Upload
petersam67
View
375
Download
1
Embed Size (px)
DESCRIPTION
Citation preview
Overview of the latest RFID Research21st March 2007 1
Overview of the latest RFID Researchat Auto-ID Lab, ADELAIDE
Alfio Grasso
Deputy Director, Auto-ID Lab, Adelaide
2
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
Overview
Auto-ID Lab, Adelaide
Security Anti-Counterfeiting and Security Authentication Lightweight Cryptography
Specialised RFID Tag Antenna Design
Conclusions
Overview of the latest RFID Research21st March 2007 3
Adelaide, Auto-ID Lab
4
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
The Auto-ID Laboratories
5
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
Auto-ID Labs
One of 7 Auto-ID Labs around the world MIT, USA Cambridge, UK Adelaide, Australia Keio, Japan Fudan, China St Gallen, Switzerland ICU, Korea
6
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
Three entities
Auto-ID Lab EPCglobal research
via sub-award from MIT
RFID Automation Contract Research
Eight Consultancies One Research Contract One Research Project
Australasian Adoption Research Initiative RFID adoption, Networking, Resources
7
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
Contract ResearchSeparate from the EPCglobal funded work
Commercial Infrastructure Adelaide Research & Innovation Pty Ltd
Intellectual Property Protection
Pork CRC Research Contract
Joint Strike Fighter
8
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
Auto-ID Lab, Personnel
Prof. Peter Cole
Mr. Alfio Grasso
Dr. Behnam Jamali
Mr. Damith Ranasinghe
Mr. Kin Seong Leong
Ms. Mun Leng Ng
Mr. Raja Ghosal
Mr. Manfred Jantscher (visiting)
Overview of the latest RFID Research21st March 2007 9
Anti-counterfeiting and SecurityAuthentication
Lightweight Cryptography
10
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
Auto-ID Labs
In 2006 Global Auto-ID Labs launched the Flagship ProjectAnti-Counterfeiting and Secure Supply-Chain Focuses on protection against counterfeiting and
on product traceability. The main emphasis is on EPC technology without
neglecting other methods. In addition to the technology, topics include the
impacts on processes within an enterprise, the assessment of customer acceptance and the analysis of business cases in order to examine operational efficiency.
http://www.autoidlabs.org/publications/page.html
11
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
RFID Channels
Insecure communication channel
Authorised Interrogator
Powering channel
Forward channel (Reader to Tag commands)
Backward channel (Tag to Reader responses)
LegitimateTag
Physical channel
12
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
Security and Privacy Concepts
Security aims Confidentiality Integrity Authentication Non-reputation Availability
Privacy aims Anonymity Unlinkability
13
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
Security Models
Unconditional security Perfect security, assumes unrestricted computational power of an
adversary
Computational security No known algorithm to break it within polynomial time
Practical security No breaking algorithm within N operations, with N chosen to be high.
Modern primitives offer practical security.
Provable security Possible to show the complexity of breaking a primitive is equivalent to
solving a well know supposedly hard mathematical problem
14
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
Security Services
Confidentiality Only authorised parties receive information
Authentication The ability of a party to be sure the message is from a claimed source
Integrity Assures us a message is not altered on the way
Non-reputation Proof of transmission and reception
Access Control Restricts and controls access to a system
Availability Provides means to assure a system is available when needed
15
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
Attacks
Ciphertext-only attack
Known-plaintext attack
Chosen-plaintext attack
Adaptive chosen-plaintext attack
Chosen-ciphertext attack
Adaptive chosen-ciphertext attack
Known-key attack
Man-in-the-middle attack
Replay attack
Impersonation attack
Dictionary attack
Incomplete session attack
16
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
Some Security IssuesEavesdropping
Corporate espionage. Victim of theft
Cloning and Physical attacks Fraud: counterfeiting RFID-labeled items. Theft: replace merchandise with decoy label.
Denial of service. Corrupt data with fake tags. Disrupt RFID-dependent infrastructures.
Communication layer weaknesses Insecurities from tag generated random numbers Power analysis of the powering channel
17
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
Some Privacy Issues
Profiling Identify a person’s interest by the RFID items they carry
Tracking Any RFID item can potentially identify the person If a payment is made via a credit card, any tags on that
person can be used to identify that person, and track them Once the identity is known they can be tracked. RFID enabled currency can be used to determine cash on a
target.
18
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
RFID Security Framework
Low cost labels. 200-4000 gates available for security (cost limitation). Time available for operations : 5 -10 ms. Label reading speeds: 1000-1500 labels/s. Data transmission rates: in the order of 100kbps. Labels reveal their presence through a non-identifying signal.
The long term security of label contents can not be guaranteed.
Power utilization of security related silicon should not exceed the tag power consumption range of 50-100 microwatts.
19
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
Initial Proposals
Kill tags at checkout. Customers may want to build applications.
Erase unique identifiers at checkout. Still allows tracking by tag “constellations”.
