Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
23 views20 pages

Rfids

This document discusses RFID security and summarizes several protocols proposed to address privacy and authentication concerns for RFID tags. It outlines how RFID systems work and potential attacks. Key protocols described include Hash Lock, Randomized Hash Lock, and OSK Scheme, analyzing their advantages and disadvantages in providing security and privacy for RFID tags with very limited computing resources. Overall, the document notes that while RFIDs enable many useful applications, designing secure and privacy-preserving protocols for them remains a challenge that requires further research and improvement of existing approaches.

Uploaded by

Sanjay Ts
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
23 views20 pages

Rfids

This document discusses RFID security and summarizes several protocols proposed to address privacy and authentication concerns for RFID tags. It outlines how RFID systems work and potential attacks. Key protocols described include Hash Lock, Randomized Hash Lock, and OSK Scheme, analyzing their advantages and disadvantages in providing security and privacy for RFID tags with very limited computing resources. Overall, the document notes that while RFIDs enable many useful applications, designing secure and privacy-preserving protocols for them remains a challenge that requires further research and improvement of existing approaches.

Uploaded by

Sanjay Ts
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 20

RFID SECURITY

How Does RFID Work?

02.3DFEX4.78AF51

EasyToll card #816

Radio signal (contactless)


Range: from 3-5 inches to 3 yards

Tags (transponders) Reader (transceiver) Database


Attached to objects, call out their Reads data off the tags Matches tag IDs to
(unique) name and/or static data without direct contact physical objects
on a special radio frequency
Asymmetric channels
Range of Reader
(Forward Channel)

m
~100

READER TAG EAVESDROPPER

~5 m

Tag’s Range (Backward Channel)


Applications
 Tracking/Identification
 Library Books
 Children
 Pets
 Auto Parts
 Inventory management in a Supply
Chain
 Contactless Smart Cards
A Generic Supply Chain

Retailers
Wholesalers

Manufacturers Supply web


(retail
customers not
Suppliers
shown)

goods, invoices
Purchase orders, payments
Key Decisions
 When to order

 How much to order


As order quantity increases, holding cost
increases
As order quantity decreases, stockout cost
increases

 From whom to order


The Problem - Motivation
 Basic problem with RFID tags
 Can be remotely scanned
 Respond to query by any reader
 This leads to security and privacy risk

 Resource constraints
 Limited power and computing resources
 Hence classical cryptographic mechanisms not
feasible

 The RFID security challenge


 How to obtain maximum security with almost no
resources?
The Problems of Privacy and Security
 RFID privacy concerns the problem of misbehaving
readers harvesting information from well-behaving tags.
Risks :
 Leakage of personal information (prescriptions,
brand/size of clothes etc.).
 Location privacy: Tracking the physical location of
individuals by their RFID tags.
 RFID authentication concerns the problem of well
behaving readers receiving information from misbehaving
tags, particularly counterfeit ones.
Risks:
 Forgery
 Sabotage
Cost and capability
 The strength and flavor of proposed
security solutions will depend on the
allowed tag cost for different
applications

 50+ cent tags. Low-end tags will be


10 cent, 5 cent and 2 cent in about 5
years
Challenge
 Tens of research ideas have been
proposed in the past two years

 Propose improvements over the


existing privacy enhancing protocols
for the extremely resource
constrained RFID systems
Security Attacks
 Spoofing
 Imitating the behavior of a genuine tag
 Denial of Service
 Man in the middle attack
 Modify the response of the tag to the reader or vice
versa
 Replay Attack
 Eavesdrop message from the tag (reader) & re-
transmit the message to the legitimate reader (tag).
 Traffic Analysis
 Monitoring of comm. between reader & tag allows
adversary to perform traffic analysis & generate
statistical data.
Security and Privacy Requirements
 Anonymity
 Tag output should not give idea about ID
 Untraceability
 Tag output should be varying
 Indistinguishibility
 Tag output should be truly random, i.e. variation
should not be predictable
 Forward Security
 Adversary should not be able to associate the
current output with past output
 Mutual Authentication
 Tag-to-reader and reader-to-tag authentication
Backend Requirements
 Efficiency and scalability
 Order of computation/precomputation
required as a function of number of tags
 Flexibility
 Changes required with addition/removal
of tags
Hash Lock [Rivest, Weis, Sharma, Engels]

Goal: Authenticate reader to the RFID tag


Reader “Who are you?” RFID tag
metaID

key
Compute hash(key) and
compare with stored metaID
“My real ID is…”
Stores metaID=hash(key)

Stores key; hash(key) for any tag


Unique key for each tag
Hash Lock Analysis
PROS
 Relatively cheap to implement : Tag has to store hash
function implementation and metaID
 Security based on weak collision-resistance of hash
function
 Scalable due to low key look-up overhead

CONS
 Constant tag output – enables traceability
 Motivates Randomization
 Too many messages/rounds
 Requires reader to know all keys
Randomized Hash Lock [Weis et al.]

Goal: Authenticate reader to the RFID tag


Reader RFID tag
“Who are you?”

Generate random R
R, hash(R,IDk)

Compute hash(R,IDi) for every


known IDi and compare
“You must be IDk” Stores its own IDk

Stores all IDs:


ID1, … ,IDn
Randomized Hash Lock Analysis
PROS
 Randomized response prevents tracking
 Tag needs to store hash implementation and
pseudo-random number generator

CONS
 Inefficient brute force key look-up
 No Forward security
 Motivates updating tag ID on each read
 Security Flaw - Adversary can impersonate tag
by learning a valid tag response.
OSK Scheme [Ohkubo, Suzuki and Kinoshita]

Goal: Enable reader to identify the RFID tag, change tag


identifier on each read

Database Reader Tag

Query
Ai=G(Si)
Compute Ai=G(Si)
Hash
Chain Si+1=H(Si)

Tag ID
OSK Analysis
PROS
 Different random like values on every read operation
prevents tracking
 Forward Security ensured due to one way hash property
 Tag needs to store only 2 hash implementations, hence
low cost
 Minimal number of transmissions

CONS
 Not scalable for large scale applications due to brute
force search
 Motivates reducing computation time at
reader/backend
 Susceptible to DoS attacks
 May lead to problem due to hash collisions.
Summary
 RFIDs have many useful applications
related to tracking and identification
 But there are some important issues of
security and privacy
 Small number of gates for S/P makes the
design of such protocols challenging
 Tens of schemes proposed for
security/privacy but subtle drawbacks with
many of them. Much more work needed in
this area

You might also like