an efficient distance bounding rfid authentication
play

An Efficient Distance Bounding RFID Authentication Protocol: - PowerPoint PPT Presentation

Sep 29, 2022 •25 likes •335 views

An Efficient Distance Bounding RFID Authentication Protocol: Balancing False-Acceptance Rate and Memory Requirement Gildas Avoine 1 and Aslan Tchamkerten 2 1 Universit e catholique de Louvain, Louvain-la-Neuve, Belgium 2 Telecom ParisTech,

  1. An Efficient Distance Bounding RFID Authentication Protocol: Balancing False-Acceptance Rate and Memory Requirement Gildas Avoine 1 and Aslan Tchamkerten 2 1 Universit´ e catholique de Louvain, Louvain-la-Neuve, Belgium 2 Telecom ParisTech, Paris, France Information Security Conference, Pisa, Italy, Sept. 2009

  2. Summary A brief introduction to RFID. Authentication and Mafia fraud. Key-references in distance bounding. Our Protocol. Gildas Avoine and Aslan Tchamkerten – Distance Bounding RFID Authentication Protocol 2

  3. RFID in a Nutshell RFID = Radio-Frequency IDentification. Tags and Readers (possibly connected to a back-end system). Tags are low-capability devices, passive. With or without microprocessor. Communication distance: a few cm to a few meters. Tags answer without agreement of their holders. Implicit agreement = being in the reader’s field. Gildas Avoine and Aslan Tchamkerten – Distance Bounding RFID Authentication Protocol 3

  4. RFID Applications Pet identification. Supply chain. Electronic passports. Mass transportation. Access control. Payment. Gildas Avoine and Aslan Tchamkerten – Distance Bounding RFID Authentication Protocol 4

  5. Authentication “Entity authentication is the process whereby one party is assured (through acquisition of corroborative evidence) of the identity of a second party involved in a protocol, and that the second has actually participated (i.e., is active at, or immediately prior to, the time the evidence is acquired)” Handbook of Applied Crypto, Menezes, Oorschot, Vanstone. Gildas Avoine and Aslan Tchamkerten – Distance Bounding RFID Authentication Protocol 5

  6. ISO 9798-2 Protocol 3 Unilateral Verifier (secret k ) Prover (secret k ) N a Pick N a − − − − − − − − − → E k ( N a , N b ) ← − − − − − − − − Pick N b Protocol secure under some common assumptions on E , k , and N a . Gildas Avoine and Aslan Tchamkerten – Distance Bounding RFID Authentication Protocol 6

  7. ISO 9798-2 Protocol 3 Unilateral Verifier (secret k ) Prover (secret k ) N a Pick N a − − − − − − − − − → E k ( N a , N b ) ← − − − − − − − − Pick N b Protocol secure under some common assumptions on E , k , and N a . Gildas Avoine and Aslan Tchamkerten – Distance Bounding RFID Authentication Protocol 6

  8. Mafia Fraud Prover Verifier Mafia fraud. Desmedt, Goutier, Bengio [Crypto87]. Shamir about Fiat-Shamir protocol [Crypto86]: “I can go to a Mafia-owned store a million successive times and they still will not be able to misrepresent themselves as me.” (The NY Times, February 17, 1987, James Gleick). Gildas Avoine and Aslan Tchamkerten – Distance Bounding RFID Authentication Protocol 7

  9. Mafia Fraud Prover Verifier Adversary Mafia fraud. Desmedt, Goutier, Bengio [Crypto87]. Shamir about Fiat-Shamir protocol [Crypto86]: “I can go to a Mafia-owned store a million successive times and they still will not be able to misrepresent themselves as me.” (The NY Times, February 17, 1987, James Gleick). Gildas Avoine and Aslan Tchamkerten – Distance Bounding RFID Authentication Protocol 7

  10. Mafia Fraud Prover Verifier Adversary Mafia fraud. Desmedt, Goutier, Bengio [Crypto87]. Shamir about Fiat-Shamir protocol [Crypto86]: “I can go to a Mafia-owned store a million successive times and they still will not be able to misrepresent themselves as me.” (The NY Times, February 17, 1987, James Gleick). Gildas Avoine and Aslan Tchamkerten – Distance Bounding RFID Authentication Protocol 7

