security in rfid report
TRANSCRIPT
CmpE 209: Network Ssecurity-Spring’07
Security in RFID
Instructor Prof. Richard Sinn
Submitted byTeam: netsecurity-spring07
Chandra S.shekhar Cheruku(004806582)Haripriya Chintalapati(004684109)
Kokil Bhalerao(003877134)NagaKalyani Padakanti(004723668)
Shveta Shahi(004700151)Vamsi KrishnaAmbati(004898076)
Date Submitted: 03/06/2007
TABLE OF CONTENT S
1. INTRODUCTION ...................................................................................2
1.1 RFID ARCHITECTURE ........................................................................2
2. RFID ISSUE: ..........................................................................................3
2.1 TRACKING & SPYING .......................................................................3
2.2 TAG CLONING: ....................................................................................5
2.3 REPLAY ATTACK ................................................................................5
3. SOLUTIONS TO SECURITY ISSUES ..................................................5
3.1 KILL TAG ...............................................................................................5
3.2 BLOCKER TAG .....................................................................................5
3.3 AUTHENTICATION PROTOCOL ......................................................5
3.3.1 ADVANTAGES OF AUTHENTICATION PROTOCOL ...............6
4. Conclusion ...................................................................................................6
1. INTRODUCTION ............................................................................................................. 2 2.1. RFID SYSTEM COMPONENTS ......................................................................................................................................... 2
2.1.1 Tags .........................................................................................................................................................................22.1.2 Readers ....................................................................................................................................................................22.1.3 Back-end database ..................................................................................................................................................23. RFID Applications .......................................................................................................................................................24. Challenges ....................................................................................................................................................................34.1. Physical challenges ...................................................................................................................................................3Some examples of physical challenges are listed in table below. ....................................................................................34.2. Technical challenges .................................................................................................................................................35.RFID Issues ..................................................................................................................................................................35.1. User Privacy .............................................................................................................................................................35.23Tag Cloning ...............................................................................................................................................................35.3.Virus Injection ............................................................................................................................................................45.4. Denial of service .......................................................................................................................................................45.5 Replay Attack .............................................................................................................................................................46. Solutions to security issues ..........................................................................................................................................46.1 Kill Tag Approach ......................................................................................................................................................46.2. Smart RFID Tag ........................................................................................................................................................5
1
6.2.1. Randomization Hash Lock .....................................................................................................................................56.2.2. The re-encryption approach ...................................................................................................................................56.2.3. Silent Tree-Walking ................................................................................................................................................66.3 Blocker Tag ................................................................................................................................................................66.5 Digital Signature Transponder .................................................................................................................................66.6 Authentication Protocol ............................................................................................................................................7 ..........................................................................................................................................................................................76.6.1. Simplified Authentication protocol .......................................................................................................................7
...............................7
1. INTRODUCTION ...............................................................................................................................................................2
1.1. RFID SYSTEM COMPONENTS ......................................................................................................................................... 2 1.2. RFID SYSTEM WORKING ............................................................................................................................................... 2
2. RFID APPLICATIONS ......................................................................................................................................................2
3. CHALLENGES ....................................................................................................................................................................2
3.1. PHYSICAL CHALLENGES ................................................................................................................................................. 2 3.2. TECHNICAL CHALLENGES ............................................................................................................................................... 3
4. ................................................................................................................................................................................................3
RFID ISSUES ...........................................................................................................................................................................3
4.1. USER PRIVACY ............................................................................................................................................................... 3 4.2. ......................................................................................................................................................................................... 3 TAG CLONING ........................................................................................................................................................................ 3 4.3. VIRUS INJECTION ............................................................................................................................................................ 3 4.4. DENIAL OF SERVICE ........................................................................................................................................................ 3 4.5 REPLAY ATTACK ............................................................................................................................................................. 4
5. SOLUTIONS TO SECURITY ISSUES .............................................................................................................................4
5.1 KILL TAG APPROACH ...................................................................................................................................................... 4 5.2. SMART RFID TAG .......................................................................................................................................................... 4
5.2.1. Randomization Hash Lock ...................................................................................................................................45 .3 BLOCKER TAG ................................................................................................................................................................. 5 5. 4 DIGITAL SIGNATURE TRANSPONDER .............................................................................................................................. 5 5. 5. AUTHENTICATION PROTOCOL ....................................................................................................................................... 6
5.5.1. Simplified Authentication protocol .......................................................................................................................65.5.2. Enhanced Authentication protocol .........................................................................................................................7
6. CONCLUSION ....................................................................................................................................................................7
7. References .............................................................................................................................................................................8
2
3
1. Introduction
Radio Frequency Identification (RFID) is an automatic identification method, relying on storing and remotely retrieving data using devices called RFID tags. An RFID tag is a small inexpensive chip that can be used for identification using radio frequency and can be read several meters away. RFID has several uses ranging from supply chain to library to transportation channels and many more.
