390 likes | 595 Views
Topics. About us @IAIKMotivation for standardized security on a tagSecurity requirements for RFID tagsLimitations due to technologyHash vs. symmetric encryptionResults so far (developed at IAIK)Future research topicsConclusions. About IAIK and PROACT. Graz University of Technology (Austria)
E N D
1. Crypto implementations for RFID tags Learning from the smart card industry
2. Topics About us @IAIK
Motivation for standardized security on a tag
Security requirements for RFID tags
Limitations due to technology
Hash vs. symmetric encryption
Results so far (developed at IAIK)
Future research topics
Conclusions
3. About IAIK and PROACT Graz University of Technology (Austria)Faculty of Computer Science
Institute for Applied Information Processing … (IAIK)
IT-Security from design of crypto algorithms via secure implementation and networks to eGovernment applications
VLSI Group: 12 researchers dealing with crypto implementations in HW and related topics like ISE, SCA, HW/SW co-design, SOC design
Major activities at the moment: Crypto implementations for resource restricted environments (smart cards, RFIDs, emb. systems), ISE for crypto, side-channel analysis, SOC design, quantum cryptography
Strong interaction with other groups at IAIK (crypto, networks, e-government)
Current Projects: SCARD, SENSE, eCrypt, QCC, ISDPA, PROACT
4. Benefits from security on tags Tag authentication:
“Proof of origin”: anti-cloning / anti-forgery of tags / products
Reader authentication:
Privacy amplification for customer
Integrity of data on tag (re-writeable tags)
Authorized kill / selective kill
Extended supply chain to the customer
Mutual authentication
Anti eavesdropping of reader-tag communication by encrypted communication
5. Standardized crypto for RFID Global applications call for standardized crypto algorithms -> RFID is a global technology
Standardized algorithms are intensively approved by crypto community – probability of flaws is lower than for proprietary algorithms
Standardized protocols: Most systems are broken because of flaws in the protocol -> use established protocols instead of re-inventing the wheel
6. Some arguments against and for standardized algorithms Known attacks can be applied easily by everyone if algorithms are public
This does not take into account that developers of systems might also be attackers (later)
Especially side-channel analysis is/will be a problem for standard crypto on RFID. Knowledge for SCA on standard algorithms is public
RFID tags are in the hand of attackers. SC attacks are also an issue on proprietary algorithms, as soon as some details about the algorithm / implementation are public
Custom built algorithms/protocols use less resources
… but they are potentially also less secure (be aware that you do not know future application of your tags, e.g. see broken ExxonMobile SpeedPass)
Proper implementation of standardized algorithms allow integration into passive devices
7. Security requirements for “secure tags” @ IAIK No “lightweight” or “XOR-crypto”. Security makes sense if state-of-the-art measures are applied
Use standardized algorithms to allow exploitation on global market
The high number of tags/objects, where each tag protects a small value, calls for high security level
High number of tags needs clever key management
No reduction of reading distance nor significant rises of costs/tag is acceptable
Compatibility with installed infrastructure is necessary
8. Limitations due to technology Limited power consumption (vs. energy consumption of battery powered devices) ~ 10µA average
Area consumption limited (less problem with evolving SC technologies) < 1mm²
Execution time (given by reader-tag protocol)
Protocols: Communication is initiated by reader
Very limited memory access (few kBytes and slow)
No physical protection possible
9. The fairy tale of inexpensive hash primitives Publications about hash lock schemes argue that hash is cheaper to implement than encryption
This is true for SW on 32-bit µC platforms, but not for optimized HW-implementations
Reason:
SHA-1 input block = 512 bit (64 byte) input (before msg-schedule and 2560 (320byte) after)
AES = 128 bit(data block) + 128 bit key + min. 1 S-Box
Comparison:
10. Necessary enhancements for secure tags System:
Extended personalization / key upload to tag
Key generation / management / distribution
Tag authentication
Authentication command(s)
Crypto primitive (e.g. AES enc) on tag
Secure key storage on tag
Crypto capability or online-access of reader (to access verification server)
11. Necessary enhancements for secure tags System:
Extended personalization / key upload to tag
Key generation / management / distribution
Reader Authentication
Authentication commands
Crypto primitive (e.g. AES enc) on tag
Crypto capability of reader
Secure key storage on tag and reader
Nounce generation (RNG) on tag(fake ID generation)
12. TinyAES (worldwide smallest AES):
AES module enc/dec; 1000 cycles
4,5 µW (Philips 0.35µm, 100kHz)
Available as IP module, tested/verified
Security Layer for ISO-18000 (using AES)
Anti-Cloning
Privacy enhancement
Tested with reader/tag prototypes
ECCU – An ECC module for passive wireless devices
Available as IP module
Results so far @ IAIK
13. Future research Key management / personalization
Testability of crypto tags
SCA secure AES module
Nounce generation
Application/middleware development
Asymmetric crypto for RFID (ecc)
14. Conclusions Standardized crypto (algorithm and protocol) is necessary for open applications to avoid security flaws
Protection against implementation attacks (like SCA) will be necessary also for many applications with inexpensive RFID tags
Implementation of standardized crypto (AES, ecc) is possible on passive tags without reduction of operation range
More research is necessary to allow easy and secure integration into applications
15. Bibliography Martin Feldhofer, Johannes Wolkerstorfer, Vincent Rijmen; "AES Implementation on a Grain of Sand", IEE Proceedings on Information Security, Volume 152, Issue 1, pp. 13–20, October 2005.