  11. Mafia Fraud Prover Verifier Adversary Adversary Mafia fraud. Desmedt, Goutier, Bengio [Crypto87]. Shamir about Fiat-Shamir protocol [Crypto86]: “I can go to a Mafia-owned store a million successive times and they still will not be able to misrepresent themselves as me.” (The NY Times, February 17, 1987, James Gleick). Gildas Avoine and Aslan Tchamkerten – Distance Bounding RFID Authentication Protocol 7

  12. Mafia Fraud Prover Verifier Adversary Adversary 10000 km Mafia fraud. Desmedt, Goutier, Bengio [Crypto87]. Shamir about Fiat-Shamir protocol [Crypto86]: “I can go to a Mafia-owned store a million successive times and they still will not be able to misrepresent themselves as me.” (The NY Times, February 17, 1987, James Gleick). Gildas Avoine and Aslan Tchamkerten – Distance Bounding RFID Authentication Protocol 7

  13. Mafia Fraud Prover Verifier Adversary Adversary 10000 km Mafia fraud. Desmedt, Goutier, Bengio [Crypto87]. Shamir about Fiat-Shamir protocol [Crypto86]: “I can go to a Mafia-owned store a million successive times and they still will not be able to misrepresent themselves as me.” (The NY Times, February 17, 1987, James Gleick). Gildas Avoine and Aslan Tchamkerten – Distance Bounding RFID Authentication Protocol 7

  14. Mafia Fraud: Example in a Queue Gildas Avoine and Aslan Tchamkerten – Distance Bounding RFID Authentication Protocol 8

  15. Do-ability of Mafia Fraud Successful attacks. Co-axial cable over 50 cm (T. Gross 06). Radio link over 50 meters (G. Hancke 05). Reader starts a timer when sending a message. To avoid semi-open connections. ISO 14443 “Proximity Cards”. Used in most secure applications. Standard on the low-layers (physical, collision-avoidance). Default timer is around 5 ms. Prover can require more time, up to 4949 ms. Gildas Avoine and Aslan Tchamkerten – Distance Bounding RFID Authentication Protocol 9

  16. Do-ability of Mafia Fraud Successful attacks. Co-axial cable over 50 cm (T. Gross 06). Radio link over 50 meters (G. Hancke 05). Reader starts a timer when sending a message. To avoid semi-open connections. ISO 14443 “Proximity Cards”. Used in most secure applications. Standard on the low-layers (physical, collision-avoidance). Default timer is around 5 ms. Prover can require more time, up to 4949 ms. Gildas Avoine and Aslan Tchamkerten – Distance Bounding RFID Authentication Protocol 9

  17. Distance Bounding (Proximity Check) Literature Beth and Desmedt [Crypto90] Brands and Chaum [Eurocrypt93] Hancke and Kuhn [SecureComm05] ... The verifier calculates the round trip time of a message. Message needs to be authenticated. Authentication is time-consuming. Round trip time is noised. Gildas Avoine and Aslan Tchamkerten – Distance Bounding RFID Authentication Protocol 10

  18. Adversary Model Can eavesdrop, intercept, modify or inject messages. Cannot correctly encrypt, decrypt, or sign messages without knowledge of the appropriate key. Can increase or decrease the clock frequency of a tag and thus the computation speed. Can increase the transmission speed on the channel up to a given bound (speed of light). Gildas Avoine and Aslan Tchamkerten – Distance Bounding RFID Authentication Protocol 11

  19. Adversary Model We define a neighborhood as a zone around a reader. We consider that a tag present in a neighborhood agrees to authenticate. We say that a tag T has been impersonated if an execution of the protocol convinced a reader that it has authenticated T while the latter was not present inside the neighborhood during the said execution. Gildas Avoine and Aslan Tchamkerten – Distance Bounding RFID Authentication Protocol 12

  20. Brands and Chaum’s Protocol Verifier (secret k ) Prover (secret k ) Start of fast phase for i = 1 to n C i ∈ R { 0 , 1 } Start Clock − − − − − − − − − − − → R i ∈ R { 0 , 1 } Stop Clock ← − − − − − − − − − − − Check ∆ t i ≤ ∆ t max End of fast phase Sign k ( C 1 || R 1 ||···|| C n || R n ) Check signature ← − − − − − − − − − − − − − − − − − − − − Gildas Avoine and Aslan Tchamkerten – Distance Bounding RFID Authentication Protocol 13

