a mp lfsr based pseudorandom number generator for epc
play

AMPLFSRbasedPseudorandom NumberGeneratorforEPCGen2Systems - PowerPoint PPT Presentation

Jan 19, 2024 •388 likes •717 views

AMPLFSRbasedPseudorandom NumberGeneratorforEPCGen2Systems Mitacs Workshop on Network Security & Cryptography Joaquin Garcia-Alfaro Institut TELECOM & UOC/IN3 Joint work with J.

  1. A
MP‐LFSR
based
Pseudorandom

 Number
Generator
for
EPC
Gen2
Systems
 Mitacs Workshop on Network Security & Cryptography 
 Joaquin Garcia-Alfaro Institut TELECOM & UOC/IN3 
 Joint work with J. Herrera-Joancomarti and J. Melia-Segui

  2. EPC: Electronic Product Code • Family of coding schemes to uniquely identify physical objects • Using RFID technology, it communicates a binary code ELECTRONIC PRODUCT CODE ELECTRONIC PRODUCT CODE 35 · 006A13A · 012B5F · 000034DA0 Header Manager number Manager number Object class Object class Serial number Serial number

  3. EPC Tags ELECTRONIC PRODUCT CODE ELECTRONIC PRODUCT CODE 35 · 006A13A · 012B5F · 000034DA0 Header Manager number Manager number Object class Object class Serial number Serial number • Passive tags (no battery onboard) • Memory and Power: - Very limited (less than 1024 bits of memory and 4µW) • Logic Circuitry: - Execution of queries, generation of pseudorandom sequences, and integrity checks (CRC).

  4. Gen2 vs. HF-based RFID Standards Research focused on low-cost RFID technologies:

  5. Motivation • Evaluation of PRNG designs for EPC Gen2 (Industry & Research) • Weaknesses of the Gen2 protocol if the PRNG output is predictable [WPC, 2010] A Practical Implementation Attack on Weak Pseudorandom Number Generator Designs for EPC Gen2 Tags. Wireless Personal Communications , Springer, December 2010.

  6. Outline • Introduction • EPC Gen2 Protocol • LFSR-based PRNG proposals • Conclusion

  7. The EPC Gen2 Protocol [EPCGlobal, 2010]

  8. Select/Inventory Operation

  9. Access/Open Operation WRITE Command • After the selection process, the tag is individually identified • The tag generates several 16 bit nonce series (RN16), used for anti-collision & authentication • Handle (first RN16) is used to link the command session

  10. Outline • Introduction • EPC Gen2 Protocol • LFSR-based PRNG proposals • Conclusion

  11. LFSR-based PRNGs • Lightweight hardware implementation • LFSR already used for Gen2 CRC • Period of 2 n − 1 when the feedback polynomial is primitive

  12. LFSR linearity problem The feedback polynomial can be determined by simply eavesdropping 2n values

  13. Linearity Avoidance (1/2)

  14. Linearity Avoidance (1/2)

  15. Linearity Avoidance (2/2) [Che et al. , 2008] Networked RFID Systems and Lightweight Cryptography, Chapter 16, A Random Number Generator for Application in RFID Tags, pp. 279– 287. Springer, 2008.

  16. Evaluation of Each Proposal • Shrinking Generator: ~ 1435 GE, 517 clock cycles at 100KHz - EPC requires, at 100KHz, a RN16 in at most 220 cycles • Che et al. Scheme: ~ 500 GE, 50 clock cycles at 100KHz - However, predictable with Prob. ~ 1/2 for 160 bits [WLC, 2010] [WLC, 2010] Analysis and Improvement of a Pseudorandom Number Generator for EPC Gen2 Tags, Financial Cryptography and Data Security 2010 Workshops, LNCS, Springer, January, 2010.

  17. NIST Statistical analysis [WLC, 2010] Analysis and Improvement of a Pseudorandom Number Generator for EPC Gen2 Tags, Financial Cryptography and Data Security 2010 Workshops, LNCS, Springer, January, 2010.

  18. Expected Probability of Success [WLC, 2010] Analysis and Improvement of a Pseudorandom Number Generator for EPC Gen2 Tags, Financial Cryptography and Data Security 2010 Workshops, LNCS, Springer, January, 2010.

  19. Expected Probability of Success [WLC, 2010] Analysis and Improvement of a Pseudorandom Number Generator for EPC Gen2 Tags, Financial Cryptography and Data Security 2010 Workshops, LNCS, Springer, January, 2010.

