Automatic-ID Systems

!  Access control an security! Tracing of proucts in Supply Chain

! I of proucts at +oint of Sale

Most wiely use is the ,ar Coe System

8/13/2019 92347686 RFID Security

5/49

 

Potential Application of RFID

! Consier supply chain an EA-$CC#ar coes

! / #illion #ar coes scanne aily! Each scanne once only at checout! $se &'ID to com#ine supply chain

management applications

8/13/2019 92347686 RFID Security

6/49

 

Benefits of Supply Cain

!ana"ement!  Automate real-time in%entory

monitoring

!  Automate 0uality Control!  Automate Chec-out

+icture your refrigerator telling you thatyou1re out of mil2

8/13/2019 92347686 RFID Security

7/49

 

#y not yet implemented

! Cost too high. ees to #e 345.65! 7ac of stanars an protocols

! Security concerns 8 similar in smartcars an wireless

! +ri%acy issues 8 ,ig ,rother 

8/13/2019 92347686 RFID Security

8/49

 

RFID System Components

! &'ID Tag 8 Transponer 

 8 7ocate on the o#ject! &'ID &eaer 

 8 Transcei%er 

 8 Can rea an write ata to Tag! Data +rocessing Su#system

8/13/2019 92347686 RFID Security

9/49

 

$ransponder 

! Consist of microchip that stores ataan antenna

!  Acti%e transponers ha%e on-tag #attery! +assi%e transponers o#tain all power

from the interrogation signal of reaer 

!  Acti%e an passi%e only communicatewhen interrogate #y transcei%er 

8/13/2019 92347686 RFID Security

10/49

 

$ransceiver 

! Consist of a &' moule" a control unit"an a coupling element to interrogate

tags %ia &' communication!  Also ha%e seconary interface tocommunicate with #acen systems

! &eas tags locate in hostileen%ironment an are o#scure from%iew

8/13/2019 92347686 RFID Security

11/49

 

Data Processin" Su%system

! ,acen System! Connecte %ia high-spee networ

! Computers for #usiness logic! Data#ase storage

 Also as simple as a reaer attache to acash register 

8/13/2019 92347686 RFID Security

12/49

 

RFID

! ,asic components of &'ID systemcom#ine in the same manner 

!  All o#jects are physically tagge withtransponers

! Type of tag use %aries from application

to application! +assi%e tags are most promising

8/13/2019 92347686 RFID Security

13/49

 

RFID

! Transcei%ers are strategically place forgi%en application

!  Access Control has reaers nearentrance

! Sporting e%ents ha%e reaers at the

start an finish lines

8/13/2019 92347686 RFID Security

14/49

 

$ransceiver-$ransponder Couplin"

and Communication! +assi%e tags o#tain power from energy

in EM fiel generate #y reaer 

! 7imite resource re(uire it to #oth getenergy an communicate within narrowfre(uency #an 8 regulatory agencies

8/13/2019 92347686 RFID Security

15/49

 

Inductive Couplin"

! $ses magnetic fiel to inuce current incoupling element

! Current charges the on-tag capacitorthat pro%ies operating %oltage

! This wors only in the near-fiel of

signal 8 up to c9):;f* meters

8/13/2019 92347686 RFID Security

16/49

 

Inductive Couplin"

! in near fiel

! 'lu= ensity is ma= when R  ? d @:"

where R  is raius of reaer1s antennacoil

8/13/2019 92347686 RFID Security

17/49

 

Far Field ener"y arvestin"

! $ses reaer1s far fiel signal to powertag

! 'ar fiel #egins where near fiel ens! Signal incient upon the tag inuces

%oltage at input terminals of the tag"

which is etecte #y &' front-encircuitry an is use to charge capacitor 

8/13/2019 92347686 RFID Security

18/49

 

Passive ta" power 

! &eaer uses same signal tocommunicate with an power tag

!  Any moulation of signal causes powerreuction

! Moulating information spreas the

signal 8 referre to as sie #an.B! Sie #an an ma= power is regulate

8/13/2019 92347686 RFID Security

19/49

 

$ransponder Communication

! &'ID systems generally use theInustrial-Scientific-Meical #ans

! In near fiel" communication is achie%e%ia loa moulation

! In far fiel" #acscatter is use.

