rfid secure or not?
TRANSCRIPT
-
7/29/2019 RFID Secure or Not?
1/28
RFID: Secure or Not?Paper Presented for Masters Data Communications course
U. Politcnica de P.R. - Dr J. Sola SloanWinter 2012
Ricardo Robles, Xavier Sol, Josu Acevedo, Marcos Avils
-
7/29/2019 RFID Secure or Not?
2/28
B.B.A. Management Info Systems, UniversidadInteramericana de P.R.(1993)
B.S. Computer Engineering, Universidad Politcnicade P.R. (2009)
Current M.Eng. Computer Engineering student,Universidad Politcnica de P.R.
Health, Insurance, Vehicles, Manufacturing, Legal,
Retail Industries
Recent years interest in Computer Security
Infragard Member (FBI civilian association)
Ricardo Robles RoblesWeba
nointed Systems Consultantstwitter: @rickyreys
-
7/29/2019 RFID Secure or Not?
3/28
What is RFID
RFID (Radio Frequency Identification) is a technology, which uses radiowaves to automatically identify objects. The most practical use is toattach unique RFID tags with the purpose of identifying the object withthe tag. The Readers connected with a database systems communicate
with RFID tags embedded in objects gather the information.
The earliest predecessor of the RFID concept is believed to be a Sovietspy gadget that retransmitted incident radio waves with audioinformation. One of the earliest applications of RF transponders was theFriend-or-Foe (IFF: Identification, Friend or Foe) air- craft identification
system that was used by the Royal Air Force during World War II todistinguish between enemy and Allied aircraft.
-
7/29/2019 RFID Secure or Not?
4/28
RFID
There is a standard that define the RFID system ofcommunication model. The standard is called ISO/IEC1800and it consists of three (3) layers:
Physical Layer (Tag)
consist of embedded antenna &integrated circuit.
Correspondence Layer (Reader) Interrogate the tag whenin Range.
Application Layer (Interface) - essentially a type ofsoftware that acts as an interface between the hardwarelayers, and the software application.
-
7/29/2019 RFID Secure or Not?
5/28
RFID
RFID TAGS
-
7/29/2019 RFID Secure or Not?
6/28
RFID
Readers
-
7/29/2019 RFID Secure or Not?
7/28
RFID
RFID Structure
-
7/29/2019 RFID Secure or Not?
8/28
RFID
RFID USE
Electronic Product Code (EPC)
Animal Tracking Device
Highway Toll System
Time Measurement in Sport EventsSupply Chain Management (Walmart)
-
7/29/2019 RFID Secure or Not?
9/28
RFID
-
7/29/2019 RFID Secure or Not?
10/28
RFID
-
7/29/2019 RFID Secure or Not?
11/28
RFID
-
7/29/2019 RFID Secure or Not?
12/28
RFID
ATTACKS
-
7/29/2019 RFID Secure or Not?
13/28
RFID
Major Threats are:
Individual privacy threats, data security threats, and
security attack threats.Eavesdropping An attacker monitors unsecured wi-ficommunication & obtains information transmitted bythe TAG.
Spoofing - The attacker imitates the original labelingof a Tag replacing it for a FAKE one. i.e., to buy an itemat a lower price. (Nobody here has done that)
-
7/29/2019 RFID Secure or Not?
14/28
RFID
Masquerade of Service Attacks are realized to avoid/bypass Security Systems.
Relay Attack Attacker is like a Man in the Middle,
uses devices to deceive /intercept the radio signal ormodify it. i.e., modifies TAG Stored info
Buffer Overflow Attacker sends same block of Datato Overflow a Buffer in the middleware. Major Threat& Serious Big Security Problem in RFID. i.e., Used to
exploit Stored Data or Code on a TAG.
Malicious Code Injection Attacker uses TAG memoryspace to propagate Malicious Code or a Virus/Worm.
-
7/29/2019 RFID Secure or Not?
15/28
RFID
Side-Channel Attacks - timing information; powerconsumption and electromagnetic leaks are acquiredduring physical implementation
Timing Attack
Where they both take a step betweensending & receiving. To avoid this, an artificial tinedelay is inserted in the backend Server.
Encryption Algorithm Exploring Attack - Time
consuming and deadly attack, uses high-endequipment to analyze tags and wifi authenticationentity & obtain its encryption algorithm.
-
7/29/2019 RFID Secure or Not?
16/28
RFID
-
7/29/2019 RFID Secure or Not?
17/28
RFID
COUNTERMEAUSERS
1. Have assurance of the trust of the backend serverand that it is physically secured.
2. Share a private key between Server and each Tag.
3. Having RFID responses appear to an attacker asrandom, uniformly distributed.
4. Values of Server challenges and Tag responses mustbe unpredictable (cryptographically) pseudo-random.
-
7/29/2019 RFID Secure or Not?
18/28
RFID
PROTOCOLS
As we know the RFID have limited memory space
which makes encryption and authenticationtraditional technology such as RSA, MD5, SHA-1, SHA-2cannot be used. Therefore the design of securityprotocols safely and effectively, and inexpensivelyremains a difficult issue.
-
7/29/2019 RFID Secure or Not?
19/28
RFID
Two Main Categories:
1. Physical Approach
2. Encryption Mechanism & Protocols
There are 2 direction in which the developers ofauthentication protocols have been focus on: the design ofsecurity protocols with lower cost as the lightweight
security protocol with reasonable security functionality,and in the design of security protocols to make the securityfunctionality as strong as possible, regardless of the cost.
-
7/29/2019 RFID Secure or Not?
20/28
RFID
M2 AP Protocol Minimalist Mutual AuthenticationProtocol, Based on XOR, OR, AND, and Sum OfModulo. To hold Security a Secret key Update has
been introduced.
SASI Protocol It is called Chiens Protocol, ultralightweight scheme, it has three share secret key k1and 2 random number n1, n2. The Secret Key &
Random Number update each time.
-
7/29/2019 RFID Secure or Not?
21/28
RFID
Other Protocols with Strong Functionality, but higherCost: Hopper and Blum (HB), HB+, HB++ protocols asa family, which has used LPN (algorithm) to providestronger security functionality, and Digital LibraryRFID protocol which employs a pre-sharing secretmechanism.
EAPMR Protocol - The idea of this protocol is to giveevery legal reader a unique identifier RID. Formessages send out by tag, reader must subjoin a datasegment containing its RID to them.
-
7/29/2019 RFID Secure or Not?
22/28
RFID
RIPTA-DA Protocol - employs a stochastic dynamicmulti-key mechanism to encrypt the information andintroduces the noise disturbance technology.
XTEA Based Authentication Protocol eXtended TinyEncryption Algorithm, This authentication protocoluses a cipher to encrypt the message and processeshow those messages are handled.
-
7/29/2019 RFID Secure or Not?
23/28
RFID
-
7/29/2019 RFID Secure or Not?
24/28
RFID
FINALLY
The RFID systems has much vulnerabilities that could
be exploited and causes serious harms like data loss,data medication, money loss, identity theft andinterception of communications. On the other hand,wide spread of RFID use keeps increasing in almostevery form you can imagine.
-
7/29/2019 RFID Secure or Not?
25/28
RFID
-
7/29/2019 RFID Secure or Not?
26/28
RFID
-
7/29/2019 RFID Secure or Not?
27/28
RFID
-
7/29/2019 RFID Secure or Not?
28/28
RFID
FINITO
Twitter: @rickyreys
mailto:[email protected]:[email protected]:[email protected]:[email protected]