50 ways to break rfid privacy
play

50 ways to break RFID privacy Ton van Deursen 1 University of - PowerPoint PPT Presentation

Mar 11, 2024 •21 likes •421 views

50 ways to break RFID privacy Ton van Deursen 1 University of Luxembourg ton.vandeursen@uni.lu 1 Financial support received from the Fonds National de la Recherche (Luxembourg). Ton van Deursen University of Luxembourg ton.vandeursen@uni.lu 50

  1. 50 ways to break RFID privacy Ton van Deursen 1 University of Luxembourg ton.vandeursen@uni.lu 1 Financial support received from the Fonds National de la Recherche (Luxembourg). Ton van Deursen University of Luxembourg ton.vandeursen@uni.lu 50 ways to break RFID privacy () 1 / 40

  2. Outline Radio frequency identification (RFID) Privacy considerations in RFID RFID layered communication model Physical layer Communication layer Application layer Privacy attacks Correlation attack Ton van Deursen University of Luxembourg ton.vandeursen@uni.lu 50 ways to break RFID privacy () 2 / 40

  3. Radio frequency identification Ton van Deursen University of Luxembourg ton.vandeursen@uni.lu 50 ways to break RFID privacy () 3 / 40

  4. Radio frequency identification Key properties of RFID: Wireless technology Cheap technology Unique identifiers No power source needed Ton van Deursen University of Luxembourg ton.vandeursen@uni.lu 50 ways to break RFID privacy () 4 / 40

  5. RFID in your pocket Ton van Deursen University of Luxembourg ton.vandeursen@uni.lu 50 ways to break RFID privacy () 5 / 40

  6. RFID in your underwear Ton van Deursen University of Luxembourg ton.vandeursen@uni.lu 50 ways to break RFID privacy () 6 / 40

  7. Ton van Deursen University of Luxembourg ton.vandeursen@uni.lu 50 ways to break RFID privacy () 7 / 40

  8. RFID research RFID security research mainly focuses on: Authenticity: is the tag who he claims to be? Proximity: is the tag in my vicinity? Privacy The adversary can Impersonate a reader Impersonate a tag Eavesdrop on messages Block messages Modify messages Ton van Deursen University of Luxembourg ton.vandeursen@uni.lu 50 ways to break RFID privacy () 8 / 40

  9. Privacy problems Taken from Ari Juels: RFID Security and Privacy: A research Survey, IEEE Journal on Selected Areas in Communications 24 (2): 381-394 (2006) Ton van Deursen University of Luxembourg ton.vandeursen@uni.lu 50 ways to break RFID privacy () 9 / 40

  10. Plain identities Item ID Message sent Wig W125 W125 Replacement hip H123 H123 Das Kapital DK234 DK234 500 euro note FH128 FH128 500 euro note FH129 FH129 500 euro note FH130 FH130 Lingerie L180 L180 Solution: encrypt the identity of the tag Ton van Deursen University of Luxembourg ton.vandeursen@uni.lu 50 ways to break RFID privacy () 10 / 40

  11. Encrypted identities Item ID Message sent Wig W125 #5$a7X Replacement hip H123 rB91Ur7x Das Kapital DK234 T3tUM 500 euro note FH128 DX0mbvs 500 euro note FH129 pIFV2y 500 euro note FH130 rny5Lr Lingerie L180 PxXmhJ8uJ Solution: encrypt the identity of the tag Ton van Deursen University of Luxembourg ton.vandeursen@uni.lu 50 ways to break RFID privacy () 11 / 40

  12. Untraceability c53Q8 #5$a7X #5$a7X #5$a7X ACD1& time Ton van Deursen University of Luxembourg ton.vandeursen@uni.lu 50 ways to break RFID privacy () 12 / 40

  13. Untraceability c53Q8 #5$a7X #5$a7X #5$a7X ACD1& time Ton van Deursen University of Luxembourg ton.vandeursen@uni.lu 50 ways to break RFID privacy () 13 / 40

  14. Untraceability #5$a7X c53Q8 #5$a7X #5$a7X ACD1& time Ton van Deursen University of Luxembourg ton.vandeursen@uni.lu 50 ways to break RFID privacy () 14 / 40

