rfid : the problems of cloning and counterfeiting
DESCRIPTION
RFID : The Problems of Cloning and Counterfeiting. Ari Juels RSA Laboratories 19 October 2005. RFID devices take many forms. Basic “smart label”. Toll payment plaque. Automobile ignition key. Mobile phone. “RFID” really denotes a spectrum of devices. “74AB8”. “Evian bottle - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/1.jpg)
Ari JuelsRSA Laboratories19 October 2005
RFID: The Problems of
Cloning and Counterfeiting
![Page 2: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/2.jpg)
RFID devices take many forms
![Page 3: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/3.jpg)
“RFID” really denotes a spectrum of devices
Automobile ignition key Mobile phone
Toll paymentplaque
Basic“smart label”
![Page 4: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/4.jpg)
“Smart label” RFID tag
• Passive device – receives power from reader• Range of up to several meters• Simply calls out (unique) name and static data
“74AB8”
“5F8KJ3”
“Evian bottle#949837428”
![Page 5: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/5.jpg)
Capabilities of “smart label” RFID tag• Little memory
– Static 96-bit+ identifier in current ultra-cheap tags– Hundreds of bits soon
• Little computational power– Several thousand gates (mostly for basic functionality)– No real cryptographic functions possible – Pricing pressure may keep it this way for a while, i.e.,
Moore’s Law will have delayed impact
![Page 6: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/6.jpg)
The grand vision:EPC (Electronic Product Code) tags
Barcode EPC tag
Line-of-sight Radio contact
Specifies object type Uniquely specifies object
Fast, automated scanning
Provides pointerto database entryfor every object, i.e., unique, detailed history
![Page 7: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/7.jpg)
Impending explosion in (EPC) RFID use
• EPCglobal– Joint venture of UCC and EAN– Wal-Mart, Procter & Gamble, DoD, etc.– Recently ratified new EPC-tag standard (Class 1 Gen 2)
• Pallet and case tagging first – Item-level retail tagging, automated tills, seem years away
• Estimated costs• 2008: $0.05 per tag; hundreds of dollars per reader (?)• Beyond: $0.01 per tag; several dollars per reader (?)
![Page 8: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/8.jpg)
Other forms of RFID
• Automobile immobilizers
• Payment devices– Currency?
![Page 9: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/9.jpg)
Other forms of RFID
“Not Really Mad”
• Tracking cattle
• Passports
![Page 10: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/10.jpg)
Other forms of RFID
• RFID readers in mobile handsets
Showtimes:16.00, 19.00
• Medical compliance
![Page 11: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/11.jpg)
Wigmodel #4456
(cheap polyester)
Das Kapital and Communist-
party handbook
1500 Eurosin wallet
Serial numbers:597387,389473
…30 items of lingerie
Replacement hipmedical part #459382
The privacy problemBad readers, good tags
Mr. Jones in 2015
![Page 12: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/12.jpg)
1500 Eurosin wallet
Serial numbers:597387,389473
…
Replacement hipmedical part #459382
The authentication problem
Mad-cowhamburgerlunch Counterfeit!
Counterfeit!
Good readers, bad tags
Mr. Jones’s car!
Mr. Jones in 2015
![Page 13: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/13.jpg)
RFID and sensors will underpin critical infrastructure
Authentication therefore has many facets:– Physical security– Consumer goods and pharmaceuticals safety– Transaction security– Brand value
…but it’s getting short shrift
I’ll talk about three different projects on RFID authentication
![Page 14: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/14.jpg)
The Digital Signature Transponder (DST)
Joint work with S. Bono, M. Green, A. Stubblefield, A. Rubin, and M. Szydlo
USENIX Security ‘05
![Page 15: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/15.jpg)
“I’m tag #123”
Car #123
40-bit challenge C
24-bit response R = fK(C)
(simplified)
•Helps secure tens of millions of automobiles•Philips claims more than 90% reduction in car theft thanks to RFID! (TI did at one point.)
•Also used in millions of payment transponders
f
The Digital Signature Transponder (DST)
![Page 16: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/16.jpg)
The Digital Signature Transponder (DST)
“I’m tag #123”
Car #123
40-bit challenge C
24-bit response R = fK(C)
(simplified)
• The key K is only 40 bits in length!
f
![Page 17: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/17.jpg)
The Digital Signature Transponder (DST)
“I’m tag #123”
Car #123
40-bit challenge C
24-bit response R = fK(C)
(simplified)
f
Our aim: Demonstrate security vulnerability by cloning real DSTs
![Page 18: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/18.jpg)
The Digital Signature Transponder (DST)
“I’m tag #123”
Car #123
40-bit challenge C
24-bit response R = fK(C)
(simplified)
f
But what is the cryptographic function f ???
f
![Page 19: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/19.jpg)
Black-box cryptanalysis
C
R = fK(C)f?
key K
Programmable DST
![Page 20: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/20.jpg)
f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15 f16
Routing Network
Routing Network
f17
f18
f19
f20
f21
Challenge register
Key register
400 clocks / 3 cycles
Texas Instruments DST40 cipher (not original schematic)
???
