110 likes | 255 Views
draft-urien- hip-tag-03.txt. HIP support for RFID Pascal.Urien@telecom-paristech.fr. http://www.telecom-paristech.fr. Open Issues for the Internet Of Thing. What is a thing? , f rom draft-urien- hip-iot-00.txt Two classes of things
E N D
draft-urien-hip-tag-03.txt HIP support for RFID Pascal.Urien@telecom-paristech.fr http://www.telecom-paristech.fr
Open Issues for the Internet Of Thing • What is a thing? , from draft-urien-hip-iot-00.txt • Two classes of things • Things that are full computers equipped with communication interfaces. • Things that are not full computers (i.e. TAGS, RFIDs), but who are associated with objects. • What is the identifier of a thing? • They are several proposals: • A serial number, such as the EPC code. • An IP address. • Other, for example a fix hash value, or adhoc naming scheme.
Open issues • Identity Protection • Things can be used to track people or objects, which are identified by a set of things. Identity protection enforces privacy by hiding things identities thanks to cryptographic means. • Communication Protocol • A thing communicates with the Internet network by various interfaces • Via MAC (OSI2) radio protocols, as defined by EPC GLOBAL • Thanks the IP protocol, in that case the thing is an IP node, and is natively plugged in the Internet Cloud. • Other, for example the Host Identity Protocol • Things to Things communications • In some cases, things communicate with other things. If identity protection is required, the associated infrastructure is complex from a cryptographic or physical point of view, because classical routing techniques can't be used.
HIP Tags for the IoT • Project funded by the French National Research Agency (ANR) • Modified BEX exchange • The HIT is a true random number • HIP-Tags never expose their identity in clear text, but hide this value (typically an EPC-Code) by a particular equation (f) that can be only solved by a dedicated entity, referred as the portal. • f(r1,r2, EPC-Code) • HIP exchanges occurred between HIP-Tags and PORTALs; they are shuttled by IP packets, through the Internet cloud.
Identity Protection for Tags • Privacy issues • EPC-Code MUST be protected • EPC-Code is a solution of f(r1,r2,EPC-Code) • Example • Many f proposal in the scientific literature • f(r1,r2, EPC-Code) = SHA1 (r1 | r2 | EPC-Code) r1 Tag EPC-Code Reader r2, f(r1,r2, EPC-Code) S. Weis, S. Sarma, R. Rivest and D. Engels. "Security and privacy aspects of low-cost radio frequency identification systems." In D. Hutter, G. Muller, W. Stephan and M. Ullman, editors, International Conference on Security in Pervasive Computing - SPC 2003, volume 2802 of Lecture Notes in computer Science, pages 454- 469. Springer-Verlag, 2003.
HIP-TAGS Architecture Main Ideas • The TAG runs a modified version of HIP • HIP Only! – NO IP stack • HIT is a true 16 bytes random number generated by the TAG • The Reader is an IP node • It acts as a docking host for HIP tag • The Reader is not able to solve the f equation • The identity solver entity is located in a node called the PORTAL • HIP dialog between Tag and Portal • HIP packets MAY be encapsulated by a HAT (HIP Address Translation) layer.
HIP-Tags Architecture Identity Solver HIP HIP SPI-I HAT HAT EPC-Code IP IP SPI-R RFID-MAC MAC MAC RFID-MAC EPC-Code RFID-PHY RFID-PHY PHY PHY Tag Reader Portal
T-Transform 0001 - HMAC • K = HMAC-SHA1(r1 | r2, EPC-Code) • F-T = HMAC-SHA1(K, CT1 | "Type 0001 key ") • CT1 = 0x00000001 (32 bits) • K-AUTH-KEY = HMAC-SHA1(K, CT2 | "Type 0001 key") • CT2 = 0x00000010 (32 bits)
Example, with T-Transform = 0001 Portal Tag EPC-CODE 0123456789abcdefcdab I1-T HEAD 3b04401100000000 sHIT 6a682e53516b516f2f58ce6025421ae6 dHIT 00000000000000000000000000000000 HEAD 3b0a411100000000 sHIT 00000000000000000000000000000000 dHIT 6a682e53516b516f2f58ce6025421ae6 ATT 0400 20 bytes 276d034ddd2d52793b172cb95bcd0297e2df6115 ATT 0402 04 bytes 00010000 R1-T r1 I2-T HEAD 3b13401100000000 sHIT 6a682e53516b516f2f58ce6025421ae6 dHIT 00000000000000000000000000000000 ATT 0402 04 bytes 00010000 ATT 0400 20 bytes c5958b236b9b0eaa7abb25f27d24c5046e89199e ATT 0404 20 bytes 801dbc55c5f39789f83c6cba1450187d83833caf ATT 0406 20 bytes 2a2368932bf73abec46bddb83f1b3f7f9ded8b83 r2 f Signature
T-Transform 0002 – Tree • F-T = H1 | H2 | Hi | Hn • Hi = HMAC-SHA1(r1 | r2, Ki | CT1 ),or • Hi = HMAC-SHA1(r1 | r2, Ki | CT2 ) • CT1 = 0x00000001, CT2 = 0x00000002 • Notation: HiCTkKi k=1,2 i=1...n • K-AUTH-KEY = HMAC-SHA1(K, CT1 | "Type 0002 key") • K = HMAC-SHA1(r1 | r2, EPC-Code) • CT1 = 0x00000001 (32 bits) 0 1 H1CT1K1 H1CT2K1 1 EPC-Code = 010…. F-T = H1CT1K1 H2CT2K2 H3CT1K1 H2CT2K2 0 H3CT1K1
Open Java Resources • http://perso.telecom-paristech.fr/~urien/hiptag • Java code for portal. • Java card code for tags. • ISO 14443 tags work at 13,56 MHz. • Java card are widely deployed, about 1 billion devices per year. • Thanks to the NFC technology, HIP-TAG could be supported by billions of mobile phones. • http://gforge.cnam.fr/gf/project/t2tit • Code source of the T2TIT project, funded by the French National Research Agency (ANR). • Papers: HIP-Tags Architecture Implementation for the Internet of Things • Pascal Urien, Simon Elrharbi, DoriceNyamy , HervéChabanne, Thomas Icart, François Lecocq, CyrillePépin, KhalifaToumi, Mathieu Bouet, Guy Pujolle, Patrice Krzanik, Jean-Ferdinand Susini " HIP-Tags Architecture Implementation for the Internet of Things ", First Asian Himalayas International Conference on Internet AH-ICI2009, 3-5 November, 2009, Kathmandu, Nepal, Available at IEEE Explorer.