rfid(1)

6.857: RFID Security and PrivacyNovember 2nd, 2004Massachusetts Institute of TechnologyComputer Science and Artificial Intelligence Laboratory

6.857 Lecture - November 2, 2004

Talk Abstract and OutlineAbstract: What is RFID, how does it affect security and privacy, and what can we do about it? OutlineRFID Introduction, History, and ApplicationsSecurity Threats and Adversarial ModelCountermeasures


What is RFID?Radio Frequency Identification: Identify physical objects through a radio interface.Many different technologies called RFID.Others types of auto-ID systems include:Optical barcodesRadiological tracersChemical taggants


RFID System PrimerThree Main Components: Tags, or transponders, affixed to objects and carry identifying data. Readers, or transceivers, read or write tag data and interface with back-end databases.Back-end databases correlate data stored on tags with physical objects.


RFID Adhesive Labels4 cm


An RFID Smart Shelf Reader


System InterfaceReader


RFID HistoryEarliest Patent: John Logie Baird (1926)Identify Friend or Foe (IFF) systems developed by the British RAF to identify friendly aircraft. Both sides secretly tracked their enemys IFF.How do you identify yourself only to your friends?Dont shoot! Were British!Oh. Were British too!


Digression #1: Related Military ApplicationsIFF still used today for aircraft and missiles. Obviously classified.Could envision an IFF system for soldiers. Lots of military interest in pervasive networks of cheap, RFID-like sensors.Monitoring pipelines, detecting biological agents, tracking munitions, etc.


Commercial ApplicationsEarly Applications:Tracking boxcars and shipping containers.Cows: RFID ear tags.Bulky, rugged, and expensive devices.The RFID Killer Application?


Supply-Chain Management(Not Gum)First Universal Product Code scanned was on a pack of Juicy Fruit gum in 1976.Every day, over five billion barcodes are scanned around the world.But barcodes are slow, need line of sight, physical alignment, and take up packaging real estate.Over one billion RFID tags on the market.Example: Gillettes shrinkage problem.


Modern RFID ApplicationsSupply-Chain ManagementInventory ControlLogisticsRetail Check-OutAccess Control: MIT Proximity Cards.Payment Systems: Mobil SpeedPass.Medical Records: Pet tracking chips.


Prada's RFID ClosetMIT Prox Card


Tag Power SourcePassive: All power comes from a readers interrogation signal.Tags are inactive unless a reader activates them.Passive powering is the cheapest, but shortest range.Semi-Passive: Tags have an on-board power source (battery).Cannot initiate communications, but can be sensors.Longer read range, more cost for battery.Active:On-board power and can initiate communications.


Functionality Classes


Operating Frequencies


Asymmetric ChannelsReaderTagEavesdropperForward Channel Range (~100m)Backward Channel Range (~5m)


Security Risks: EspionageCorporate Espionage:Identify Valuable Items to StealMonitor Changes in InventoryPersonal PrivacyLeaking of personal information (prescriptions, brand of underwear, etc.).Location privacy: Tracking the physical location of individuals by their RFID tags.


Espionage Case StudyThe US Food and Drug Administration (FDA) recently recommended tagging prescription drugs with RFID pedigrees.Problems:Im Oxycontin. Steal me.Bobs Viagra sales are really up this month.Hi. Im Alices anti-fungal cream.


Security Risks: ForgeryRFID casino chips, Mobil SpeedPass, EZ-Pass, FasTrak, prox cards, 500 banknotes, designer clothing.Skimming: Read your tag, make my own.Swapping: Replace real tags with decoys.Producing a basic RFID device is simple.A hobbyist could probably spoof most RFID devices in a weekend for under $50.


Security Risks: ForgeryMandel, Roach, and Winstein @ MITTook a couple weeks and $30 to figure out how produce a proximity card emulator.Can produce fake cards for a few dollars.Can copy arbitrary data, including TechCash.Could read cards from several feet. (My card wont open the door past a few inches.)Broke Indala's FlexSecur data encryption.(Just addition and bit shuffling. Doh.)


Security Risks: SabotageIf we cant eavesdrop or forge valid tags, can simply attack the RFID infrastructure.Wiping out inventory data.Vandalization.Interrupting supply chains.Seeding fake tags difficult to remove.


Adversarial ModelCan classify adversaries by their access.Three levels of read or write access:Physical: Direct access to physical bits.Logical: Send or receive coherent messages. Signal: Detect traffic or broadcast noise.Can further break down into Forward-only or Backward-only access.


Adversarial Model: AttacksLong-Range Passive Eavesdropper: Forward-Only Logical Read Access.No Write Access.Tag Manufacture/Cloning:No Read Access/Physical Read Access.Physical Write Access.Traffic Analysis: Signal Read Access.Jamming: Signal Write Access.