,acscatter is achie%e #y moulatingthe raar-cross section of tag antenna

8/13/2019 92347686 RFID Security

20/49

 

&imitations of Passive $a"

communication! ery little power a%aila#le to igital

portion of the IC" limite functionality

! 7ength of transactions is limite 8 7ength of power on 8 Duration within communication range

!$S regulations for 6/ MF limittransaction time to G55 ms

! 7imit of state information

8/13/2019 92347686 RFID Security

21/49

 

Data Codin" and !odulation

! Determines #anwith" integrity" antag power consumption

! 7imite #y the power moulation 9emoulation capa#ilities of the tag

! &eaers are generally low #anwith"

ue to go%ernment regulations! +assi%e tags can use high #anwith

8/13/2019 92347686 RFID Security

22/49

 

Codin"

! 7e%el Coes 8 on-&eturn-to-Hero

 8 &eturn-to-Hero! Transition Coes

 8 Manchester 

 8 Miller 

8/13/2019 92347686 RFID Security

23/49

 

Codin" Considerations

! Coe must maintain power to tag asmuch as possi#le

! Coe must not consume too much#anwith

! Coe must permit the etection of

collisions

8/13/2019 92347686 RFID Security

24/49

 

Codin" for Readers and $a"s

! &eaer to Tag uses ++M or +WM)lower #anwith*

! Tag to &eaer uses Manchester or &H)higher #anwith*

8/13/2019 92347686 RFID Security

25/49

 

!odulation

! &' communications typically moulate highfre(uency carrier signal to transmit #ase#ancoe

! Three classes of igital moulation are AS"'S" an +S.

!  AS most common in 6>./J MF loamoulation

! +S most common in 6/ MF #acscattermoulation

8/13/2019 92347686 RFID Security

26/49

8/13/2019 92347686 RFID Security

27/49

 

Al"oritm Classification

! +ro#a#ilistic 8 Tags respon in ranomly generate times

 8 Slotte Aloha scheme! Deterministic

 8 &eaer sorts through tags #ase on tag-ID

 8 ,inary tree-waling scheme

8/13/2019 92347686 RFID Security

28/49

 

Al"oritm Performance $rade-offs

! Spee at which tags can #e rea!

8/13/2019 92347686 RFID Security

29/49

 

Al"oritm Performance $rade-offs

! Cost of tag! Cost of reaer 

!  A#ility to tolerate tags with enter anlea%e uring interrogation perio

! Desire to count tags e=actly as oppose

to sampling! &ange at which tags can #e rea

8/13/2019 92347686 RFID Security

30/49

 

Re"ulations 'ffect

! $S regulations on 6>./J MF#anwith offer significantly less

#anwith" so Aloha is more common! 6/ MF #anwith allows higher

#anwith" so eterministic algorithms

are generally use

8/13/2019 92347686 RFID Security

31/49

 

()*+, !. Advanta"es

! 're(uency #an a%aila#le worlwie asan ISM fre(uency

! $p to 6 meter reaing istance inpro=imity 9 %icinity rea

! &o#ust reaer-to-tag communication

! E=cellent immunity to en%ironmentalnoise an electrical interference

8/13/2019 92347686 RFID Security

32/49

 

()*+, !. Benefits

! Well-efine transponer interrogationFones

! Minimal shieling effects from ajacento#jects an the human #oy

! Damping effects of water relati%ely

small" fiel penetrates ense materials

8/13/2019 92347686 RFID Security

33/49

 

/(+ !. Benefits

! 7ong range )from a few to se%eralmeters" epening on regulatory

 jurisiction*! igh ata rates! 'ast anti-collision an tags per secon

rea rate capa#ilities

8/13/2019 92347686 RFID Security

34/49

 

$e 'PC System

! System that ena#les all o#jects to #econnecte to the Internet #y aing an

&'ID tag to the o#ject! E+C!

