Embed Size (px)
Citation preview
563.9.2RFID Security & Privacy
Matt Hansen
University of IllinoisFall 2007
2
Outline
• RFID Overview– Tags, Readers, and Applications– Tag Singulation
• Security & Privacy Threats
• Proposed Solutions
• Public Concerns
2
3
RFID Overview
Tags (transponders)Attached to objects, “call out” identifying dataon a special radio frequency
02.3DFEX4.78AF51
EasyToll card #816
Reader (transceiver)Reads data off the tagswithout direct contact
Radio signal (contactless)Range: from 3-5 inches to 3 yards
DatabaseMatches tag IDs tophysical objects
Shmatikov 05
4
Tag Types
• Passive:– All power comes from a reader’s signal– Tags are inactive unless a reader activates them– Cheaper and smaller, but shorter range
• Semi-passive– On-board battery, but cannot initiate communication– Can serve as sensors, collect information from environment: for example, “smart
dust” for military applications• Active:
– On-board battery power– Can record sensor readings or perform calculations in the absence of a reader– Longer read range
LF HF UHF Microwave
Freq. Range 125 - 134KHz 13.56 MHz 866 - 915MHz 2.45 - 5.8 GHz
Read Range 10 cm 1M 2-7 M 1M
Application Smart Cards, Ticketing, animal tagging,
Access Control
Small item management, supply chain,
Anti-theft, library, transportation
Transportation vehicle ID, Access/Security, large item management, supply chain
Transportation vehicle ID (tolls), Access/Security, large item management, supply chain
Fong 05
5
Security Challenge
• Low cost RFID tags have very limited resources– Typically have only 500-5,000 gates– May have up to a few hundred bits of storage– Tags cannot perform complex computations
• Most tags simply emit a static identifier when prompted• Tags do not have the resources to allow for public-key or
symmetric-key encryption systems
• EPC tags: $0.05, 250 – 1000 gates• AES requires 20,000 – 30,000 gates
Fong 05
6
Applications
• Supply-chain management– logistics, inventory control, retail check-out
• Payment systems– ExxonMobil SpeedPass– I-Pass/EZ-Pass toll systems– Credit Cards
• Access Control– Passports
• Library books• Animal Tracking
Fong 05
7
Reading Tags
• The read process starts when an RFID reader sends out a query message– Invites all tags within range to respond– More than one RFID tag may respond at the same
time• Tags cannot generally hear one another• This causes a collision
– Reader cannot accurately read information from more than one tag at a time
• Reader must engage in a special singulation protocol to talk to each tag separately
Shmatikov 05
8
Singulation Algorithms
• Deterministic– Binary tree-walking scheme
• Reader sorts through tags based on tag ID• Reader performs a depth-first search of the tag ID
space
• Probabilistic– Slotted Aloha scheme
• Time is divided into discrete intervals• Tags respond in randomly generated times• Process does not depend on tag ID
Sarma, Weis, Engels 02
9
Tree Walking
000 001 010 011 100 101 110 111
Every tag has a k-bit identifier
prefix=0
prefix=00 prefix=01
prefix=10 prefix=11
prefix=1Reader broadcastscurrent prefix
Each tag with this prefixresponds with its next bit
If responses don’t collide,reader adds 1 bit to currentprefix, otherwise tries both possibilities
This takes O(k number of tags)
Shmatikov 05
10
Threats
Reader Tag Eavesdropper
Forward Channel Range (~100m)
Backward Channel Range (~5m)
Anti-collision scheme
Fong 05
• Eavesdropping
11
Threats
• Tracking– Unauthorized use of a tag’s ID in order to gain information about
the location of a person or object– In a retail environment, a user can be associated with an item at
purchase time
• Cloning/Replay– Tags that emit static identifiers are very vulnerable– A thief could replace/rewrite a tag on an expensive item
• Denial-of-service– Conflicting RF signals can prevent legitimate tag communication
• Physical attacks– Probing a tag to determine private data
Fong 05
12
Security Goals
• Tags should not compromise privacy of holders– Information should not be leaked to unauthorized