Restrict and detect unauthorized reads. Cheap to build, hard to always detect. Some scope is found with security schemes
designed with reader distance based trust
Use strong cryptography to protect tags. Too expensive for low-cost (5-cent) tags.
Overview of the latest RFID Research21st March 2007 20
Cryptography
21
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
Kerchoff’s principle
Do not rely on keeping an algorithm secret. Even if you think no one will think of it, someone almost
certainly will.
Publish an algorithm but keep the key secret. That key should be chosen from amongst a large
number of possible keys, that could be used.
Have some mathematical foundation for the belief that it will be hard to extract the key from what can be overheard.
22
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
Shannon insights
Add confusion and diffusion Confusion: encoding the information,
e.g. Swapped (A -> X), shifted (A +3 =D), or
Ac (mod p), Diffusion: spreading the information,
adding redundant information, or noise
23
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
Public Key Cryptography
Public key ciphersExamples RSA Diffie-Hellman ECC
Digital signatures These form the second group of keyed cryptographic tools.
Based on key pairs instead a single shared key. Only one key need be kept secret. Sometimes called asymmetric key systems. The receiving party issues the public encrypting key and keeps to itself the decrypting key.
24
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
Public Key Encryption
The key pair used in the example is the secret key SBob of Bob and the public key PBob of Bob.
c = E(PBob, m) Channel m = D(SBob, c)
PBob, c
Alice
Eve
BobPBob PBob
c c
25
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
Precautions needed
In practice P is prime of 300 digits and a and b are at least 100 digits long
Is vulnerable to man in the middle attack
Cure is to digitally sign what is sent if a public key infrastructure is available, or use a pre-shared password.
26
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
Elliptic Curve Cryptography
Uses the discrete log problem but over a finite abelian group of points x, y on an elliptic curve y2 = x3 + a*x + b mod (p)
ECC keys can be shorter for the same security when compared with other systemsNo mathematical proof of the difficulty has been published but the scheme is accepted as a standard by USA National Security Agency.Keys must be large enough.
A 109 bit key has been broken (roughly same security to RSA 640)
160 bits ECC - same security as RSA 1024 bits. 224 bits ECC - same security as RSA 2048 bits.
Overview of the latest RFID Research21st March 2007 27
One Time Codes
28
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
Need for something simpler
RFID tags cannot support the computing burdens of the usual systems that are supported by significant computing power at both ends of a communication link, nor even of the lightweight protocols listed above.
There is a need for something significantly simpler
One Time Codes Only proven security method by Shannon Entropy
(1949) Provides Perfect Secrecy
29
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
One time codes: 1
Have available a set of purely random numbers in the tag and matching tag dependent number in a secure data based
Some are to authenticate the tag to a reader, some to authenticate a reader to a tag, some might be to permit authenticated change of tag identity to prevent trace of items
Use certain of these to XOR with tag identities to disguise them from eavesdroppers.
30
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
One time codes: 2
Need a large supply to cater for many authentications
Options Reserve a pair for final authentication by end user Recharge in a secure environment Assume an eavesdropper cannot be every where
and use old codes for identity change for fresh reader or tag authentications
Better to use a shrinking function
Overview of the latest RFID Research21st March 2007 31
Shrinking Generators
32
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
The Shrinking Function
Two linear shift registers, A (data) and S (sampling), with different seeds, clocked together.
Outputs are combined as follows If S is 1, output is A If S is 0, there is no output and another clock is applied
This scheme has been resistant to cryptanalysis for 12 years.
No known attacks if feedback polynomials are secret and registers are too long for an exhaustive search.
33
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
Shrinking Generator
Shrinking Generator Minimal hardware complexity Shrink the output from LFSR R1 Produce irregular sequence K Practical alternative to a one time pads Known attacks have exp time complexity Keep connection polynomials secret Use maximum length LFSRs
LFSR R2
LFSR R1
Output (K)CE CLK
D QBuffer
Clock
Overview of the latest RFID Research21st March 2007 34
Physically Uncloneable Functions in RFID
35
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
Simple challenge-response protocol
Reader chooses a challenge, x, which is a random number and transmits it to the label.
The label computes and transmits the value y to the reader (here e is the encryption rule that is publicly known and K is a secret key known only to the reader and the particular label).
The reader then computes .
Then the reader verifies that .