8/13/2019 92347686 RFID Security

35/49

 

$e 'PC

! Electronic +rouct Coe! ID scheme esigne to ena#le uni(ue

i of all physical o#jects!

8/13/2019 92347686 RFID Security

36/49

 

$e O0S

!

8/13/2019 92347686 RFID Security

37/49

 

$e O0S

! &euces power an memoryre(uirements on tag

! Transfer ata communication to#acen networ" sa%ing wireless#anwith

! Maes system more ro#ust! &euces siFe of microchip on tag

8/13/2019 92347686 RFID Security

38/49

 

Savant

! System #ase on hierarchical controlan ata management

! +ro%ies automate control functionality! Manages large %olumes of ata!  Acts as a gateway for the reaer

networ to the ne=t higher le%el

8/13/2019 92347686 RFID Security

39/49

 

Savant

! Transfers computationally intensi%efunctionality from tag to poweresystem

!  Any single point of failure has only localeffect

! Ena#les entire system to #e scala#lesince reaer su#-systems are aeseamlessly

8/13/2019 92347686 RFID Security

40/49

 

RFID $ransponder 

! Most numerous parts of system! Most cost-sensiti%e part

! +rotocols esigne for 6>./J MF an6/ MF fre(uencies

! Implement a passwor-protecte Self

Destruct comman

8/13/2019 92347686 RFID Security

41/49

 

RFID Security Benefits and $reats

!  Airline passenger an #aggage tracingmae practical an less intrusi%e

!  Authentication systems alreay in use)ey-less car entry*

! on-contact an non-line-of-sight

! +romiscuity of tags

8/13/2019 92347686 RFID Security

42/49

 

Previous #or1

! Contact-less an constrainecomputational resource similar to smart

cars!  Analysis of smart car security

concerns similar to &'ID

! &'ID especially suscepti#le to faultinuction an power analysis attacs

8/13/2019 92347686 RFID Security

43/49

8/13/2019 92347686 RFID Security

44/49

 

Security 2oals

! +u#licly a%aila#le tag output shoul #eranomiFe

! +ri%ate tag contents shoul #eprotecte #y access control anencryption

! Spoofing tags or reaers shoul #eifficult

8/13/2019 92347686 RFID Security

45/49

 

&ow-cost RFID Issues

! Ine=pensi%e rea-only tags arepromiscuous an allow automate

monitoring 8 pri%acy concern! either tags nor reaers are

authenticate 8 security concern

! 'ull implementation of pri%acy ansecurity is costly 8 cost concern

8/13/2019 92347686 RFID Security

46/49

 

Possi%le solutions

! Erase uni(ue serial num#ers at point ofsale 8 tracing still possi#le #y

associating constellationsB of tags! +u#lic ey cryptography 8 too

e=pensi%e

! Share ey 8 if one tag iscompromise" entire #atch is effecte

8/13/2019 92347686 RFID Security

47/49

 

Approac to RFID Protection

! $se one-way hash function on tag 8meta-IDB

! When reaer nows meta-ID" tag isLunloce1 an reaa#le

!  After reaer is finishe" tag is loce

! Tag has self-estruct mechanism to useif uner attac

8/13/2019 92347686 RFID Security

48/49

 

Future Researc

! De%elopment of low cost cryptoprimiti%es 8 hash functions" ranomnum#er generators" etc.

! 7ow cost harware implementation w9ocomputational loss

!  Aaptation of symmetric encryption an

pu#lic ey algorithms from acti%e tagsinto passi%e tags

8/13/2019 92347686 RFID Security

49/49

Future Researc

! De%eloping protocols that mae tagsresilient to power interruption an fault

inuction.! +ower loss graceful reco%ery of tags! &esearch on smart cars an other

em#ee systems