  20. Probability of Success (4) Prob. that the remainder bits have been affected by exactly three trn Sequences divided as 2n + (n-1) (2) Probability that the two trn used in that sequence are exactly zeros (3) Probability that the (1) Given a sequence s , three trn used in that s.t. | s | = 2n , prob. that s sequence are exactly has been affected by zeros exactly two trn [WLC, 2010] Analysis and Improvement of a Pseudorandom Number Generator for EPC Gen2 Tags, Financial Cryptography and Data Security 2010 Workshops, LNCS, Springer, January, 2010.

  21. Testing the Attack (1/2)

  22. Testing the Attack (1/2) 43


  23. Testing the Attack (2/2) 128 bits

  24. Success Rate Analytical rate Empirical rate [WLC, 2010] Analysis and Improvement of a Pseudorandom Number Generator for EPC Gen2 Tags, Financial Cryptography and Data Security 2010 Workshops, LNCS, Springer, January, 2010.

  25. Success Rate [WLC, 2010] Analysis and Improvement of a Pseudorandom Number Generator for EPC Gen2 Tags, Financial Cryptography and Data Security 2010 Workshops, LNCS, Springer, January, 2010.

  26. Outline • Introduction • EPC Gen2 Protocol • LFSR-based PRNG proposals • Work-in-Progress • Conclusion

  27. Work-in-Progress 49


  28. Work-in-Progress Status 50


  29. Outline • Introduction • EPC Gen2 Protocol • LFSR-based PRNG proposals • Conclusion

  30. Conclusion

  31. Work-in-Progress Status

  32. A
MP‐LFSR
based
Pseudorandom

 Number
Generator
for
EPC
Gen2
Systems
 Mitacs Workshop on Network Security & Cryptography 
 


Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

On the Concrete Security of Goldreichs Pseudorandom Generator Geo ff roy Couteau - Aurlien

On the Concrete Security of Goldreichs Pseudorandom Generator Geo ff roy Couteau - Aurlien

On the Concrete Security of Goldreichs Pseudorandom Generator Geo ff roy Couteau - Aurlien Dupin - Pierrick Maux - Mlissa Rossi - Yann Rotella ASIACRYPT 2018/12/04 1 1 Goldreich Pseudorandom Generator (Goldreich TOCT 2000)

795 views • 64 slides
A deviation of CURAND: standard pseudorandom number generator in CUDA for GPGPU Mutsuo Saito 1 ,

A deviation of CURAND: standard pseudorandom number generator in CUDA for GPGPU Mutsuo Saito 1 ,

A deviation of CURAND: standard pseudorandom number generator in CUDA for GPGPU Mutsuo Saito 1 , Makoto Matsumoto 2 1 Hiroshima University, 2 University of Tokyo February 13, 2012 This study is granted in part by JSPS Grant-In-Aid #23244002,

388 views • 21 slides
Pseudorandom generators hard for propositional proof systems Markus Latte April 3 and 4, 2009

Pseudorandom generators hard for propositional proof systems Markus Latte April 3 and 4, 2009

Pseudorandom generators hard for propositional proof systems Markus Latte April 3 and 4, 2009 JASS09 Sankt Peterburg Pseudorandom Generators in Complexity Theory Informally, a pseudorandom generator is a (computable) function G n : { 0 , 1 }

624 views • 49 slides
SP 800-90C: Random Bit Generator Constructions Elaine Barker NIST May 2, 2016 2 Purpose of

SP 800-90C: Random Bit Generator Constructions Elaine Barker NIST May 2, 2016 2 Purpose of

SP 800-90C: Random Bit Generator Constructions Elaine Barker NIST May 2, 2016 2 Purpose of 800-90C: To construct RBGs from approved entropy sources (see SP 800-90B) and DRBG mechanisms (see SP 800-90A) o DRBGs (a.k.a. pseudorandom number

330 views • 20 slides
Teaching Labs on Pseudorandom Number Generation Elizabeth Patitsas University of Toronto &

Teaching Labs on Pseudorandom Number Generation Elizabeth Patitsas University of Toronto &

Introduction Lab Details Our Experience Conclusion Teaching Labs on Pseudorandom Number Generation Elizabeth Patitsas University of Toronto & University of British Columbia July 5, 2012 Teaching Labs on Pseudorandom Number Generation

192 views • 16 slides
Vacuum fluctuations Secure heterodyne-based quantum random number quantum random number

Vacuum fluctuations Secure heterodyne-based quantum random number quantum random number

Vacuum fluctuations Secure heterodyne-based quantum random number quantum random number generator with non-iid generator at 17 Gbps samples Tobias Gehring et al. Marco Avesani et al. 1 The need for random numbers Alice quantum Rx laser

346 views • 32 slides
Pseudorandom Number Generation Thanks once again to A. Joseph, D. Tygar, U. Vazirani, and D.