  15. Untraceability c53Q8 #5$a7X #5$a7X #5$a7X ACD1& time Ton van Deursen University of Luxembourg ton.vandeursen@uni.lu 50 ways to break RFID privacy () 15 / 40

  16. Untraceability We call an RFID system untraceable if an adversary cannot recognize a tag he has seen before Untraceability is sometimes called (strong) privacy, indistinguishability, or unlinkability. Ton van Deursen University of Luxembourg ton.vandeursen@uni.lu 50 ways to break RFID privacy () 16 / 40

  17. RFID stack Tag Reader 3. Application 2. Communication 1. Physical Ton van Deursen University of Luxembourg ton.vandeursen@uni.lu 50 ways to break RFID privacy () 17 / 40

  18. RFID communication layers Physical layer: Transmission of bits Modulation/demodulation protocols Anti-collision protocols Communication layer: Cryptographic services Identification/authentication protocols Key update protocols Distance-bounding protocols Application layer: RFID application Data access/interpretation protocols. Photo on e-passport Building access privileges Ton van Deursen University of Luxembourg ton.vandeursen@uni.lu 50 ways to break RFID privacy () 18 / 40

  19. Physical layer: Fingerprinting RFIDs “wake up” “I’m ready” Ton van Deursen University of Luxembourg ton.vandeursen@uni.lu 50 ways to break RFID privacy () 19 / 40

  20. Physical layer: Fingerprinting RFIDs Ton van Deursen University of Luxembourg ton.vandeursen@uni.lu 50 ways to break RFID privacy () 20 / 40

  21. Physical layer: Fingerprinting RFIDs Ton van Deursen University of Luxembourg ton.vandeursen@uni.lu 50 ways to break RFID privacy () 21 / 40

  22. Physical layer: Fingerprinting RFIDs Ton van Deursen University of Luxembourg ton.vandeursen@uni.lu 50 ways to break RFID privacy () 22 / 40

  23. Physical layer: Fingerprinting RFIDs Ton van Deursen University of Luxembourg ton.vandeursen@uni.lu 50 ways to break RFID privacy () 23 / 40

  24. Physical layer: Fingerprinting RFIDs Fingerprinting RFIDs: Only possible in a controlled environment Expensive equipment needed Performance results (Danev et al. 2009): Sample size of 50 “identical” JCOP tags: correct identification in 95% of the cases. Sample size of 8 e-passports: correct identification in 100% of the cases. Ton van Deursen University of Luxembourg ton.vandeursen@uni.lu 50 ways to break RFID privacy () 24 / 40

  25. Physical layer: UIDs Anti-collision: Before running communication-layer protocols, the reader and tags performs an anti-collision protocol Anti-collision singles out one tag for communication Tags assume anti-collision identifiers: UIDs (unique identifiers) Unique identifiers are almost always static. And can be read out by anybody with an RFID reader. Ton van Deursen University of Luxembourg ton.vandeursen@uni.lu 50 ways to break RFID privacy () 25 / 40

  26. RFID reader Available at www.touchatag.com for EUR 30 / $40. Ton van Deursen University of Luxembourg ton.vandeursen@uni.lu 50 ways to break RFID privacy () 26 / 40

  27. Communication layer: Unique attribute attacks x 1 , x 2 , P, Y = yP y, P, x 1 P, x 2 P R T Authentication protocol (Lee et al. 2008) nonce r 2 r 2 r 2 � = 0 Challenge response structure nonce r 1 Public-key based T 1 := r 1 P T 2 := ( r 1 + x 1 ) Y Randomized tag responses v := r 1 x 1 + r 2 x 2 Design goals: T 1 , T 2 , v Authentication find x 1 P = y − 1 T 2 − T 1 Untraceability ( vP − x 1 T 1 ) r − 1 = x 2 P 2 Ton van Deursen University of Luxembourg ton.vandeursen@uni.lu 50 ways to break RFID privacy () 27 / 40