???
???
Not implemented this way!
![Page 21: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/21.jpg)
f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15 f16
Routing Network
Routing Network
f17
f18
f19
f20
f21
Challenge register
Key register
400 clocks / 3 cycles
Texas Instruments DST40 cipher (not original schematic)
???
???
???
Not implemented this way!
f17
f18
f19
f20
f21
![Page 22: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/22.jpg)
Black-box cryptanalysis
![Page 23: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/23.jpg)
One internal wire
Case A
![Page 24: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/24.jpg)
Or two internal wires?
Case B
![Page 25: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/25.jpg)
Black-box cryptanalysis
01
01100000010011001000001
![Page 26: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/26.jpg)
![Page 27: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/27.jpg)
Case A Case B
2 possible values 4 possible values
![Page 28: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/28.jpg)
Same principle applies to more complex structures…
f17
f18
f19
f20
f21
![Page 29: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/29.jpg)
Same principle applies to more complex structures…
![Page 30: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/30.jpg)
Consider two particular input wires…
![Page 31: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/31.jpg)
Or do two inputs go to same box?
Case A
![Page 32: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/32.jpg)
Do two inputs go to different boxes?
Case B
![Page 33: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/33.jpg)
Case A
One internal wire
Case B
Two internal wires
![Page 34: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/34.jpg)
f
Not implemented this way!
???
???
???
![Page 35: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/35.jpg)
The full cloning process
1. Skimming2. Key cracking3. Simulation
![Page 36: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/36.jpg)
Step 1: SkimmingObtain
responses r1,r2
to two challenges,
c1, c2
Takes only1/4 second!
The full cloning processStep 1: Skimming
![Page 37: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/37.jpg)
The full cloning processStep 2: Key cracking
C
Find secret key k such that
r1=fk(c1) and
r2 = fk(c2)
(30 mins. on 16-way parallel cracker;
Faster with Hellman table)
![Page 38: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/38.jpg)
The full cloning processStep 3: Simulation
Simulate radio protocols with computation of
fk
![Page 39: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/39.jpg)
“Human” authentication for RFID tags
Joint work with Steve WeisCrypto ‘05
![Page 40: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/40.jpg)
RFID tags are a little like people
• Very limited memory for numbers• Very limited ability for arithmetic computation
≈
![Page 41: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/41.jpg)
Hopper-Blum (HB) Human Identification Protocol
![Page 42: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/42.jpg)
Secret X Secret X
Challenge A
Response f(X,A)
Hopper-Blum (HB) Human Identification Protocol
![Page 43: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/43.jpg)
Secret X Secret X
Challenge A
R = (X • A) + Nη
modular dot product
noise w.p. η
Hopper-Blum (HB) Human Identification Protocol
![Page 44: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/44.jpg)
HB ProtocolExample, mod 10
X = (3,2,1) X = (3,2,1)
(0, 4, 7)
R = 5 7
![Page 45: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/45.jpg)
Learning Parity in the presence of Noise (LPN)
• Given multiple rounds of protocol, find X (or other equally good secret)– Given q challenge-response pairs (A1,R1)…(Aq,Rq) ,, find X’ such
that Ri = X’ • Ai on at most ηq instances, for constant η > 0– Binary values
• Note that noise is critical!
• LPN is NP-hard – even within approx. of 2• Theoretical and empirical evidence of average-case
hardness• Poly. adversarial advantage in HB protocol → LPN
![Page 46: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/46.jpg)
HB Protocol
X X
C
R
Problem: Not secure against active adversaries!
![Page 47: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/47.jpg)
HB+ Protocol
X,Y X,Y
D
C
(D • Y) + + Nη
R = (C • X)
![Page 48: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/48.jpg)
HB+ Protocol
X,Y X,Y
D
(D • Y) + + Nη
![Page 49: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/49.jpg)
HB+ Protocol
X,Y X,Y
D
C
(D • Y) + + Nη
R = (C • X)
Intuition: • Add extra HB protocol with prover-generated challenge • Adversary effectively cannot choose challenge here
![Page 50: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/50.jpg)
In the paper
• Most of paper elaborates security reduction from HB+ to LPN
• Implementation of algorithm seems very practical – just linear number of ANDs and XORs and a little noise!– Looks like EPC might be amenable, but…
![Page 51: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/51.jpg)
Further work• Security reduction is concrete, but very loose• What concrete security parameters – key length and
communications complexity – yield adequate security?• Limited model: “We win if counterfeiter detected”
– Assume counterfeiter aims to duplicate tag without alerting verifier, i.e., detection model
– Appropriate for centralized verifier (with DoS controls), e.g., prox cards, casino chips, etc.
– Gilbert, Robshaw, and Sibert demonstrate man-in-the-middle attack in stronger prevention model
– Can HB techniques be extended to prevention model?
