RFID Privacy Using Spatially Distributed y g p y Shared Secrets - - PowerPoint PPT Presentation

RFID Privacy Using Spatially Distributed y g p y Shared Secrets

Marc Langheinrich Remo Marti Marc Langheinrich

• Inst. for Pervasive Computing

ETH Zurich Remo Marti Ergon Informatik AG Zurich Switzerland Switzerland

11/26/2007 1 RFID Privacy using Spatially Distributed Shared Secrets

Unauthorized RFID Access – Implications

Passport:

Name: John Doe Nationality: USA Visa for: Isreal

Wig

Modell #2342 Material: Polyester Visa for: Isreal

ries

Our focus: Consumer items

els, RSA Laborato

Tiger Tanga:

Manufacturer: Woolworth Washed: 736

k (c) 2006 Ari Jue

Wallet

:Contents: 370 Euro

Viagra:

Manufacturer: Pfitzer

FID‐Man” Artwor

11/26/2007 RFID Privacy using Spatially Distributed Shared Secrets 2

:Contents: 370 Euro Disability Card: #2845 Extra Large Package

Original “RF

Killing Consumer Item RFID Tags

• Dead Tags Tell No Tales“

„Dead Tags Tell No Tales

Permanently deactivate tag at checkout

Hard Kill Hard Kill

Cut tag antenna or „fry“ circuit

Soft Kill

Metro RFID De-Activator

Soft Kill

Needs password to prevent unauthorized killing

Both Approaches Require Consumer Action

Also voids any post-sales benefits (returns, services, …) Also voids any post sales benefits (returns, services, …)

11/26/2007 RFID Privacy using Spatially Distributed Shared Secrets 3

What about small businesses?

Deactivation terminals? Password management?

11/26/2007 RFID Privacy using Spatially Distributed Shared Secrets 4

What about small businesses?

Hypothesis

Consumers Will Forgo Their Privacy if it is Too Much Work to Maintain!

Deactivation terminals? Password management?

11/26/2007 RFID Privacy using Spatially Distributed Shared Secrets 5

Goal: Protecting RFID Readout Without Consumer Effort Goa :

• tect

g eadout t out Co su e

• t

11/26/2007 RFID Privacy using Spatially Distributed Shared Secrets 6

Alternative: Shamir Tags [LaM2007]

An Example for Zero-Managament Privacy Protection An Example for Zero-Managament Privacy Protection

Default: Tags Take Long Time To Read Out

Complicates Tracking & Unauthorized Identification Bitwise release, short range (e.g., one random bit/sec) Intermediate results meaningless, since encrypted Decryption requires all bits being read

f But: Known Tags Can be Directly Identified

Allows owner to use tags without apparent restrictions l l l f b h f Initial partial release of bits enough for instant identification from a limited set of known tags

11/26/2007 RFID Privacy using Spatially Distributed Shared Secrets 7

[LaM2007] Marc Langheinrich, Remo Marti: “Practical Minimalist Cryptography for RFID Privacy.” IEEE Systems Journal, Special Issue on RFID Technology, 1(1), December 2007.

Secret Shares (Shamir 1979)

Polynomial of degree n can be described using at least n+1 points P2 P1 P3

11/26/2007 RFID Privacy using Spatially Distributed Shared Secrets 8

Secret Shares (Shamir 1979)

P2 P1 P3

11/26/2007 RFID Privacy using Spatially Distributed Shared Secrets 9

96 bit EPC C d

011010111…1101 Secret s

96‐bit EPC‐Code 106‐bit Shamir Share

111000011…101101 101101101…110111 101010011…101101 Shares hi 111000011101010001010111010101101010100…1010101110101 Shamir Tag

318‐bit Shamir Tag

10‐bit x‐value 96‐bit y‐value

g P2 P1 P3

11/26/2007 RFID Privacy using Spatially Distributed Shared Secrets 10

96 bit EPC C d

011010111…1101 Secret s

96‐bit EPC‐Code 106‐bit Shamir Share

111000011…101101 101101101…110111 101010011…101101 Shares hi 111000011101010001010111010101101010100…1010101110101 Shamir Tag

318‐bit Shamir Tag

10‐bit x‐value 96‐bit y‐value

g 111000011101010001010111010101101010100…1010101110101 Initial Reply

16‐bit Reply

Instant identification

• f known items

Time

+1 bit

111000011101010001010111010101101010100…1010101110101

+1 bit

• f known items
• sure Over T

+1 bit

111000011101010001010111010101101010100…1010101110101

+1 bit

111000011101010001010111010101101010100…1010101110101

+1 bit

Bit Disclo 111000011101010001010111010101101010100…1010101110101

+1 bit +1 bit

111000011101010001010111010101101010100…1010101110101

Unknown tags will eventually be identified 11/26/2007 RFID Privacy using Spatially Distributed Shared Secrets 11

Shamir tag challenge

Range vs. readability g y

If read range is too long, easy to read long enough Ideal: very short range to force very close readout y g y

11/26/2007 12 RFID Privacy using Spatially Distributed Shared Secrets

Shamir tag challenge

Range vs. readability g y

If read range is too long, easy to read long enough Ideal: very short range to force very close readout y g y

But where is the tag located? But where is the tag located?