)(' xey K
yy '
)( xey K
36
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
A lightweight primitivePhysically Uncloneable Functions Easy to compute but hard to predict Alternative to storing keys on insecure hardware devices
f(c1,c2,c3,…,cm, k) {c1,c2,c3,…,cm}
}1,0{),. . . ,,,( 321 ncccccwhere
{r}
}1,0{),...,,,( 321 mrrrrr
k ={ gate and wire delay variations due to IC fabrication process variations}
37
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
• Use of PUFs on RFID tags to securely store keys• 800 challenge-response pairs to uniquely identify over
109 chips
c 0 c 1 c 2 c 6 1 c 6 2 c 6 3
01
S w i t c h c o m p o n e n t
A r b i t e r
c i = 0 c 0 = 1
S w i t c h c o m p o n e n t o p e r a t io n
0
A r b i t e r o p e r a t i o n a s t h e r a c e b e t w e e n t h e s i g n a l e n d s a s t h e
a r b i t e r
A r b i t e r
A r b i t e r
1
PUF structure
38
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
Tag authenticationUse sets of challenges and responses to authenticate tags
The response bit string can be compared with that stored in a secure database
Similarly to a one time pad, challenges can not be used again
39
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
Backend support
A secure backend database is required to store challenge response pairsA secure method of distributing challenge response pairs are requiredLabels need to be characterised prior to deployment
40
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
Lightweight hardware
Use XOR operation to allow challenge sets to be reused simple to implement and low computation complexity
41
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
Mutual authentication
Use Reader generated Random numbersReuse hardware on tag (CRC generator)Achieves mutual authentication and prevents unauthorised users from obtaining tag EPC
Overview of the latest RFID Research21st March 2007 42
Specialised RFID tag antenna design
Tag ConstraintsSmall UHF Animal Ear Tag (pigs)Small HF Animal Ear Tags (pigs, sheep)Compact Metal Mount Tags (UHF)Dual Frequency Tag Antennas
43
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
RFID Tag Constraints
Consist of
Basic requirement:- Compact- Reliable- Inexpensive
M ATCHINGNETW O RK
RFID CHIP(LO AD)
Overview of the latest RFID Research21st March 2007 44
Small UHF Animal Ear Tags
45
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
A Simple Loop Antenna
Front view
Back view
46
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
UHF ear tag
Overview of the latest RFID Research21st March 2007 47
Small HF Animal Ear Tags
48
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
HF ear tag
Overview of the latest RFID Research21st March 2007 49
Compact Metal Mount UHF Tag
50
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
Metallic EnvironmentMetallic Environment Surrounding
Warehouses full of metallic shelves Industrial area with heavy machinery
Object to be identified Canned food Metallic mechanical parts Metallic beer kegs
Challenge To get sufficient fields to reach RFID tag antenna near
metal.
51
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
Common Tag for Metallic Objects
Conventional planar passive UHF RFID tags not suitable for metallic item identification.
Existing RFID tags Normally big in area. To be small, need high dielectric constant
substrate which may be expensive.
52
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
Design Concept
Small in size Hrec = 10 mm, Lrec = 25 mm, Wrec = 5 mm
Exploits the theory of boundary conditions for better performance
53
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
Compact UHF Metal Mount Tag
The UHF antenna design for tagging metallic objects
Small top loaded monopole above a ground with a series inductor to achieve a reasonable match to the RFID chip impedance.
Overview of the latest RFID Research21st March 2007 54
Dual Frequency AntennaUHF and HF
55
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
Dual Frequency Antenna
Supply Chain uses UHF Range
Some Item Level Tagging application require HF Local Fields (reduced read range) No known impact on materials,
Pharmaceuticals
Both UHF and HF Item Level Tagging workgroups defining an air interface protocol that is functionally equivalentChip designs may soon be released that conform to both EPCglobal’s HF and UHF specificationsNeed for a two port dual frequency antenna
56
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
Concept
Merge HF loop antenna and UHF dipole antenna, by providing a matching circuit Transforms the UHF short circuit present at
the HF antenna terminals to an open circuit at the UHF dipole
HF antenna consists of overlapping coils to provide capacitance
Gap on UHF antenna prevents short of HF antenna, but strip on underside provides a UHF path.
57
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
Practical Example
Overview of the latest RFID Research21st March 2007 58
Conclusions
59
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
Conclusions
Auto-ID Lab, Adelaide setup to provide assistance to Australasian Industry in adopting EPCglobal technologyCurrent research directed to RFID solutions in security, authentication, and anti-counterfeiting
Public Key Cryptography and or Secret Channel, Symmetric Key, (eg: DES, newer AES) are all well established but cannot be applied, directly to RFID tags
Severe cost constraints and other limitations restrains the use of complex security engines
Some approaches using one time codes, PUFs and shrinking functions are promising.
Vulnerabilities are still being researched.
Active research and development in small UHF and HF tag antennas
Overview of the latest RFID Research21st March 2007 60
Most papers and presentations on our website
http://autoidlabs.eleceng.adelaide.edu.au/researchpapers.htm
Overview of the latest RFID Research21st March 2007 61
Questions
62
AUTO-ID LABS
Overview of the latest RFID Research21st March 2007
Further Information
Alfio Grasso
Deputy Director
Auto-ID Lab, Adelaide
University of Adelaide
Web: autoidlab.eleceng.adelaide.edu.au/
Email : [email protected]
Ph: +61-8- 8303 6473
Mob: +61 402 037 968