  21. Brands and Chaum’s Drawbacks Security of the protocol: (1 / 2) n . On-the-fly authentication should take less than 50 ms. Turn-around time does not allow a large n . Security is degraded. There is a final signature. If the protocol is interrupted, no rational decision can be taken by the verifier. Gildas Avoine and Aslan Tchamkerten – Distance Bounding RFID Authentication Protocol 14

  22. Hancke and Kuhn’s Protocol Verifier (secret k ) Prover (secret k ) N a Random N a − − − − − − − → N b ← − − − − − − − Random N b v 0 � v 1 := H k ( N a , N b ) | v 0 | = | v 1 | = n where Start of fast phase for i = 1 to n C i ∈ R { 0 , 1 } Start Clock − − − − − − − → � v 0 i , if C i = 0 R i Stop Clock ← − − − − − − R i = v 1 i , if C i = 1 End of fast phase Check correctness of R i ’s and ∆ t i ≤ ∆ t max Gildas Avoine and Aslan Tchamkerten – Distance Bounding RFID Authentication Protocol 15

  23. Hancke and Kuhn’s Drawbacks The final signature is no longer needed. Security of the protocol still depends on n . Security of the protocol is (3 / 4) n instead of (1 / 2) n . Gildas Avoine and Aslan Tchamkerten – Distance Bounding RFID Authentication Protocol 16

  24. Open Problem Can we design a distance bounding protocol without final signature that resists to the Mafia fraud with probability better than (3 / 4) n ? In HK, if the adversary sends a wrong C i during the pre-ask phase, she is not penalized for the following rounds. Our idea consists in using a tree instead of 2 registers. Gildas Avoine and Aslan Tchamkerten – Distance Bounding RFID Authentication Protocol 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine

Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine

Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine Universit e catholique de Louvain, Belgium Information Security Group SUMMARY RFID Background Relay Attacks Distance Bounding Protocols Conclusion

666 views • 53 slides
Distance Bounding for RFID Prof. Gildas Avoine Universit e catholique de Louvain, Belgium

Distance Bounding for RFID Prof. Gildas Avoine Universit e catholique de Louvain, Belgium

Distance Bounding for RFID Prof. Gildas Avoine Universit e catholique de Louvain, Belgium Information Security Group SUMMARY Relay Attacks Distance Bounding Protocols Discussion RELAY ATTACKS Relay Attacks Distance Bounding Protocols

330 views • 28 slides
Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine

Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine

Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine Universit e catholique de Louvain, Belgium Information Security Group SUMMARY RFID Background Relay Attacks Countermeasures and Evolved Frauds

633 views • 40 slides
On the Need for Provably Secure Distance Bounding Serge Vaudenay COLE POLYTECHNIQUE

On the Need for Provably Secure Distance Bounding Serge Vaudenay COLE POLYTECHNIQUE

On the Need for Provably Secure Distance Bounding Serge Vaudenay COLE POLYTECHNIQUE FDRALE DE LAUSANNE http://lasec.epfl.ch/ SV 2012 distance bounding CIoT 2012 1 / 39 Introduction to Distance-Bounding 1 Some Insecurity Case

600 views • 39 slides
Towards Secure Distance Bounding Ioana Boureanu, Katerina Mitrokotsa, Serge Vaudenay COLE

Towards Secure Distance Bounding Ioana Boureanu, Katerina Mitrokotsa, Serge Vaudenay COLE

Towards Secure Distance Bounding Ioana Boureanu, Katerina Mitrokotsa, Serge Vaudenay COLE POLYTECHNIQUE FDRALE DE LAUSANNE http://lasec.epfl.ch/ SV 2013 distance bounding FSE 2013 1 / 48 1 Why Distance-Bounding? Towards a Secure

663 views • 48 slides
An optimal distance-bounding protocol Rolando Trujillo-Rasua University of luxembourg (joint

An optimal distance-bounding protocol Rolando Trujillo-Rasua University of luxembourg (joint

