Upload
holly-hopkins
View
216
Download
0
Tags:
Embed Size (px)
Citation preview
RFID Systems and Security and Privacy Implications
Sanjay E. Sarma
Stephen A. Weis
Daniel W. Engels
Auto-ID Center
Massachusetts Institute of Technology
www.autoidcenter.org
Auto-ID Center
• International industry-sponsored research center
• MIT, Cambridge University, and University of Adelaide
• Design, develop, and deploy large-scale field trials including RFID projects
Overview
• Radio Frequency Identification (RFID)
• EPC System
• Security Benefits and Threats
• Future
Uses of Automatic-ID Systems
• Access control and security
• Tracking of products in Supply Chain
• Id of products at Point of Sale
Most widely used is the Bar Code System
Potential Application of RFID
• Consider supply chain and EAN-UCC bar codes
• 5 billion bar codes scanned daily
• Each scanned once only at checkout
• Use RFID to combine supply chain management applications
Benefits of Supply Chain Management
• Automated real-time inventory monitoring
• Automated Quality Control
• Automated Check-out
Picture your refrigerator telling you that you’re out of milk!
Why not yet implemented
• Cost too high. Needs to be <$0.10
• Lack of standards and protocols
• Security concerns – similar in smart cards and wireless
• Privacy issues – Big Brother
RFID System Components
• RFID Tag– Transponder– Located on the object
• RFID Reader– Transceiver– Can read and write data to Tag
• Data Processing Subsystem
Transponder
• Consist of microchip that stores data and antenna
• Active transponders have on-tag battery
• Passive transponders obtain all power from the interrogation signal of reader
• Active and passive only communicate when interrogate by transceiver
Transceiver
• Consist of a RF module, a control unit, and a coupling element to interrogate tags via RF communication
• Also have secondary interface to communicate with backend systems
• Reads tags located in hostile environment and are obscured from view
Data Processing Subsystem
• Backend System
• Connected via high-speed network
• Computers for business logic
• Database storage
Also as simple as a reader attached to a cash register
RFID
• Basic components of RFID system combine in the same manner
• All objects are physically tagged with transponders
• Type of tag used varies from application to application
• Passive tags are most promising
RFID
• Transceivers are strategically placed for given application
• Access Control has readers near entrance
• Sporting events have readers at the start and finish lines
Transceiver-Transponder Coupling and Communication
• Passive tags obtain power from energy in EM field generated by reader
• Limited resource require it to both get energy and communicate within narrow frequency band – regulatory agencies
Inductive Coupling
• Uses magnetic field to induce current in coupling element
• Current charges the on-tag capacitor that provides operating voltage
• This works only in the near-field of signal – up to c/(2πf) meters
Inductive Coupling
• Operating voltage at distance d is proportional to flux density at d
• Magnetic field decreases in power proportional to 1/d3 in near field
• Flux density is max when R ≈ d√2, where R is radius of reader’s antenna coil
Far Field energy harvesting
• Uses reader’s far field signal to power tag
• Far field begins where near field ends
• Signal incident upon the tag induces voltage at input terminals of the tag, which is detected by RF front-end circuitry and is used to charge capacitor
Passive tag power
• Reader uses same signal to communicate with and power tag
• Any modulation of signal causes power reduction
• Modulating information spreads the signal – referred to as “side band.”
• Side band and max power is regulated
Transponder Communication
• RFID systems generally use the Industrial-Scientific-Medical bands
• In near field, communication is achieved via load modulation
• In far field, backscatter is used. Backscatter is achieved by modulating the radar-cross section of tag antenna
Limitations of Passive Tag communication
• Very little power available to digital portion of the IC, limited functionality
• Length of transactions is limited – Length of power on– Duration within communication range
• US regulations for 915 MHz limit transaction time to 400 ms
• Limit of state information
Data Coding and Modulation
• Determines bandwidth, integrity, and tag power consumption
• Limited by the power modulation / demodulation capabilities of the tag
• Readers are generally low bandwidth, due to government regulations
• Passive tags can use high bandwidth
Coding
• Level Codes– Non-Return-to-Zero– Return-to-Zero
• Transition Codes– Manchester– Miller
Coding Considerations
• Code must maintain power to tag as much as possible
• Code must not consume too much bandwidth
• Code must permit the detection of collisions
Coding for Readers and Tags
• Reader to Tag uses PPM or PWM (lower bandwidth)
• Tag to Reader uses Manchester or NRZ (higher bandwidth)
Modulation
• RF communications typically modulate high frequency carrier signal to transmit baseband code
• Three classes of digital modulation are ASK, FSK, and PSK.
