1

Author: Esteban Masobro[esteban.masobro@yahoo.co.uk][Esteban.Masobro@tecnocom.es]

Royal Holloway, University of London Weekend Conference 6 & 7 September 2014

The MSc Project Experience:

Security Protocols for Low-Cost RFID Tags –

Analysis and Automated Verification of

Proposed Solutions

Supervisor:

Dr Konstantinos Markantonakis http://km.isg.rhul.ac.uk/

2

AcknowledgementThis presentation is strongly based on the

information obtained from the various resources at our disposal, mainly:The project supervisor. [1]The project seminar at the VLE. [2]The project guide. [3]

Any mistakes are entirely this speaker’s fault.

3

ContentsPart 1 - Introduction

1.1 The Presentation1.1.1 Intended audience1.1.2 Motivation 1.1.3 Objectives

1.2 The MSc Project 1.2.1 An Introductory Idea 1.2.2 The Overall Picture

1.2.3 The Project Process Steps 1.2.4 The Project Supervisor

4

ContentsPart 2 - My Project Topic

2.1 RFID Technology 2.1.1 My Project Topic 2.1.2 General Purpose 2.1.3 Architecture 2.1.4 Basic Operation 2.1.5 Example Application 2.2 Some Security Issues 2.2.1 Privacy 2.2.2 Anonymity 2.2.3. The Big Brother’s Concern 2.2.4 Hashing the Identifier 2.2.5 Untraceability

2.2.6 Non-Protocol Proposals 2.2.7 Automated Formal Proof

5

ContentsPart 3 - The Project Process 3.1 Selection of the Project Topic 3.2 Specification of the Objectives 3.3 Identification of Methodology 3.4 Development of the Project Plan 3.5 Collection and Processing of Data 3.6 Production of the Report 3.7 Drawing Conclusions

Part 4 – Pitfalls and Highs

Bibliography

6

PART 1 Introduction

7

ContentsPart 1 - Introduction

1.1 The Presentation1.1.1 Intended audience1.1.2 Motivation 1.1.3 Objectives

1.2 The MSc Project 1.2.1 An introductory idea 1.2.2 The Overall Picture

1.2.3 The Project Process Steps 1.2.4 The Project Supervisor

8

Intended AudienceWho is this presentation for?

Current students on the programmeStudents who have not yet started the courseA more general audience is also welcome

AssumptionsNo specialist knowledge is assumedFamiliarity with the basics of Information

Security can be helpful

9

MotivationThe MSc project is worth one quarter of the

degree’s overall mark, and so it should be taken seriously.

Experience shows that a preliminary good understanding of the project process is essential.

Emphasis will be placed on the identification of typical pitfalls and highs.

This presenter’s own project will be used as a running example.

10

Objectives Provide an overall picture of the MSc Project.Describe the experience of the project by

means of the speaker’s own.Overview the different steps of the project

process.Identify typical pitfalls and highs.

11

ContentsPart 1 - Introduction

1.1 The Presentation1.1.1 Intended audience1.1.2 Motivation 1.1.3 Objectives

1.2 The MSc Project 1.2.1 An introductory idea 1.2.2 The Overall Picture

1.2.3 The Project Process Steps 1.2.4 The Project Supervisor

12

An Introductory IdeaThe MSc project:

Is an independent and well-defined piece of work, dealing with some aspect of Information Security.

Must show that an all-encompassing perspective has been obtained of all that is known about the subject matter.

Must add value to this knowledge. Is largely represented by the report, which

must be satisfactorily structured, presented, written, and have adequate length and referencing.

13

The Overall Picture

Project Process

- Project Guide-VLE

- Others

Project

Superviso

r

14

The Project Process Steps

Step 1

•Selection of the Project Topic

Step 2

•Specification of the Objectives

Step 3

•Identification of methodology

Step 4

•Development of the Project Plan

Step 5

•Collection and processing of data

Step 6

•Production of the report

Step 7

•Drawing conclusions

15

The Project Supervisor has the experience of many projects and knows what the examiners are looking for.

The Project Supervisor is the first port of call on all issues related to the project, and should be regularly informed on progress.

It is wise to involve your Project Supervisor at every step of the project process, from the selection of the project topic and the establishment of the project plan, to the approval of the report structure and review of draft reports.