  28. Communication layer: Unique attribute attacks Reader computes: y, P, x 1 P, x 2 P x 1 , x 2 , P, Y = yP R T y − 1 T 2 − T 1 nonce r 2 r 2 r 2 � = 0 = ( r 1 + x 1 ) P − r 1 P = x 1 P nonce r 1 T 1 := r 1 P And verifies: T 2 := ( r 1 + x 1 ) Y ( vP − x 1 T 1 ) r − 1 v := r 1 x 1 + r 2 x 2 2 T 1 , T 2 , v = r 1 x 1 P − r 1 x 1 P + r 2 r − 1 2 x 2 P find x 1 P = y − 1 T 2 − T 1 ( vP − x 1 T 1 ) r − 1 = x 2 P 2 = x 2 P Ton van Deursen University of Luxembourg ton.vandeursen@uni.lu 50 ways to break RFID privacy () 28 / 40

  29. Communication layer: Unique attribute attacks T ′ R T R r 2 r 2 T ′ 1 , T ′ 2 , v ′ T 1 , T 2 , v ? Question: T = T ′ Ton van Deursen University of Luxembourg ton.vandeursen@uni.lu 50 ways to break RFID privacy () 29 / 40

  30. Communication layer: Unique attribute attacks T ′ R T R r 2 r 2 T ′ 1 , T ′ 2 , v ′ T 1 , T 2 , v T 1 − T ′ v − v ′ = ( r 1 − r ′ 1 ) P 1 ) x 1 = x − 1 1 1 P ( r 1 − r ′ Ton van Deursen University of Luxembourg ton.vandeursen@uni.lu 50 ways to break RFID privacy () 30 / 40

  31. Communication layer: e-passports Basic access control protocol k, k ′ k, k ′ reader passport GetChallenge nonce NP NP nonce NR, KR r = { NR, NP, KR } k r, MAC k ′ ( r ) verify MAC and r Ton van Deursen University of Luxembourg ton.vandeursen@uni.lu 50 ways to break RFID privacy () 31 / 40

  32. Communication layer: e-passports The passport first verifies the MAC Then it verifies the encryption Verification of the MAC and the encryption takes time. Ton van Deursen University of Luxembourg ton.vandeursen@uni.lu 50 ways to break RFID privacy () 32 / 40

  33. Communication layer: e-passport The attacker can (Chothia/Smirnov, 2010): Record a message of a person with passport P he wants to trace Replay that message later to any passport P ′ in his vicinity For a passport P � = P ′ the MAC and encryption will not verify correctly For passport P the MAC will verify correctly, but the encryption will not Therefore, the passport P will take longer to respond with an error message than any other passport P ′ � = P . Ton van Deursen University of Luxembourg ton.vandeursen@uni.lu 50 ways to break RFID privacy () 33 / 40

  34. Ton van Deursen University of Luxembourg ton.vandeursen@uni.lu 50 ways to break RFID privacy () 34 / 40

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Interaction of RFID Technology and Public Policy Presentation at RFID Privacy Workshop @ MIT

Interaction of RFID Technology and Public Policy Presentation at RFID Privacy Workshop @ MIT

Interaction of RFID Technology and Public Policy Presentation at RFID Privacy Workshop @ MIT 15 TH November 2003 By Rakesh Kumar Wipro Technologies India Privacy Consumers Perspective Privacy can be defined as customers ability to

284 views • 17 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Privacy Challenges in RFID Gildas Avoine Information Security Group Universit e catholique de

Privacy Challenges in RFID Gildas Avoine Information Security Group Universit e catholique de

Privacy Challenges in RFID Gildas Avoine Information Security Group Universit e catholique de Louvain Belgium SUMMARY Background about RFID Privacy: Information Leakage Privacy: Malicious Traceability Is Privacy a Research Challenge?

343 views • 32 slides
Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location

Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location

Mobile Networks - Module H2 Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; privacy preserving routing in ad hoc networks; Slides adapted from Security and

909 views • 55 slides
RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium February 2011,

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium February 2011,

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium February 2011, Corua, Spain RFID Primer RFID Primer Definition Radio frequency identification'' (RFID) means the use of electromagnetic radiating waves

729 views • 47 slides
RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium April 2011,

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium April 2011,

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium April 2011, Rennes, France Summary RFID Primer. Examples. Capabilities. Particularities. Authentication in RFID. Theory. Practical

934 views • 64 slides
29.09.2007 No Shortage of Public Fears RFID and Privacy The risk [RFID] poses to humanity

29.09.2007 No Shortage of Public Fears RFID and Privacy The risk [RFID] poses to humanity

29.09.2007 No Shortage of Public Fears RFID and Privacy The risk [RFID] poses to humanity is on Marc Langheinrich Institute for Pervasive Computing a par with nuclear weapons. Dr. Katherine Albrecht Katherine Albrecht,

