Written by: Ari Juels Presented by Carlos A.

Lopez

Outline
Introduction 2. Basic RFID Tags 3. Symetric-Key Tags 4. RFID News
1.

Definition
RFID: Is a technology for automated identification of objetcs and people RFID devices are called RFID Tags

Small Microchip (Itachi Mu-chip

0.002x0.002in) Transmit data over the air Responds to interrogation Possible successor of barcodes EPCGlobal Inc Oversees the development of standards

RFID Overview
ID:2342341456734

Credit Card #8163 3534 9234 9876

Radio signal (contactless)

Range: from 3-5 inches to 3 yards

Tags (transponders)
Attached to objects, call out identifying data on a special radio frequency

Reader (transceiver)
Reads data off the tags without direct contact

Database
Matches tag IDs to physical objects

Reading Tags

The read process starts when an RFID reader sends out a query message
Invites all tags within range to respond More than one RFID tag may respond at the same time This causes a collision Reader cannot accurately read information from more than

one tag at a time

Reader must engage in a special singulation protocol to talk to each tag separately

Barcode Replacement
Unique Identification Type of Object Vs. Unique among millions Act as a pointer to a database Automation Optically scanned
Line-of-sight Contact with readers Careful physical position Requires human intervention

RFID Standards
Some standards that have been made regarding RFID technology include: ISO 14223/1 RFID of Animals, advanced transponders ISO 14443: HF (13.56 MHz) RFID-enabled passports under ICAO 9303. ISO 15693: HF (13.56 MHz) used for non-contact smart payment and credit cards ISO/IEC 18000 - 7 different Parts ISO 18185: "e-seals" for tracking cargo containers using the 433 MHz and 2.4 GHz frequencies. EPCglobal - Most likely to undergo International Standardization according to ISO rules as with all sound standards in the world.

Tag Types

Passive:
All power comes from a readers signal Tags are inactive unless a reader activates them Cheaper and smaller, but shorter range

Semi-passive
On-board battery, but cannot initiate communication Can serve as sensors, collect information from environment: for example, smart

dust for military applications

Active:
On-board battery power Can record sensor readings or perform calculations in the absence of a reader Longer read range

LF

HF

UHF

Microwave

Freq. Range
Read Range Application

125 - 134KHz
10 cm Smart Cards, Ticketing, animal tagging, Access Control

13.56 MHz
1M Small item management, supply chain, Anti-theft, library, transportation

866 - 915MHz
2-7 M Transportation vehicle ID, Access/Security, large item management, supply chain

2.45 - 5.8 GHz

1M Transportation vehicle ID (tolls), Access/Security, large item management, supply chain

Applications

Supply-chain management
logistics, inventory control, retail check-out

Payment systems
ExxonMobil SpeedPass I-Pass/EZ-Pas/Smart Tag toll systems Credit Cards

Access Control
Passports

Library books Human-implantable RFID Hospital and Health Centers Money - Yen and Euro banknoter anti-counterfeiting Animal Tracking - and Human???

The consumer privacy problem

Heres Mr. BOB in 2015
Wig
Replacement hip
medical part #459382

model #4456
(cheap polyester)

Das Kapital and Communistparty handbook

1500 Euros in wallet 30 items of lingerie

Serial numbers: 597387,389473

the tracking problem

Mr. Bob pays with a credit card - his RFID tags now linked to his identity determines level of customer service Mr. Bob attends a political rally - law enforcement scans his RFID tags Mr. Jones wins Award - physically tracked by paparazzi via RFID

Wig
serial #A817TS8

Read ranges of a tag

Nominal Range Range intend to operate Rogue Scanning Range Powerful antenna amplifies the read range Tag-To-Reader Eavesdropping range A second reader can monitor the resulting tag emission Reader-to-Tag eavesdropping range Sometimes the reder send information with a greater power than the tags.

CURRENT BALANCE

Travel history: visited stations and dates

WMATA Smart Trip RFID

and the authentication problem

Privacy: Misbehaving readers harvesting information from wellbehaving tags Authentication: Well-behaving readers harvesting information from misbehaving tags, particularly counterfeit ones

Wig
serial #A817TS8

Basic RFID tags Vs. Symmetric Key tags

Cannot:
Execute standards cryptographic operations
Strong Pseudorandom number generation Hashing

Low-cost tags
EPC tags Used in most gates

Privacy

Killing and Sleeping Re-naming approach

Relabeling Minimalist cryptography Encryption

The proxy approach

Watchdog Tag RFID Guardian

Distance Measurement Blocking

Soft-blocking

Trusted Computing

Returning to basic issue of privacy: Kill codes

EPC tags have a kill function

On receiving password, tag self-destructs Tag is permanently inoperative No post-purchase benefits

Developed for EPC to protect consumers after point of sale

Dead tags tell no tales Privacy is preserve Would be difficult to manage in practice Users might have to manage her PIN for her tags

Why not sleep them?