There is no doubt that RFID is a part of present and will remain a major part of future; however, there is considerable amount of risk associated with naively using RFID tags for several applications.Tracking,spying,and tag cloning ,…..are some of the security issues related to RFID which needs to be addressed before RFID can be fully harnessed. This report focuses on some of the security issues and measures to tackle those issues.
21.1. RFID System Components
RFID systems are composed of three key components:
RFID tags known as transponder, carries object identifying data.
RFID tag reader known as transceiver, which reads and writes tag data.
Back-end database which stores records associated with tag contents
2.1.1 Tags:
Every item/object that has to be tracked or identified in a RFID system is labeled with a tag. Each tag consists of a microchip for storage and computation, and an antenna coil for communication.
4
Tag memory may be read-only, write-once read many or fully rewritable. Two basic kinds of tags are Active and Passive tags. While active tags have their own power source, the passive tags rely on the reader for power and cannot initiate Readers: As the name suggests interrogate tags for their data through an RF interface.
Back-end database: The back-end database contains records associated with tag contents.
1.2. RFID System Working
As discussed in previous section RFID tags are ‘interrogated’ by RFID reader. The reader will generate a radio frequency signal that communicated with the tag. The reader has a receiver that senses the reply signal from the tag, and then decodes that signal. The reply from the tag is actually the tag’s data content. All the information associated with the tag contents reside in the back-end data base.Every object to be identified in an RFID system is physically labeled with a tag. Tags aretypically composed of a microchip for storage and computation, and a coupling element,such as an antenna coil for communication. Tags may also contain a contact pad, as foundin smart cards. Tag memory may be read-only, write-once read-many or fully rewritable.A key classification of RFID tags is the source of power. Tags may come in threeflavors: active, semi-passive and passive. Active tags contain an on-board power source,such as a battery, as well as the ability to initiate their own communications; possibly withother tags. Semi-passive tags have a battery, but may only respond to incoming transmissions.Passive tags receive all power from the reader and necessarily cannot initiate anycommunications.17
2. RFID Applications
5
RFID finds its usage in diversified field. Through RFID it’s possible to track inventory on retail shelves and efficient restocking of goods, tracking of children in theme parks, tracking cattle, and more reliable tracking or trailing of airline baggage. Automated traffic and parking management, evacuation management, food tracking and safety at transport and at storage are yet some more areas where RFID is deployed.
3. Challenges
3.1. Physical challenges
Some examples of physical challenges are listed in table below..
Reader Collision Occurs when multiple readers in a warehouse attempt to read the same tag at the same time.
Tag Collision Occurs when one reader receives signals that have reflected back from multiple tags at the same time. This confuses the reader because it cannot distinguish between the tags
Signal Interference and Noise
Occurs when ambient warehouse conditions distort the electromagnetic signals sent by the tag and/or reader.
3.2. Technical challenges
Some technical challenges with RFID are security issues (which is covered later on in this report), integration with existing enterprise systems or legacy system, interoperability and standardization.
4.
RFID Issuesssue:
24.1. User Privacy
RFID tags are very small and can be embedded easily in any product that consumers may not even know when they are carrying themcarry without any . knowledge. This can be a big hindrance into the privacy of consumers. There are several policies and guidelines for using RFID information but consumers have no easy way of knowing when the policies are adhered and when it is breached. Security concerns related to user privacy are:…
6
1. Products1. Products labeled with insecure tags may reveal sensitive information. 2. Location Privacy violation which may lead to tracking of individual tags they carry2. LLocation Privacy violation which may lead to tracking of individual by the tags they carry.
Tracking & Spying
24.2. Many Companies are trying to use RFID chips/ sensors in tracking their users, these chips can also be used as spy agents. RFID tag ID’s which is unique for every product can act as a identifier of each individual user. Using wireless and RFID, it can be possible, to locate the users and their each move.