315 views • 4 slides
A New Framework for RFID Privacy Robert H. Deng, Yingjiu Li, Moti Yung, Yunlei Zhao ESORICS 2010

A New Framework for RFID Privacy Robert H. Deng, Yingjiu Li, Moti Yung, Yunlei Zhao ESORICS 2010

A New Framework for RFID Privacy Robert H. Deng, Yingjiu Li, Moti Yung, Yunlei Zhao ESORICS 2010 Outline Introduction. Model of RFID Systems. Adaptive Completeness and Mutual Authentication. zk-Privacy: Formulation, Clarifications

456 views • 35 slides
The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy Ari Juels Ron Rivest

The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy Ari Juels Ron Rivest

The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy Ari Juels Ron Rivest Mike Szydlo MIT CSAIL RSA Laboratories RSA Laboratories What is a R adio- F requency Id entification (RFID) tag? In terms of appearance Chip

678 views • 26 slides
Some Recent Development Some Recent Development in RFID Privacy Models Robert H. Deng School of

Some Recent Development Some Recent Development in RFID Privacy Models Robert H. Deng School of

Some Recent Development Some Recent Development in RFID Privacy Models Robert H. Deng School of Information Systems y Singapore Management University 2010/12/6 1 Introduction RFID tags are low-cost electronic devices, from which

547 views • 17 slides
Privacy and RFID Irreconcilable Differences? Marc Langheinrich Institute for Pervasive Computing

Privacy and RFID Irreconcilable Differences? Marc Langheinrich Institute for Pervasive Computing

T Labs Usability Colloquium June 25, 2007 Privacy and RFID Irreconcilable Differences? Marc Langheinrich Institute for Pervasive Computing ETH Zurich, Switzerland C.A.S.P.I.A.N. Consumers against supermarket privacy invasions and

451 views • 25 slides
RFID Technologies: Emerging Issues, Challenges, Policy Options A study by TNO and Telecom Italia

RFID Technologies: Emerging Issues, Challenges, Policy Options A study by TNO and Telecom Italia

RFID Technologies: Emerging Issues, Challenges, Policy Options A study by TNO and Telecom Italia for IPTS IFIP/FIDIS Summerschool Karlstad - 2007 Overview RFID Technologies RFID Markets RFID Privacy issues Conclusions 2

734 views • 19 slides
Privacy Challenges in RFID-Systems Marc Langheinrich ETH Zurich, Switzerland

Privacy Challenges in RFID-Systems Marc Langheinrich ETH Zurich, Switzerland

Privacy Challenges in RFID-Systems Marc Langheinrich ETH Zurich, Switzerland http://www.inf.ethz.ch/~langhein/ joint work with Chris Floerkemeier and Roland Schneider The Ubicomp Vision DIMACS WUPSS The most profound technologies are

177 views • 17 slides
Privacy October 2006 Overview I. Definition II. Basic Privacy Principles III. Privacy Issues

Privacy October 2006 Overview I. Definition II. Basic Privacy Principles III. Privacy Issues

Simone Fischer-Hbner Privacy October 2006 Overview I. Definition II. Basic Privacy Principles III. Privacy Issues (LBS, RFID,...) IV. European Privacy Legislation/ Directives I. Definition Warren & Brandeis 1890 The right to

694 views • 30 slides
Insider attacks and RFID Privacy models Ton van Deursen and Saa Radomirovi c

Insider attacks and RFID Privacy models Ton van Deursen and Saa Radomirovi c

Insider attacks and RFID Privacy models Ton van Deursen and Saa Radomirovi c {ton.vandeursen, sasa.radomirovic}@uni.lu University of Luxembourg Financial support received from the Fonds National de la Recherche (Luxembourg) Ton van Deursen

144 views • 12 slides
Data Synchronization in Privacy-Preserving RFID Authentication Schemes S ebastien CANARD and

Data Synchronization in Privacy-Preserving RFID Authentication Schemes S ebastien CANARD and

Data Synchronization in Privacy-Preserving RFID Authentication Schemes S ebastien CANARD and Iwen COISEL Orange Labs R&D - Caen - France RFIDSec 08 - 10 th July 2008 Outline 1 General Context 2 A synchronization problem 3 A