Pseudorandom Number Generation Thanks once again to A. Joseph, D. Tygar, U. Vazirani, and D.

Pseudorandom Number Generation Thanks once again to A. Joseph, D. Tygar, U. Vazirani, and D. Wagner at the University of California, Berkeley Fall 2012 CS 334: Computer Security 1 What Can Go Wrong? An example: This generates a 16

836 views • 35 slides
Effjcient Deterministjc and Non- Deterministjc Pseudorandom Number Generatjon Jie Li, Jianliang

Effjcient Deterministjc and Non- Deterministjc Pseudorandom Number Generatjon Jie Li, Jianliang

Effjcient Deterministjc and Non- Deterministjc Pseudorandom Number Generatjon Jie Li, Jianliang Zheng, Paula Whitlock Outline Introductjon MaD1 Algorithm A Building Block: MARC-bb Data Structure Key Scheduling

612 views • 26 slides
A Magnetic Tunnel Junction Based True Random Number Generator with Conditional Perturb and

A Magnetic Tunnel Junction Based True Random Number Generator with Conditional Perturb and

A Magnetic Tunnel Junction Based True Random Number Generator with Conditional Perturb and Real-Time Output Probability Tracking Won Ho Choi*, Yang Lv*, Jongyeon Kim, Abhishek Deshpande, Gyuseong Kang, Jian-Ping Wang, and Chris H. Kim *equal

590 views • 18 slides
Cryptanalysis of the Knapsack Generator Simon Knellwolf Willi Meier FHNW, Switzerland FSE 2011,

Cryptanalysis of the Knapsack Generator Simon Knellwolf Willi Meier FHNW, Switzerland FSE 2011,

Cryptanalysis of the Knapsack Generator Simon Knellwolf Willi Meier FHNW, Switzerland FSE 2011, February 14-16, Lyngby, Denmark. 1 / 15 Knapsack Generator n -bit integers w 0 , . . . , w n 1 ( weights ) n -bit LFSR sequence u 0 , u 1 , u 2

337 views • 15 slides
A Highly-Portable True Random Number Generator based on Coherent Sampling 2019 International

A Highly-Portable True Random Number Generator based on Coherent Sampling 2019 International

A Highly-Portable True Random Number Generator based on Coherent Sampling 2019 International Conference on Field-Programmable Logic and Applications Adriaan Peetermans, Vladimir Ro zi c and Ingrid Verbauwhede September 10, 2019 Random

370 views • 35 slides
Analysis of the Linux Random Number Generator Patrick Lacharme, Andrea R ock, Vincent Stubel,

Analysis of the Linux Random Number Generator Patrick Lacharme, Andrea R ock, Vincent Stubel,

Analysis of the Linux Random Number Generator Patrick Lacharme, Andrea R ock, Vincent Stubel, Marion Videau October 23, 2009 - Rennes Outline Random Number Generators The Linux Random Number Generator Building Blocks Entropy Estimation

681 views • 55 slides
Pseudorandom Objects and Generators Journes ALEA 2012 Lecture 1: Pseudorandom objects:

Pseudorandom Objects and Generators Journes ALEA 2012 Lecture 1: Pseudorandom objects:

Pseudorandom Objects and Generators Journes ALEA 2012 Lecture 1: Pseudorandom objects: examples and constructions David Xiao LIAFA CNRS, Universit Paris 7 Plan Today: examples of pseudorandom objects Expander graphs

403 views • 17 slides
How to Make a Lumpy Random Number Generator Michael A. Covington University of Georgia and

How to Make a Lumpy Random Number Generator Michael A. Covington University of Georgia and

How to Make a Lumpy Random Number Generator Michael A. Covington University of Georgia and CORAID, Inc. International Workshop on Plan 9 Athens, Georgia October 23, 2009 How would you make a random number generator with a preference

237 views • 20 slides
KISS: A Bit Too Simple Greg Rose ggr@qualcomm.com Outline KISS random number generator

KISS: A Bit Too Simple Greg Rose ggr@qualcomm.com Outline KISS random number generator