“Gillette has been caught hiding tiny RFID surveillance chips in the packaging of its shaving products. These tiny, high tech spy tags are being used to trigger photo taking of unsuspecting customers!” [1].
The data stored on RFID can be tracked from any where(Airports, grocery stores, car, home etc) even with its short range frequency radiation, Sybase’s ianywhere[2] supports Enabling intelligent, event-driven RFID and sensor networks. This is capable of creating a network of RFID hardware, environmental sensors, location tracking systems and other devices that enables process automation and efficient network operation, including advanced, built-in capabilities such as RFID reader coordination through time slicing and GPIO. It simplifies the integration of sensor data into enterprise systems, including concurrent feeds into multiple existing applications. The advanced underlying architecture of wireless networks enables business logic or support for new hardware to be easily added to an existing system [3, 4]. A similar solution is Rapid Inventory[4] which can generate web based reports and alerts, see [figure1].
7
Figure 1: From Assetpulse.com [4]
This technology helps organizations in their business needs and in bringing value products into market. But looking at the security aspect of this solution, this technology can be used not only to track the products, their location etc, but also track and spy people. This data can be hacked based on the vulnerabilities of both RFID and wireless networks. If a hacker can hack the information between sensor networks and edge server[3], the
Even if on throwing them away, the RFID chips will survive. The phone company BelSouth Corp. had applied for a patent on a system for scanning RFID tags in trash, and using the data to study the shopping patterns of individual consumers.
EPC Global of Lawrenceville, N.J.,, the nonprofit organization that sets technical standards for RFID systems, has a code of ethics that requires notifying consumers about the presence of RFID tags. The group also recognizes the right of consumers to deactivate RFID tags, and is working to develop systems to make this easy [5].
Tracking (which may be because of eavesdropping) also creates privacy issues in library that uses RFID since there are no read access control or read passwords.
Static identifiers (these identifiers are sent by the tag in response to a query generated by a nearby reader) can be used to track or hotlist books. Book tracking can be done by correlating multiple observation of the book’s RFID tag. It may not be possible to know the title and author of the book unless the bibliographic data is available; however, the static identifier can still be used to track the book’s movement .Combined with video surveillance and other mechanisms it is easy to track the reading, viewing, and listening habits of different people.
In hotlisting any malicious person can have a ‘hotlist’ of books which he wishes to identify. Now for accomplishing this task ,the malicious person might visit library and read RFID tags on various books, to determine if these tags match any of those on the ‘hotlist’.In current library RFID architectures, each item in a library has a static tag which never changes over the item’s life time, which makes hot listing possible. Hotlisting can be baffling because it allows an adversary to gather information about an individual’s reading habits without a court order. “For another example, readers could be set up at the entrance to stores and used to
8
tailor patron experience or target marketing; these readers would look almost identical to the anti-theft gates used today.”
Tag Cloning:
Security concerns revolve around the ability to spoof tags to overwrite the data in tags, overwrite the tagthe tag ID or sniff/modify data while it's in transit through the air. These concerns are alleviated by controlling the physical environment so that unauthorized users can't access the tags. Controlling the physical environment is easy in closed-loop situations. But in open-loop situations such as a supply chain, the tags are typically moved along with the products all through the supply chain, requiring higher levels of security.
Security concerns with tag cloning are:…1. One of the major concerns related to tag cloning is that an attacker can replace the tag for an expensive item with the tag of cheaper one.2. Another concern is that an attacker can replace the item from the shelf and install a
replacement tag which can continue authenticating itself and in this way attacker can fool the system into believing that item is still there on shelf.
3. In case of library books using RFID tags it is possible switching two book’s RFID data or changing the security status of the tags.
24.3. vVirus iInjection
While the data in the tag is in transit from tag to reader an attacker can inject virus into it. Virus in the tag can in turn infect the database
Security concerns with virus injection are:1. Tags scanned after the database is infected can also be infected with the virus.2. A malicious activity like dropping database tables is possible.
4.4Denial. Denial of service
RFID systems only work when RFID tags and database are available. If the RFID tags are removed or database is flooded with useless data then it will lead to denial of service attack.
Security concerns with denial of service are::1. Thieves could remove tags or put in foil-lined booster bag that will block RFID reader’s
request and temporarily deactivate the tag.2. An attacker could attach RFID on other items causing RFID system to record useless data
which will flood an RFID system with more data then it can handle.
