Upload
eavan
View
37
Download
0
Embed Size (px)
DESCRIPTION
Technieue for Preventing DoS Attacks on RFID System. Conference:SoftCOM(2010) Author: Deepak Tagra, Musfiq, Rahman and Srinivas Sampalli Present: 102062595 侯宗佑. Outline. Introduction Security Issues Gossamer Protocol De-synchronization Attack Extension Conclusion. Introduction. - PowerPoint PPT Presentation
Citation preview
Technieue for Preventing DoS Attacks on RFID System
Conference:SoftCOM(2010)Author: Deepak Tagra, Musfiq, Rahman and Srinivas SampalliPresent: 102062595 侯宗佑
1/17
Outline
• Introduction• Security Issues• Gossamer Protocol• De-synchronization Attack• Extension• Conclusion
Introduction
2/17
Security Issues
• Vulnerable to Evasdropping.– Traffic analysis
• Confidential data• Personal privacy
– Spoofing• SQL injection• Data integerty
– Replay attack• De-synchronization
3/17
Security Issues
• Deny of service– Kill command attack– Jamming– De-synchronization attack– Tag data modification
• Data encryption and authentication is required.
4/17
Security Issues
• Difficulties– No power supply.– Cost must be low.– Limited hardware scale.
• Only able to do bitwise operation.• Classic encryption/authentication techniques cannot be
implemented.– AES,DES,SHA-1,md5....
• Protocol must be low-cost and light-weighted.
5/17
Gossamer Protocol
• UMAP family– Tag anoymity– Data encryption– Mutual authentication
• Only bitwise logical operation.• Enhancement of SASI protocol.
– Using non-triangular function for encryption.
6/17
Gossamer Protocol
• Tag identication
Reader TagHello
IDS
7/17
Gossamer Protocol
• Mutual Authentication
Reader Tag
PRNG: (n1,n2)
Keys: (IDS,K1,K2)
Keys: (IDS,K1,K2)
A = f(IDS,K1,K2,n1,Const)
B = f(IDS,K1,K2,n1,Const)
C = f(IDS,K1’,K2’,n3,Const) A||B||C
n3 = MIXBITS(n1,n2)
8/17
Gossamer Protocol
• Mutual authentication
Reader Tag
Keys: (IDS,K1,K2)
Extract n1, n2 from A,B
Compute C’, If C’ == C
D = (IDS,K1’,K2’,n1’,Const)
DCompute D’, If D’ == DSUCCESS
n1’ = MIXBITS(n3,n2)
n1’ = MIXBITS(n3,n2)
9/17
10/17
Gossamer Protocol
• Key updating
TagReader
New Keys(IDSnew,K1new,K2new) = f(IDS,K1,K2,n1,n2,n3)
New Keys(IDSnew,K1new,K2new) = f(IDS,K1,K2,n1,n2,n3)
Old Keys(IDSold,K1old,K2old) = (IDS, K1,K2) )
11/17
De-synchroniztion Attack
• Prevented
TagReader
Attacker
D(Blocked)
C(Blocked) New Keys(IDSnew,K1new,K2new) = f(IDS,K1,K2,n1,n2,n3)
Old Keys(IDSold,K1old,K2old) = (IDS, K1,K2) )
Old Keys(IDSold,K1old,K2old) = (IDS, K1,K2) )
12/17
De-synchronization Attack
• Not prevented
TagReader
Attacker
A||B||C(Copied)
D(Blocked)
Old Keys(IDSold,K1old,K2old) = (IDS, K1,K2) )
New Keys(IDSnew,K1new,K2new) = f(IDS,K1,K2,n1,n2,n3)
Old Keys(IDSold,K1old,K2old) = (IDS, K1,K2) )
13/17
Reader TagReader
Attacker
D’
A’||B’||C’New Keys(IDS’new,K1’new,K2’new) Old Keys(IDSold,K1old,K2old)
= (IDS, K1,K2) )
New Keys(IDS’new,K1’new,K2’new)
De-synchronization Attack
14/17
Attacker Tag
D
A||B||C New Keys(IDSnew,K1new,K2new) = f(IDS,K1,K2,n1,n2,n3)
Old Keys(IDSold,K1old,K2old) = (IDS, K1,K2) )
De-synchronization Attack
15/17
Reader TagReader
Attacker
IDS or IDSnew
HelloNew Keys(IDS’new,K1’new,K2’new) Old Keys(IDSold,K1old,K2old)
= (IDS, K1,K2) )
New Keys(IDSnew,K1new,K2new)
De-synchronization Attack
Extension
Reader TagReader
Attack
IDS or IDSnew
HelloNew Keys(IDS’new,K1’new,K2’new) Old Keys(IDSold,K1old,K2old)
= (IDS, K1,K2) )
New Keys(IDSnew,K1new,K2new) Old Keys(IDSold,K1old,K2old) = (IDS, K1,K2) )
16/17
17/17
Conclusion
• Classified DoS attack on RFID.• Point out the vulerbility of Gossamer protocol.• Propose a simple extension to solve the problem.