a simple and cost-effective rfid tag-reader mutual authentication scheme
DESCRIPTION
CONFERENCE ON RFID SECURITY-07 . A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme. Divyan M. Konidala, Zeen Kim, Kwangjo Kim {divyan, zeenkim, kkj}@icu.ac.kr. International Research Center for Information Security. Introduction - EPCglobal. EPCglobal Inc™ - PowerPoint PPT PresentationTRANSCRIPT
A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme
Divyan M. Konidala, Zeen Kim, Kwangjo Kim{divyan, zeenkim, kkj}@icu.ac.kr
International Research Center for Information Security
CONFERENCE ON RFID SECURITY-07
A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme
2
Introduction - EPCglobal EPCglobal Inc™
Industry-driven standards RFID in supply chain management
We consider EPCglobal Architecture Framework EPCglobal Class 1 Gen 2 UHF RFID Protocol
A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme
3
Contents Introduction RFID-based supply chain management system
EPCglobal Architecture Framework Security Threats and Requirements Security Assessment of Class 1 Gen 2 UHF RFID Protocol Proposed Tag-Reader Mutual Authentication Scheme
Scheme Analysis
Conclusion and Future Work
A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme
4
EPCglobal Architecture Framework
EPC-IS
A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme
5
Introduction - Tag’s 4 Memory Blocks
**We Focus on RESERVED memory Block**RESERVED memory Block has….
•Access Password (APwd)•Kill Password (KPwd)
A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme
6
Introduction - RESERVED Memory Block Manufacturer of the product stores APwd and
KPwd in the Reserved Memory Bank Reserved Memory Bank is R/W LOCKED,
Cannot be Read Cannot be Re-Written
A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme
7
Security Threats and Requirements Tag-Reader Mutual Authentication
Malicious RFID Readers Snoop, corrupt, manipulate
Cloned Fake RFID Tags Counterfeit products
Man-in-the-Middle Attack Eavesdrop and impersonate
Tamperproof Tags RFID Tag Snatching
A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme
8
One-Way Reader to Tag Authentication Proposed by EPCglobal
Proposed by EPCglobal Class 1 Gen 2 UHF RFID Protocol
Not Secure
Un-encrypted openly sent random numbers used as pads to cover-code tag’s APwd
Tag’s Access Password easily exposed to disgruntled employee managing hand-held reader
RFID Tag
9. If (4 & 8) = Yes: Reader Authentic; No: End Communication with Reader
R1. ReqT12. R
M M T13. CCPwd =APwd R
L L T27. CCPwd =APwd R
R5. ReqT26. R
M M T1
4. Verify I f: APwd == (CCPwd R )
RFID Reader
L L T2
8. Verify I f: APwd == (CCPwd R )
A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme
9
Security Weakness – EPCglobal Schheme – Exposed APwd
Manufacturer
Reader
Tag
Unauthorized AccessFake Cloned Tags
APwd
APwd Apwd (Exposed)
Only one-way Reader-to-Tag Authentication
Malicious, Compromised Reader
Disgruntled Employee
A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme
10
Goals Tag-Reader mutual authentication
simple, light-weight, practically secure (supply chain) A better cover-code or obscure tag APwd Secure distribution of obscured tags' APwd to
stakeholder's RFID readers The manufacturer: implicitly keep track on the
whereabouts of its products. Our scheme adheres to EPCglobal standards
A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme
11
Goals NO cryptographic (hash) functions/keys within the tag NO tag - reader synchronization security keys/hash
values. We improve scheme proposed by EPCglobal to
accommodate tag-reader mutual authentication. Our scheme utilizes tag's already existing,
16-bit random number generator, XOR function, Access & Kill Passwords.