9
24.53 Replay Attack
In a In replay attack, a valid RFID signal is intercepted and its data is recorded, this data can later be ttransmitted to a reader where it is "played back." Because the data appears valid, the system accepts it.SecurityIt. Security concerns with replay attacks is:
1. RFID passports have signed biometric stored in RFID chip. When there is read request it just return the stored value. This signal can be captured and a device can be made to replay the same signal which may seem to come from valid RFID passport.
35. Solutions to security issues35.1 Kill Tag Approach: This is one of the straightforward approaches used to protect the consumer privacy by killing the RFID tag of the product before it is given to customers. And when a tag is dead, it cannot be reactivated again. The AutoID Center proposed the standard mode of operation where the tags are killed after the purchase of the tagged product. According to their tag design, a special ‘kill’ command is sent to kill the tag.For instance, a supermarket might use RFID tags to facilitate inventory management. However, in order to protect the consumer privacy, the RFID tag is killed by the checkout clerk before the product is given to customer. Advantage:By deactivating the tag, the customer details cannot be traced by malicious readers and hence their privacy is protected.Disadvantage:The kill approach is undesirable in many environments. Moreover, many applications require that the tag should be active while in consumer’s possession and hence cannot be killed upon purchase. The following are the few scenarios that require tag to be active even after purchase:
Stores may wish the products to have tags active when the products are returned as defective Products need to be scan able so that they can be categorized for recycling purposes. The embedded RFID tag receipts issued by stores are needed to confirm the purchase details
when the product is returned.Hence ‘Kill-tag on purchase’ is not a satisfactory solution.
10
This is one of the straightforward approachapproaches used to protect the consumer privacy by killing the RFID tag of the product before it is given to customers. And when a tag is dead, it cannot be reactivated again. The AutoID Center proposed the standard mode of operation where the tags are killed after the purchase of the tagged product. According to their tag design, a special ‘kill’ command is sent to kill the tag.
For instance, a supermarket might use RFID tags to facilitate inventory management. However, in order to protect the consumer privacy, the RFID tag is killed by the checkout clerk before the product is given to customer.
Advantage:
By deactivating the tag, the customer details cannot be traced by malicious readers and hence their privacy is protected.
Disadvantage:
The kill approach is undesirable in many environments. Moreover, many applications require that the tag should be active while in consumer’s possession and hence cannot be killed upon purchase. The following are the few scenarios that require tag to be active even after purchase:
Stores may wish the products to have tags active when the products are returned as defective
Products need to be scannablescan able so that they can be categorized for recycling purposes.
The embedded RFID tag receipts issued by stores isreceipts issued by stores are needed to confirm the purchase details when the product is returned.
Hence ‘Kill-tag on purchase’ is not a satisfactory solution.
Kill tag
11
35.2. Smart RFID Tag
In this approach, the RFID tag acts smarter to protect the consumer privacy and they remain active unlike the kill tag approach. This approach uses cryptographic methods to protect the privacy. The following is the instance of the smart RFID tag approach…
5.2.1. Randomization Hash Lock
Here, tags are equipped with a one-way hash function and a random number generator. An unlocked tag can be locked with a simple instruction from reader. However, in order to unlock a locked tag, a reader first sends a simple query. Then, the tags generate a nonce R chosen at random and hashes this nonce concatenated with its ID. Finally, the tag sends the reader both the nonce and the hash output, i.e. (R, h (ID || R)). When a legitimate reader receives the pair (R, h(ID,R)), it performs a brute-force search on all its known ID’s by hashing each ID concatenated with nonce R until it finds a match. When a reader finds a match, it can unlock the tag by sending the ID value. The following algorithm shows the randomization hash lock disable protocol:
1. Reader R queries Tag T.2. T generates a random nonce R and computes hash (ID||R).3. T sends (R, hash(ID||R) to R4. R computes hash(IDi || R) for all its known IDi values.5. If R finds a match such that hash(IDj ||R) == hash(ID || R), R sends IDj to T.6. T unlocks itself if it receives IDj ==ID.
Advantage: This approach addresses the problem of tracking all tags using its metaID. It is more feasible for the readers with less number of tags.