J. Wolkerstorfer, "Is Elliptic-Curve Cryptography Suitable to Secure RFID Tags?", Workshop on RFID and Light-weight Cryptography, Graz- August 2005
Martin Feldhofer, Johannes Wolkerstorfer:"Low-power Design Methodologies for an AES Implementation in RFID Systems", ECRYPT Workshop on Cryptographic Advances in Secure Hardware CRASH 2005, Leuven, Belgium, September 6-7, 2005.
Martin Feldhofer, Manfred Aigner, Sandra Dominikus; "An Application of RFID Tags using Secure Symmetric Authentication", in Proceedings of 1st International Workshop on Privacy and Trust in Pervasive and Ubiquitous Computing - SecPerU 2005, in conjunction with IEEE ICPS'2005, pp. 43–49, ISBN 960-531-179-8, Santorini Island, Greece, July 14, 2005.
Sandra Dominikus, Elisabeth Oswald, Martin Feldhofer: "Symmetric Authentication for RFID Systems in Practice", ECRYPT Workshop on RFID and Lightweight Crypto, Graz, Austria, July 14-15, 2005.
Manfred Aigner, Martin Feldhofer: "Secure Symmetric Authentication for RFID Tags", Telecommunication and Mobile Computing TCMC2005 Workshop, Graz, Austria, March 8-9, 2005.
M. Feldhofer, S. Dominikus, J. Wolkerstorfer: "Strong Authentication for RFID Systems using the AES Algorithm", will be presented on the CHES conference held on August 11-13 2004 in Boston
M. Feldhofer: "A Proposal for an Authentication Protocol in a Security Layer for RFID Smart Tags", MELECON conference held on May 1 - 5 2004 in DubrovnikPROACT Webpage
16. About IAIK and PROACT
Philips (Graz / Gratkorn is the RFID competence center of Philips) and Graz University of Technology
Intensify teaching and research of RFID related topics
At the moment six institutes of two faculties involved – lead for first term at IAIK
Core topics of first term
RFID and security (security layers for RFID protocols, secure implementation)
Compliance testing
17. Appendix – these following slides are not planned to be presented used if questions arise after the presentation (or if more time than 15min is available)
18. RFID Tags vs. smart card (contact-less)
19. Enhanced security applications Applications with enhanced security requirements
Existing solutions have to be improved
Luggage transportation
Since airport is a highly sensitive area
Protection of branded goods
Rolex watch
Clothing industry
Verification at customer site and for commerce
Car immobilizer systems
Standardized security algorithms (todays are not secure)
Enhanced customer acceptance
Authentication of high value banknotes
Anti-counterfeiting
Prohibit forgery of banknotes
More secure with lower costs
Available for customers and at sales
Another issue to be solved is the tracking of customers
Data protection point of view
One of the biggest problems for consumer acceptance
Applications with enhanced security requirements
Existing solutions have to be improved
Luggage transportation
Since airport is a highly sensitive area
Protection of branded goods
Rolex watch
Clothing industry
Verification at customer site and for commerce
Car immobilizer systems
Standardized security algorithms (todays are not secure)
Enhanced customer acceptance
Authentication of high value banknotes
Anti-counterfeiting
Prohibit forgery of banknotes
More secure with lower costs
Available for customers and at sales
Another issue to be solved is the tracking of customers
Data protection point of view
One of the biggest problems for consumer acceptance
20. Reasons for vulnerabilities Working principles ofRFID Technology
Contact-less
No clear line-of-sight
Broadcast of signal
Perfect working conditions for attacker! Two important questions to answer:
Is an RFID system more vulnerable against attacks as another technology?
not in general
wide appliance in a lot of different systems
What are the major problems of RFID systems?
