©2006 Sanjay Sarma RFID and Security Sanjay Sarma MIT and CTO of OATSystems

©2006 Sanjay Sarma

RFID and Security

Sanjay SarmaMIT and CTO of OATSystems

2 ©2005 OATSystems©2006 Sanjay Sarma

Everything is different with RFID

Power is limitedCost is an issueBandwidth is limitedMemory is a premiumData is fast but… fallibleTag connectivity is sporadicThe range of applications is largeThe range of related technologies is huge


History (See “Shrouds of Time The history of RFID,” Landt 2001)

1948: Backscatter– Stockman, H. "Communication by Means of Reflected Power",

Proceedings of the IRE, pp1196-1204, October 1948. 1974: Automotive license plates– Sterzer, F., "An electronic license plate for motor vehicles", RCA

Review, 1974, 35, (2) pp 167-175 1998: DISC, Auto-ID Center founded at MIT2001: First standards presented2002: Gillette orders 500,000,000 tags from Alien 2003: Wal-Mart, DoD Mandates– EPCglobal launched, Center retired– HP sits on the board2004: More mandates2005: First bulk tagging– Emergence of Gen 2– Multi-site deployments– Beginnings of value2006: Next Generation research


History of the EPC

1998-1999: DISC, Auto-ID Center founded at MIT2001: First standards presented2002: Gillette orders 500,000,000 tags from Alien 2003: Wal-Mart, DoD Mandates– EPCglobal launched, Center retired

2004: More mandates2005: First bulk tagging– Emergence of Gen 2– Multi-site deployments– Beginnings of value


Low cost RFID

time

5

10

15

20

die

size

/cos

t, ce

nts

handling costSilicon: 4c/mm2


The stack

Readers

tags tags tags

CompanySoftware

Gen 1air-interface

Savant

ONS

Readers

tags tags tags

ERP+RFIDSoftware

Company #1 Company #2

Readerinterface

Gen 2air-interface

Reader Protocol

EPC-IS

ONS + Blob


RFID Systems

ID– Electronic product code: header:manufacturer:product:serial– Read-write extra memory/sensory dataAnti-collision– One reader can read many tagsReader coordination– Make sure readers don’t interfere with each otherMiddleware– Collect all the data and make sense of it


How EPC Gen2 works

RF level– Multiple speeds– Dense-mode– Many dials for EU,

Asia, US operationLogic level– Generalized

selection– Advanced sessions– Advanced payload

etc. access

Generalized Selection

Anti-collision (Query)

Access of payload

Entire population

Thinned population

Single tag identified

Payload from tag


My focus today

Classes of tags

Passive– No battery;

chip runs on scavenged power

– Communication by backscatter only

– 10m rangeSemi-passive– Battery to run the chip– Communication by

backscatter only– 50m range

Active– Battery runs the chip– Communication by

transmission– 100+m range

• Forward bandwidth is low• Low compute cycles for power• Power limited range• Weak backscatter

• Forward bandwidth is higher• Faster cycles for power• Strong backscatter• Wake-up circuit

• Endless possibilities

Do not confuse with near-field tags and smart-cards

©2006 Sanjay Sarma

How RFID is used in the supply chain


Inventory

TAG EPC

TIME

LOCATION


The Trace

TAG EPC

TIME

LOCATIONTheft!!

Counterfeit!Diversion!


The Flow

TAG EPC

TIME

LOCATION

RECALL!!!


Supply Chain Problems

TAG EPC

TIME

LOCATION

RFID enables • Real-time detection of

errors• Real-time correction• Run-to-run improvement

i.e., tactical, operational, strategic enhancement.

Errors making plans less effective

©2006 Sanjay Sarma

On security of passive and semi passive tags


Privacy: The very act of detection poses a challenge

Readers and tags cannot hide their very presence– Sniffing

The structured ID could be a problem– header:manufacturer:product:serial– Do I want people to know I am taking a Pfizer product?

Repeated unique numbers are a problem– Track based on repeated ID

Constellations of non-unique numbers are a problem– I may be the only person in Graz

with a Titan watch and Docker pants


Some problems can be solved

Readers and tags cannot hide their very presence– Sniffing

The structured ID could be a problem– header:manufacturer:product:ser

ial– Do I want people to know I am taking

a Pfizer product?

Repeated unique numbers are a problem– Track based on repeated ID

Constellations of non-unique numbers are a problem– I may be the only person in

Graz with a Titan watch and Docker pants

Spread spectrum, etc. expensive.

Non-structured numbers, special ONS for sorting them out

Temporary ID by encrypting EPC|nonceShared key, so key-management problem


The fact of the matter is

Can’t do anything beyond hashes in passive RFID tagsPhysics is our best friend– Can’t activate from afar– Can’t hear backscatter from afar– Consider backscatter channel a private channel

There is a physical zone of trust for privacy– Tag response audible a few meters– If you have worries, you can create further physical

barriers• Shielding• Killing the tag

– Famous EPC kill code

• Reduced range mode of tags• Personalization of tags


Some of the other issues

Privacy violation is a consequence of unauthorized reading– Other privacy protections– Detection of unauthorized readers

EavesdroppingUsing tags to prevent counterfeits– Skimming the tag and replaying– Tampering with the physical artifact

Prevent tag hijack


Other issues in unauthorized reading

Perhaps require readers to announce themselves– What if reader announced its name, ID, and function– Tag detects this and chooses not to respond– Too expensive – Too voluntary

The Sentinel Concept– Blocker Tag from Juels et. al. Logical jamming when

readin some tags– The Watchdog Tag from Floerkemeier (upcoming

PhD thesis)Sarma’s vindictive Sentinel– All readers need to register with guardian– If a reader is not registered, Sentinel will jam the

channel– No politeness


Eavesdropping

A reader in Wal-Mart is readings its tags– Readers put out ~watts

A competitor is sitting outside listening to the reader– Can it infer the contents?