readers– Should not be possible to build long-term tracking
associations
• Holders should be able to detect and disable tags they carry
• Private tag contents should be protected by access control and encryption
• Spoofing tags or readers should be difficult
Sarma, Weis, Engels 02
13
Potential Solutions
• Disable tags permanently– Kill bit/sleeping– Blocker/privacy tag
• Prevent tags from being read– Shielding– Jamming
• Prevent unauthorized parties from listening to tag communication– Cryptography– Distance/Power Level measurements
• Enact laws governing RFID use– Policy and Legislation
14
Kill bit, Shielding, and Jamming
• Kill tag after purchase– Special command permanently de-activates tag after
the product is purchased– Disables many futuristic applications– Alternative: set tag to “sleep”
• Shielding - Faraday cage– Container made of foil or metal mesh, impenetrable by
radio signals of certain frequencies• Shoplifters are already known to use foil-lined bags
– Maybe works for a wallet, but huge hassle in general
• Active jamming– Disables all RFID, including legitimate applications
Shmatikov 05
15
Blocker Tag
• A form of jamming: broadcast both “0” and “1” in response to any request from an RFID reader– Guarantees collision no matter what tags are present– To talk to a tag, reader must traverse every tree path
• With 128-bit IDs, reader must try 2128 values
• Privacy tag – a special case of the blocker tag– Blocks reading of protected tags, but does not disrupt normal
RFID communication– Blocks only certain ID ranges and prevents illegitimate blocking– E.g., blocker tag blocks all IDs with first bit=1
• Items on supermarket shelves have first bit=0• Can’t block tags on unpurchased items (anti-shoplifting)• After purchase, flip first bit on the tag from 0 to 1
Juels, Rivest, Szydlo 03; Shmatikov 05
16
More Possible Security Measures
• Distance/Power Level measurements– Majority of hostile reads occur when attacker is physically distant– Signal strength measurements and noise analysis can be used
to estimate distance to the reader
• Cryptography– Required hardware not feasible on low-cost tags– Other methods use one-way hash functions and pseudo-random
number generation
• Physical Protection– A combination of means (security cameras, sensors, etc.) to
prevent tampering of RFID devices
• Policy and Legislation– Legal requirements on RFID use– Does not prevent attackers from unauthorized use
Fishkin, Roy, Jiang 04
17
Public Privacy Concerns
• Tracking– Libraries, retail, auto– Even if unique serial numbers are
disabled at purchase time, tracking is still possible by associating “constellations” of tags
– “Intelligent” theft– Human Tagging
• Baja Beach Club, Spain
• RFID Watchdog Groups– CASPIAN - (Consumers Against
Supermarket Privacy Invasion and Numbering)
– Spychips.com– Electronic Privacy Information Center
• Consumer Backlash– Gillette Razors– Benetton Clothing
Shmatikov 05
18
References & Recommended Readings
Papers:• K. P. Fishkin, S. Roy, and B. Jiang, Some Methods for Privacy in RFID
Communication, In 1st European Workshop on Security in Ad-Hoc and Sensor Networks (ESAS 2004), 2004.
• A. Juels, RFID Security and Privacy: A Research Survey, Condensed version to appear in 2006 in the IEEE Journal on Selected Areas in Communication, 2006.
• A. Juels, R. L. Rivest, and M. Szydlo, The Blocker Tag: Selective Blocking of RFIDTags for Consumer Privacy, 8th ACM Conference on Computer and Communications Security, pp. 103-111, ACM Press, 2003.
• S. Sarma, S. Weis, and D. Engels, RFID Systems and Security and Privacy Implications, Workshop on Cryptographic Hardware and Embedded Systems, 2002.
• S. A. Weis, S. E. Sarma, R. L. Rivest, and D. W. Engels, Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems, Security in Pervasive Computing, 2003.
Presentations:• Vitaly Shmatikov, RFID Security and Privacy, University of Texas Lecture, 2005.• Kenny Fong, RFID Security, Southern Illinois University Lecture, 2005.
18