Nonetheless, students must do all the work.

The Project Supervisor

16

PART 2 My Project Topic

17

ContentsPart 2 - My Project Topic

2.1 RFID Technology 2.1.1 My Project Topic 2.1.2 General Purpose 2.1.3 Architecture

2.1.4 Basic Operation 2.1.5 Example Application 2.2 Some Security Issues 2.2.1 Privacy 2.2.2 Anonymity 2.2.3 The Big Brother’s Concern 2.2.4 Hashing the Identifier 2.2.5 Untraceability

2.2.6 Non-Protocol Proposals 2.2.7 Automated Formal Proof

18

My project topic is “Security Protocols for Low-Cost RFID Tags”.

A short background to the topic of my project:General purpose, architecture and basic

operation of an RFID systemWhy the technology has to overcome security

and privacy issues before widespread adoptionThe relevance of automated formal verification

of security protocols

My Project Topic

19

RFID is an Auto-ID technology.Other Auto-ID technologies include:

Barcode systems Optical character recognition Biometrics Smart cards

General purpose

Texas Instruments' HF-I family of 13.56 MHz RFID tags. Picture taken from [7].

20

Architecture of an RFID system:A large set of resource-constraint tags.A set of computationally powerful readers.A computationally powerful backend system.A communication channel between backend

server and readers.A communication channel between reader and

tags.

Architecture

21

Architecture (Tags)

Confidex’s Silverline printable, flexible on-metal adhesive RFIDLabel. Picture taken from [7].

A steer with an eTatoo dangle tag. Picture taken from [7].

VeriChip's 134 kHz passive tag, designed for implantation in humans, is the size of a grain of rice. Picture taken from [7].

22

Architecture (Readers)

Motorola’s MC9190-Z handheld reader. Picture taken from [7].

qIDmini from CAEN RFID. Picture taken from [7].

23

Architecture (Traditional Model)

Architecture of an RFID system. Picture taken from [4]

24

Basic Operation

Reader Tag

What is your ID?

My ID is 8193

Backend System

What object is tag with ID

8193 attached to?

It’s attached to a cheap

polyester wig, etc.

25

RFID can be applied to a wide range of applications, from tracing of tagged products througout the supply chain to pet and drug identification.

Let’s consider an example at the Dutch horticultural supply chain called “From Plant to Customer”.

It attempts to reduce labour cost and increment efficiency and accuracy.

EPC Gen 2 passive UHF RFID tags are attached to both trays of plants and trolleys by growers.

Example Application

26

Example Application

GROWER DISTRIBUTION CENTER

EXPORTER

TRANSPORT COMPANYRETAILE

R

Pictures taken from [7].

27

Example Application

Tag at trolley at the Hamiplant exporter.Picture taken from [7].

28

Example Application

RFID Portal at an outgoing dock door. Hamiplant exporter. Picture taken from [7].

29

ContentsPart 2 - My Project Topic

2.1 RFID Technology 2.1.1 My Project Topic 2.1.2 General Purpose 2.1.3 Architecture

2.1.4 Basic Operation 2.1.5 Example Application 2.2 Some Security Issues 2.2.1 Privacy 2.2.2 Anonymity 2.2.3 The Big Brother’s Concern 2.2.4 Hashing the Identifier 2.2.5 Untraceability

2.2.6 Non-Protocol Proposals 2.2.7 Automated Formal Proof

30

Basic Operation

Reader Tag

What is your ID?

My ID is 8193

Backend System

What object is tag with ID

8193 attached to?

It’s attached to a cheap

polyester wig, etc.

31

Privacy

Reader Tag

What is your ID?

My ID is 8193

Backend System

What object is tag with ID

8193 attached to?

It’s attached to a cheap

polyester wig, etc.

32

Anonymity

The consumer privacy problem. Picture taken from [6]

33

Anonymity

Reader Tag

What is your ID?

My ID is 8193

Backend System

Anonymity breached, the attacker now knows that Bob wears a cheap polyester wig.

What object is tag with ID

8193 attached to?

It’s attached to a cheap

polyester wig, etc.

34

The Big Brother’s Concern

EPC: thE sPy Chip. Picture taken from [18].