714 views • 33 slides
Akintayo Akinyoade 12/01/2017 Survey Roadmap Internet of Things (IoT)? Tech. Enablers for IoT

Akintayo Akinyoade 12/01/2017 Survey Roadmap Internet of Things (IoT)? Tech. Enablers for IoT

INTERNET OF THINGS (IoT) A SURVEY Akintayo Akinyoade 12/01/2017 Survey Roadmap Internet of Things (IoT)? Tech. Enablers for IoT IoT Applications Open Research Issues Internet of Things (IoT) Network Oriented Vision Things Oriented

724 views • 15 slides
Privacy What it is How were losing it in the digital age How it can be protected Saturday, 3

Privacy What it is How were losing it in the digital age How it can be protected Saturday, 3

Privacy What it is How were losing it in the digital age How it can be protected Saturday, 3 December 2011 Saturday, 3 December 2011 Privacy is Not a New Concept 1 b. The state or condition of being alone, undisturbed, or free from

593 views • 22 slides
draft-irtf-hiprg-rfid-01 HIP support for RFIDs Pascal.Urien@telecom-paristech.fr

draft-irtf-hiprg-rfid-01 HIP support for RFIDs Pascal.Urien@telecom-paristech.fr

draft-irtf-hiprg-rfid-01 HIP support for RFIDs Pascal.Urien@telecom-paristech.fr http://perso.telecom-paristech.fr/~urien/hiprfid/ http://www.telecom-paristech.fr 1 /11 Pascal URIEN, IETF 79 th , Tuesday 9 th November 2010, Beijing, China What

373 views • 11 slides
En Enterpris erprise e In Info format rmation ion Sys ystems ems Umbe mberto to Nan

En Enterpris erprise e In Info format rmation ion Sys ystems ems Umbe mberto to Nan

D IPARTIMENTO DI I NGEGNERIA INFORMATICA AUTOMATICA E GESTIONALE A NTONIO R UBERTI Master Degree Programme in Management gement Engin ineer erin ing En Enterpris erprise e In Info format rmation ion Sys ystems ems Umbe mberto to

379 views • 36 slides
Overview of Technology Division Studies and Projects Wednesday, May 13, 2009 Michael Johnsen

Overview of Technology Division Studies and Projects Wednesday, May 13, 2009 Michael Johnsen

Overview of Technology Division Studies and Projects Wednesday, May 13, 2009 Michael Johnsen Chris Flanigan Jeff Loftus Quon Kwan Technology Division Top Projects 1. SmartPark: Real-Time Parking Availability 2. Employer Notification

618 views • 18 slides
WIDE Project RFID/Auto-ID activities Yojiro UO Auto-ID Labs, JAPAN WIDE Project Auto-ID

WIDE Project RFID/Auto-ID activities Yojiro UO Auto-ID Labs, JAPAN WIDE Project Auto-ID

WIDE Project RFID/Auto-ID activities Yojiro UO Auto-ID Labs, JAPAN WIDE Project Auto-ID activities in WIDE Why are we working for RFID? RFID (radio frequency Identification) is a one of the key device to glue Real and Virtual space

820 views • 6 slides
Strategies to Harden and Neutralize UAVs using RF DEW Jos L OPES E STEVES , Emmanuel C OTTAIS

Strategies to Harden and Neutralize UAVs using RF DEW Jos L OPES E STEVES , Emmanuel C OTTAIS

Strategies to Harden and Neutralize UAVs using RF DEW Jos L OPES E STEVES , Emmanuel C OTTAIS AND Chaouki K ASMI ABOUT THE AUTHORS ANSSI: National Cybersecurity Agency of France Wireless Security Lab 10 members, 2 PhDs, 2 PhD

663 views • 40 slides
Performance Analysis of Location Performance Analysis of Location y Tracking System for Multiple

Performance Analysis of Location Performance Analysis of Location y Tracking System for Multiple

UNIVERSITI TEKNOLOGI MALAYSIA UNIVERSITI TEKNOLOGI MALAYSIA Performance Analysis of Location Performance Analysis of Location y Tracking System for Multiple Tracking System for Multiple Levels Levels Presenter: Norhidayu Presenter:

579 views • 33 slides

More recommend