1 / 29

A Secure RFID deactivation/activation mechanism for customer service and consumer shopping

A Secure RFID deactivation/activation mechanism for customer service and consumer shopping. ( speaker ). Information Security Lab. National Chung Hsing University, TAIWAN. Yu-Yi Chen, Zhen-Jie Qiu, Jun-Chao Lu, Jinn-Ke Jan. OUTLINE. Introduction Environments

eudora
Download Presentation

A Secure RFID deactivation/activation mechanism for customer service and consumer shopping

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Secure RFID deactivation/activation mechanism for customer service and consumer shopping (speaker) Information Security Lab. National Chung Hsing University, TAIWAN Yu-Yi Chen, Zhen-Jie Qiu, Jun-Chao Lu, Jinn-Ke Jan

  2. OUTLINE • Introduction • Environments • Our Scheme • Analysis • Conclusions

  3. Introduction • We propose a purchase and after-sales service RFID scheme for shopping mall environment. • The location privacy, confidentiality, data integrity, and some security protections are achieved in this proposed mechanism.

  4. Introduction Architecture of RFID system

  5. Introduction attacker location threat • The interceptor can create a movement profile by tracing the RFID tag’s location

  6. Environments Roles • the server (S) • the reader (R) • the RFID membership card (m-type tag) • the Goods tag (g-type tag) RFID membership Card Goods Tag

  7. Environments Protect consumer privacy Benefits RFID membership Card Faster checkout Goods Tag

  8. Environments Shopping Scenarios • Theconsumer uses his membership card to log on the shopping cart’s reader. • As the goods are picked up and scanned, the corresponding information is displayed on the shopping cart’s reader. • The goods in the shopping cart are pre-scanned, so the transaction can be immediately completed. • After purchasing, the tags attached on the goods should be deactivated. a b c d

  9. OUR SCHEME The notations The encryptedsecret key is generated by server(in advance) Kcg = h(ei , Dj ) The deactivate/activate key is generated by the m-type tag ( membership card)

  10. Shopping phase(1): authentication server Cart reader RFID Tag (3)1. γ1 , γ2 ,Txi, ν bypass to server Query,γ1 Txi= Epk(Kxi) by server (1) Gen γ1 (2) 1.Gen γ2 2. ν = h ( kxi , γ1 ) 2.Kxi’=Dsk ( Txi ) , v ? = h ( Kxi’, γ1 )

  11. Shopping phase(2): renew RFID’s secret key and mutual authentication Cart’s reader RFID Tag α1, β1 ,α2, β2 bypass toRFID Tag server (3) 3. gen newKxi ’=h(Kxi ), Txi’=Epk(Kxi’) 4.α1 = h (Kxi , γ2)⊕ ( w|| Kxi’ || Txi’), β1 = h ( w , Kxi’ , Txi’ , γ2 ) 5.α2=h ( w, γ2) ⊕△, △= ni ,if M-tag Vg , if g-tag β2=h(△, γ2) (4) 1.( w’ ||Kxi”||Txi”)= α1 ⊕h (Kxi, γ2) β1?=h ( w’ , Kxi”, Txi”, γ2 ) in case of m-type tag: generates a shopping pseudonym ni , shopping token w and keeps the record of (ni , membershipi ) in case of g-type tag: generates the shopping token w and the signed receipt Vg(includes the serial number of the shopping mall, goods’ price, transaction time). The shopping token w is shared by m-tag and all g-tags with the help of cart reader’s bypassing. 2. △’= α2⊕h ( w’, γ2) β2 ?= h ( △’, γ2) △’= ni ,if m-tag Vg ,if g-tag

  12. Check out & deactivate the g-tag m-tag Cart’s reader g-tag α2 , β2 (1) Query (2) ni,γ1 α1, β1, γ2 m-tag responses the shopping pseudonym ni the record of (ni , memberi )is kept by the server for authentication (4) 1.Dj’=α1⊕ h (Kci, γ1) 2.β1 ?= h (Dj’, γ1) (3) 1.bypass to the server, and the server finds ni ’s memberi & it’s secret key Kci 2. get current time Dj 3. α1=h(Kci, γ1) ⊕Dj , β1=h ( Dj, γ1) 4. generates γ2 3.Kcg = h ( ei , Dj’) 4.δ=w ⊕( Kcg|| Dj’) ν=h ( Kcg,Dj’, γ2 ) 5.α2=h ( Kci, γ2) ⊕(δ|| ν) β2=h ( δ, ν, γ2 ) The deactivate keyKcg is generated by m-tag