35

Hashing the identifier

Reader Tag

What is your ID?

My ID is hash(8193)

Backend System

What object is tag with

hash(ID) = hash(8193) attached to?

It’s attached to a cheap

polyester wig, etc.

36

Hashing the identifier

Reader TagBackend System

?

What is your ID?

My ID is hash(8193)What object is

tag with hash(ID) = hash(8193) attached to?

It’s attached to a cheap

polyester wig, etc.

37

UntraceabilityReader Tag

What is your ID?

My ID is hash(8193)

Backend System

The attacker interrogates Bob’s tag on Monday.

38

Untraceability

Reader Tag

What is your ID?

My ID is hash(8193)

Backend System

The attacker interrogates Bob’s tag on Wednesday. Untraceability breached.

39

ContentsPart 2 - My Project Topic

2.1 RFID Technology 2.1.1 My Project Topic 2.1.2 General Purpose 2.1.3 Architecture

2.1.4 Basic Operation 2.1.5 Example Application 2.2 Some Security Issues 2.2.1 Privacy 2.2.2 Anonymity 2.2.3 The Big Brother’s Concern 2.2.4 Hashing the Identifier 2.2.5 Untraceability

2.2.6 Non-Protocol Proposals 2.2.7 Automated Formal Proof

40

We have seen that protocol proposals attempt to reduce security and privacy issues to acceptable levels.

There are non-protocol proposals as well. Killing the tags is one such proposal.The reader sends a PIN-protected kill

command to the tag.The tag becomes definitively inoperable.Effective to provide privacy.Several drawbacks, e.g. tag functionality is not available afterwards.

Non-Protocol Proposals

Killer Kiosk. Picture taken from [7]

41

ContentsPart 2 - My Project Topic

2.1 RFID Technology 2.1.1 My Project Topic 2.1.2 General Purpose 2.1.3 Architecture

2.1.4 Basic Operation 2.1.5 Example Application 2.2 Some Security Issues 2.2.1 Privacy 2.2.2 Anonymity 2.2.3 The Big Brother’s Concern 2.2.4 Hashing the Identifier 2.2.5 Untraceability

2.2.6 Non-Protocol Proposals 2.2.7 Automated Formal Proof

42

Security protocol design is an error-prone task.

A protocol whose security has been formally proven, to some extent, offers a much greater degree of confidence.

Some automated verification tools have been developed, including:AVISPA/AVANTSSARProverifScytherCasper/FDR

Automated Formal Proof

43

The AVISPA tool is an example of a tool for the automated formal verification of security protocols.

Automated Formal Proof

Architecture of the AVISPA Tool. Picture taken from [8].

44

As an example, we will examine the Needham-Schroeder Public-Key Protocol. Original version (of 1978) without key server [9].

Description of the protocol:

Automated Formal Proof

{Na.A}_Kb

{Na.Nb}_Ka

{Nb}_Kb

45

The modelling of our example can be found at the AVISPA Library [10]

The protocol claims include two-party mutual authentication.

In particular, our security goals are:Secrecy of both nonces Na, Nb.Strong authentication on alice_bob_nbStrong authentication on bob_alice_na

Automated Formal Proof

46

Unfortunately, a man-in-the-middle attack is possible:Two sessions are needed. The first one

between Alice and the intruder, and the second one between the intruder and Bob.

After the second session Bob believes that he is communicating with Alice, but he actually talks to the intruder!

Automated Formal Proof

47

Automated Formal Proof{Na.A}_Ki

48

Automated Formal Proof{Na.A}_Ki

{Na.A}_Kb

( )

49

Automated Formal Proof{Na.A}_Ki

{Na.A}_Kb

{Na.Nb}_Ka

(

(

)

)

50

Automated Formal Proof{Na.A}_Ki

{Na.A}_Kb

{Na.Nb}_Ka

(

(

)

){Na.Nb}_Ka

51

Automated Formal Proof{Na.A}_Ki

{Na.A}_Kb

{Na.Nb}_Ka

(

(

)

){Na.Nb}_Ka

{Nb}_Ki

52

Automated Formal Proof{Na.A}_Ki

{Na.A}_Kb

{Na.Nb}_Ka

(

(

)

){Na.Nb}_Ka

{Nb}_Ki

52

{Nb}_Kb

( )

53

Automated Formal Proof{Na.A}_Ki

{Na.A}_Kb

{Na.Nb}_Ka

(

(

)

){Na.Nb}_Ka

{Nb}_Ki

53

{Nb}_Kb

( )

At the end of the protocol run, Bob believes he is talking to Alice, but he talks to the intruder, instead.