Adversarial Model: CountermeasuresCountermeasures will degrade an adversarys access. For example:Encryption degrades logical read access to signal read access.Authentication degrades logical write to signal write access.Tamper resistance can degrade physical read to logical read access.


Is it really that bad?Maybe Not. Tags can only be read from a few meters.*Will mostly be used in closed systems like warehouses or shipping terminals.Can already track many consumer purchases through credit cards.Difficult to read some tags near liquids or metals.Can already track people by cell phones, wireless MAC addresses, CCTV cameras, etc.


Butthe customer is always right.The public perception of a security risk, whether valid or not, could limit adoption and success.Similar to Pentium IIIs unique ID numbers.Successful boycott of Benetton. Privacy advocates have latched on:e-mails sent to the RFID Journalhint at some of the concerns. I'll grow a beard and f--k Gillette, wrote one reader, Economist Magazine, June 2003.Auto-ID: The worst thing that ever happened to consumer privacy, CASPIAN website.


Digression #2:RFID Public RelationsThe industry never misses a chance to shoot itself in the foot.Track anything, anywhere.Wal-Mart Caught Conducting Secret Human Trials Using Alien Technology!Lesson: If you dont want people to negatively spin your technology, dont make their jobs easier.


Security ChallengeResources, resources, resources.EPC tags ~ 5 cents. 1000 gates ~ 1 cent.Main security challenges come from resource constraints.Gate count, memory, storage, power, time, bandwidth, performance, die space, and physical size are all tightly constrained.Pervasiveness also makes security hard.


Example Tag Specification


Resource ConstraintsWith these constraints, modular math based public-key algorithms like RSA or ElGamal are much too expensive. Alternative public-key cryptosystems like ECC, NTRU, or XTR are too expensive.Symmetric encryption is also too costly. We cant fit DES, AES, or SHA-1 in 2000 gates.(Recent progress made with AES.)


Hash LocksRivest, Weis, Sarma, Engels (2003).Access control mechanism: Authenticates readers to tags.Only requires OW hash function on tag.Lock tags with a one-way hash output.Unlock tags with the hash pre-image.Old idea, new application.


Hash Lock Access ControlReaderTagmetaID hash(key)metaIDStore (key,metaID)metaIDWho are you?Store metaIDLocking a tagQuerying a locked tagUnlocking a tagkeymetaID = hash(key)?Hi, my name is..


Hash Lock Analysis+ Cheap to implement on tags: A hash function and storage for metaID.+ Security based on hardness of hash. + Hash output has nice random properties.+ Low key look-up overhead.- Tags respond predictably; allows tracking.Motivates randomization.


Randomized Hash LockReaderTag: IDkKnows tag ID1,, IDnR,hash(R, IDk)Query?Select random RUnlocking a tagIDkSearch hash(R, IDi)


Randomized Hash Lock Analysis+ Implementation requires hash and random number generatorLow-cost PRNG.Physical randomness. + Randomized response prevents tracking.- Inefficient brute force key look-up.Hash is only guaranteed to be one-way. Might leak information about the ID. (Essentially end up with a block cipher?)


Blocker TagsJuels, Rivest, Szydlo (2003).Consumer Privacy Protecting Device: Hides your tag data from strangers.Users carry a blocker tag device.Blocker tag injects itself into the tags anti-collision protocol.Effectively spoofs non-existent tags.(Only exists on paper.)


Other WorkEfficient Implementations for RFID:Feldhofer, Dominikus, and Wolkerstorfer.Gaubatz, Kaps, and Yksel.Secure Protocols:Ari Juels.Inoue and Yasuura Gildas Avoine.Privacy Issues:Molnar and Wagner.Henrici and Mller.Limited Bibliography:crypto.csail.mit.edu/~sweis/rfid/


RFID PolicyPolicy can address a lot of privacy issues.RSA Security is proposing a privacy bit: Sort of like a do not disturb sign. Doesnt stop someone from reading a tag.More bits could encode various access policiesGarfinkel has proposed an RFID Bill of Rights. Other fair information practices proposed by EPIC, EFF, CASPIAN, etc.


Simsons Bill of RightsThe RFID Bill of Rights:The right to know whether products contain RFID tags.The right to have RFID tags removed or deactivated when they purchase products.The right to use RFID-enabled services without RFID tags.The right to access an RFID tags stored data. The right to know when, where and why the tags are being read.


A New Idea: Humans and TagsTags are dumb. But so are people.Hopper and Blum have human-oriented identification protocols that you can do in your head. Linked off www.captcha.net.Now adopting their protocol to RFID and securing it against stronger adversaries.(Papers in progress.)


Questions?


Dont forget to vote!


`RFID Adhesive LabelsAsymmetry result of passive tag vs. battery tag.

rfid(1)

Documents

rfid tags

rfid security

rfid ear tags

rfid historyearliest

rfid killer application

rfid adhesive labels4

rfid smart shelf reader6

physical objects