Working principles
Contactless:
distance between item and reader is bigger
faster access to data than optical information like barcode
No clear line-of-sight
objects beween the reader and the tag don’t disturb communication
human interface is nearly unnecessary
automation is easy to implement
Broadcast of signal
propagation of signal in all directions
no visible mapping between reader and tagTwo important questions to answer:
Is an RFID system more vulnerable against attacks as another technology?
not in general
wide appliance in a lot of different systems
What are the major problems of RFID systems?
Working principles
Contactless:
distance between item and reader is bigger
faster access to data than optical information like barcode
No clear line-of-sight
objects beween the reader and the tag don’t disturb communication
human interface is nearly unnecessary
automation is easy to implement
Broadcast of signal
propagation of signal in all directions
no visible mapping between reader and tag
21. Security threats Violation of privacy
Consumer tracking
Data protection
Tracking of personal data
Unauthorized access to the tag’s memory
Forgery of tags The most popular threat of RFID systems is the violation of privacy
“Big Brother” problem
Ominpresent in the media
Cosumer tracking which is important from data protection point of view
Industrial espionage of data and products
Unallowed tracking of sales figures
Unauthorized access to the tag’s memory
Content of tag may be
read out
modified
cleared
Forgery of tags
duplication (example with banknote)
The most popular threat of RFID systems is the violation of privacy
“Big Brother” problem
Ominpresent in the media
Cosumer tracking which is important from data protection point of view
Industrial espionage of data and products
Unallowed tracking of sales figures
Unauthorized access to the tag’s memory
Content of tag may be
read out
modified
cleared
Forgery of tags
duplication (example with banknote)
22. Existing “countermeasures” Shielding using metal foils
Protection of privacy
Destruction at point-of-sale
“Blocker tags”
Memory protection
Write once, read many
Access through pass phrase
XOR-“cryptography” After the threats I want to present existing “countermeasures”
Not really solutions, some kind of workaround
Shielding
Metal foils
Cloak 29$ (10 MHz – 20 GHz)
Protection of privacy
“Kill” RFID tags at point-of-sales (Problem: they are much too useful)
“Blocker” tag (simulates billions of tag serial numbers) SHOW
Privacy zones of unprotected serial numbers
Problem: Reader can resolve collisions
Memory protection
Write once, read many (unable to write to tags memory after personalization phase)
Access to memory through passphrase
Minimalist cryptography
I call it XOR “cryptography” (funny things)After the threats I want to present existing “countermeasures”
Not really solutions, some kind of workaround
Shielding
Metal foils
Cloak 29$ (10 MHz – 20 GHz)
Protection of privacy
“Kill” RFID tags at point-of-sales (Problem: they are much too useful)
“Blocker” tag (simulates billions of tag serial numbers) SHOW
Privacy zones of unprotected serial numbers
Problem: Reader can resolve collisions
Memory protection
Write once, read many (unable to write to tags memory after personalization phase)
Access to memory through passphrase
Minimalist cryptography
I call it XOR “cryptography” (funny things)
23. Cryptographic approach Identification
Claim to be have a certain identity (username)
Authentication
Proof of identity
Showing knowledge, possession, inherent feature How can we reach effective countermeasures
Cryptography is needed
Some basics
Identification
Claim to have a certain identity
Name, Username, ID, …
Authentication
Proof of identity
Must show
Knowledge of secret
Possession of something (Smartcard, Token, …)
Inherent feature (retina, fingerprint, …)How can we reach effective countermeasures
Cryptography is needed
Some basics
Identification
Claim to have a certain identity
Name, Username, ID, …
Authentication
Proof of identity
Must show
Knowledge of secret
Possession of something (Smartcard, Token, …)
Inherent feature (retina, fingerprint, …)
24. Authentication mechanisms (1) Passwords (weak authentication)
Userid + password
Interactive
Replay attack
Zero-knowledge protocols
Demonstrate knowledge of secret without revealing information about it
Iterative Different authentication mechanisms (from weak to strong authentication)
Passwords
are relatively weak
combination of userid+password
interactive
vulnerable to replay attacks
Zero-knowledge protocols
Demonstrate knowledge of secret without revealing information about it
Iterative (security improves with number of iterations)
Peggy goes into a random branch of the cave, which Victor doesn't know standing outside the cave
Victor comes into the cave, and calls out a random branch of the cave (left or right), where Peggy should come out
If Peggy knows the secret password “Open Sesame”, she can come out the right way every time, opening and passing the secret door with the password if necessary. If Peggy doesn't know the password, she has a 50% chance of initially going into the wrong branch, and as she is not able to pass the secret door, Victor can call her bluff.