54

It was not until around seventeen years later that the protocol was broken an fixed by Lowe using the tool Casper/FDR.

Automated Formal Proof

{Na.A}_Kb

{Na.Nb.B}_Ka

{Nb}_Kb

55

A tool for the automated formal verification of security protocols, such as AVISPA, would have found the attack.

Automated Formal Proof

SATMC Outputs for NSPK and NSPK-fixed, respectively. Pictures taken from [11]

56

PART 3 The Project Process

57

ContentsPart 3 - The Project Process 3.1 Selection of the Project Topic 3.2 Specification of the Objectives 3.3 Identification of Methodology 3.4 Development of the Project Plan 3.5 Collection and Processing of Data 3.6 Production of the Report 3.7 Drawing Conclusions

Part 4 – Pitfalls and Highs

Bibliography

58

The Project Process Steps

Step 1

•Selection of the Project Topic

Step 2

•Specification of the Objectives

Step 3

•Identification of methodology

Step 4

•Development of the Project Plan

Step 5

•Collection and processing of data

Step 6

•Production of the report

Step 7

•Drawing conclusions

59

How did I choose my topic?Two aspects of Information Security that

especially interest me: Cryptography and Smart Card Security.

I have some strength in them.My supervisor suggests “Security Protocols for

Low-Cost RFID Tags”. It is a topic of timely interest. It has not been covered in the course material.Value can be added to existing knowledge:

A comprehensive overview of the topic can be offered.

Analytical work can be conducted in several ways.

Selection of the Project Topic

60

The Project Process Steps

Step 1

•Selection of the Project Topic

Step 2

•Specification of the Objectives

Step 3

•Identification of methodology

Step 4

•Development of the Project Plan

Step 5

•Collection and processing of data

Step 6

•Production of the report

Step 7

•Drawing conclusions

61

Which are my objectives?1. Establishment of an all-encompassing perspective

of what information is known about the subject matter.

2. Identification of security properties significant in the field.

3. Justified selection of three case studies.4. Description, analysis, and suggestions for

improvement.5. Classification of a number of security protocols.6. Review of a selection of tools for the automated

formal verification of security protocols.7. Provision of suggestions for the improvement of

the tools.

Specification of the Objectives

62

The Project Process Steps

Step 1

•Selection of the Project Topic

Step 2

•Specification of the Objectives

Step 3

•Identification of methodology

Step 4

•Development of the Project Plan

Step 5

•Collection and processing of data

Step 6

•Production of the report

Step 7

•Drawing conclusions

63

Which where the main methods that I used? A comprehensive literature search. This

includes books, research publications, the Internet and literature by vendors. Using external assistance. Case studies. Collecting and documenting data.

Identification of Methodology

64

The Project Process Steps

Step 1

•Selection of the Project Topic

Step 2

•Specification of the Objectives

Step 3

•Identification of methodology

Step 4

•Development of the Project Plan

Step 5

•Collection and processing of data

Step 6

•Production of the report

Step 7

•Drawing conclusions

65

The project plan must established as soon as possible so that the supervisor can determine whether it is viable.

All important events in the development of the project should be identified, together with their intended completion date. For instance: When are we going to complete the literature

search? When are we going to produce draft chapters?

More than enough time should be allocated to each activity so that unwanted surprises are avoided.

Development of the Project Plan

Time goes fast. Picture taken from [14]

66

The Project Process Steps

Step 1

•Selection of the Project Topic

Step 2

•Specification of the Objectives

Step 3

•Identification of methodology

Step 4

•Development of the Project Plan

Step 5

•Collection and processing of data

Step 6

•Production of the report

Step 7

•Drawing conclusions

67

It is advisable to note down all resources usedIt can be useful to maintain a project diaryDon’t forget to make regular backup of data

Collection and Processing of Data

How to Back Up Data from Hard Drive(s) to External Media. Picture taken from [14]

68

The Project Process Steps

Step 1

•Selection of the Project Topic

Step 2

•Specification of the Objectives

Step 3

•Identification of methodology

Step 4

•Development of the Project Plan

Step 5

•Collection and processing of data

Step 6

•Production of the report

Step 7

•Drawing conclusions

69

Your report must be satisfactorily structured, presented, written, and have adequate length and referencing. For instance: Examiners will notice if you have not allocated

enough time to your report and it has been done without the necessary care.