  13. m-tag Cart’s reader g-tag Query, δ’, ν’, γ2 (5) α2 , β2bypass to the server 1. (δ’|| ν’) =α2⊕h(Kci, γ2) 2 . β2?=h ( δ’, ν’,γ2) The server computes the δ’ and sent it to all g-tags g-tags inside cart (6) 1.(Kcg’||Dj’)= δ’⊕w ν’?=h(Kcg’,Dj’, γ2) 2. Store Kcg, Dj 3. set privacy bit on

  14. m-tag (1)Query (3) Query, Dj , γ1 (2) Dj , γ1 Tci, ν1,α1, β1 , γ2 δ' After-sales service phase (1) g-tag reader with server (4) 1.Generateγ2 2. ν1=h ( kci , γ2 ) 3.Kcg = h ( ei , Dj ) 4. δ=h (Kcg, γ1) 5. α1=h (Kci , γ1) ⊕δ 6. β1 = h (δ, γ1) m-tag’s authentication (5) γ1 , γ2 ,Tcibypass to server 1. Kci’=Dsk(Tci), ν1?=h(Kci’, γ2) 2. new key Kci”=h ( Kci’) , Tci”=Epk(Kci”) Activate keyKcg is recovered by m-tag 3 . δ’ = α1 ⊕ h ( Kci’, γ1) 4. β1 ?=h (δ’, γ1 ) (6) 1.If h(Kcg, γ1)=δ’ ? set privacy bit off Activate the g-tag 2. ν2=h (kgi, γ1)

  15. Tgi ,, ν2, Vg α2, β2 After-sales service phase (2) g-tag m-tag Reader with server (7) Kgi’=Dsk(Tgi), ν2 ?=h ( Kgi’ , γ1) if correct, then the authentication of g-tag is done and handle the after-sales service and renew the secret key of m-tag. Update the new secret key of m-tag α2=h(Kci’, γ2)⊕(Kci ”||Tci”) β2=h ( Kci ”,Tci ”,γ2) (8) (Kci’’||Tci’’)=α2⊕h(Kci, γ2), β2?=h(Kci”,Tci”, γ2)

  16. Analysis Dj, r1 Tci Location privacy • The deactivated g-type tag only responses a non-characteristic transaction time Dj. • Those g-type tags will not cause the location privacy problem. • The m-type tag’s pseudonym Tci will be updated after authentication. • m-type tag will not be tracked or monitored by the attacker

  17. Analysis Confidentiality • Transmitted messages are always protected by the one-way Hash and XOR operations. • To do the mutual authentication, PKC and challenge-response both are employed.

  18. Conclusions • Our proposal provides the commercial benefits of the company, and may satisfy the consumers’ requirements. • Tracking can be prevented by deactivating the tag of purchased goods. • Consumers may enjoy the convenient check-out service with “peace of mind”. • The confirm process for after-sales service is improved by using more efficient “receipt-less” proof.

  19. OUR SCHEME A. Shopping phase server m-type tag Step1: generates a challenge number γ1, Step3: Kci’’ = Dsk(Tci) γ =? h(Kci ‘‘, γ1) if so, gen’s w Kci’ = h(Kci) Tci ‘= Epk(Kci’) α1=h(Kci,γ2)⊕(w,Kci’,Tci’) β1 =h(w, Kci’,Tci ‘,γ2) α2=h(w,γ2)⊕ni β2 =h(ni ,γ2) γ1 Step2: generates a challenge number γ2, γ = h(Kci , γ1) Tci = EPK(Kci) Step4: α1⊕h(Kci’,γ2)→(w,Kci’,Tci) β1 =? h(w, Kci’,Tci ,γ2) Tci , γ, γ2 α1,β1 Authentication is done • RFID-equipped shopping cart is used for authenticating the consumer’s ID and inquiring the Goods’ information. • All of the m-type tags get a common shopping-token after verification.