Victor will repeat this round as many times as he desires until he is certain Peggy knows the secret words. No matter how many times the proof repeats, Victor does not learn the secret words.
Different authentication mechanisms (from weak to strong authentication)
Passwords
are relatively weak
combination of userid+password
interactive
vulnerable to replay attacks
Zero-knowledge protocols
Demonstrate knowledge of secret without revealing information about it
Iterative (security improves with number of iterations)
Peggy goes into a random branch of the cave, which Victor doesn't know standing outside the cave
Victor comes into the cave, and calls out a random branch of the cave (left or right), where Peggy should come out
If Peggy knows the secret password “Open Sesame”, she can come out the right way every time, opening and passing the secret door with the password if necessary. If Peggy doesn't know the password, she has a 50% chance of initially going into the wrong branch, and as she is not able to pass the secret door, Victor can call her bluff.
Victor will repeat this round as many times as he desires until he is certain Peggy knows the secret words. No matter how many times the proof repeats, Victor does not learn the secret words.
25. Authentication mechanisms (2) Challenge response (strong authentication)
Knowledge of a secret
Time-variant challenge
Response depends on challenge and secret Challenge-response authentication
Strong authentication
Ideally suitable for RFID systems because of command structure of RFID (send request, get response)
Works also by showing the knowledge of a secret
First a time-variant challenge is sent from A to B (time-variant is important because of replay-attacks)
Response depends on challenge and the secret which is shared by the to entities (in this case)Challenge-response authentication
Strong authentication
Ideally suitable for RFID systems because of command structure of RFID (send request, get response)
Works also by showing the knowledge of a secret
First a time-variant challenge is sent from A to B (time-variant is important because of replay-attacks)
Response depends on challenge and the secret which is shared by the to entities (in this case)
26. Challenge-response authentication (1) Unilateral
Authentication of tag
Forgery
Authentication of reader
Privacy
Two pass Mutual
Forgery and privacy
Three pass Two possible ways for authentication
Unilateral authentication where one entity proofs its identity to another party
Mutual authentication where both entities proof their identity to each other
Unilateral authentication
Authentication of tag solves the problem of forgery (the tag is authentic)
Authentication of reader to provide privacy protection (reader is allowed to talk to tag)
Two-way protocol (picture)
Mutual authentication
Provides both privacy and prohibits forgery
Three-way protocol (picture)Two possible ways for authentication
Unilateral authentication where one entity proofs its identity to another party
Mutual authentication where both entities proof their identity to each other
Unilateral authentication
Authentication of tag solves the problem of forgery (the tag is authentic)
Authentication of reader to provide privacy protection (reader is allowed to talk to tag)
Two-way protocol (picture)
Mutual authentication
Provides both privacy and prohibits forgery
Three-way protocol (picture)
27. Challenge-response authentication (2) Symmetric
Same key at both entitiesKA=KB
Key distribution problem
Key management difficulties
Fast and efficient
Closed systems (offline)
Asymmetric
Public key and private keyKA?KB
Certificate management
Slow and complex
Open systems (online certificates)
Tag-only authentication Last classification is whether symmetric or asymmetric techniques are used
Differences are:Last classification is whether symmetric or asymmetric techniques are used
Differences are:
28. Requirements for security-enhanced tag (ART Project) Security level
No “pseudo securitiy” ? strong cryptographic primitives
Standardized symmetric algorithm (AES)
Standardized crypto protocol
Protocol
Prevent forgery
Supply of privacy
Useable with existing infrastructure ? compatibility to existing standards
ISO/IEC 18000 Requirements for a security-enhanced tag as we define security
Security level
We are interested in strong cryptographic algorithms
We chose the standardized symmetric encryption algorithm (AES)
From the protocol point-of-view
Prevent forgery
Supply of privacy
Compatibility to existing standards
ISO/IEC 18000
EPC (Electronic Product Code)Requirements for a security-enhanced tag as we define security
Security level
We are interested in strong cryptographic algorithms
We chose the standardized symmetric encryption algorithm (AES)
From the protocol point-of-view
Prevent forgery
Supply of privacy
Compatibility to existing standards
ISO/IEC 18000
