Upload
vanthien
View
220
Download
0
Embed Size (px)
Citation preview
VERAYO CONFIDENTIAL1
“Unclonable” RFIDs -Elevating Trust in RFIDs
Vivek Khandelwal VP, Marketing & Business Development
VERAYO CONFIDENTIAL2
Agenda
»Introduce Verayo»Trust in RFIDs»Silicon “Biometrics”»Unclonable RFIDs»Summary
3
Verayo
» Focus: Authentication & Security Technology» Core Technology: “Silicon Biometrics”
Technology – Physical Unclonable Functions» Products: Unclonable RFIDs, Trusted Smart
Cards, Secure Processors» Location: San Jose, CA, USA
5
Trust in RFIDs
»Ensure the Integrity and Authenticity of both•Content – Data in User Memory •Container – Chip
RFID
RF
Fron
t End
Con
trol
Log
ic
Ticket Type 1
# rides 10
Tag ID 3C00000078
Ticket Type 2
# rides 100
Tag ID 3C00000078
6
How do you attack an RFID?
»Ghost Device• Skim and copy contents of a genuine RFID tag
• Modify and/or replay the content
Ticket Type 1
# rides 10
Tag ID 3C00000078 RF
Fron
t End
Con
trol
Log
ic
»Clone Chip• Has the same Tag ID and other contents as in the genuine RFID chip
8
Protect the Content
Ticket Type 1
# rides 10
Tag ID 3C00000078 RF
Fron
t End
Con
trol
Log
ic
Tag ID 3C00000078
»One-time-programmable memory
• Data unalterable, though in the clear
» “License Plate” model• Minimal data on the tag• Tag ID used to index data in DB
»Encrypted data• Difficult to decipher, copy, change
ujdlfu Uzqf2
$sjeft 39
Tag ID 3C00000078
9
Protect the Container
»Unique, unalterable Tag ID• Provides a layer of security, but can be spoofed or cloned
Tag ID 3C00000078
Crypto Engine
RF
Fron
t End
Con
trol
Log
ic
»Cryptography based• Strong and robust, but expensive
»Silicon “Biometrics”• Each chip unique, and effectively “unclonable”
• Strong and robust, yet low cost
11
Physical Unclonable Functions (PUF)
PUF is a “silicon biometrics” technology» Uniquely characterizes each
and every silicon chip» Identifies and authenticates
each chip» Makes each chip “unclonable”
12
Concept
» Semiconductor chip fabrication process has unavoidable variations. These variations are
•Unpredictable•Permanent•Effectively impossible to clone, even by chip manufacturers
» PUFs are tiny electric circuits that exploit these variations to uniquely characterize each chip
» Unique characteristics = “silicon biometrics”
13
How PUFs Work
» PUF circuits are fabricated identically on all chips» Each PUF dynamically generates virtually unlimited number
of challenge response pairs that are•Unique – same challenge results in different responses from different chips
•Consistent – same challenge consistently generates a “very similar” response from the same chip
» Unique challenge response pairs = “electronic fingerprints” used for authentication, crypto key generation
Challenge(say, 64 bits)
Response(say, 64 bits)
PUF Circuit
15
Vera X512H: World’s First “Unclonable” RFID IC
» PUF Technology» Networked Authentication» Pre-Configured Authentication
Events » ISO/IEC 14443-A, 13.56 Mhz» 56-bit Tag ID» 512 bit OTP» Operating Temperature: -25 oC to
+85 oC
16
How PUF Based RFIDs Work?
» Extract challenge/response on wafer» Using a conventional RFID reader
1. Software layer provides challenge (nonce) to reader2. Readers sends (writes) challenge (64 bits) to chip3. PUF gets activated, dynamically generates a response –
64/128/256 bits4. Reader receives (reads) the response5. Reader sends response to software layer
ResponseChallenge
14703455 75407896
RF Front End
PUF
User Memory
TID: 12345678
» Challenge Response pairs:•Unique•Consistent•Virtually unlimited in number (2^64 per chip)
» Unique challenge response pairs = “electronic fingerprints” used for authentication
17
Vera X512H Authentication Solution –(Similarities to Human Fingerprint Authentication)
C/R DB
Serial # 5789256781
RFID Tag # 48793570
Challenge Response
11028490 89532973
46298504 34769145
…. ….
Challenge = 11028490 Get Response for the Challenge from PUF on RFID Tag
Response
Result
RFID Tag #
Backend Authentication Service Authentication Based on PUF Challenge/Response
18
Vera X512H Authentication Solution
C/R DB
Serial # 5789256781
RFID Tag # 48793570
Challenge Response
11028490 89532973
46298504 34769145
…. ….
Challenge = 11028490 Get Response for the Challenge from PUF on RFID Tag
Response
Result
RFID Tag #
Backend Authentication Service Authentication Based on PUF Challenge/Response
19
How is it Unclonable?
ResponseChallenge
14703455 75407896
RF Front End
PUF
User Memory
TID: 12345678
RF Front End
PUF
User Memory
TID: 12345678
Clone Chip
ResponseChallenge
14703455 56902387
TID: 12345678Challenge
68452567
Response
????
14703455, 7540789668452567, 18659563
…, …
Authentication DBC, R
Ghost Device
20
Verayo RFID Product Roadmap
Vera X512H(current RFID product)
# of AuthenticationEvents
Pre-Provisioned
Mode of Operation Networked
Vera M4H(next gen RFID product)
Unlimited orPre-Provisioned
Standalone (with secure RFID readers)orNetworked(with dumb RFID readers)
21
Vera M4H: Next Gen “Unclonable” RFID IC
» PUF Technology» Standalone or Networked» Unlimited or Pre-Configured
Authentication Events» ISO/IEC 14443-A, 13.56 Mhz» 56-bit Tag ID» 4K bit OTP» Operating Temperature: -25 oC to
+85 oC
22
Vera M4H Authentication Solution(Similarities to Human Fingerprint Authentication)
Secure RFID Reader Authenticates the RFID Chip
Send random nonce (N), calculateQ = f(N, PUF data), compare F from tag,send result
Nonce (N)
Q = f(N, PUF data)
Encrypted PUF data
EncryptedPUF Data
PUF Data is Extracted, Encrypted and Stored on the RFID Chip
Issuing Authority ID Check Point
23
Vera M4H Authentication Solution(Un-limited Use, Off Network)
Secure RFID Reader Authenticates the RFID Chip
Send random nonce (N), calculateQ = f(N, PUF data), compare F from tag,send result
Nonce (N)
Q = f(N, PUF data)
Encrypted PUF data
EncryptedPUF Data
PUF Data is Extracted, Encrypted and Stored on the RFID Chip
Issuing Authority ID Check Point
24
PUF RFID Advantages
• Effectively impossible to clone the RFID chipUnclonable
• Unlimited number of challenge-response pairs• Prevents skimming and replay attacks
Strong & Robust Authentication
• Tiny PUF circuit consumes small die areaLow Cost
• Requires no crypto computationLow Power
Consumption
25
New RFID Technology Landscape
Cost & Complexity
Aut
hent
icat
ion
Stre
ngth
Hig
hLo
w
HighLow
VerayoRFIDs
Basic RFIDs
Crypto RFIDs
27
Summary
PUF based RFIDs:»Secure & Reliable
•Based on unclonable silicon signatures
»Simple & Efficient•Quick challenge/response protocol for authentication
»Low cost, consumes low power•Tiny PUF circuit
PUFs elevate the trust in RFIDs to a new level