  20. OUR SCHEME A. Shopping phase server g-type tag Step1: generates a challenge number γ1, Step3: Kgi’ = Dsk(Tgi) γ =? h(Kgi ‘, γ1) if so, α1=h(Kgi’,γ2)⊕(w,Kgi’,Tgi) β1 =h(w, Kgi’,Tgi ,γ2) γ1 Step2: generates a challenge number γ2, γ = h(Kgi , γ1) Tgi = EPK(Kgi) Step4: α1⊕h(Kgi’,γ2)→(w,Kgi’,Tgi) β1 =? h(w, Kgi’,Tgi ,γ2) Tgi , γ, γ2 Authentication half done α1,β1 Authentication is done • RFID-equipped shopping cart is used for authenticating the consumer’s ID and inquiring the Goods’ information. • All of the g-type tags get a common shopping-token after verification.

  21. OUR SCHEME B. Purchasing phase • All the g-type tags are deactivated for protecting the location privacy of the consumer. • The m-type tag generate the deactivate/activate key by the corresponding information and its secret. • The deactivate/activate key is not necessary to be recorded in the m-type tag.

  22. OUR SCHEME C.After-sales service phase • The g-type tag is activated and verified. • The m-type tag generate the deactivate/activate key by the corresponding information and its secret.

  23. OUR SCHEME A. Shopping phase Authentication half done And check h(w’,Kxi’’,Txi’’,ν2)=? β1 Authentication is done • RFID-equipped shopping cart is used for authenticating the consumer’s ID and inquiring the Goods’ information. • All of the m-type tag and the g-type tags get a common shopping-token after verification. • The m-type tag gets a pseudonym for this transaction • The g-type tag acquires a signed receipt, respectively

  24. 伺服器藉由購物代號進行身份確認 伺服器安全傳送交易時間值 Dj 驅動電子標籤 執行以下程序 利用交易時間值 Dj 及紀錄在會員卡上之 金鑰種子ei 產生關閉金鑰 Kcg 用共享秘密(購買標記值)保護關閉金鑰及交易時間值,並傳送至商品Tag 確認完金鑰及交易時間後 1.儲存關閉金鑰和交易時 間值 2.商品Tag 關閉自己 Check out & deactivate the g-tag Cart’s reader G-tag M-tag

  25. 售後服務中心 商品Tag 連接伺服器之Reader RFID會員卡 無線通道 無線通道 協定中角色 (伺服器和讀取器間為安全通道) 機制分為1. 進行購物階段 ( 賣場中)2. 結帳並關閉商品標籤階段 ( 賣場中)3. 售後服務之商品標籤開啟階段 ( 售後服務中心)

  26. 回傳Dj Forward Dj至會員卡 伺服器認證商品Tag 驅動電子標籤 執行以下程序 利用交易時間值 Dj 及紀錄在會員卡上之 金鑰種子ei 產生開啟金鑰 Kcg 收到此開啟金鑰後,和已經儲存在商品Tag上之金鑰進行比對,若比對成功則開啟自己 用共享秘密保護開啟金鑰,並傳送至商品Tag 售後服務之商品標籤開啟階段基本流程 商品Tag RFID會員卡 Reader with server 此時在保固期之商品Tag 即可被判讀,並經過驗證 後由商家提供售後服務

  27. Tgi ,, ν2, Vg α2, β2 After-sales service phase (2) g-tag M-tag Reader with server 若在保固期中,則商品Tag將可被驗證 (7) Kgi’=Dsk(Tgi), ν2 ?=h ( Kgi’ , γ1) 驗證商品Tag及其銷售憑證 Vg,並由賣場提供售後服務 此時於(5)中伺服器所產生的RFID會員卡新金鑰,將被傳到會員卡中 α2=h(Kci”, γ2)⊕(Kci ”||Tci”) β2=h ( Kci ”,Tci ”,γ2) (8) (Kci’||Tci’)’=α2⊕h(Kci, γ2), β2?=h(Kci”,Tci”,γ2)

  28. Analysis Resist replay attack • The tag authenticates itself to the server, its response is generated according to the random challenge determined by the server. • The server authenticates itself to the tag. The replay attack can be resisted due to the authentication is based on challenge-response.

More Related