IntroductionOwnership
Ownership TransferExample
Conclusion
Secure Ownership and Ownership Transferin RFID Systems
Ton van Deursen1 Sjouke Mauw1 Sasa Radomirovic1
Pim Vullers1,2
1University of Luxembourg, Luxembourg.{ton.vandeursen, sjouke.mauw, sasa.radomirovic}@uni.lu
2Radboud University Nijmegen, The [email protected]
European Symposium on Research in Computer Security23th September 2009
T. Van Deursen, S. Mauw, S. Radomirovic, P. Vullers Secure Ownership and Ownership Transfer in RFID Systems
IntroductionOwnership
Ownership TransferExample
Conclusion
Outline
1 Introduction
2 Ownership
3 Ownership Transfer
4 Example
5 Conclusion
T. Van Deursen, S. Mauw, S. Radomirovic, P. Vullers Secure Ownership and Ownership Transfer in RFID Systems
IntroductionOwnership
Ownership TransferExample
Conclusion
Introduction: Radio Frequency Identification
RFID tags are used to replace bar codes
Storing additional data is also possible
Secure communication between reader and computer
Insecure wireless communication between reader and tag
T. Van Deursen, S. Mauw, S. Radomirovic, P. Vullers Secure Ownership and Ownership Transfer in RFID Systems
IntroductionOwnership
Ownership TransferExample
Conclusion
Introduction: Ownership Transfer
RFID tags have many differentowners within a supply chain
Future use, say in smart fridges,also involves consumers
What is an owner?
T. Van Deursen, S. Mauw, S. Radomirovic, P. Vullers Secure Ownership and Ownership Transfer in RFID Systems
IntroductionOwnership
Ownership TransferExample
Conclusion
Introduction: Supermarket Scenario
Running example
1 RFID tags
Tagged Products
2 RFID readers
Supermarket Reader: Cashier (Checkout)Customer Reader: You (Cell phone)
T. Van Deursen, S. Mauw, S. Radomirovic, P. Vullers Secure Ownership and Ownership Transfer in RFID Systems
IntroductionOwnership
Ownership TransferExample
Conclusion
Outline
1 Introduction
2 Ownership
3 Ownership Transfer
4 Example
5 Conclusion
T. Van Deursen, S. Mauw, S. Radomirovic, P. Vullers Secure Ownership and Ownership Transfer in RFID Systems
IntroductionOwnership
Ownership TransferExample
Conclusion
Physical and Virtual Ownership
T. Van Deursen, S. Mauw, S. Radomirovic, P. Vullers Secure Ownership and Ownership Transfer in RFID Systems
IntroductionOwnership
Ownership TransferExample
Conclusion
Two Views of Ownership: System View
System View
Ownership is the ability to execute a test protocol.
An agent which is able to successfully execute a test protocol is atag owner.
Definition (Tag Owner)
An agent R is owner of tag T with respect to test protocol P insystem state s, denoted by ownsP(R, T , s), if and only if
∃t∈traces(P,s) ∀r∈runsof(t) success(r , t).
T. Van Deursen, S. Mauw, S. Radomirovic, P. Vullers Secure Ownership and Ownership Transfer in RFID Systems
IntroductionOwnership
Ownership TransferExample
Conclusion
Two Views of Ownership: Agent View
Agent View
Ownership is the belief of owning a tag.
An agent which believes it owns a tag is a tag holder.
Definition (Tag Holder)
The belief of an agent is modelled by a variable.
T. Van Deursen, S. Mauw, S. Radomirovic, P. Vullers Secure Ownership and Ownership Transfer in RFID Systems
IntroductionOwnership
Ownership TransferExample
Conclusion
Two Views of Ownership: Example
Product bought in a supermarket
Agent view Registered the tag on cell phoneOwnership verified on the agent levelby inspecting the register on the cell phone
System view Follows automatically from the system stateOwnership is inspected on system levelby executing the ownership test protocol
T. Van Deursen, S. Mauw, S. Radomirovic, P. Vullers Secure Ownership and Ownership Transfer in RFID Systems
IntroductionOwnership
Ownership TransferExample
Conclusion
Secure Ownership and Exclusive Ownership
Definition (Secure Ownership)
Whenever an agent is the holder of a tag,it is also the owner of that tag.
A holder never loses ownership of a tag unintentionally.
Definition (Exclusive Ownership)
Whenever an agent is the holder of a tag,no other agents own that tag.
A holder is the exclusive owner of a tag.
