200 likes | 361 Views
Randomized PRF Tree Walking Algorithm for Secure RFID. Leonid Bolotnyy and Gabriel Robins Department of Computer Science University of Virginia lb9xk@cs.virginia.edu, robins@cs.virginia.edu. Talk Outline. Identification Problem Secure Binary-Tree Walking Algorithm
E N D
Randomized PRF Tree Walking Algorithm for Secure RFID Leonid Bolotnyy and Gabriel RobinsDepartment ofComputer ScienceUniversity of Virginialb9xk@cs.virginia.edu, robins@cs.virginia.edu
Talk Outline • Identification Problem • Secure Binary-Tree Walking Algorithm • Reader-tag Authentication Problem • Multi-tag RFID Systems
Tags Local Server Reader Tag ID Tag ID Identification Problem
Tags Local Server Reader Tag ID Tag ID Secure Identification Problem
Tag Reader Eavesdropper Passive vs. Active Adversary Backward Range Forward Range
1 0 00 01 10 11 000 001 010 011 100 101 110 111 Secure Binary-Tree Walking R. Rivest, S. Weis, EPCglobal, Inc. • Each tag generates a random number • Reader tree-walks these random numbers • Selected tag transmits its real-ID
Algorithm Analysis Major questions about the algorithm: 1. How to deal with collisions on real-IDs? 2. How to choose optimal random number length? 3. How to choose the threshold? n: number of tags, m: random number length Number of tags per random number will have a Poisson distribution (Expected number of random IDs with k tags) (Expected total number of colliding tags) (Cost function) where t is the smallest exponent for which
Optimal random number length Use average n over many traverse runs
bits) (Expected number of tags on a branch after Determining threshold Pr[ tags match in threshold number of bits] = For n = 2000, after about 11 bits, we expect zero, one, or two bits per branch Still have a “long” way to finish traversing the tree Costly over all branches if we traverse every branch to the end Start the threshold at 2 Increase threshold by 1 if collision occurs Decrease threshold by 1 if over the entire traverse no collisions occurred
Randomized PRF Tree Walking Algorithm Goal: Efficiently solve reader-tag authentication problem in the presence of many tags Steps of the algorithm: 1. Each tag generates a random number, and the reader performs a tree-walk on these numbers 2. Once a tag is selected, the reader and the tag engage in a tree-waking private authentication protocol 3. The reader moves the tag to a different position in a tree.
Binary Tree of Secrets D. Molnar and D. Wagner Privacy and Security in Library RFID Issues, Practices, and Architecture
Step 1 Each tag generates a random number, and the reader performs a tree-walk on these numbers
Step 2 Once a tag is selected, the reader and the tag engage in a tree-waking private authentication protocol
Step 3 The reader moves the tag to a different position in a tree
Properties of the Algorithm • Allows on-line addition and removal of tags • Provides security against active eavesdroppers • Offers security against foreign readers • Enables dynamic tradeoff between security, privacy and singulation time • Effective against active attacks • stealing a tag • tracking and hotlisting • Requires a tag to be equipped with • pseudo-random function, XOR unit • random number generator • writable memory
D. Molnar and D. Wagner Our algorithm Our algorithm assuming secrets are hard to steal Our algorithm assuming tags are read often and/or secrets are very hard to steal Space and Time Complexity Evolution
Random Bits No Connect V Random Number Generator Will Ware http://willware.net/hw-rng.html The voltage signal is amplified, disturbed, stretched, and sampled, resulting in random bits.
1 4 2 3 New Idea: Multi-Tags Attach more than one tag to an object • Redundant Tags • Dual-Tags • Own Memory Only • Shared Memory Only • Own and Shared Memory • Triple-Tags • n-Tags
Benefits of Multi-Tag Systems New applications • Increased expected voltage on a tag • Increased expected communication range • Increased availability • Increased memory • Increased reliability • Increased durability • Enhanced security
Our Current and Future Work Find New and Improve Existing Algorithms A. Juels, S. Weis Authentication algorithms with human protocols D. Molnar, D. Wagner Tag identification with delegation, ownership transfer A. Juels Efficient cloning-resistant identification algorithms New and emerging problems Let’s Collaborate!