1 / 22

One-way Hash Chain and Its Applications

One-way Hash Chain and Its Applications. Presenter: Hoa Nguyen Ngoc. 4. One way hash chain in RFID system. 2. Merkle Hash Tree. 3. Radio Frequency Identification (RFID). 1. One-way Hash Chain. Outline. 1. One Way Hash Chain. Good for authentication of the hash values.

pisces
Download Presentation

One-way Hash Chain and Its Applications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. One-way Hash Chain and Its Applications Presenter: Hoa Nguyen Ngoc

  2. 4. One way hash chain in RFID system 2. Merkle Hash Tree 3. Radio Frequency Identification (RFID) 1. One-way Hash Chain Outline

  3. 1. One Way Hash Chain

  4. Good for authentication of the hash values Used for many network security apps h: Cryptographically strong hash function One Way Hash Chain 2 3 1 Example: S/Key, RFID authentication, micropayment systems H0 = x Hn = h(Hn-1) = h(h(h(…h(x)))) One-way Hash Chain

  5. S/Key • Setup • Server generates hash chain: H100(s), H99(s), H98(s),……., H(s) • User prints out list • Server stores H101(s) • Authentication • At time 0: User  Server: H100(s) • Server verfifies h(H100(s)) = H101(s) if true • Server stored H100(s), user crosses one off each time • At time 1: User  Server: H99(s)…

  6. 2. Merkle Hash Tree

  7. Merkle Hash Tree

  8. 3. Radio Frequency Identification (RFID)

  9. Radio Frequency Identification • Architecture communication interface & protocol middleware tag reader

  10. How does RFID work? 02.3DFEX4.78AF51 EasyToll card #816 Radio signal (contactless) Range: ~5m Tags (transponders) Attached to objects, call out their (unique) name and/or static data on a special radio frequency Reader (transceiver) Reads data of the tags without direct contact Database Matches tag IDs to physical objects

  11. Security and Privacy Threats within RFID • Spoofing • Imitating the behavior of a genuine tag • Denial of Service • Man in the middle attack • Modify the response of the tag to the reader or vice versa • Replay Attack • Eavesdrop message from the tag (reader) & re-transmit the message to the legitimate reader (tag). • Traffic Analysis • Monitoring of comm. between reader & tag allows adversary to perform traffic analysis & generate statistical data.

  12. 4. 4. One way hash chain in RFID system

  13. OSK: RFID Scheme design • Hash chain model in RFID apps • How it works • A tag has initial s1. • At i-th transaction with the reader, the RFID will do 2 things: • Send ai = G(si) to the reader, • Renews si+1 = H(si) • The reader send ai to back-end

  14. OSK Scheme • Goal: Enable reader to identify the RFID tag, change tag identifier on each read Database Reader Tag Query Ai=G(Si) Ai=G(Si) Compute Hash Chain Si+1=H(Si) Tag ID

  15. OSK (Cont.) PROS • Different random like values on every read operation prevents tracking • Forward Security ensured due to one way hash property • Tag needs to store only 2 hash implementations, hence low cost • Minimal number of transmissions CONS • Not scalable for large scale applications due to brute force search • Motivates reducing computation time at reader/backend • Susceptible to DoS attacks • May lead to problem due to hash collisions.

  16. “Who are you?” metaID key “My real ID is…” Hash Lock • Goal: Authentication reader to the RFID tag Reader RFID tag Compute hash(key) and compare with stored metaID Stores metaID=hash(key) Stores key; hash(key) for any tag Unique key for each tag

  17. Hash Lock (cont.) PROS • Relatively cheap to implement : Tag has to store hash function implementation and metaID • Security based on weak collision-resistance of hash function • Scalable due to low key look-up overhead CONS • Constant tag output – enables traceability • Motivates Randomization • Too many messages/rounds • Requires reader to know all keys

  18. “Who are you?” R, hash(R,IDk) “You must be IDk” Randomized Hash Lock • Goal: Authentication reader to the RFID tag Reader RFID tag Generate random R Compute hash(R,IDi) for every known IDi and compare Stores its own IDk Stores all IDs: ID1, … ,IDn

  19. Randomized Hash Lock PROS • Randomized response prevents tracking • Tag needs to store hash implementation and pseudo-random number generator CONS • Inefficient brute force key look-up • No Forward security • Motivates updating tag ID on each read • Security Flaw - Adversary can impersonate tag by learning a valid tag response.

  20. Thank You d

  21. thanks

More Related