View
346
Download
1
Category
Tags:
Preview:
Citation preview
David SIMPLOT-RYLRFID tags and communicating sensors
Security@INRIA13 décembre 2005
RFID Tags and Communicating Sensors: Overview of Security Aspects
David SIMPLOT-RYL
IRCICA/LIFL, Université de Lille 1CNRS UMR 8022, INRIA Futurs, France
http://www.lifl.fr/~simplot simplot@lifl.fr
David SIMPLOT-RYLRFID tags and communicating sensors
Security@INRIA13 décembre 2005
Outline
Introduction
David SIMPLOT-RYLRFID tags and communicating sensors
Security@INRIA13 décembre 2005
RFID Tags
Smart labelsRadio Frequency Identification Tag
By opposition to bar code which use optical principles
A strongly limited component:500 times smaller than a classical microprocessor
Chip with a size of some mm²RFID Tag
Intel Pentium 4
David SIMPLOT-RYLRFID tags and communicating sensors
Security@INRIA13 décembre 2005
Principle
Typically, RFID Tags are passive components: they have no battery!Tag are powered by electromagnetic field generated by reader
Communication from reader device to vicinity tags: amplitude shift keying (ASK)Communication from tags to reader device: impedance shift keying (ISK)
courtesy Intersoft
David SIMPLOT-RYLRFID tags and communicating sensors
Security@INRIA13 décembre 2005
EAS Application
Electronic Article SurveillanceOnce powered, the tag emitsThe reader listen channel and activate alarm as early as transmission is detectedDuring checkout, the tag is burned out
Problem: power and hear the tag whatever the tag orientation
David SIMPLOT-RYLRFID tags and communicating sensors
Security@INRIA13 décembre 2005
Current smart labels
RFID Tag can memorize information
Up to 256 bytes for present generationsRewritable (flash memory)Or not (write once)Can be protected by password
David SIMPLOT-RYLRFID tags and communicating sensors
Security@INRIA13 décembre 2005
Substitute of bar code
Low-cost bar codeless than one cents (€)
High cost for interrogator device
Static information Limited information
~ ten digits (decimal)NB. Systemd that extend bar code capabilities exist (code-barre 2D, etc…)
High-cost tagsTen cents (€)
Lost cost for interrogator device
Dynamic information Significant information
capabilityKilobit order ~ several digit hundreds
David SIMPLOT-RYLRFID tags and communicating sensors
Security@INRIA13 décembre 2005
Substitute of bar code (2)
Provided information concerns a collection of objects and requires centralized system
Security relies on centralized system
Unidirectional optical communication
Direct line of sightHandlingSensitive to dust…
Information relative to the object
Can be completed by centralized system
Security at tag levelFight against falsification
RF communicationNo Line of Sight
David SIMPLOT-RYLRFID tags and communicating sensors
Security@INRIA13 décembre 2005
Substitute of bar code (3)
Item by item scanning Scanning of set of items
Batch identificationNo handling
Fast identification More than 200 tags per
second
courtesy to Mike Marsh
David SIMPLOT-RYLRFID tags and communicating sensors
Security@INRIA13 décembre 2005
Batch identification protocols
Protocol which aims to collect without error all ID or data of tags while minimizing identification time
Collision management (simultaneous transmissions)Avoid tag missing/lostMaximize identification speed
It is MAC layer(medium access)
AlohaCSMA/CD, FDMA, CDMAtoo complex…
Dedicated protocolsSuperTag (Aloha)TIRIS de Texas Instrument (tree based algorithm)I•Code de Phillips (idem)STAC de TagSys/LIFL (adaptive round)
Centralized configurationIntelligence in interrogator device ⇒ simple and low-cost tags
Champ électromagnétique du lecteur
David SIMPLOT-RYLRFID tags and communicating sensors
Security@INRIA13 décembre 2005
Applications
Batch identification
Marathon Automatic clocking in
Automatic luggage sorting
Automatic inventory50 items in less than one second
David SIMPLOT-RYLRFID tags and communicating sensors
Security@INRIA13 décembre 2005
Networking the physical world
RF Tag
Networked Tag Readers
SavantControlSystem
David SIMPLOT-RYLRFID tags and communicating sensors
Security@INRIA13 décembre 2005
More POPS, smaller POPS…
100µm
Courtesy, Alien Technology
* POPS = Portable Objects Proved to be Safe(e.g. smartcards, RFID, sensors, smastdust…)
David SIMPLOT-RYLRFID tags and communicating sensors
Security@INRIA13 décembre 2005
The MIT Auto-ID Center Vision of “the internet of things” Co
urte
sy, A
uto-
ID C
ente
r
David SIMPLOT-RYLRFID tags and communicating sensors
Security@INRIA13 décembre 2005
Auto-ID Center classification
Class V tags Readers. Can power other Class I, II and III tags;
Communicate with Classes IV and V.