An optimal distance-bounding protocol Rolando Trujillo-Rasua University of luxembourg (joint work with Sjouke Mauw and Jorge Toro-Pozo) Euro S&P and RFIDSec, 2016 Distance Bounding protocols 1 Beating a grand master: is this a relay

926 views • 67 slides
Designing Low-Cost Untraceable Authentication Protocols for RFID Dave Singele IFIP WG 11.2

Designing Low-Cost Untraceable Authentication Protocols for RFID Dave Singele IFIP WG 11.2

Designing Low-Cost Untraceable Authentication Protocols for RFID Dave Singele IFIP WG 11.2 Seminar Istanbul June 07, 2010 Outline of the talk n Introduction n RFID authentication protocols n Security requirements n Privacy requirements n

344 views • 31 slides
Relay Attacks and Distance Bounding Protocols Gildas Avoine Universit e catholique de Louvain,

Relay Attacks and Distance Bounding Protocols Gildas Avoine Universit e catholique de Louvain,

Relay Attacks and Distance Bounding Protocols Gildas Avoine Universit e catholique de Louvain, Belgium Workshop on Cryptography for the Internet of Things November 20 21, 2012, Antwerp, Belgium SUMMARY Relay Attacks Distance Bounding

349 views • 21 slides
Butterfly: Environment-Independent Physical- Layer Authentication for Passive RFID

Butterfly: Environment-Independent Physical- Layer Authentication for Passive RFID

Butterfly: Environment-Independent Physical- Layer Authentication for Passive RFID Jinsong Han* , Chen Qian^, Yuqin Yang , Ge Wang ^, Han Ding , Xin Li^, Kui Ren* # # * Institute of Cyberspace Research, College of Computer

265 views • 25 slides
Distance Hijacking Attacks on Distance Bounding Protocols Cas Cremers ETH Zurich Joint work

Distance Hijacking Attacks on Distance Bounding Protocols Cas Cremers ETH Zurich Joint work

Distance Hijacking Attacks on Distance Bounding Protocols Cas Cremers ETH Zurich Joint work with: Joint work with: Kasper Rasmussen, Benedikt Schmidt, Srdjan Capkun Kasper Rasmussen, Benedikt Schmidt, Srdjan Capkun Distance Bounding 2

370 views • 16 slides
An ECDSA Processor for RFID Authentication Michael Hutter, Martin Feldhofer, and Thomas Plos

An ECDSA Processor for RFID Authentication Michael Hutter, Martin Feldhofer, and Thomas Plos

VLSI Institute for Applied Information Processing and Communications (IAIK) VLSI & Security An ECDSA Processor for RFID Authentication Michael Hutter, Martin Feldhofer, and Thomas Plos Workshop on RFID Security 2010 07. - 09.06.2010,

1.12k views • 17 slides
Security Analysis of Distance Bounding Protocols Agnes BRELURUT, Pascal LAFOURCADE, David GERAULT

Security Analysis of Distance Bounding Protocols Agnes BRELURUT, Pascal LAFOURCADE, David GERAULT

Security Analysis of Distance Bounding Protocols Agnes BRELURUT, Pascal LAFOURCADE, David GERAULT LIMOS, Universit dAuvergne, France September 17th 2015 BRELURUT, LAFOURCADE, GERAULT (LIMOS, France) Security Analysis of Distance Bounding

704 views • 42 slides
EAP Efficient Re-authentication Vidya Narayanan , vidyan@qualcomm.com Lakshminath Dondeti ,

EAP Efficient Re-authentication Vidya Narayanan , vidyan@qualcomm.com Lakshminath Dondeti ,

EAP Efficient Re-authentication Vidya Narayanan , vidyan@qualcomm.com Lakshminath Dondeti , ldondeti@qualcomm.com January 2007 Contents EAP Re-authentication and Fast Re-authentication Requirements for low latency re-authentication

1.05k views • 27 slides
Data Synchronization in Privacy-Preserving RFID Authentication Schemes S ebastien CANARD and

Data Synchronization in Privacy-Preserving RFID Authentication Schemes S ebastien CANARD and

Data Synchronization in Privacy-Preserving RFID Authentication Schemes S ebastien CANARD and Iwen COISEL Orange Labs R&D - Caen - France RFIDSec 08 - 10 th July 2008 Outline 1 General Context 2 A synchronization problem 3 A