Disadvantages: This approach is impractical for owners of huge number of tags as it should calculate hash (ID ||R) for its entire ID’s. Moreover, this is not a robust approach. In this approach, the RFID tag acts smarter to protect the consumer privacy and they remain active unlike the kill tag approach. This approach uses cryptographic methods to protect the privacy. The following are the three instances of the smart RFID tag approach that have been proposed:
i. The ‘Hash-Lock’ Approach: Hash locks are a simple access control mechanism based on one-way hash functions. Each hash-enabled tag has a portion of memory to store a temporary metaID of the tag. In this approach, a tag owner locks tag by selecting a random key and then computing the hash value of the key which is designated as metaID. Then, the tag owner will store the metaID on the tag and toggle it into locked state. Upon receiving the metaID, the tag enters into locked state. While a tag is locked, it can reply to all queries with only its metaID and offers no other functionalities. The following is the protocol for locking a hash lock:
1. Reader R selects a random key and computes metaID = hash(key)2. R writes metaID to tag T3. T enters the locked state4. R stores the pair(metaID, key) locally
In order to unlock a tag, the tag owner first queries the metaID from the tag and using this value, it looks up for the corresponding key value in the database. Then, the owner transmits the key value to the tag which hashes the key value and compares it with tag’s metaID. If the value matches,
12
then the tag unlocks itself and offers its functionalities to nearby readers. The following protocol shows how to unlock a hash lock:1. Reader R queries Tag T for its metaID.2. R looks up (metaID, key) locally.3. R sends key to T4. If (hash (key)) == metaID), T unlocks itself.
Advantages:1. This approach prevents unauthorized readers from reading tag contents because inverting a
one-way hash function is difficult. 2. This approach may be economical as it only requires implementing a hash function on the tag
and managing keys at the back-end.
Disadvantages:This approach allows the reader to keep track of tags using their meta-ID’s defeating their whole purpose. Randomization technique in computing the hash function is used to solve this problem.
ii.5.2.1. Randomization Hash Lock:Here, tags are equipped with a one-way hash function and a random number generator. An unlocked tag can be locked with a simple instruction from reader. However, in order to unlock a locked tag, a reader first sends a simple query. Then, the tags generatestags generate a nonce R chosen at random and hashes this nonce concatenated with its ID. Finally, the tag sends the reader both the nonce and the hash output, i.e. (R, h (ID || R)). When a legitimate reader receives the pair (R, h(ID,R)), it performs a brute-force search on all its known ID’s by hashing each ID concatenated with nonce R until it finds a match. When a reader finds a match, it can unlock the tag by sending the ID value. The following algorithm shows the randomization hash lock disable protocol:Reader R queries Tag T.T generates a random nonce R and computes hash(hash (ID||R).T sends (R, hash(ID||R) to RR computes hash(IDi || R) for all its known IDi values.If R finds a match such that hash(IDj ||R) == hash(ID || R), R sends IDj to T.T unlocks itself if it receives IDj ==ID.
Advantage: This approach addresses the problem of tracking all tags using its metaID. It is more feasible for the readers with less number of tags.
Disadvantages: This approach is impractical for owners of huge number of tags as it should calculate hash(hash (ID ||R) for all itsits entire ID’s. Moreover, this is not a robust approach.
iii. The re-encryption approach: This approach addresses the privacy implications of banknotes that are embedded with RFID-tags. Here, the banknote tag serial numbers are encrypted with a law-enforcement public key. Also, the resulting cipher text is periodically re-encrypted to reduce the linkability of different appearances of a given tag. The re-encryption is performed by external computing agents like privacy-enhancing stations in stores because of the restricted computing resources of RFID tags. This mechanism performed by the external agents is verified when banknotes are handled in stores and banks. Disadvantages: The provision of infrastructure for re-encryption agents and optical verifiers would be burdensome.
13
iv. Silent Tree-Walking: This approach addresses the eavesdropping issue where they are able to hear the signals broadcasted by the tag reader which can be picked even from many hundreds of meters away. Hence, the signals transmitted by the reader are encrypted so that a passive eavesdropper cannot infer the tag ID’s being read by the reader.
Disadvantage:The smart RFID tag approaches are very challenging to design given the cost constraints on the RFID tag. These approaches are not economically practical.