It is advisable to follow the recommended length for the report, i.e. around 50-60 pages.

It is important to avoid making the same point at several different parts of your project.

If you state something, you must either argue it or provide the necessary references.

You should not assume that your reader will have an in-depth knowledge of your project topic.

It makes a great difference if the report is coherently structured.

Production of the Report

70

The Project Process Steps

Step 1

•Selection of the Project Topic

Step 2

•Specification of the Objectives

Step 3

•Identification of methodology

Step 4

•Development of the Project Plan

Step 5

•Collection and processing of data

Step 6

•Production of the report

Step 7

•Drawing conclusions

71

At the end of the project, conclusions must be drawn and included in the report. In my project, I included: Identification of contribution and main results

An improved version of three protocols Classification of fifteen representative protocols Presentation of five suggestions for the

improvement of the tools to better meet the requirements of security protocols for low-cost RFID tags

List of original objectives of the project, and an explanation of the extent to which they were achieved

Attempt pointers to the possible evolution of the subject area We can also make predictions

Drawing Conclusions

72

PART 4 Pitfalls and Highs

73

ContentsPart 3 - The Project Process 3.1 Selection of the Project Topic 3.2 Specification of the Objectives 3.3 Identification of Methodology 3.4 Development of the Project Plan 3.5 Collection and Processing of Data 3.6 Production of the Report 3.7 Drawing Conclusions

Part 4 – Pitfalls and Highs

Bibliography

74

The first piece of advice is to read the project guide and

keep it in mind... If your project topic has not been extensively studied, you have a better chance to add value. Generally speaking, you must go beyond the mere description of all that is known about the subject matter. It is essential that you add value.

Pitfalls and Highs

75

Your project topic should have a clear focus. Otherwise, it is likely that you will not be able to address issues deeply enough.

There is no excuse for plagiarism. We must not paraphrase (let alone copy paste) work of others without appropriate referencing. Examples include papers,

books or past MSc projects. It might seem obvious, but it is important to double-check your work.

Pitfalls and Highs

Picture taken from [12]

76

It is key that your project report reflects all the work that you have done.

It is important that your project report features a short introduction that includes: A short background to the problem Objectives and rationale Methodology Structure of the Report, stating the different parts and their relationship

If your native language is not English, it is advisable to have your your report reviewed for English language.

Pitfalls and Highs

“Comedies, Histories and Tragedies”, by William Shakespeare [15]

77

A good literature review: Identifies the security issues arising in the subject

area Is reasonably comprehensive Is up-to-date Places the right weight to the different areas, and

examines the relationship between them Defines the basics of the subject area in the main

body of the report, and, where relevant, also provides example(s) and possibly references for further information.

In addition to this comprehensive literature review, analysis must be provided, together with corresponding argued conclusions.

Pitfalls and Highs

78

Examiners value personal opinion, originality and independence of thought.

For every reference in your project, be careful that you take into account whether it is outdated. For instance: The apparently cutting-edge

methodology/technology that you are analysing, has been shown flawed subsequently?

Time goes fast, so don’t delay the start of your project.

Pitfalls and Highs

79

The use of a reference manager can be very helpful.

It is best to insert your citations as you write [3].

Pitfalls and Highs

Picture taken from [16]

80

ContentsPart 3 - The Project Process 3.1 Selection of the Project Topic 3.2 Specification of the Objectives 3.3 Identification of Methodology 3.4 Development of the Project Plan 3.5 Collection and Processing of Data 3.6 Production of the Report 3.7 Drawing Conclusions

Part 4 – Pitfalls and Highs

Conclusions

Bibliography

81

The MSc project is worth one quarter of the degree’s overall mark, and so it should be taken seriously.