A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme
12
Proposed Tag-Reader Mutual Authentication Scheme Emphasis on Tag’s Access & Kill Password Manufacturer of the product is involved in the
mutual authentication process Scenario:
A pallet has reached the distributor Distributor’s reader query tag on pallet Reader and Tag must authenticate each other Reader does not know tag’s Apwd Reader contact manufacturer and follow this procedure
A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme
13
STEP 1: ReqR
STEP 2: {EPC, RT1, RT2}
STEP 3: {EPC, RT1, RT2}
STEP 4: {EPC, CCPwdM1, CCPwdL1, RM1, RM2, RM3, RM4}
Step 3.2: Generate & Store{RM1, RM2, RM3, RM4}
Step 3.3: ExecutePAD1 = PadGen(RT1,RM1)PAD2 = PadGen(RT2,RM2)
Step 3.4: ComputeCCPwdM1 = APwdM PAD1CCPwdL1 = APwdL PAD2
STEP 5: {CCPwdM1, CCPwdL1, RM1, RM2, RM3, RM4}
Step 5.2: ExecutePAD3 = PadGen(RT1,RM1)PAD4 = PadGen(RT2,RM2)Step 5.3: Verify IFAPwdM = = CCPwdM1 PAD3APwdL = = CCPwdL1 PAD4Y: Reader AuthenticN: Stop Comm. With Reader
STEP 7: {EPC, CCPwdM2, CCPwdL2, RT3, RT4}
Step 6.1: Generate{RT3, RT4}Step 6.2: ExecutePAD5 = PadGen(RT3,RM3)PAD6 = PadGen(RT4,RM4)Step 6.3: ComputeCCPwdM2 = APwdM PAD5CCPwdL2 = APwdL PAD6
STEP 8: {EPC, CCPwdM2, CCPwdL2, RT3, RT4}
STEP 9: {EPC, AUTHENTIC: Y/N}
Step 3.1: Store{RT1, RT2}
Step 5.1: Temporarily Store {RM1, RM2, RM3, RM4}
Step 8.2: ExecutePAD7 = PadGen(RT3,RM3)PAD8 = PadGen(RT4,RM4)
Step 8.3: Verify IFAPwdM = = CCPwdM1 PAD7APwdL = = CCPwdL1 PAD8
Y: Tag AuthenticN: Tag is Fake
Step 8.1: Store {RT3, RT4}
Tag Already Has:EPC; Apwd(32)=ApwdM (16) | | APwdL (16) ;KPwd(32)=KPwdM (16) | | KPwdL (16) ;16it-Random No. Genarator: RTx ;PadGen(.) function
Step 1.1: Generate & Temporarily Store{RT1, RT2}
Secure ChannelInsecure Channel
Reader Authentiction Process
Tag Authentiction Process
Manufacturer Already Has:EPC; Apwd(32)=ApwdM (16) | | APwdL (16) ;
KPwd(32)=KPwdM (16) | | KPwdL (16) ;16it-Random No. Genarator: RMx ;
PadGen(.) function
RFID Tag RFID Reader Manufacturer
Proposed Tag-Reader Mutual Authentication
A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme
14
STEP 1: ReqR
STEP 2: {EPC, RT1, RT2}
STEP 3: {EPC, RT1, RT2}
STEP 4: {EPC, CCPwdM1, CCPwdL1, RM1, RM2, RM3, RM4}
Step 3.2: Generate & Store{RM1, RM2, RM3, RM4}
Step 3.3: ExecutePAD1 = PadGen(RT1,RM1)PAD2 = PadGen(RT2,RM2)
Step 3.4: ComputeCCPwdM1 = APwdM PAD1CCPwdL1 = APwdL PAD2
STEP 5: {CCPwdM1, CCPwdL1, RM1, RM2, RM3, RM4}
Step 5.2: ExecutePAD3 = PadGen(RT1,RM1)PAD4 = PadGen(RT2,RM2)Step 5.3: Verify IFAPwdM = = CCPwdM1 PAD3APwdL = = CCPwdL1 PAD4Y: Reader AuthenticN: Stop Comm. With Reader
STEP 7: {EPC, CCPwdM2, CCPwdL2, RT3, RT4}
Step 6.1: Generate{RT3, RT4}Step 6.2: ExecutePAD5 = PadGen(RT3,RM3)PAD6 = PadGen(RT4,RM4)Step 6.3: ComputeCCPwdM2 = APwdM PAD5CCPwdL2 = APwdL PAD6
STEP 8: {EPC, CCPwdM2, CCPwdL2, RT3, RT4}
STEP 9: {EPC, AUTHENTIC: Y/N}