35.3 Blocker Tag:
RSA security proposed blocker tags for protecting privacy while enabling customers and business to get the benefits from RFID tags. A blocker tag prevents RFID tags from being read. RFID readers can read one tag at a time. And if more than one tag responses at a time, then the reader will unable to decipher the radio waves reflected back by the tags simultaneously. An anti-collision protocol is developed to enable the reader to do singulation i.e. it allows the reader to communicate with one tag at a time rapidly. However, the blocker tag essentially confuses the reader by always responding and thereby preventing any tags from being read. It creates a collision every time the reader tries to do singulation. Hence, every single identifier in the world is present from the reader’s view. The blocker tags work much similar like passive RFID tags but cost a little more since these tags need two antennas to transmit two bits simultaneously. The other benefit of blocker tags is that it offers more control and flexibility. The following examples demonstrate the use of blocker tag:1. The retailers offer the customers with shopping bags embedded with blocker tags. Instead of killing the tag on a purchased item at checkout, the retailer could flip a single bit on the item. Then, all the check out tags would have a serial number that starts with one. And, when the items are placed in the bag, the blocker tag would block readers from reading any tags that start with a one. In this way, no one can discover the contents of the bag.Advantage: This approach is simple, and its application is inexpensive and effective.Disadvantage: Since the blocker tags are designed to block the actual tags from malicious readers, the adversary may take advantage of this and use these tags as malicious tools. RSA security proposed blocker tags for protecting privacy while enabling customers and business to get the benefits from RFID tags. A blocker tag prevents RFID tags from being read. RFID readers can read one tag at a time. And if more than one tag responses at a time, then the reader will unable to decipher the radio waves reflected back by the tags simultaneously. An anti-collision protocol is developed to enable the reader to do singulation i.e. iit allows the reader to communicate with one tag at a time rapidly.
However, the blocker tag essentially confuses the reader by always responding and thereby preventing any tags from being read. It creates a collision every time the reader tries to do singulation. Hence, every single identifier in the world is present from the reader’s view. The blocker tags work much similar like passive RFID tags but cost a little more since these tags need two antennas to transmit two bits simultaneously. The other benefit of blocker tags is that it offers more control and flexibility.
The following examples demonstrate the use of blocker tag:
14
1. The retailers offer the customers with shopping bags embedded with blocker tags. Instead of killing the tag on a purchased item at checkout, the retailer could flip a single bit on the item. Then, all the check out tags would have a serial number that starts with one. And, when the items are placed in the bag, the blocker tag would prevent readers from reading any tags that start with a one. In this way, no one can discover the contents of the bag.2. The blocker tag can be used to block all tags with a certain prefix. For instance, consumers might want to keep tags active in their clothes, but prevent any malicious reader from reading the tags in their clothes. So, they might change the prefix on all tags in their clothes and carry a blocker tag with them.
Advantage: This approach is simple, and its application is inexpensive and effective.Disadvantage: Since the blocker tags are designed to block the actual tags from malicious readers, the adversary may take advantage of this and use these tags as malicious tools.
3.5. 54 Digital Signature Transponder:
The DST is a RFID device, embedded with cryptography mechanism, used in wireless authentication applications. It acts as a passive transponder and uses a block cipher to implement a challenge-response authentication. Every DST tag contains a non-volatile RAM to store a 40-bit encryption key which is used to encrypt a 40-bit challenge sent by the reader producing a 40-bit cipher text. This 40-bit cipher text is truncated to produce a 24-bit response because each transponder is factory provisioned with a 24-bit number and this value is fixed and cannot be altered. The DST tag now transmits the 24-bit response to the reader. The reader also enciphers the challenge that it sent to the tag using the encryption key and computes the expected result from the tag.
The DST is a RFID device, embedded with cryptography mechanism, used in wireless authentication applications. It acts as a passive transponder and uses a block cipher to implement a challenge-response authentication. Every DST tag contains a non-volatile RAM to store a 40-bit encryption key which is used to encrypt a 40-bit challenge sent by the reader producing a 40-bit cipher text. This 40-bit cipher text is truncated to produce a 24-bit response because each transponder is factory provisioned with a 24-bit number and this value is fixed and cannot be altered. The DST tag now transmits the 24-bit response to the reader. The reader also enciphers the challenge that it sent to the tag using the encryption key and computes the expected result from the tag. It then compares the computed challenge with the tag response. In this way, authentication takes place between a tag and the reader.
Blocker tag
3.5. 65.3 Authentication Protocol
There are two versions of Authentication protocol first is Simplified Authentication pro-tocol and the second is Enhanced Authentication protocol. Both the protocols version depends on shared secret between tag and the reader. This shared secret is ID of the tag, but we will use hash value
15
of ID to identify and search the tag. The value of ID, changes after every read query which protects it against tag cloning, eavesdropping, spoofing and replay attack.