T. Van Deursen, S. Mauw, S. Radomirovic, P. Vullers Secure Ownership and Ownership Transfer in RFID Systems
IntroductionOwnership
Ownership TransferExample
Conclusion
Outline
1 Introduction
2 Ownership
3 Ownership Transfer
4 Example
5 Conclusion
T. Van Deursen, S. Mauw, S. Radomirovic, P. Vullers Secure Ownership and Ownership Transfer in RFID Systems
IntroductionOwnership
Ownership TransferExample
Conclusion
Ownership Transfer
Functional Requirement
An agent can become owner by means of an ownership transfer.
A protocol which can assign a new owner to a tag is an ownershiptransfer protocol.
T. Van Deursen, S. Mauw, S. Radomirovic, P. Vullers Secure Ownership and Ownership Transfer in RFID Systems
IntroductionOwnership
Ownership TransferExample
Conclusion
Secure Transfer and Exclusive Transfer
Definition (Secure Transfer)
A tag must be releasedbefore a new agent may become owner of that tag.
A new owner must be granted to gain ownership of a tag.
Definition (Exclusive Transfer)
Whenever an agent obtains a tag,no other agents own that tag.
A protocol achieves exclusive transfer of a tag.
T. Van Deursen, S. Mauw, S. Radomirovic, P. Vullers Secure Ownership and Ownership Transfer in RFID Systems
IntroductionOwnership
Ownership TransferExample
Conclusion
Overview
Ownership
System owner: completion of a test protocol.Agent holder: value of a variable.
Secure holder must be owner.Exclusive no other owner besides holder.
Ownership transfer
Transfer functional: an agent becomes owner.Signals obtain, release: start holding, stop holding.Secure new owner must be released to.
Exclusive no other owner when obtained.
T. Van Deursen, S. Mauw, S. Radomirovic, P. Vullers Secure Ownership and Ownership Transfer in RFID Systems
IntroductionOwnership
Ownership TransferExample
Conclusion
Outline
1 Introduction
2 Ownership
3 Ownership Transfer
4 Example
5 Conclusion
T. Van Deursen, S. Mauw, S. Radomirovic, P. Vullers Secure Ownership and Ownership Transfer in RFID Systems
IntroductionOwnership
Ownership TransferExample
Conclusion
Example
Yoon and Yoo protocol (2008)
Ownership transfer protocol
Based on a shared secret p = {ID}k , the pseudonym
Completely insecure:
Secure ownershipSecure transferExclusive ownershipExclusive transfer
T. Van Deursen, S. Mauw, S. Radomirovic, P. Vullers Secure Ownership and Ownership Transfer in RFID Systems
IntroductionOwnership
Ownership TransferExample
Conclusion
The Yoon and Yoo Protocol
old owner T new owner
release
First Phase
Secure: ID , k′, {ID}k′
Third Phase
obtain
ID , k, {ID}k
R
p = {ID}k
T
nonce nr
nr
h(p⊕ nr)
key k′
a := h({ID}k)⊕ {ID}k′
b := h({ID}k ⊕ {ID}k′)
a, b
if b = h(p⊕ h(p)⊕ a)then p := h(p)⊕ a
T. Van Deursen, S. Mauw, S. Radomirovic, P. Vullers Secure Ownership and Ownership Transfer in RFID Systems
IntroductionOwnership
Ownership TransferExample
Conclusion
The Attack
ID , k, {ID}k
R E
p = {ID}k
T0
h(p)
nonce nr
nrnr
h(p⊕ nr)h(p⊕ nr)
key k′
a := h({ID}k)⊕ {ID}k′
b := h({ID}k ⊕ {ID}k′)
a, ba, b
if b = h(p⊕ h(p)⊕ a)then p := h(p)⊕ a
p := h(p)⊕ a
T. Van Deursen, S. Mauw, S. Radomirovic, P. Vullers Secure Ownership and Ownership Transfer in RFID Systems
IntroductionOwnership
Ownership TransferExample
Conclusion
Outline
1 Introduction
2 Ownership
3 Ownership Transfer
4 Example
5 Conclusion
T. Van Deursen, S. Mauw, S. Radomirovic, P. Vullers Secure Ownership and Ownership Transfer in RFID Systems
IntroductionOwnership
Ownership TransferExample
Conclusion
Conclusion
Developed a verification framework
Formal definition of ownershipSecurity and privacy requirements for ownershipFormal definition of ownership transferSecurity and privacy requirements for ownership transfer
Broken a number of protocols
Future work
Implement this framework in a model checker
Relate to other properties like for example untraceability
T. Van Deursen, S. Mauw, S. Radomirovic, P. Vullers Secure Ownership and Ownership Transfer in RFID Systems