• ASK most common in 13.56 MHz load modulation
• PSK most common in 915 MHz backscatter modulation
Tag Anti-Collision
• Limited power consumption
• State information may be unreliable
• Collisions may be difficult to detect due to varying signal strengths
• Cannot be assumed to hear one another
Algorithm Classification
• Probabilistic– Tags respond in randomly generate times– Slotted Aloha scheme
• Deterministic– Reader sorts through tags based on tag-ID– Binary tree-walking scheme
Algorithm Performance Trade-offs
• Speed at which tags can be read
• Outgoing bandwidth of reader signal
• Bandwidth of return signal
• Amount of state that can be reliable stored on tag
• Tolerance of the algorithm to noise
Algorithm Performance Trade-offs
• Cost of tag
• Cost of reader
• Ability to tolerate tags with enter and leave during interrogation period
• Desire to count tags exactly as opposed to sampling
• Range at which tags can be read
Regulations Effect
• US regulations on 13.56 MHz bandwidth offer significantly less bandwidth, so Aloha is more common
• 915 MHz bandwidth allows higher bandwidth, so deterministic algorithms are generally used
13.56 MHz Advantages
• Frequency band available worldwide as an ISM frequency
• Up to 1 meter reading distance in proximity / vicinity read
• Robust reader-to-tag communication
• Excellent immunity to environmental noise and electrical interference
13.56 MHz Benefits
• Well-defined transponder interrogation zones
• Minimal shielding effects from adjacent objects and the human body
• Damping effects of water relatively small, field penetrates dense materials
915 MHz Benefits
• Long range (from a few to several meters, depending on regulatory jurisdiction)
• High data rates
• Fast anti-collision and tags per second read rate capabilities
The EPC System
• System that enables all objects to be connected to the Internet by adding an RFID tag to the object
• EPC
• ONS
• SAVANT
• Transponders
The EPC
• Electronic Product Code
• ID scheme designed to enable unique id of all physical objects
• Only data stored on tag, since information about object is stored on network
• EPC acts like a pointer
The ONS
• Object Name Service
• Directory service that maps EPS to IP
• Based entirely on DNS
• At the IP address, data is stored in XML and can be accessed via HTTP and SOAP
The ONS
• Reduces power and memory requirements on tag
• Transfer data communication to backend network, saving wireless bandwidth
• Makes system more robust
• Reduces size of microchip on tag
Savant
• System based on hierarchical control and data management
• Provides automated control functionality
• Manages large volumes of data
• Acts as a gateway for the reader network to the next higher level
Savant
• Transfers computationally intensive functionality from tag to powered system
• Any single point of failure has only local effect
• Enables entire system to be scalable since reader sub-systems are added seamlessly
RFID Transponder
• Most numerous parts of system
• Most cost-sensitive part
• Protocols designed for 13.56 MHz and 915 MHz frequencies
• Implement a password-protected Self Destruct command
RFID Security Benefits and Threats
• Airline passenger and baggage tracking made practical and less intrusive
• Authentication systems already in use (key-less car entry)
• Non-contact and non-line-of-sight
• Promiscuity of tags
Previous Work
• Contact-less and constrained computational resource similar to smart cards
• Analysis of smart card security concerns similar to RFID
• RFID especially susceptible to fault induction and power analysis attacks
Security Goals
• Tags cannot compromise privacy of holders
• Information should not be leaked to unauthorized readers
• Should not be possible to build long-term tracking associations
• Holders should be able to detect and disable tags they carry
Security Goals
• Publicly available tag output should be randomized
• Private tag contents should be protected by access control and encryption
• Spoofing tags or readers should be difficult
Low-cost RFID Issues
• Inexpensive read-only tags are promiscuous and allow automated monitoring – privacy concern
• Neither tags nor readers are authenticated – security concern
• Full implementation of privacy and security is costly – cost concern
Possible solutions
• Erase unique serial numbers at point of sale – tracking still possible by associating “constellations” of tags
• Public key cryptography – too expensive
• Shared key – if one tag is compromised, entire batch is effected
Approach to RFID Protection
• Use one-way hash function on tag – “meta-ID”
• When reader knows meta-ID, tag is ‘unlocked’ and readable
• After reader is finished, tag is locked
• Tag has self-destruct mechanism to use if under attack
Future Research
• Development of low cost crypto primitives – hash functions, random number generators, etc.
• Low cost hardware implementation w/o computational loss
• Adaptation of symmetric encryption and public key algorithms from active tags into passive tags
Future Research
• Developing protocols that make tags resilient to power interruption and fault induction.
• Power loss graceful recovery of tags
• Research on smart cards and other embedded systems