1 / 17

Taesung Kim 2008.10.28

RFID Security and Privacy: A Research Survey Ari Juels RSA Laboratories IEEE Journal on Selected Areas in Communication (J-SAC) in 2006. Taesung Kim 2008.10.28. Contents. RFID Overview Tags, Readers, and Applications Tag Singulation Security & Privacy Threats Proposed Solutions.

kelda
Download Presentation

Taesung Kim 2008.10.28

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RFID Security and Privacy:A Research SurveyAri JuelsRSA LaboratoriesIEEEJournal on Selected Areas in Communication (J-SAC) in 2006 Taesung Kim 2008.10.28

  2. Contents • RFID Overview • Tags, Readers, and Applications • Tag Singulation • Security & Privacy Threats • Proposed Solutions

  3. RFID Overview 02.3DFEX4.78AF51 EasyToll card #816 Radio signal (contactless) Range: from 3-5 inches to 3 yards Tags (transponders) Attached to objects, “call out” identifying data on a special radio frequency Reader (transceiver) Reads data off the tags without direct contact Database Matches tag IDs to physical objects 3

  4. Tag Types • Passive: • All power comes from a reader’s signal • Tags are inactive unless a reader activates them • Cheaper and smaller, but shorter range • Semi-passive • On-board battery, but cannot initiate communication • Can serve as sensors, collect information from environment: for example, “smart dust” for military applications • Active: • On-board battery power • Can record sensor readings or perform calculations in the absence of a reader • Longer read range

  5. Applications • Supply-chain management • logistics, inventory control, retail check-out • Payment systems • ExxonMobil SpeedPass • I-Pass/EZ-Pass toll systems • Credit Cards • Access Control • Passports • Library books • Animal Tracking

  6. Security Challenge • Low cost RFID tags have very limited resources • Typically have only 500-5,000 gates • May have up to a few hundred bits of storage • Tags cannot perform complex computations • Most tags simply emit a static identifier when prompted • Tags do not have the resources to allow for public-key or symmetric-key encryption systems • EPC tags: $0.05, 250 – 1000 gates • AES requires 20,000 – 30,000 gates

  7. Consumer Privacy Problem

  8. Threats • Tracking • Unauthorized use of a tag’s ID in order to gain information about the location of a person or object • In a retail environment, a user can be associated with an item at purchase time • Cloning/Replay • Tags that emit static identifiers are very vulnerable • A thief could replace/rewrite a tag on an expensive item • Denial-of-service • Conflicting RF signals can prevent legitimate tag communication • Physical attacks • Probing a tag to determine private data

  9. RFID Security Research Practical approach Blocking approach Clipped Tag Minimalist Proxy model “kill” “sleep/wake” Faraday Cage Active Jamming Re-labelling Blocker Tag Hash-Lock Randomized Hash-Lock - Watchdog Tag - RFID Guardian - RFID Enhancer Human authentication approach Cryptographic protocol approach OSK model MW model HM model LK model HB and HB+ protocol HB++(first attempt) and HB++ protocol HB++ protocol by S. Piramuthu HB#

  10. “kill” 기법과 “sleep/wake” 기법 • “kill” and “sleep/wake” approach • “kill” • Stop tag’s operation • Throw up the convenience of RFID system • “sleep/wake” • Stop tag’s operation • Reused through wake command

  11. Re-Labelling기법 • Inoue and Yarsuura’s approach • Splitting product-type identifiers and unique identifiers across two RFID tags • Karjoth & Moskowiz’s approach

  12. Minimalist 기법 ID = 가명 8 <Tag에 대한 첫 번째 request> 가명 1 가명 2 가명 2 request request 가명 n 가명 3 response 가명8 response 가명2 …… 가명 4 가명 5 ? ? ? ? ? <Tag에 대한 두번째 request> 가명 1 가명 2 request request 가명 n 가명 3 response 가명n response 가명5 …… 가명 4 가명 5 가명 5

  13. Blocker Tag 기법

  14. Hash-Lock 기법 • Hash-Lock approach • Step 1 : Lock State of the tag changes to Lock (metaID1, K1) (metaID2, K2) … (metaIDn, Kn) Tag Tag Reader Database ID Select random key K and operate Hash Function metaID = HK(ID) metaID metaID, K Stores metaID and key K set to identify tags

  15. Hash-Lock 기법 • Hash-Lock approach • Step 2 : Unlock Tag state : Lock (metaID) (metaID1, K1) (metaID2, K2) … (metaIDn, Kn) Tag state : Unlock (ID) Give pure information of this tag Tag Tag Reader Database query metaID metaID Key, ID Finds key, ID set by metaID Key ID

  16. RFID Guardian • Scan logging : 인접 리더의 쿼리에 대한 감시 • Tag logging : 태그의 ownership 제공 및 새로운 태그의 출현 감지 • Tag-reader mediation • Selective jamming • Context-awareness • 시간/장소에 따라 알맞은 context로 갱신

  17. Thank you!

More Related