designing low cost untraceable authentication protocols
play

Designing Low-Cost Untraceable Authentication Protocols for RFID - PowerPoint PPT Presentation

Nov 06, 2023 •34 likes •344 views

Designing Low-Cost Untraceable Authentication Protocols for RFID Dave Singele IFIP WG 11.2 Seminar Istanbul June 07, 2010 Outline of the talk n Introduction n RFID authentication protocols n Security requirements n Privacy requirements n

  1. Designing Low-Cost Untraceable Authentication Protocols for RFID Dave Singelée IFIP WG 11.2 Seminar Istanbul June 07, 2010

  2. Outline of the talk n Introduction n RFID authentication protocols n Security requirements n Privacy requirements n Implementation requirements n ECC-based RFID authentication protocols n Design challenges n Conclusion

  3. RFID technology n Radio Frequency Identification n RFID setup n Back-end server n Reader n Tag

  4. Online vs offline scenario n Online n Offline

  5. RFID tags Various types of tags n Passive tag 1. Battery assisted (BAP) 2. Active tag with onboard power source 3.

  6. RFID authentication protocols n Tag proves its identity n Challenge-response protocol Reader Tag Challenge Response

  7. Requirements n Security n Entity authentication n Privacy n Untraceability n Implementation issues n Scalability n Low-cost

  8. RFID security problems (I) n Impersonation attacks n Genuine readers n Malicious tags = > Tag-to-server authentication

  9. RFID security problems (II) n Eavesdropping n Replay attacks n Man-in-the-middle attacks n Cloning n Side-channel attacks n …

  10. RFID privacy problems (I) n RFID Privacy problem n Malicious readers n Genuine tags = > Untraceability

  11. RFID privacy problems (II) n Anonymity n The (fixed) identity of a tag must be impossible to determine n Untraceability n Inequality of two tags: the (in)equality of two tags must be impossible to determine n Untraceability > anonymity

  12. RFID privacy problems (III) n Theoretical framework n Vaudenay [ASIACRYPT ‘07]: n 8 privacy classes Weak Forward Destructive Strong Narrow X X X X X X X X Wide n Public-key cryptography needed to achieve certain privacy properties!!!

  13. Implementation issues n Scalability n Low-cost implementation n Memory n Gate area n Lightweight n Efficient = > Depends on cryptographic building blocks used in the protocol

  14. Implementation cost Symmetric encryption n AES: 3-4 kgates n Cryptographic hash function n SHA-3: 10 – 30 kgates ) n [ECRYPT II: SHA-3 Zoo] Public-key encryption n Elliptic Curve Cryptography (ECC): 11-15 kgates n = > Public key cryptography is suitable for RFI D

  15. ECC-based RFID authentication protocols n Rely exclusively on ECC !!! n Security requirements n Privacy requirements n Implementation requirements n Schnorr protocol n Randomized Schnorr n ID-transfer scheme n …

  16. ID-transfer scheme [WISEC 2010] Tag: x 1 , Y= yP Server: y, X = x 1 P ∈ ← r , T r P ¢ T 1 t1 1 t1 r rs ∈ ¢ s 1 1 g ← + T 2 T ( r r x Y ) s 1 2 1 1 t g − − − = 1 1 ( y T T )( r ) x P s 1 2 1 1

  17. Design challenges (I) n Readers share same private key y n Online scenario: OK n Offline scenario: n NOT OK n 1 compromised reader = > no privacy n How to solve the problem n Give unique private key to each reader? n Key updates / revocation / ... ??

  18. Design challenges (II) n ECC-based RFID protocols in literature n Narrow-strong: OK n Wide-weak: NOT OK n Man-in-the-middle attacks n Insider attacks ⇒ Increase privacy protection ⇒ Low cost solutions

  19. Design challenges (III) n Secure and privacy-preserving extensions of basic RFID authentication protocols n Search protocol n Grouping proofs n ... n Physical layer security n Distance bounding n Physical layer fingerprints n ...

  20. Design challenges (IV) n Improve efficiency n Lower # EC point multiplications n Decrease communication cost n ... n Further improve ECC hardware architecture n Area n Speed n Power consumption

  21. Conclusion n Security & privacy in RFID networks n Need for public-key based RFID authentication protocols n ECC is feasible on RFID n Designing protocol is challenging task n Various open research problems

  22. Questions?? Dave.Singelee@esat.kuleuven.be

  23. EXTRA SLIDES

  24. ECC hardware architecture

  25. Performance results Circuit Area (Gate Eq.) 14,566 Cycles for EC point multiplication 59,790 Frequency 700 KHz Power 13.8 µW Energy for EC point multiplication 1.18 µJ

  26. Schnorr protocol [CRYPTO ‘89] Server: X = -xP Tag: x ∈ ← r , R r P ¢ R 1 1 1 1 r ∈ ¢ r 2 2 ← + v v xr r + = 2 1 vP r X R 2 1

