View
24
Download
0
Category
Preview:
DESCRIPTION
R FID Authentication : M inimizing Tag Computation. CHES2006 Rump Session, Yokohama. Japan 2006. 10. 11. Ph.D. Jin Kwak Kyushu University, JAPAN jkwak@security.re.kr or jkwak@itslab.csce.kyushu-u.ac.jp. Background - Definition of RFID. - PowerPoint PPT Presentation
Citation preview
RRFID Authentication :
Minimizing Tag Computation
RRFID Authentication :
Minimizing Tag Computation
CHES2006 Rump Session,
Yokohama. Japan
2006. 10. 11.
Ph.D. Jin KwakKyushu University, JAPAN
jkwak@security.re.kr
or jkwak@itslab.csce.kyushu-u.ac.jp
2
Background - Definition of RFID
RFID (Radio Frequency Identification) is data carrier technology that transmits information via signal in the radio frequency portion of the electromagnetic spectrum. [GS1 US]
RFID- Radio Frequency Identification
3
Limitation of Current RFID
Storage
Low-cost RFID tag has hundreds of bits-memory - EPC C0/0+, EPC Cl G1, EPC C1G2 tag has tens of bits R/W block - Philips’ UCODE EPC G2 tag has 512 bits of on chip memory
Computation
5¢ RFID tag cannot implement - symmetric key cryptography - public key cryptography - hash operation - random number generation
Security or Efficiency?
Computation or Storage?
4
Assumptions
Limited successivetag queries
The probability that an attacker can successively transmit a Query to targeted RFID tags in different locations before updating the RFID tags’ identification data is very low
Limited interleavingThe mobility of RFID tags and password mechanism restrict the attacker’s ability to perform attack
5
Initial Set-up Process
Tagged Item
0( || )KE ID R 0R 1R
6
Authentication Process(1/2)C
K ey pad
User
RFIDReader
Middleware &
Application
Tagged Item
1. Query
2. ( || )K iE ID R
1 1 2 19. , ( || ) ,i K i i i iR E ID R R R R
3. Password request
InformationServices
DiscoveryServices
1
10.
( || )i
K i
Checking R
then Gaining E ID R
( || )K iE ID R iR 1iR
1( || )K iE ID R 2iR
ID .Info
ID .Info12. Updating
12. Updating
Insecure Communication
Secure Communication
1iR
iR 1iR
2iR 1iR
7
Authentication Process(2/2)
K ey padRFIDReader C
Tagged Itemsfrom Manufacturer k
Manufacturer k
Retailer 1
RFIDReader C
Tagged Itemsfrom Manufacturer 1
Manufacturer 1
Retailer 1
K ey pad
…
Current
Password
New
Password
Item 1
(Made by Manufacturer 1)PWM1 PWR1
Item 2
(Made by Manufacturer 1)PWM1 PWR1
Item n
(Made by Manufacturer k)PWMk PWR1
Item n+1
(Made by Manufacturer k)PWMk PWR1
……
8
Security
C
K ey pad
User
RFIDReader
Middleware &
Application
Tagged Item
1. Query
2. ( || )K iE ID R
1 1 2 19. , ( || ) ,i K i i i iR E ID R R R R
3. Password request4. PW
InformationServices
DiscoveryServices
5. ID 6. URL
7. ID
1
10.
( || )i
K i
Checking R
then Gaining E ID R
( || )K iE ID R iR 1iR
1( || )K iE ID R 2iR
ID .Info
ID .Info12. Updating
12. Updating
Insecure Communication
Secure Communication
1iR
iR 1iR
2iR 1iR
2
11. i
R
1
8. ,
.i
RInfo
Without PW, the attackers
cannot obtain ID
By assumptions, tracking probability is very low
The attackers cannot use the clone without PW
DoS is easily detected
Week anonymity
Strong anonymity
Anti-counterfeiting
Recognizability
9
Efficiency
C
K ey pad
User
RFIDReader
Middleware &
Application
Tagged Item
1. Query
2. ( || )K iE ID R
1 1 2 19. , ( || ) ,i K i i i iR E ID R R R R
3. Password request4. PW
InformationServices
DiscoveryServices
5. ID 6. URL
7. ID
1
10.
( || )i
K i
Checking R
then Gaining E ID R
( || )K iE ID R iR 1iR
1( || )K iE ID R 2iR
ID .Info
ID .Info12. Updating
12. Updating
Insecure Communication
Secure Communication
1iR
iR 1iR
2iR 1iR
2
11. i
R
1
8. ,
.i
RInfo
RFID tag only perform XOR operations
RFID tag needs under 300 bits memory
Low computation
Small storage
10
Thanks …
Please e-mail to jkwak@security.re.kr or jkwak@itslab.csce.kyushu-u.ac.jp
Recommended