Tag response unlikely to be decipherablePut secret information in tag response channelThe forward response is now XOR’ed with previous reverse channel secret– Blind-tree walking by [Weis 03]


Eavesdropping is easier when Gen 2 Masking is used

You are listening from a distanceYou hear the selection commandYou see the number of responses that were receivedYou can detect the numbers of tags in a population

Solution is: – Use masking judiciously– Use chaff when necessary– Sentinel Tag generates

chaff, notifies middleware– The Sentinel Tag again!

Generalized Selection

Anti-collision (Query)

Access of payload

Entire population

Thinned population

Single tag identified

Payload from tag


Counterfeit detection

Some secret on the tag which you can verifyCan do it by hash, symmetric or asymmetric cryptoEasier to do in near-field or semi-passive/active tagsHarder to do in RFID– Limited gates– Limited compute cycles– Ephemeral contact

Killer app for RFID– Counterfeit market worldwide is very large ($500B?

See Staake’s work)– The very presence of an RFID tag is also a defense– The history of a serialized number is further defense


Low-Cost Hash Design [Weis 2003]

Traditional: Many Gates, Few Cycles – Expensive– High-power

Low-Cost: Few Gates, Many Cycles– Slow

Cellular Automata– Cellhash, 1993. No major breaks (yet).– Very cheap, fast and scalable.

Non-Linear Feedback Shift Registers:– Relatively cheap and flexible.– Lots of classified work.


The Digital Millennium Act

Can be used to stymie commodity replacements!Tags on cartridgesReaders in printersSome important content in tag: say colorsNon-copy-able


The Pink Panther replay scenario

Imagine diamonds in a display (each diamond has passive tag)Tags are being read continuously by readerPink Panther has a tag mimicking machine– Listens for the tags being read– Starts playing them back– While pink Panther steals the diamonds

One solution is a Sentinel Tag generating chaffMimicking machine cannot tell chaff from real contentWill replay chaffThe Sentinel Tag again


Writing to tags

Enter Code and LockKillWrite

Issues:Administering kill codesPreventing mass killing of tagsAdministering the other codesPersonalizing tags


Preventing mass kill

If the codes are not all set to 1111, then you can’t kill the tags easilyKilling is not an RF function in EPC tags; it is an addressed, logical request– You can only kill at the rate of anti-collision– You can only kill from the passive distance– From that range, you have other options open to you

Sarma’s Sentinel Tag: when you see an unauthorized kill going on, jam the airwaves!

The real challenge is kill code management: how does it pass from owner to owner?


A keyless approach to administration [Weis 03]

Reader Tag

metaID := hash(key)metaID

Store: (key,metaID)

metaID

Who are you?Store: metaID

Locking a tagQuerying a locked tagUnlocking a tag

keymetaID == hash(key)?

“Hi, my name is..”


Personalizing tags: an opportunity

Say you go to a store and buy a productThe product has a tagYou now want to personalize that tagYou have a little PDA which talks to the store reader and personalizes your tag

Your PDA is a personalizing device which now talks to your back-end system at home

– Tanenbaum et. al 05– Foley 05


The repeating themes

The backscatter distance is a zone of trust– No perfect, inexpensive solution beyond within that

zone of trust for passive tagsPassive tags cry for a Sentinel Tag– Sentinel can aggregate security/defense/privacy

functions which individual tags cannot afford– Turns out that there are several other

©2006 Sanjay Sarma

The System


The system

Readers

tags tags tags

CompanySoftware

Gen 1air-interface

Savant

ONS

Readers

tags tags tags

ERP+RFIDSoftware

Company #1 Company #2

Readerinterface

Gen 2air-interface

Reader Protocol

EPC-IS

ONS + BlobTransfer of codes,Data, etc.

©2006 Sanjay Sarma

Recent attacks


Viruses and Worms

Tanenbaum’s groupResearchers demonstrated a RFID virus:Based on an “SQL injection” attackWebsite: http://www.rfidvirus.org

Shamir’s groupSide channel attackPower analysis

©2006 Sanjay Sarma

Conclusions


The opportunities

Technology

TagsSemiconductorsPackagingProtocolsAntennaeReadersMiddleware/ReaderMiddlewareDatabasesEnterprise architectureDistributed systemsIdentity managementBusiness process

Applications

Supply chain– Retail– Healthcare– B2B– Critical goodsLogistics– Travel/airports– Defense– Heavy industries– Asset managementOperations– Factory– DC/warehouse– Institutions– MaintenancePersonal systems….

Analysis

RF SystemsCommunicationsSecuritySystem dynamics– Supply chain

• Planning • Execution• Policy

– Demand planning

Social/ethicalBusiness planningMacroeconomicsPolicy/frequency

Documents

©2006 Sanjay Sarma RFID and Security Sanjay Sarma MIT and CTO of OATSystems