  27. Schnorr protocol (II) n Security: OK n Privacy: vulnerable to tracking attacks − = ⋅ − 1 ( X r R vP ) 2 1

  28. Randomized Schnorr [CANS ‘08] Server: y, X = xP Tag: x, Y = yP ∈ ¢ r , r 2 t1 t T 1 , T 2 ← ← T r P , T r Y 1 t1 2 t2 rs ∈ ¢ r s 1 1 ← + + v v r r xr − − ⋅ − − = t 1 t 2 s 1 1 1 r ( vP T y T ) X 1 1 2 s

  29. Randomized Schnorr (II) n Security: OK n Privacy n Narrow-strong n Not wide-weak: vulnerable to man-in-the- middle attack n Combine data from old protocol run with current protocol instance n Server accepts = > same tag = > Traceability

  30. Randomized Schnorr (III)

  31. ID-transfer scheme (protocol 1)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest mechanisms called challenge-response entity authentication exchange cleartext bitstrings directly, i.e., no cryptographic primitives are used A PUF

1.08k views • 38 slides
HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been proposed for applications including: Encryption and authentication For detecting malicious alterations of design components For

645 views • 15 slides
Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Authentication Establish and verify identity allow access to resources Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as otherwise noted, the content of this presentation is licensed under the

228 views • 10 slides
Simple Authentication Protocols Prof. Tom Austin San Jos State University What is a

Simple Authentication Protocols Prof. Tom Austin San Jos State University What is a

CS 166: Information Security Simple Authentication Protocols Prof. Tom Austin San Jos State University What is a Protocol? Rules for interaction, which can include: Human protocols e.g. raise your hand to ask a question

795 views • 76 slides
Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of

Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of

Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 17th February 2011 Outline Introduction Shared-key Authentication Asymmetric authentication protocols Key exchange protocols Combined

989 views • 73 slides
1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

Authentication Protocols Guevara Noubir College of Computer and Information Science Northeastern University noubir@ccs.neu.edu Outline Overview of Authentication Systems [Chapter 9] Authentication of People [Chapter 10]

396 views • 17 slides
WPA and RSN Authentication Protocols Sean Kugele CS 6204, Spring 2005 1 Motivation

WPA and RSN Authentication Protocols Sean Kugele CS 6204, Spring 2005 1 Motivation

WPA and RSN Authentication Protocols Sean Kugele CS 6204, Spring 2005 1 Motivation Weaknesses in the WEP protocol 1. No protection against message tampering 2. Incorrect usage of an encryption algorithm 3. Replayable authentication

519 views • 24 slides
Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution 2.5 License. Page 1 Page 1 Authentication

799 views • 59 slides
A Syntactic Criterion for Injectivity of Authentication Protocols Cas Cremers joint work with

A Syntactic Criterion for Injectivity of Authentication Protocols Cas Cremers joint work with

A Syntactic Criterion for Injectivity of Authentication Protocols Cas Cremers joint work with Sjouke Mauw and Erik de Vink ccremers@win.tue.nl Cas Cremers, July 15, 2005 A Syntactic Criterion for Injectivity of Authentication Protocols - p.

391 views • 36 slides
Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim

Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim

Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim Lyubashevsky, Christof Paar, Krzysztof Pietrzak Authentication Protocols Prover Verifier HB-style authentication shared AES key K protocols

563 views • 22 slides
Authentication Protocols Guevara Noubir College of Computer and Information Science Northeastern

Authentication Protocols Guevara Noubir College of Computer and Information Science Northeastern

Authentication Protocols Guevara Noubir College of Computer and Information Science Northeastern University noubir@ccs.neu.edu Outline Overview of Authentication Systems [Chapter 9] Authentication of People [Chapter 10]

809 views • 49 slides
Cryptographic Protocols: Making the Network Secured Debdeep Mukhopadhyay IIT Kharagpur

Cryptographic Protocols: Making the Network Secured Debdeep Mukhopadhyay IIT Kharagpur

Cryptographic Protocols: Making the Network Secured Debdeep Mukhopadhyay IIT Kharagpur Protocols Key Agreement Authentication: Group Authentication Key Agreement and Authentication Key Agreement and authentication with key

411 views • 9 slides
Security II: Web authentication Such text-based protocols can be demonstrated via generic TCP

Security II: Web authentication Such text-based protocols can be demonstrated via generic TCP

Hyper Text Transfer Protocol (HTTP) version 0.9 With HTTP, a client (web browser) contacts a server on TCP port 80, sends a request line and receives a response file. Security II: Web authentication Such text-based protocols can be

383 views • 7 slides
Designing a Cost-Effectiveness Analysis All aspects of the interventions that may affect their

Designing a Cost-Effectiveness Analysis All aspects of the interventions that may affect their

Designing CEAs Doug Owens, MD, MSc Recommendations of the Second Panel on Cost-Effectiveness in Health and Medicine Designing a Cost-Effectiveness Analysis All aspects of the interventions that may affect their cost or effectiveness