![Page 52: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/52.jpg)
Addressing Cloning of EPC Tags
WiSe ‘05
![Page 53: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/53.jpg)
Drug tracing / anti-counterfeiting
Inevitable reliance on EPC tags for anti-
counterfeiting
Made in
Canada
• EPC (Class-1 Gen-2) is easy to countefeit: It’s basically just a wireless barcode! • Tight tracking is useful per se in combating counterfeiting, e.g., via duplicate detection• But integrity of tag is needed where data coordination is loose• What can we do today to prevent cloning of EPC tags?• We can use the “kill” feature!
![Page 54: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/54.jpg)
The kill function
Kill PIN K
“morituri te salutamus”
“Kill” + 32-bit PIN K’K = K’
• Only mandatory EPC security feature is for privacy!• Idea: Cause tags on consumer items to self-destruct before they leave shop
![Page 55: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/55.jpg)
The kill function
Kill PIN K
Bad PIN; [Reset]
“Kill” + 32-bit PIN K’K ≠ K’
• “Kill” authenticates reader, but not very useful for tag authentication since it kills tags!
![Page 56: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/56.jpg)
Low signal strength
Kill PIN K
Bad PIN; [Reset]
K ≠ K’ “Kill” + 32-bit PIN K’
![Page 57: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/57.jpg)
Low signal strength
Kill PIN K
• Tag achieves accept/reject function for PINs:– “Good PIN” is accept– “Bad PIN” is reject
Good PIN; insufficient power!
“Kill” + 32-bit PIN K’K = K’
![Page 58: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/58.jpg)
How to authenticate a tagwith low signal strength
Kill PIN K
• If tag accepts K and rejects K’, then tag is good; otherwise bad• Counterfeit EPC tag will fail with high probability• “Intelligent” counterfeit tag succeeds with probability at most ½!
– (Can boost detection probability with more bogus PINs, but expensive)
“Kill” + PIN K
“Kill” + random PIN K’
![Page 59: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/59.jpg)
Implementing this Scheme• Calibrating signal strength from reader would be hard• Manufacturer can exchange privacy kill feature for authentication kill feature
– Just set tag power threshold required for “kill” very high – Tag always thinks signal strength is too low– Still complies with EPC standard, which does not specify power threshold– Does not comply with conformance specifications
• Prob. ½ detection not high for individual clone, but very high for broad supply chain– A little like scheme for detecting fraudulent ballots
• Shortcomings:– Vulnerable to short-range eavesdropping– Limited execution on untrusted readers
• But much better than no authentication!
![Page 60: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/60.jpg)
Conclusions
![Page 61: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/61.jpg)
Welcome to Hell IT Department
Moral 1:Standard crypto modeling fails for cheap RFID
011001010010
![Page 62: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/62.jpg)
Welcome to Hell IT Department
A cheap RFID tag cannot survive here…but worst case often isn’t reality for RFID
011001010010
![Page 63: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/63.jpg)
We need new primitives and flexible modeling• Low-cost tags will probably not be able to do full-blown
crypto for some time– Moore’s Law opposed by pricing pressure…
• Crypto community should not take black and white view, e.g., abandon crypto-challenged tags to wolves (EPC Class-1 type)
• We need new primitives:– E.g., can we build good PRFs with really low gate count, e.g.,
hundreds of gates?• And new modeling:
– What special characteristics do RFID tags present to attackers? • E.g., physical and radio layers
– What security properties can we sacrifice in the real world? • Learning to cut the right corners…
![Page 64: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/64.jpg)
Moral 2“We have not received one reported incident of fraud in the
eight years [the DST] has been used by consumers and we are confident the systems remain secure.”
- Texas Instruments, 10 February 2005
1980: Not one reported incident of a computer virus in the wild1999: Not one reported incident of a major DDoS attack on the Internet
“This year TI will begin ramping [up] production of its 128-bit encrypted RFID chips first introduced in early 2003…”
![Page 65: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/65.jpg)
Moral 2“We have not received one reported incident of fraud in the
eight years [the DST] has been used by consumers and we are confident the systems remain secure.”
- Texas Instruments, 10 February 2005
1980: Not one reported incident of a computer virus in the wild1999: Not one reported incident of a multi-pronged DDoS attack on the Internet
• RFID is a new critical infrastructure in the making• We should learn from the history of the Internet, where phishing, spam, etc. are crippling e-commerce• Security community must promote and address security in RFID systems before problems become costly and pervasive
“This year TI will begin ramping [up] production of its 128-bit encrypted RFID chips first introduced in early 2003…”
![Page 66: RFID : The Problems of Cloning and Counterfeiting](https://reader036.vdocuments.us/reader036/viewer/2022062323/56815cbb550346895dcab9a0/html5/thumbnails/66.jpg)
To learn more
• Primers and current RFID news:– www.rfidjournal.com
• RSA Labs RFID Web site:– www.rsasecurity.com/go/rfid– www.rfid-security.com (unofficial)
• JHU/RSA RFID Web site:– www.rfidanalysis.org
• New survey (and all papers described here) at www.ari-juels.com