Class IV tags: Active tags with
broad-band peer-to-peer communication
Class III tags:semi-passive RFID tags
Class II tags: passive tags with additional
functionality
Class 0/Class I:read-only passive tags
David SIMPLOT-RYLRFID tags and communicating sensors
Security@INRIA13 décembre 2005
Benefits of class IV tags
Decentralized behavior
The request is broadcasted in the whole network by using multi-hop method
Similar to sensor networks Complete population
Reader
Monitoring station
David SIMPLOT-RYLRFID tags and communicating sensors
Security@INRIA13 décembre 2005
Sensor applications
Military applications:(4C’s) Command, control, communications, computingIntelligence, surveillance, reconnaissanceTargeting systems
Health careMonitor patientsAssist disabled patients
Commercial applicationsManaging inventoryMonitoring product quality
Misc.Monitoring disaster areas Home security
David SIMPLOT-RYLRFID tags and communicating sensors
Security@INRIA13 décembre 2005
Sensor Nets for Search and Rescue
Inactive Sensor
David SIMPLOT-RYLRFID tags and communicating sensors
Security@INRIA13 décembre 2005
Sensor Nets for Search and Rescue
David SIMPLOT-RYLRFID tags and communicating sensors
Security@INRIA13 décembre 2005
Sensor Nets for Search and Rescue
Active Sensor
David SIMPLOT-RYLRFID tags and communicating sensors
Security@INRIA13 décembre 2005
Privacy risks
Privacy Risks for Consumers and EnterprisesPrivacy advocates decry the risks of RFID: silent physical tracking of consumers and inventorying of their possessions. For businesses too, RFID introduces new privacy and security risks -- and a whole new dimension to corporate espionage. See CNIL recommendations
David SIMPLOT-RYLRFID tags and communicating sensors
Security@INRIA13 décembre 2005
500 Eurosin wallet
Serial numbers:597387,389473
…
Wigmodel #4456
(cheap polyester)
30 items of lingerie
The Times(paid with Amex card 345882299)
Pack of cigarettes(fourth pack this week)
David SIMPLOT-RYLRFID tags and communicating sensors
Security@INRIA13 décembre 2005
Privacy risks
There are well-known techniques to deal with this issue…My GSM could be identified by any fake BTS
What is the difference with RFID ?
David SIMPLOT-RYLRFID tags and communicating sensors
Security@INRIA13 décembre 2005
Medium is different
“Tree-walking” protocol for identifying RFID tags
000 001 010 011 100 101 110 111
00 01 10 11
0 1
?
David SIMPLOT-RYLRFID tags and communicating sensors
Security@INRIA13 décembre 2005
Low cost RFID tags
David SIMPLOT-RYLRFID tags and communicating sensors
Security@INRIA13 décembre 2005
Trade-off security vs cost
Cost ~ number of transistorsSecurity level ~ effort the pirate has to produce
NB. High similarity between RFID evolution and smartcard history
Security level
Cos
t
Research efforts
David SIMPLOT-RYLRFID tags and communicating sensors
Security@INRIA13 décembre 2005
Tag privacy approaches
DesactivationReactivation problem
Public-key based protocolHeavyweight
User interventionNot user friendly :-)
Blocker tagInterference when identification is needed
Silent tree-walkingJust kidding
One-time identifiersPseudonym tags
David SIMPLOT-RYLRFID tags and communicating sensors
Security@INRIA13 décembre 2005
Tag Authentication
Threats:Cloning and forgery
Approaches:Track and trace Anticipate movements, detect and report frauds Effort on network infrastructure
Challenge-response Heavyweight Tamper resistance is required
Static authentication Cloning is not addressed
Idem with public-key Heavyweight
David SIMPLOT-RYLRFID tags and communicating sensors
Security@INRIA13 décembre 2005
Security on network infrastructure
Threats:Disclosure of information about tagsModificationTraffic analysis, etc.
Challenges:Tag databases potentially need to be available to many parties Suppliers, retailers, consumers, auditors, …
Information about a given tag may be managed in many places, and/or may change hands over timeReader security
Classical challenges in software infrastructure (middleware)!The challenge is the size of the database
David SIMPLOT-RYLRFID tags and communicating sensors
Security@INRIA13 décembre 2005
Localization and positioningExample of DV-hop triangulation:
Base station (position known)Sensors
Security problems in sensor networks (1)
David SIMPLOT-RYLRFID tags and communicating sensors
Security@INRIA13 décembre 2005
Positioning
Room = 10m x 10m
PrecisionHop = ± 43 cm
ν = ± 35 cm
RSS = ± 18 cm
David SIMPLOT-RYLRFID tags and communicating sensors
Security@INRIA13 décembre 2005
Coverage and exposure problemsCoverage problem Quality of service (surveillance) that can be provided by a particular
sensor network Activity scheduling (nodes can sleep while preserving surveillance
surveillance)Exposure problem A measure of how well an object, moving on an arbitrary path, can
be observed by the sensor network over a period of time
Security problems in sensor networks (2)
David SIMPLOT-RYLRFID tags and communicating sensors
Security@INRIA13 décembre 2005
Security problems in sensor networks (3)
Dissemination and data gathering
Flooding is used to build gathering treesBuilding suitable gathering trees is an open questionFlooding is a beaconless protocol but energy consumingData fusion is possible along transmission
bottleneck
David SIMPLOT-RYLRFID tags and communicating sensors
Security@INRIA13 décembre 2005
Security problems in sensor networks (4)
The problem is to detect and isolate misbehavior nodes
Some techniques:Group key managementReputation mechanismVirtual currency to enhance cooperation
David SIMPLOT-RYLRFID tags and communicating sensors
Security@INRIA13 décembre 2005
Conclusion
We can learn a lot from smartcard historyShortcuts are preferred to replay :-)
Privacy/AuthenticationChallenges are in cost/security tradeoffNew authentication protocols?
Middleware issuesGo beyond of simple “re-painting”Performance issues are the important problem
Sensor networksGroup key managementSimilarities with security in ad hoc network (of course)
Operating SystemMobile code (not for now)
David SIMPLOT-RYLRFID tags and communicating sensors
Security@INRIA13 décembre 2005
RFID Tags and Communicating Sensors: Overview of Security Aspects
David SIMPLOT-RYL
IRCICA/LIFL, Université de Lille 1CNRS UMR 8022, INRIA Futurs, France
http://www.lifl.fr/~simplot simplot@lifl.fr
Recommended