5.5.1Simplified. Simplified Authentication protocol
In simplified authentication protocol the reader authenticates the tag to check if it’s a valid tag or not. The protocol works as follows:
The reader sends a request to the tag.Tag generates a new nonce and sends h(h (IDi), N, hIDi (N )N) where h(h (IDi) is hash of ID associated with the tag after ith read attempt, hIDi (N )N) is the hash of nonce using IDi as the key. The reader for-wards this message to the data base which searches for IDi based on h(h (IDi). Based on the ID value it computes hIDi (N) to authenticate the tag. After authentication is successful database generates a new ID, tag also does the same computation to generate next ID. After generation of new ID it deletes old ID and N values.
Strength of Simplified Authentication Protocol This protocol provides protection against tracking, tag cloning and it also provides forward security.
Weakness of Simplified Authentication Protocol
Replay Attack: Attacker can replay a message containing an ID that never used before, and it can appear as valid tag to the reader.Database De-synchronization: Attacker can send a read request to the tag which will force tag to refresh its ID and it will get desynchronized with the database.
5.5.2Enhanced. Enhanced Authentication protocol
Enhanced Authentication protocol involves an extra step as compared to simplified protocol. This extra step allows the tag to disregard any queries made by unauthorized readers. There is 2- way authentication in this protocol, tags is authenticated by reader and the reader is authenticated by the tag. An implicit assumption we make here is that the channel between the reader and the database is a secure one. The protocol works as follows:
Request
h(IDi), N, hIDi (N)
T R
16
1. Request is sent by the reader. The reader also transmits a nonce NR.2. The tag generates a new nonce identifier NT and sends back h(IDi), NT and hIDi (NT, NR) to the
reader which then forwards these values to the backend database. The database authenticates the tag and if everything checks out, it computes the new identity, IDi+1. The reader has to forward the nonce NR to the database as otherwise it won’t be able to compute and compare the MAC hIDi
(NT, NR) .).3. The back-end database constructs the message hIDi+1 (NT, NR) using the new key IDi+1. It then
sends this message to the reader who forwards it to the tag. Upon reception, the tag generates the new key on its own and computes the value hIDi+1 (NT, NR) .If the value received is the same as the value computed, it accepts the response as authentic and only then it deletes the old key IDi and the nonce NT from its memory. Otherwise, it rejects the answer and keeps the old key IDi.
Strength of Enhanced Authentication Protocol
1. Tag cannot be attacked because if attacker is masquerading as reader then he will not know the shared secret which is ID of the tag.
2. Reader cannot be attacked because of the shared secret. Which protects against replay and database de-synchronization attack.
3. The communication between tag and reader cannot be attacked because of one-wayness of hash.
4. User privacy cannot be attacked because no identity is released by the tag.5. Location privacy cannot be attacked because ID value changes with every read.
3.3 Authentication protocolA protocol in which there is both way authentication tag is authenticated by reader and the reader is authenticated by the tag. This step of tag authenticating the reader essentially allows the tag to disregard any queries made by unauthorized readers. The protocol works as follows:
Request, NR
h(IDi), NT, hIDi (NT,NR)
hIDi+1 (NT,NR)
T R
17
1. Request is sent by the reader. The reader also transmits a nonce NR.
2. The tag generates a new nonce identifier NT and sends back h(IDi), NT and hIDi (NT, NR) to the reader which then forwards these values to the backend database. The database authenticates the tag and if everything checks out, it computes the new identity, IDi+1. The reader has to forward the nonce NR to the database as otherwise it won’t be able to compute and compare the MAC hIDi (NT, NR) .An implicit assumption we make here is that the channel between the reader and the database is a secure one.
3. The back-end database constructs the message hIDi+1 (NT, NR) using the new key IDi+1. It then sends this message to the reader who forwards it to the tag. Upon reception, the tag generates the new key on its own and computes the value hIDi+1 (NT, NR) .If the value received is the same as the value computed, it accepts the response as authentic and only then it deletes the old key IDi and the nonce NT from its memory. Otherwise, it rejects the answer and keeps the old key IDi.