714 views • 33 slides
Reliable and Efficient RFID Networks Jue Wang with Haitham Hassanieh, Dina Katabi, Piotr Indyk

Reliable and Efficient RFID Networks Jue Wang with Haitham Hassanieh, Dina Katabi, Piotr Indyk

Reliable and Efficient RFID Networks Jue Wang with Haitham Hassanieh, Dina Katabi, Piotr Indyk Machine-Generated Data RFID will be a major source of such traffic In Oil & Gas about 30% annual growth rate In Healthcare $1.3B

1.09k views • 51 slides
RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium April 2011,

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium April 2011,

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium April 2011, Rennes, France Summary RFID Primer. Examples. Capabilities. Particularities. Authentication in RFID. Theory. Practical

934 views • 64 slides
Wireless Security CSE497b - Spring 2007 Introduction Computer and Network Security Professor

Wireless Security CSE497b - Spring 2007 Introduction Computer and Network Security Professor

Wireless Security CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger At the mall ... 2

526 views • 21 slides
Analytic Hierarchy Process (AHP) Tutorial This tutorial presents a (fabricated) working example to

Analytic Hierarchy Process (AHP) Tutorial This tutorial presents a (fabricated) working example to

Analytic Hierarchy Process (AHP) Tutorial This tutorial presents a (fabricated) working example to reinforce an understanding of the AHP prioritization technique. Situation Description: We are analysts at Blodgers Communications . We are

653 views • 3 slides
GS1 System Thomas Bikeev B2B Group Manager, GS1 Oasis Adoption Forum, London 17 October 2005

GS1 System Thomas Bikeev B2B Group Manager, GS1 Oasis Adoption Forum, London 17 October 2005

GS1 System Thomas Bikeev B2B Group Manager, GS1 Oasis Adoption Forum, London 17 October 2005 GS1 GS1 is a global organization dedicated to the design and implementation of global standards, technologies and solutions to improve the

518 views • 9 slides
ETSI Perspective on IoT collaboration with Patrick Guillemin ETSI Secretariat, Strategy and New

ETSI Perspective on IoT collaboration with Patrick Guillemin ETSI Secretariat, Strategy and New

World Class Standards ETSI Perspective on IoT collaboration with Patrick Guillemin ETSI Secretariat, Strategy and New Initiatives IoT European Research Cluster (IERC) Standardisation Coordinator C oordination a nd S upport A ction for G lobal R

1.48k views • 24 slides
Topic 18 Link Prof Peter YK Cheung Dyson School of Design Engineering URL:

Topic 18 Link Prof Peter YK Cheung Dyson School of Design Engineering URL:

Topic 18 Link Prof Peter YK Cheung Dyson School of Design Engineering URL: www.ee.ic.ac.uk/pcheung/teaching/DE1_EE/ E-mail: p.cheung@imperial.ac.uk PYKC 16 June 2020 Topic 18 Slide 1 DE 1.3 - Electronics 1 Linking between analogue and

307 views • 20 slides
Temp mporal Ma Mana nagement gement of of R RFID Da Data Peiya Liu and Fusheng Wang

Temp mporal Ma Mana nagement gement of of R RFID Da Data Peiya Liu and Fusheng Wang

Temp mporal Ma Mana nagement gement of of R RFID Da Data Peiya Liu and Fusheng Wang Integrated Data Systems Department Siemens Corporate Research Princeton, New Jersey 31st International Conference on Very Large Databases August 31,

646 views • 26 slides
Information System Components and Devices 2110213 Information System Organization Natawut

Information System Components and Devices 2110213 Information System Organization Natawut

Information System Components and Devices 2110213 Information System Organization Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University IS Components Natawut Nupairoj, Ph.D. 1 Logical View Feedback Control

169 views • 14 slides
The intelligent container: 80 courses of studies, many of them are bachelor- or master

The intelligent container: 80 courses of studies, many of them are bachelor- or master

RFID Academic Convocation: Smart Containers Slide 1 Slide 2 University of Bremen May, 1 st 06 May, 1 st 06 Reiner Jedermann, Adam Sklorz, Walter Lang, Institute for Microsensors, - Founded in 1971 Actuators and -Systems (IMSAS), University

817 views • 12 slides

More recommend