EPC (Electronic Product Code)
29. Encryption algorithm Advanced Encryption Standard (AES)
Symmetric block cipher algorithm
128-bit data blocks
128-bit key length
10 rounds
Encryption-only is needed for authentication purpose Encryption algorithm
Federal Information Processing Standard (FIPS 197) since 2001
also known as Rijndael, Joan Daemen and Vincent Rijmen who teaches at the IAIK
Symmetric block cipher algorithm which is suitable for hardware and software implementations
Successor of DES
It operates on blocks of data with 128 bits
Has three different key lengths but we just use 128-bit keys where 10 rounds of a round function are applied
Encryption-only is needed for authentication (encrypt and compare)Encryption algorithm
Federal Information Processing Standard (FIPS 197) since 2001
also known as Rijndael, Joan Daemen and Vincent Rijmen who teaches at the IAIK
Symmetric block cipher algorithm which is suitable for hardware and software implementations
Successor of DES
It operates on blocks of data with 128 bits
Has three different key lengths but we just use 128-bit keys where 10 rounds of a round function are applied
Encryption-only is needed for authentication (encrypt and compare)
30. Hardware requirements (tag) Minimal power consumption
< 20 mA average
Low die-size
< 1 mm2
Low cost
~5 Cent vs. ~50 Cent
Maximum number of clock cycles for AES
~1000 cycles @ 100 kHz As we are a VLSI group (Very Large Scale Integration) our main focus lays on hardware implementations
Especially in RFID systems the requirements for tags are very constraint
Most important is the low power consumption
As the tag has no internal power supply
Coupling through air interface is lossy
Current consumption is only about 20 micro Amps for the whole circuit
This is only reachable with low clock frequencies
Low die-size is also crucial
To be competetive the die-size is limited (the size indirectly influences the power consumption)
Low cost is a resulting factor
It’s to distinguish between mass product tags which cost nowadays 5-10 Cent and high end tags with about 50 Cent
Reader price about 100 Dollar
The goal is to have tags with 1 Cent and reader devices with several Dollar
The resulting requirements for an AES implementation is about 1000 clock cycles at a clock frequency of 100 kHz and 10 micro Amps
As we are a VLSI group (Very Large Scale Integration) our main focus lays on hardware implementations
Especially in RFID systems the requirements for tags are very constraint
Most important is the low power consumption
As the tag has no internal power supply
Coupling through air interface is lossy
Current consumption is only about 20 micro Amps for the whole circuit
This is only reachable with low clock frequencies
Low die-size is also crucial
To be competetive the die-size is limited (the size indirectly influences the power consumption)
Low cost is a resulting factor
It’s to distinguish between mass product tags which cost nowadays 5-10 Cent and high end tags with about 50 Cent
Reader price about 100 Dollar
The goal is to have tags with 1 Cent and reader devices with several Dollar
The resulting requirements for an AES implementation is about 1000 clock cycles at a clock frequency of 100 kHz and 10 micro Amps
31. TINA- Tiny AES: The smallest AES implementation known TINA results:
Stand alone AES module with µP-interface
AES-128 encryption and decryption
On-the-fly Roundkey computation
Consumption: < 4.5 µW (Philips 0.35µm, 100kHz)
Area: < 0,25 mm²
32. Architecture of an RFID tag - “Secure embedded system” Architecture of an RFID tag:
The reason why we are here at IPICS is that an RFID tag is nothing else than a “Secure Embedded System”
Coil
Analog front-end
Connected to the coil
Power supply
Clockrecovery from carrier frequency
Demodulation of data/ load modulation
EPROM
non volatile memory for personalization data
read and writeable
Controller
Responsible for Protocol (Synch., Data coding, Error detection, Packets, Request-response)
communicates with all modules (Analog, EPROM, Crypto m., Timer)
AES module
cryptographic algorithm for authentiation
AES implementation for low power
Architecture of an RFID tag:
The reason why we are here at IPICS is that an RFID tag is nothing else than a “Secure Embedded System”
Coil
Analog front-end
Connected to the coil
Power supply
Clockrecovery from carrier frequency
Demodulation of data/ load modulation
EPROM
non volatile memory for personalization data
read and writeable
Controller
Responsible for Protocol (Synch., Data coding, Error detection, Packets, Request-response)
communicates with all modules (Analog, EPROM, Crypto m., Timer)
AES module
cryptographic algorithm for authentiation
AES implementation for low power
33. Analog frontend (Philips) Power supply of tag
Frequency recovery for digital part of the tag
Power-on reset
Modulation/demodulation of data
Schematic of an analog frontend
Responsible for ….
