Lesson Title: Tag Threats, Risks, and Mitigation Dale R. Thompson and Jia Di Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Tag Threats, Risks, and

Mitigation

Dale R. Thompson and Jia DiComputer Science and Computer Engineering Dept.

University of Arkansas

http://rfidsecurity.uark.edu 1

This material is based upon work supported by the National Science Foundation under Grant No. DUE-0736741.

Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation (NSF).

Copyright © 2008, 2009 by Dale R. Thompson {[email protected]} and Jia Di {[email protected]}

Tag Layer


Tag ThreatsSTRIDE Category Threat

Spoofing Identity

- Tag counterfeiting/cloning- Tag emulation

Tampering with data

- Add, modify, rearrange or delete data

Repudiation None

Information disclosure

- Probing tag- Side-channel attacks- Tracking- Tracing

Denial of service

- Shielding- Coupling

Elevation of privilege None


Tag Counterfeiting/Cloning(Spoofing Identity)


Counterfeiting Mitigation

• Tag Authentication– Store secrets on the tag that can be verified– Secret keys, symmetric key and public key

cryptography

• Physical unclonable functions (PUFs)• Electronic fingerprint (E-Fingerprint)


Tag Authentication Protocol(Challenge/Response)


Physical Unclonable Function (PUF)

• A function that can be read but not copied– One is logic that has multiple race conditions

• PUF added to a tag• General Steps

– Enrollment• Responses to several challenges are recorded. The

responses are unique to this PUF– Verification

• Challenge PUF and determine if correct response


E-Fingerprint Approach

• Identification becomes a function of what the device “is” instead of a secret it “knows.”


Minimum power response at multiple frequencies (MPRMF) Five same-model tags from the same roll


Tampering with Data Mitigation in Gen-2

• Lock: make memory unreadable and unchangeable unless 32-bit password is provided

• Permalock: make memory unchangeable• Tag identification (TID) memory: encodes chip

manufacturer and model. Some have suggested putting a serial number in TID memory that cannot be changed to identify tag.


Side-Channel Attacks(Information Disclosure threat)

• Secret information is leaked through an unexpected channel (side-channel)

• Safecracker listens to tumblers to open safe

• Attackers measure power and timing differences of tag to determine secret key– Circuits may use different

amount of power when processing a data-1 or data-0

– A circuit’s timing delays may be different for data-1 or data-0.


Side-Channel Attacks

• Power-based attacks (SPA, DPA, HO-DPA)• Timing-based attacks• Electromagnetic-based attacks• Fault-injection attacks


CMOS Circuit Power and Delay

Lon

DDL

CRt

VCP

2


Power consumption and timing delay are highly correlated to switching activities

Synchronous Circuit Power Fluctuation Simulation


0.00%

20000.00%

40000.00%

60000.00%

80000.00%

100000.00%

120000.00%

0x0 1x1 2x2 3x3 4x4

0.00%

50000.00%

100000.00%

150000.00%

200000.00%

250000.00%

300000.00%

350000.00%

00 01 10 11

(a) (b)

Boolean circuits are vulnerable to side-channel attacks

Power Side-Channel Mitigation

• Randomize power consumption – add noise to reader/tag

Use random initial point Random power management Random code injection

• De-correlate power consumption from internal data pattern being processed

New transistor-level gate designs (SABL, DyCML, SDDL, WDDL, etc.) Current compensation Execute both nominal and complementary data Dual-rail asynchronous logic


Balancing the Switching Activities between Two Rails

• Dual-spacer Dual-rail Delay-insensitive Logic (D3L)

State Rail 1 Rail 0

All-zero spacer 0 0

DATA 0 0 1

DATA 1 1 0

All-one spacer 1 1

Data #3All-zero Spacer

Data #2All-one Spacer

Data #1All-zero Spacer


Rail 1

Rail 0

AZSDATA1AOSDATA0AZSDATA1

D3L vs NCL Simulations


0.00%

1.00%

2.00%

3.00%

4.00%

5.00%

6.00%

7.00%

8.00%

9.00%

0x0 1x1 2x2 3x3 4x4

NCLD3L

0.00%

10.00%

20.00%

30.00%

40.00%

50.00%

60.00%

00 01 10 11

NCLD3L

0.00%

5.00%

10.00%

15.00%

20.00%

25.00%

30.00%

35.00%

40.00%

45.00%

50.00%

00 01 10 11

NCLD3L

Contact InformationDale R. Thompson, Ph.D., P.E.Associate ProfessorComputer Science and Computer Engineering Dept.JBHT – CSCE 5041 University of ArkansasFayetteville, Arkansas 72701-1201

Phone: +1 (479) 575-5090FAX: +1 (479) 575-5339E-mail: [email protected]: http://comp.uark.edu/~drt/


Copyright Notice, Acknowledgment, and Liability Release

• Copyright Notice– This material is Copyright © 2008, 2009 by Dale R. Thompson and Jia Di. It may be freely

redistributed in its entirety provided that this copyright notice is not removed. It may not be sold for profit or incorporated in commercial documents without the written permission of the copyright holder.

• Acknowledgment– These materials were developed through a grant from the National Science Foundation at the

University of Arkansas. Any opinions, findings, and recommendations or conclusions expressed in these materials are those of the author(s) and do not necessarily reflect those of the National Science Foundation or the University of Arkansas.

• Liability Release– The curriculum activities and lessons have been designed to be safe and engaging learning

experiences and have been field-tested with university students. However, due to the numerous variables that exist, the author(s) does not assume any liability for the use of this product. These curriculum activities and lessons are provided as is without any express or implied warranty. The user is responsible and liable for following all stated and generally accepted safety guidelines and practices.


Documents

Lesson Title: Tag Threats, Risks, and Mitigation Dale R. Thompson and Jia Di Computer Science and Computer Engineering Dept. University of Arkansas