3.3.1 Advantages of Authentication Protocol1.
4. Conclusion3.3 Authentication Protocol
A protocol in which there is both way authentication tags is authenticated by reader and the reader is authenticated by the tag. There are two versions of Authentication protocol first is Simplified Authentication protocol and the second is Enhanced Authentication protocol. Both the protocols version depends on shared secret between tag and the reader. This shared secret is ID of the tag, but we will use hash value of ID to identify and search the tag. The value of ID changes after every read query which protects it against tag cloning, eavesdropping, spoofing and replay attack
Simplified Authentication protocol
The protocol works as follows:
Request, NR
h(h (IDi), NT, hIDi (NT,NR, NR)
hIDi+1 (NT,NR)
T R
18
1. The reader sends a request to the tag.2. Tag generates a new nonce and sends h(IDi), N, hIDi (N ) where h(IDi) is hash of ID associated with
the tag after ith read attempt, hIDi (N ) is the hash of nonce using IDi as the key. The reader forwards this message to the data base which searches for IDi based on h(ID i). Based on the ID value it computes hIDi (N) to authenticate the tag. After authentication is successful database generates a new ID, tag also does the same computation to generate next ID.
3. Strength of Authentication Protocol This protocol provides protection against tracking, tag cloning and it also provides forward security.Weakness of Authentication ProtocolReplay Attack: Attacker can replay a message containing an ID that never used before, and it can appear as valid tag to the reader.Database Desynchronization: Attacker can send a read request to the tag which will force tag to refresh its ID and it will get desynchronized with the database.
i. Enhanced Authentication protocolii.
iii. Enhanced Authentication protocol involves an extra step as compared to simplified protocol. This extra step allows the tag to disregard any queries made by unauthorized readers. The protocol works as follows:
iv.
Request
h(IDi), N, hIDi (N)
T R
Request, NR
h(IDi), NT, hIDi (NT,NR)
hIDi+1 (NT,NR)
T R
19
1. Request is sent by the reader. The reader also transmits a nonce NR.
2. The tag generates a new nonce identifier NT and sends back h(IDi), NT and hIDi (NT, NR) to the reader which then forwards these values to the backend database. The database authenticates the tag and if everything checks out, it computes the new identity, IDi+1. The reader has to forward the nonce NR to the database as otherwise it won’t be able to compute and compare the MAC hIDi (NT, NR) .An implicit assumption we make here is that the channel between the reader and the database is a secure one.
3. The back-end database constructs the message hIDi+1 (NT, NR) using the new key IDi+1. It then sends this message to the reader who forwards it to the tag. Upon reception, the tag generates the new key on its own and computes the value hIDi+1 (NT, NR) .If the value received is the same as the value computed, it accepts the response as authentic and only then it deletes the old key IDi and the nonce NT from its memory. Otherwise, it rejects the answer and keeps the old key IDi.
Strength of Authentication Protocol
This is enhancement over simplified authentication protocol. It takes care of replay attack and database desynchronization.
6. ConclusionRFID is a critical infrastructure in making. It definitely has some security issues that need to be ad-dressed .We need new primitives and flexible modeling to resolve the security problems associated with RFID before these problems become costly and pervasive.RFID definitely has some security issues that need to be addressed . In our report we tried to identify major security issues associated with RFID and their solutions. According to latest report from Texas Instruments there is no fraud reported with DST approach in last eight years. But with DST approach only tag is authenticated by the reader. However in enhanced authentication prototocol both reader and tag are authenticated by each other. It is most secure solution and until now we didn’t identify any weakness associated with this protocol…
7. References
[1]. “What is RFID” http://en.wikipedia.org/wiki/RFID [2]. “Understanding RFID Challenges and Risks” http://www.deloitte.com/dtt/cda/doc/content/RFID_NAW.pdf[3]. “RFID Privacy and security” http://www.rsa.com/rsalabs/node.asp?id=2115[4]. Tassos Dimitriou “A Lightweight RFID Protocol to protect against Traceability and Cloning attacks” http://ieeexplore.ieee.org.libaccess.sjlibrary.org/iel5/10695/33755/01607559.pdf?tp=&arnumber=1607559&isnumber=33755[5]. http://www.rfidjournal.com/article/articleview/549/1/1/[6]. http://en.wikipedia.org/wiki/Digital_Signature_Transponder[7]. Stephens August Weis, " Security and Privacy in Radio-Frequency Identification Devices"
20
[8]. Ari Juels and Ronald L. Rivest and Michael Szydlo, "The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy
1. “What is RFID” http://en.wikipedia.org/wiki/RFID 2. “Understanding RFID Challenges and Risks” http://www.deloitte.com/dtt/cda/doc/content/RFID_NAW.pdf3. “RFID Privacy and security” http://www.rsa.com/rsalabs/node.asp?id=2115
21