KISS: A Bit Too Simple Greg Rose ggr@qualcomm.com Outline KISS random number generator Subgenerators Efficient attack New KISS and attack Conclusion PAGE 2 One approach to PRNG security "A random number generator

643 views • 25 slides
Pseudorandom Graphs and the Green-Tao Theorem Yufei Zhao MIT Based on joint work with David

Pseudorandom Graphs and the Green-Tao Theorem Yufei Zhao MIT Based on joint work with David

Pseudorandom Graphs and the Green-Tao Theorem Yufei Zhao MIT Based on joint work with David Conlon and Jacob Fox SIAM Conference on Discrete Mathematics D enes K onig Prize Lecture June 5, 2018 A progression of theorems on progressions

822 views • 70 slides
Ambiguities: Latent and Patent Hal Moeller, Contract Administrator UMDNJ TPAC May 18,

Ambiguities: Latent and Patent Hal Moeller, Contract Administrator UMDNJ TPAC May 18,

Ambiguities: Latent and Patent Hal Moeller, Contract Administrator UMDNJ TPAC May 18, 2011 Ambiguities Discrepancies in specifications Omissions Significant conflicts within the specifications Ambiguities = Unexpected

150 views • 12 slides
Survey of the Azure Data Landscape Ike Ellis Wintellect Core Services Consulting Custom

Survey of the Azure Data Landscape Ike Ellis Wintellect Core Services Consulting Custom

Survey of the Azure Data Landscape Ike Ellis Wintellect Core Services Consulting Custom software application development and architecture Instructor Led Training Microsofts #1 training vendor for over 14 years having trained more than

989 views • 47 slides
Finding Inductive Assertions CS256/Winter 2009 Lecture #8 Top-Down Approach Zohar Manna

Finding Inductive Assertions CS256/Winter 2009 Lecture #8 Top-Down Approach Zohar Manna

0 0 Finding Inductive Assertions CS256/Winter 2009 Lecture #8 Top-Down Approach Zohar Manna Assertion propagation we have previously proven and we want to prove but { } { } is not state-valid for some T .

525 views • 20 slides
Aiming Low is Harder Induction for Lower Bounds in Probabilistic Program Verification Marcel Hark

Aiming Low is Harder Induction for Lower Bounds in Probabilistic Program Verification Marcel Hark

Aiming Low is Harder Induction for Lower Bounds in Probabilistic Program Verification Marcel Hark Benjamin Kaminski Jrgen Giesl Joost-Pieter Katoen POPL 2020 Aiming Low is Harder Hark , Kaminski, Giesl, Katoen 1/25/20 1

1.38k views • 112 slides
Locating ourselves amidst the wealth: Creative approaches to intersectionality for personal and

Locating ourselves amidst the wealth: Creative approaches to intersectionality for personal and

Locating ourselves amidst the wealth: Creative approaches to intersectionality for personal and social transformation Susan Abdul Rahman, M.A. Robert Jackson-Paton, Ph.D. White Privilege Conference Seattle, WA 11 April 2013 Saturday, April

394 views • 15 slides
Aspects of neutrino masses Jessica Turner UCL 13 December 2019 Outline Neutrino masses and

Aspects of neutrino masses Jessica Turner UCL 13 December 2019 Outline Neutrino masses and

Aspects of neutrino masses Jessica Turner UCL 13 December 2019 Outline Neutrino masses and mixing Consequences of neutrino masses Neutrino masses from gravity, what has been done Neutrino masses from gravity: the Schwinger Dyson

741 views • 52 slides
Extensions of valuations to the Henselization and completion Steven Dale Cutkosky Steven Dale

Extensions of valuations to the Henselization and completion Steven Dale Cutkosky Steven Dale

Extensions of valuations to the Henselization and completion Steven Dale Cutkosky Steven Dale Cutkosky K a field with a valuation value group V valuation ring with maximal ideal m ( R , m R ) local domain with QF K Steven Dale

602 views • 24 slides
RF Exposure Procedures RF Exposure Procedures TCB Workshop October 2012 Laboratory Division

RF Exposure Procedures RF Exposure Procedures TCB Workshop October 2012 Laboratory Division

RF Exposure Procedures RF Exposure Procedures TCB Workshop October 2012 Laboratory Division Office of Engineering and Technology Federal Communications Commission Overview Overview Further updates on the RF exposure KDB drafts released for

1.03k views • 79 slides

More recommend