The MSc project is an independent and well-defined piece of work, dealing with some aspect of Information security. It demonstrates that all that is known about the subject area has been found out, and adds value to it. In addition, it is largely represented by the report.

Your report must be satisfactorily structured, presented, written, and have adequate length and referencing.

Conclusions

82

Obtain as much information as possible about the project process before start working on it:Read the Project GuideBe active in the Project SeminarBe receptive to the experience of past project

reportsInvolve your project supervisor and follow his

or her advice. He or she has the experience of many projects and knows the assessment process in-depth.

Conclusions

83

Bibliography [1] Konstantinos Markantonakis. ‘Advice given as my project

supervisor’. Personal communication. 2013-2014. [2] Colin Walter. ‘Advice given to students as Information

Security Project module tutor’. VLE at RHUL’s MSc in Information Security. 2013.

[3] K.M. Martin. MSc in Information Security Project Guide. University of London Press. 2008.

[4] Klaus Finkenzeller. RFID Handbook: Fundamentals and Applications in Contactless Smart Cards, Radio Frequency Identification and Near-Field Communication. Wiley, 3rd edition, 2010.

[5] Andreas Hagl and Konstantin Aslanidis. RFID: Fundamentals and Applications. In: Kitsos, P., Zhang, Y. (eds.) RFID Security: Techniques, Protocols and System-On-Chip Design, ch. 1, Springer, Heidelberg, pages 3-26, 2008.

[6] A. Juels. RFID Security and Privacy: A Research Survey. IEEE Journal on Selected Areas in Communications, 24(2): 381 - 394, February 2006.

84

Bibliography [7] RFID Journal. Available at http://www.rfidjournal.com

. Last accessed August 2014. [8] Yohan Boichut. TA4SP - The Tree Automata based on

Automatic Approximations for the Analysis of Security Protocols. Author’s webpage at http://www.univorleans.fr/lifo/Members/Yohan.Boichut/ta4sp.html. Last accessed August 2014.

[9] Roger Needham and Michael Schroeder. Using Encryption for Authentication in Large Networks of Computers. Communications of the ACM, v.21 n.12, p.993-999, Dec. 1978.

[10] David von Oheimb. Modelling of the NSPK Protocol. Available at the website of the AVISPA project, The AVISPA Library, http://www.avispa-project.org/. Last accessed August 2014, January 2005.

85

Bibliography [11] A. Armando et al. The AVISPA Tool Web Interface.

Available at the website of the AVISPA project, http://www.avispa-project.org/, Last accessed August 2014, 2005.

[12] Learner First. Online Plagiarism Detection Services . Available at http://www.learnerfirst.org/2012/09/19/online-plagiarism-detection-services/. Last accessed August 2014.

[13] Raymond Cooper, Consultant Property Lawyer. Rights of Pre-Emption and the Rule Against Perpetuities . Available at http://www.raymondcooper.co.uk/land-law/rights-pre-emption-rule-perpetuities/. Last accessed August 2014, 2013.

[14] University of Delaware. How to Back Up Data from Hard Drive(s) to External Media. Available at http://www.udel.edu/topics/backups/zipdisk.html. Last accessed August 2014.

86

Bibliography [15] William Shakespeare. Comedies, Histories and

Tragedies. Printed by Ifaac Iaggard, and Ed. Blount. 1623.

[16] Sourceforge.net. JabRef Reference Manager webpage at sourceforge.net. Available at http://jabref.sourceforge.net/contact.php. Last accessed August 2014.

[17] Dreamstime. Sunbathers on Barcelona's city beach under palm trees in Summer. Available at http://www.dreamstime.com/royalty-free-stock-photography-barcelona-beach-sunbathers-summer-spain-june-london-uk-s-city-under-palm-trees-catalonia-image34814567. Last accessed August 2014,2012.

[18] Katherine Albrecht and Liz McIntyre. NH CASPIAN Anti-RFID protest . Bedford, New Hampshire. November 5, 2005, Wal-Mart. Available at the Spychips website at http://www.spychips.com/protest/nh-protest/slideshow/. Last

accessed August 2014. 2005.

87

Thank you

Sunbathers on Barcelona's city beach under palm trees in Summer. Picture taken from [17].

88

The very bestof luck

89

Questions?