Privacy (Cont 2)

Re-naming approach
Even if the tag has no intrinsic meaning it can still

enable tracking (Solution: Change over time)

Relabeling Consumer are equipped to re-label tags with new identifier, but able to reactive old information

Minimalist cryptography Change names each time is interrogated

Encryption Re-Encryption - Public Key cryptosystem - Periodically re-encrypted by law enforcement Universal Re-encryption

Privacy (Cont 3)

The proxy approach

Watchdog Tag
RFID Guardian

So what might solve our problems?

Higher-powered intermediaries like mobile phones

RFID Guardian and RFID REP (RFID

Enhancer Proxy)
Please show reader certificate and privileges

Privacy (Cont 4)

Distance Measurement
Distance as a measure of trust A tag might release general information Im attached to a bottle of water when scanned at a distance, but release more specific information, like unique identifier at a close range.

Privacy (Cont 5)

Blocking
Scheme depends on the incorporation of a

modifiable bit called a privacy bit It uses a blocking tag which prevents unwanted scanning of tag on a private zone Soft-blocking -On the reader Do not scan tags whose privacy is on

Trusted Computing

Authentication

ECP tags Class-1 Gen-2 have no explicit anti-counterfeiting features

Yoking: Is a protocol that provides

cryptographic proof that 2 tags have been scanned simultaneously to try to solve that the reader actually reads what is trying to scan.

Symmetric-Key Tags (capable of computing symmetric key)

Cloning
With a simple challenge-response protocol a tag T, can authenticate

itself to a reader that shares the key Ki

1. 2. 3. 4.

The tag transmit Ti The reader generates a random bit string R The tag computes H=h(Ki,R) and transmits H The reader verifies H =h(Ki,R) Based on the secrecy of the algorithm Security through obscurity was crack by student at Johns Hopkins
Reverse-Engineering Key cracking Simulation

Digital Signature Transponders ( created by Texas Instrument and used

by Speedpass)

Reverse - Engineering and side channels Relay Attacks

Man-in-the-middle attacks can bypass any cryptographic protocol

Privacy
Symmetric-Key Management Problem Leads to a paradox

A tag identifies itself before authenticating the

readers The tag emits it identifier Ti So the reader can learn the identity of the tag Privacy unachievable
Tag emits Once receiving E, the reader searches all the

E f kTi [P] where P is a input value

spaces of tags keys, trying to decrypt E under every key K until its obtains P (The reader has all the tags key on it)

Privacy

Literature
Tree approach Proposed approach where a tag contains more than one symmetric key in a hierarchical structure define by a tree S.
Every node has a unique key Each tag is assigned to a unique leaf It contains the key defined by the path from the root S to the leaf

Can be useful for: A tag holder can transfer ownership of an RFID tag to another party, while history remains private A centralized authority with full tag information can provision readers to scan particular tags over limited windows time

Synchronization approach Symmetric-key primitive The European network for excellence in cryptographic is

evaluating 21 candidates stream ciphers

So what might solve our problems?

Cryptography!
Urgent need for cheaper hardware for primitives and better side-

channel defenses

Some of talk really in outer limits, but basic caveats are important:
Pressure to build a smaller, cheaper tags without cryptography RFID tags are close and personal, giving privacy a special

dimension RFID tags change ownership frequently Key management will be a major problem
Think for a moment after this talk about distribution of kill passwords

Are you ready for the Verichip?

RFDI News

RFID Passports cracked http://blog.wired.com/sterling/2006/11/arphid_w atch_fi.html Can Aluminum Shield RFID Chips? http://www.rfid-shield.com/info_doesitwork.php RFID chips can carry viruses http://arstechnica.com/news.ars/post/20060315 -6386.html Nightclub allows entry by RFID http://www.prisonplanet.com/articles/april2004/0 40704bajabeachclub.htm Demo: Cloning a Verichip http://cq.cx/verichip.pl