540 views • 16 slides
Getting web authentication right Joseph Bonneau jcb82@cl.cam.ac.uk Security Protocols Workshop

Getting web authentication right Joseph Bonneau jcb82@cl.cam.ac.uk Security Protocols Workshop

Getting web authentication right Joseph Bonneau jcb82@cl.cam.ac.uk Security Protocols Workshop March 28, 2011 J. Bonneau (U. of Cambridge) Getting web authentication right March 28, 2011 1 / 14 A parable of obsolescent technology Credit:

256 views • 22 slides
Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over

Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over

Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over an untrusted channel (eg. Internet) 2 Security Protocols are out there Authentication Confidentiality Example: HTTPS (HTTP + TLS)

669 views • 42 slides
Retwork: Exploring Reader Network with a COTS RFID System Jia Liu, Xingyu Chen, Shigang Chen, Wei

Retwork: Exploring Reader Network with a COTS RFID System Jia Liu, Xingyu Chen, Shigang Chen, Wei

Retwork: Exploring Reader Network with a COTS RFID System Jia Liu, Xingyu Chen, Shigang Chen, Wei Wang, Dong Jiang, Lijun Chen 01 Background 02 System design 03 Evaluation 04 Conclusion What is RFID? 01 Background RFID System Antenna

567 views • 34 slides
Cryptography in Radio Frequency Identification and Fair Exchange Protocols Gildas Avoine EPFL,

Cryptography in Radio Frequency Identification and Fair Exchange Protocols Gildas Avoine EPFL,

PhD Private Defense, November 23rd, 2005 Cryptography in Radio Frequency Identification and Fair Exchange Protocols Gildas Avoine EPFL, Lausanne, Switzerland COLE POLYTECHNIQUE FDRALE DE LAUSANNE Presentation Outline Fair Exchange

602 views • 46 slides
Privacy Challenges in RFID Gildas Avoine Information Security Group Universit e catholique de

Privacy Challenges in RFID Gildas Avoine Information Security Group Universit e catholique de

Privacy Challenges in RFID Gildas Avoine Information Security Group Universit e catholique de Louvain Belgium SUMMARY Background about RFID Privacy: Information Leakage Privacy: Malicious Traceability Is Privacy a Research Challenge?

343 views • 32 slides
18-759: Wireless Networks L ecture 29: RFID Peter Steenkiste CS and ECE, Carnegie Mellon

18-759: Wireless Networks L ecture 29: RFID Peter Steenkiste CS and ECE, Carnegie Mellon

18-759: Wireless Networks L ecture 29: RFID Peter Steenkiste CS and ECE, Carnegie Mellon University Peking University, Summer 2016 1 Peter A. Steenkiste, CMU What is RFID ? Radio Frequency IDentification (RFID) is a method of remotely

572 views • 11 slides
Privacy Challenges in RFID-Systems Marc Langheinrich ETH Zurich, Switzerland

Privacy Challenges in RFID-Systems Marc Langheinrich ETH Zurich, Switzerland

Privacy Challenges in RFID-Systems Marc Langheinrich ETH Zurich, Switzerland http://www.inf.ethz.ch/~langhein/ joint work with Chris Floerkemeier and Roland Schneider The Ubicomp Vision DIMACS WUPSS The most profound technologies are

177 views • 17 slides
An elliptic curve and zero knowledge based forward secure RFID Protocol S. Mart nez, M.

An elliptic curve and zero knowledge based forward secure RFID Protocol S. Mart nez, M.

An elliptic curve and zero knowledge based forward secure RFID Protocol S. Mart nez, M. Valls, C. Roig, F. Gin e and J.M. Miret Escola Polit` ecnica Superior. Universitat de Lleida. { santi,magda,roig,sisco,miret } @eps.udl.es

417 views • 12 slides
MIS 2101/2901 Exam 3 Review Michelle Purnama Diamond Peer 2 Exam Format 25 Multiple Choice

MIS 2101/2901 Exam 3 Review Michelle Purnama Diamond Peer 2 Exam Format 25 Multiple Choice

MIS 2101/2901 Exam 3 Review Michelle Purnama Diamond Peer 2 Exam Format 25 Multiple Choice Questions 5 from assigned readings 10 from assigned videos & lectures 10 from Mini-Case Topics: SCM, CRM, Platforms, Cloud Computing,

646 views • 33 slides
En Enterpris erprise e In Info format rmation ion Sys ystems ems Umbe mberto to Nan

En Enterpris erprise e In Info format rmation ion Sys ystems ems Umbe mberto to Nan

D IPARTIMENTO DI I NGEGNERIA INFORMATICA AUTOMATICA E GESTIONALE A NTONIO R UBERTI Master Degree Programme in Management gement Engin ineer erin ing En Enterpris erprise e In Info format rmation ion Sys ystems ems Umbe mberto to

379 views • 36 slides

More recommend