Wireless Security When Things Really Get Interesting

Burt Kaliski, RSA Laboratories World Wireless Congress May 28, 2003

Introduction
Cryptography plays a central role in the wireless world Emerging wireless world will require new types of security One cryptographers perspective on interesting things to come

Todays Wired World

VPN
Portal

Current Wireless World

VPN Portal

The wireless world today and in the near future is like the wired world without as many wires.

Interoperability Is the Driver

From a security perspective, wired and wireless applications & networks are mostly similar today
Voice E-mail Web access Games

Protocols are relatively similar as well, due to interoperability requirements

W* Effect Considered Harmful (Rohit Khare, 1999)

Roaming Users & On-Line Identities

Users are increasingly mobile
20M WLAN adaptors projected to ship this year (Gartner) 1M WLAN access points (Yankee)

Identity management is a key enabler

Collaboration solutions must integrate with identity and access management so that security and personalization context can follow users (Burton)

Liberty Alliance is one forum for this work and currently includes participation from many wireless vendors

Traditional Security Challenges Remain

RSA Security wireless survey of London:
level of unencrypted traffic incredibly has not decreased at all. ONLY just over one third were using encryption devices are often unprotected many have shared drives that are instantly accessible
City of London - WLAN Traffic Surveyed
350
Unencrypted Encrypted (WEP)

300

250

# of Access Points

200

150

100

Authentication, access control, and encryption solutions are available, but must be used

50

0 2001 2002

Solving Traditional Security Challenges

Many vendors including RSA Security are working on the traditional security challenges Security solutions are critically important to wireless technology today But as a cryptography researcher, wireless technology tomorrow is conceptually interesting and is the focus of this talk

Where No Wires Have Gone Before

Emerging wireless world encompasses totally new applications & networks that are impractical with wires Wireless security protocols will be new as well

Emerging Wireless World

VPN Portal

Emerging wireless world is unlike the wired world where no wires have gone before.

A Proliferation of Devices
Enabled by wireless technologies, almost anything will soon be connected
Cameras Sensors Product tags Currency

This presents new challenges in networking and location privacy

Privacy Challenges
Anything connected can potentially be tracked Who should be able to track what? Balancing business benefits and privacy
e.g., track the product in the store, but not on the consumer

Cryptography offers new tradeoffs

Networking Challenges
Anything can be connected, but to what? Devices will need to connect to each other and the network through each other But how can devices trust each other to connect reliably? Again new options from cryptography

Two Recent Research Examples

Micropayments for multi-hop cellular networks Privacy protection for RFID tags

Chip (IC) Antenna

Micropayments for Multi-Hop Cellular Networks

Markus Jakobsson (RSA Labs), Jean-Pierre Hubaux and Levente Buttyn (Swiss Federal Inst. of Tech.) Presented at Financial Cryptography 03 www.markus-jakobsson.com

Multi-Hop Cellular
Advantages of multi-hop cellular:
Reduced energy consumption Reduced interference Fewer base stations with increased coverage Ad hoc networking

Encouraging Honesty
Honest mobile nodes will forward packets for one another Cheaters will forward just for themselves May be difficult to tell the difference How can honesty be encouraged?

Solution: Micropayments
Attach micropayments to packets
cryptographic lottery tickets related to packet and route

Honest nodes paid for winning tickets

or fixed amount based on claimed volume, with tickets as evidence

Cheaters detected statistically

too many tickets as originator, not enough as forwarder

Micropayment schemes have been proposed for more general applications; this one is specially adapted to multi-hop

The Solution in a Nutshell

Check if the token is a winning ticket
If so, file claim

Check token
If correct, deliver packet

Attach payment token

Accounting and auditing information

Submit reward claims

Debit/credit accounts Identify irregularities

Privacy Protection for RFID Tags

Ari Juels (RSA Labs), Ron Rivest (MIT) and Mike Szydlo (RSA Labs) Preprint, May 2003 theory.lcs.mit.edu/~rivest

Chip (IC) Antenna

What is an RFID Tag?

You probably own a few RFID tags
Contactless physical-access cards Automated toll payment Inventory tags

An RFID tag simply calls out its (unique) name or static data at a range of several meters
74AB8
Plastic #3

5F8KJ3

An Impending Explosion of Tags

Gillette has just ordered 500,000,000 RFID tags
Roughly two for every inhabitant of U.S. Smart shelf application

Auto-ID Center at MIT

Walmart, Gillette, etc. RFID tags as next generation barcodes Inventory control

European Central Bank plans to implant RFID tags in banknotes by 2005

Anti-counterfeiting Tracking of illicit monetary flows

Other Applications
Prada, Soho NYC
Personalize / accessorize

Recycling Payment schemes E.g., Mondex Smart appliances House pets

Without Privacy Protection

Wig
Replacement hip
medical part #459382

model #4456
(cheap polyester)

Das Capital and Communistparty handbook

500 Euros in wallet 30 items of lingerie

Serial numbers: 597387,389473

The Top Two Messages

Deployed navely, embedding of RFID tags presents a serious danger to privacy.

The danger need not be quite so severe: There are reasonably practical ways to protect privacy.

New Approach: Blocker Tag [JRS 03]

Blocker simulates all possible tags!!
1,2,3,,2023 pairs of sneakers and (reading fails)

How It Works
Tree-walking protocol for identifying tags recursively asks questions about tag serial numbers:
Is there a tag whose next bit is a 1? Is there a tag whose next bit is a 0?

Blocker tag always says yes to both questions

Makes it seem like all serial numbers are present Thus reader cannot figure out which ones are actually present Number of possible serial numbers is huge, so reader stalls

Consumer Privacy + Commercial Security

Blocker tag system should protect privacy but still avoid blocking unpurchased items Blocker tag can be selective:
Privacy zones: Only block certain ranges of RFID-tag serial numbers Polite blocking: Inform readers about which ranges are privacy zones so that readers dont stall Zone mobility: Allow shops to move items into privacy zone upon purchase

Conclusions for Further Thinking

The wireless industry is weaving a computing and communications fabric where none existed What happens then? MITs Project Oxygen gives one glimpse, many similar activities in progress With trustworthy, private, safe access, computing benefits everyone

Burt Kaliski Director and Chief Scientist RSA Laboratories bkaliski@rsasecurity.com +1 781 515 7073