Short range: tag hard to find

11/26/2007 13 RFID Privacy using Spatially Distributed Shared Secrets

Goal: make finding the (short range) tag easy

Idea: spread the Shamir shares across the item p

E.g., woven into the garment No single locus of information g

„Super-distributed RFID tag infrastructures“

[Bohn & Mattern 2004] [Bohn & Mattern 2004]

Sweep reader across surface

Effort aries ith spatial distrib tion Effort varies with spatial distribution, # of different Shamir shares, Shamir threshold (shares needed) Shamir threshold (shares needed)

11/26/2007 14 RFID Privacy using Spatially Distributed Shared Secrets

Multi-item identification

Problem: multiple overlapping polynomials p pp g p y

Item?

11/26/2007 15 RFID Privacy using Spatially Distributed Shared Secrets

Multi-item identification

Problem: multiple overlapping polynomials p pp g p y

Item 1 Item 2 Item? Item?

11/26/2007 16 RFID Privacy using Spatially Distributed Shared Secrets

Item 2

Multi-item identification

Problem: multiple overlapping polynomials p pp g p y

Item 1 Item 1 Item?

Unable to differentiate Shamir shares from different items!

Item 2 Item?

11/26/2007 17 RFID Privacy using Spatially Distributed Shared Secrets

Item 2

Separating Shamir polynomials

Use prefix? Makes tags trivial to track! p g Idea: cluster Shamir shares to keep items apart

Allows separation if enough shares have been read Allows separation if enough shares have been read

11/26/2007 RFID Privacy using Spatially Distributed Shared Secrets 18

Separating Shamir polynomials

Use prefix? Makes tags trivial to track! p g Idea: cluster Shamir shares to keep items apart

Allows separation if enough shares have been read Allows separation if enough shares have been read

Lagrange interpolation

11/26/2007 19 RFID Privacy using Spatially Distributed Shared Secrets

Separating Shamir polynomials

Use prefix? Makes tags trivial to track! p g Idea: cluster Shamir shares to keep items apart

Allows separation if enough shares have been read Allows separation if enough shares have been read

Lagrange interpolation

11/26/2007 20 RFID Privacy using Spatially Distributed Shared Secrets

Cluster methods for Shamir shares

Grid‐based Line‐based

• Choose random grid

dimensions and origin

• Select grid subset & use points
• Choose „random“ slope, origin
• Use points within known width
• To detect: begin with random

Select grid subset & use points

• To detect: Substractive

Clustering Algorithm [Chiu‘94]

• To detect: begin with random

point and find line (8 directions)

• Repeat until all points assigned
• Collisions: Detect larger clusters
• Collisions: Line crossings

11/26/2007 RFID Privacy using Spatially Distributed Shared Secrets 21

Evaluation

Unauthorized readout? Instant identification? Traceability of bitwise released Shamir shares?

See [LaM2007] for details on both See [LaM2007] for details on both

Here: how well does item discrimination work? Here: how well does item discrimination work? And: how does clustering affect traceability?

11/26/2007 22 RFID Privacy using Spatially Distributed Shared Secrets

[LaM2007] Marc Langheinrich, Remo Marti: “Practical Minimalist Cryptography for RFID Privacy.” IEEE Systems Journal, Special Issue on RFID Technology, 1(1), December 2007.

Detection rates (item discrimination)

Using simulator, we ran 100 iterations of g

Generate 1-10 items with 400-800 tags each (Shamir threshold of 40-80% of tags) Read 80-100% of all tags Run clustering algorithm & note identification rates

11/26/2007 23 RFID Privacy using Spatially Distributed Shared Secrets

Detection rates (simulation, 1-10 items)

98 00% 100.00% 96.00% 98.00% rate 92.00% 94.00% cluster line etection r 88.00% 90.00% De 86.00% 100% 90% 80% Percentage of Shamir shares read

11/26/2007 RFID Privacy using Spatially Distributed Shared Secrets 24

Percentage of Shamir shares read

Detection rates (simulation, 1-20 items)

98 00% 100.00% rate 96.00% 98.00% etection r 92.00% 94.00% cluster line De 88.00% 90.00% Percentage of Shamir shares read 86.00% 100% 90% 80%

11/26/2007 RFID Privacy using Spatially Distributed Shared Secrets 25

Percentage of Shamir shares read

Traceability (qualitative)

„Short“ readouts do not make clusters visible

Example below: ~45 shares, 15 items, ~800 shares each

Large p x n“ space facilitates grid-based tracing Large „p x n space facilitates grid based tracing

The „emptier“ the space, the easier grid to spot Line-based method more robust Line based method more robust

11/26/2007 26 RFID Privacy using Spatially Distributed Shared Secrets

Summary

Spatially distributed Shamir shares

Extension to Shamir Tag [LaM2007] Allows limiting read ranges while remaining readable

Spreading Shamir shares across many RFID tags

Requires novel item discrimination methods

Cluster-based and line-based item discrimination

Preserve basic Shamir Tag protection Provide item-discrimination of up to 95-98% (10 items)

Early work, requires refinements, experiments

11/26/2007 27 RFID Privacy using Spatially Distributed Shared Secrets