Step 3.1: Store{RT1, RT2}
Step 5.1: Temporarily Store {RM1, RM2, RM3, RM4}
Step 8.2: ExecutePAD7 = PadGen(RT3,RM3)PAD8 = PadGen(RT4,RM4)
Step 8.3: Verify IFAPwdM = = CCPwdM1 PAD7APwdL = = CCPwdL1 PAD8
Y: Tag AuthenticN: Tag is Fake
Step 8.1: Store {RT3, RT4}
Tag Already Has:EPC; Apwd(32)=ApwdM (16) | | APwdL (16) ;KPwd(32)=KPwdM (16) | | KPwdL (16) ;16it-Random No. Genarator: RTx ;PadGen(.) function
Step 1.1: Generate & Temporarily Store{RT1, RT2}
Secure ChannelInsecure Channel
Reader Authentiction Process
Tag Authentiction Process
Manufacturer Already Has:EPC; Apwd(32)=ApwdM (16) | | APwdL (16) ;
KPwd(32)=KPwdM (16) | | KPwdL (16) ;16it-Random No. Genarator: RMx ;
PadGen(.) function
RFID Tag RFID Reader Manufacturer
A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme
15
STEP 1: ReqR
STEP 2: {EPC, RT1, RT2}
STEP 3: {EPC, RT1, RT2}
STEP 4: {EPC, CCPwdM1, CCPwdL1, RM1, RM2, RM3, RM4}
Step 3.2: Generate & Store{RM1, RM2, RM3, RM4}
Step 3.3: ExecutePAD1 = PadGen(RT1,RM1)PAD2 = PadGen(RT2,RM2)
Step 3.4: ComputeCCPwdM1 = APwdM PAD1CCPwdL1 = APwdL PAD2
STEP 5: {CCPwdM1, CCPwdL1, RM1, RM2, RM3, RM4}
Step 5.2: ExecutePAD3 = PadGen(RT1,RM1)PAD4 = PadGen(RT2,RM2)Step 5.3: Verify IFAPwdM = = CCPwdM1 PAD3APwdL = = CCPwdL1 PAD4Y: Reader AuthenticN: Stop Comm. With Reader
STEP 7: {EPC, CCPwdM2, CCPwdL2, RT3, RT4}
Step 6.1: Generate{RT3, RT4}Step 6.2: ExecutePAD5 = PadGen(RT3,RM3)PAD6 = PadGen(RT4,RM4)Step 6.3: ComputeCCPwdM2 = APwdM PAD5CCPwdL2 = APwdL PAD6
STEP 8: {EPC, CCPwdM2, CCPwdL2, RT3, RT4}
STEP 9: {EPC, AUTHENTIC: Y/N}
Step 3.1: Store{RT1, RT2}
Step 5.1: Temporarily Store {RM1, RM2, RM3, RM4}
Step 8.2: ExecutePAD7 = PadGen(RT3,RM3)PAD8 = PadGen(RT4,RM4)
Step 8.3: Verify IFAPwdM = = CCPwdM1 PAD7APwdL = = CCPwdL1 PAD8
Y: Tag AuthenticN: Tag is Fake
Step 8.1: Store {RT3, RT4}
Tag Already Has:EPC; Apwd(32)=ApwdM (16) | | APwdL (16) ;KPwd(32)=KPwdM (16) | | KPwdL (16) ;16it-Random No. Genarator: RTx ;PadGen(.) function
Step 1.1: Generate & Temporarily Store{RT1, RT2}
Secure ChannelInsecure Channel
Reader Authentiction Process
Tag Authentiction Process
Manufacturer Already Has:EPC; Apwd(32)=ApwdM (16) | | APwdL (16) ;
KPwd(32)=KPwdM (16) | | KPwdL (16) ;16it-Random No. Genarator: RMx ;
PadGen(.) function
RFID Tag RFID Reader Manufacturer
A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme
16
Pad Generation Function: PadGen(.) [1/3]
A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme
17
Pad Generation Function: PadGen(.) [2/3]
Random Numbers from Tag and Manufacturer
A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme
18
Pad Generation Function: PadGen(.) [3/3]
A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme
19
03Fh13Eh13Dh
03Ch13Bh03Ah
139h138h137h036h135h034h033h032h131h130h
02Fh 1512Eh 1412Dh 1312Ch 1212Bh 1102Ah 10029h 9128h 8027h 7026h 6125h 5124h 4023h 3122h 2021h 1120h 0
BitAddr. Locn.