Schematic of an analog frontend
Responsible for ….
34. EEPROM Stores non-volatile data
UID
Secret key
Programmed during personalization phase
Protection
Unauthorized read
Tampering EEPROM
stores non-volatile data
unique ID of tags (64 bits)
secret key (128 bits for AES)
Data are programmed during the personalization phase
Should have some form of protection
Tamper resistance not so important
Read out should not be allowed, some mechanism requiredEEPROM
stores non-volatile data
unique ID of tags (64 bits)
secret key (128 bits for AES)
Data are programmed during the personalization phase
Should have some form of protection
Tamper resistance not so important
Read out should not be allowed, some mechanism required
35. Crypto tag prototype using FPGA Trying out protocols
anti-collision algortihm
reader functionality
timing measurements
Design and functionality of tag
FPGA board
Antenna
Analog frontend
FPGA
Microcontroller
Power supply
InterfaceTrying out protocols
anti-collision algortihm
reader functionality
timing measurements
Design and functionality of tag
FPGA board
Antenna
Analog frontend
FPGA
Microcontroller
Power supply
Interface
36. PETRA: Protocol emulation Protocol Evaluation Tool for RFID Application
Emulates arbitrary nr of tags in a cycle accurate manner
Allows to simulate e.g. protocol extensions and get “typical values”
Perfect tool for e.g. tests of different parameters for anti-collision in different applications
37. Authentication of tag Protocol for authentication of tag
Reader generates random number
It makes a frame within a command structure and sends it to the tag
The tag encrypts this random challenge and makes a frame itself
To verify the response the reader can encrypt the randomly chosen value and compares the result with the received value
Or it can decrypt the received value to get the sent random number (decryption not needed)
Both share the same secret key K
One problem of sharing the same key is that when one tag is compromised the whole system is compromised
Solution is to have a master key at the reader
Derive the subkeys for tags from the ID of the tag and the master secretProtocol for authentication of tag
Reader generates random number
It makes a frame within a command structure and sends it to the tag
The tag encrypts this random challenge and makes a frame itself
To verify the response the reader can encrypt the randomly chosen value and compares the result with the received value
Or it can decrypt the received value to get the sent random number (decryption not needed)
Both share the same secret key K
One problem of sharing the same key is that when one tag is compromised the whole system is compromised
Solution is to have a master key at the reader
Derive the subkeys for tags from the ID of the tag and the master secret
38. Interleaved protocol Authentication of approx. 50 tags per second possible Possible solution for authentication of lot of tags
The time when a tag encrypts a challenge is used for communication with other tags
We call it “interleaved” protocol
It works as following:
The reader sends the first challenge to Tag Number 1 …..
…
This is an example how the authentication of up to 50 tags per second is possible
This is a reasonable number when thinking about supply-chain managementPossible solution for authentication of lot of tags
The time when a tag encrypts a challenge is used for communication with other tags
We call it “interleaved” protocol
It works as following:
The reader sends the first challenge to Tag Number 1 …..
…
This is an example how the authentication of up to 50 tags per second is possible
This is a reasonable number when thinking about supply-chain management
39. Application: Secure Supply Chain for Pharmaceuticals