BitAddr. Locn.
1514131211109876543210
LSBsC5D6h
MSBsAC9Eh
Tag’s Logical Memory & Access Password Map
A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme
20
Security Analysis [1/4] Possible Attacks
APwd & KPwd are only 32-bits Brute-force attack or ciphertext-only attack
Practically Secure An enclosure (warehouse) that is sealed from external
noise and radio signals from malicious readers. RFID supply chain processing environment
Extremely fast paced Not feasible to continuously eavesdrop on one particular tag-
reader communication channel Several bulks of items pass through several readers with in a
very short interval of time.
A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme
21
Security Analysis [2/4] Reader Impersonation Attack:
Reader to authenticate first to tag A malicious reader
Does not posses both the APwd and KPwd cannot access manufacturer (EPC-IS) due to lack credentials.
Cloned Fake Tags and Tag Impersonation Attack: Tag to authenticate to the manufacturer. A malicious tag or a cloned fake tag
Do not posses both the APwd and KPwd, Manufacturer must detect and terminate the communication,
if a tag emulator using the same or weak random numbers if tag is not moving through the supply chain processing
A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme
22
Security Analysis [3/4] Tag's Access Password Never Exposed:
Does not use random numbers sent in an un-encrypted form as pads
Generated pads are known only to tag and manufacturer Secure against Insider Attacks:
Does not deliver the tag's APwd to any of the stakeholder's reader.
The reader relays only the cover-coded APwd RFID “system level check",
A compromised reader is continuously trying to interrogate only one particular tag
A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme
23
Security Analysis [4/4] Secure against Replay Attacks:
We use two random numbers each, generated by both the tag and the manufacturer.
As unique random numbers generate unique pads Password Scalability:
We adhered to the 32-bit passwords Our scheme can still be applicable, and more
strengthened, when the length of the APwd and KPwd is extended
A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme
24
Implementation Analysis [1/2] Overhead Analysis
Secure channel between tag and manufacturer PKI-based certificate, encryption and signature schemes – may be expensive
Reader communicate with manufacturer to authenticate every tag To reduce this overhead,
The manufacturer can setup a secure server at every stakeholder's supply chain processing facility
Only, the manufacturer can remotely access, monitor, and manage this server and also update the server with tags' Access & Kill passwords
We can also assume that the manufacturer's EPC-IS is a highly resource rich entity, which is designed to take heavy computational and storage load.
Secure channel with only Keyed-Message Authentication Code (MAC)
A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme
25
Implementation Analysis [2/2] Light-Weight Tag-Reader Mutual Authentication:
Our scheme does not use any special cryptographic functions. Tag already has capability
XOR operations, Generate random numbers, Temporarily store random numbers Fetch the APwd and KPwd
Our scheme just needs an additional Five 16-bit temporary storage memory slots four random numbers from the manufacturer and one for PadGen(.)
function. Class-1 Gen-2 tags can have a 512-bit memory capacity or more
(depending on the manufacturer)
A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme
26
Conclusion Our scheme
Not fully secure Simple, cost-effective, light-weight to be implemented on tag Practically secure, Highly suitable to the RFID-based supply chain processing scenario Adhere to EPCglobal standard
Our scheme provides considerable challenges to thwart Cloned fake tags Malicious readers Disgruntled employees or compromised readers Tag’s APwd leakage Man-in-the-middle attacks
Thank you!Q&A
International Research Center for Information Security