rfid security and privacy
play

RFID Security and Privacy Gildas Avoine Information Security Group - PowerPoint PPT Presentation

Nov 02, 2022 •276 likes •934 views

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium April 2011, Rennes, France Summary RFID Primer. Examples. Capabilities. Particularities. Authentication in RFID. Theory. Practical

  1. RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium April 2011, Rennes, France

  2. Summary � RFID Primer. � Examples. � Capabilities. � Particularities. � Authentication in RFID. � Theory. � Practical Attacks. � Relay Attacks. � Feasibility. � Countermeasures: Distance Bounding Protocols. Gildas Avoine 2 http://sites.uclouvain.be/security/

  3. 3 RFID Primer http://sites.uclouvain.be/security/ Gildas Avoine

  4. RFID Primer Definition � “Radio frequency identification'' (RFID) means the use of electromagnetic radiating waves or reactive field coupling in the radio frequency portion of the spectrum to communicate to or from a tag through a variety of modulation and encoding schemes to uniquely read the identity of a radio frequency tag or other data stored on it.” [European Commission Recommendation, 12.5.2009] Gildas Avoine 4 http://sites.uclouvain.be/security/

  5. RFID Primer Examples: Basic RFID Applications � Supply chain. � Track boxes, palettes, etc. � Eg: EPC Global Inc. � Libraries. Source: www.dclogistics.com � Improve book borrowing procedure and inventory. � Pet identification. � Replace common identification Source: www.rfid-library.com tattoo by electronic one. � Will become mandatory in the EU. Gildas Avoine 5 http://sites.uclouvain.be/security/ Source: www. flickr.com

  6. RFID Primer Examples: Evolved RFID Applications � Building access control. � Automobile ignition keys. � Passports. � Electronic passports since 2004. � Public transportation. � Eg. Brussels, Boston, Paris, London. Gildas Avoine 6 http://sites.uclouvain.be/security/

  7. RFID Primer Capabilities power frequency active ultra-high frequency high frequency communication passive low frequency distance cm dm m no 10 cents UID pwd 50 cents sym 1 KB crypto asym computation euros crypto capabilities 40 KB memory capabilities Gildas Avoine 7 cost http://sites.uclouvain.be/security/

  8. RFID Primer Capabilities power frequency active ultra-high frequency high frequency communication passive low frequency distance cm dm m no 10 cents UID pwd 50 cents sym 1 KB crypto asym computation euros crypto capabilities 40 KB memory capabilities Gildas Avoine 8 cost Supply chain http://sites.uclouvain.be/security/

  9. RFID Primer Capabilities power frequency active ultra-high frequency high frequency communication passive low frequency distance cm dm m no 10 cents UID pwd 50 cents sym 1 KB crypto asym computation euros crypto capabilities 40 KB Access control memory capabilities Gildas Avoine 9 cost Supply chain http://sites.uclouvain.be/security/

  10. RFID Security Specificities � Low-capabilities. � Calculation, Memory, Bandwidth. � Asymmetry. � Wireless. � Easy to skim and eavesdrop. � Answer without holder’s agreement / awareness. � Easier to skim, Attack not detected. � Un-perfect security better than nothing. Gildas Avoine 10 http://sites.uclouvain.be/security/

  11. Security Threat Classification Authentication Information Leakage Malicious Traceability Denial of Service Gildas Avoine 11 http://sites.uclouvain.be/security/

  12. RFID Security and Privacy Keyword Occurrence (since 2002, about 500 scientific papers) authentication 384 privacy 356 EPC 106 hash function 106 authentication protocol 104 mutual authentication 72 smart card 69 HB 58 eavesdropping 53 IDS 53 cloning 51 AES 50 supply chain 50 Gildas Avoine 12 http://sites.uclouvain.be/security/

  13. 13 Authentication in RFID http://sites.uclouvain.be/security/ Gildas Avoine

  14. Authentication and Impersonation � Definition (Authentication). Authentication is any process by which a system verifies the identity of a user who wishes to access it. � Definition (Impersonation). Impersonation is an attach where a fake tag is authenticated as a genuine one. � Examples: � Clone an access control card. � Modify your mass transportation pass. � Create a fake passport. Gildas Avoine 14 http://sites.uclouvain.be/security/

  15. Impersonation Authentication Protocol � Authentication can be done using: � A symmetric cipher, a keyed-hash function, a public-key cipher, a signature scheme, or a devoted authentication protocol. � Example: Challenge-Response Protocol. � ISO 9798-4 defines authentication protocols based on a MAC. Reader n R Tag ID T , E k ( n R , n T ) � We know how to design a secure authentication scheme. Gildas Avoine 15 http://sites.uclouvain.be/security/

  16. Impersonation Weaknesses � Cost of the solution. � Require lightweight algorithms (wired logic). � Implementation issues. � Both sides: readers and tags. � Miss-understanding of the standards. � Architecture of the solution. � Building blocks are not enough: the whole solution must be secure. Gildas Avoine 16 http://sites.uclouvain.be/security/

  17. RFID Primer Looking Inside � Many available solutions are weak. Source : jp.digikey.com Source : www.sirlepaper.com Gildas Avoine 17 http://sites.uclouvain.be/security/

  18. RFID Primer Looking Inside � Many available solutions are weak. Source : jp.digikey.com Source : www.sirlepaper.com Source : lirent.net Gildas Avoine 18 http://sites.uclouvain.be/security/

  19. Examples of Weak Solutions � Navigo Pass. � Security sounds fine, personal data not protected. � Texas Instruments DST. � Broken. 2005. � NXP Mifare Classic. � Broken. 2008. Gildas Avoine 19 http://sites.uclouvain.be/security/

  20. Example: Leakage from the MOBIB Card MOBIB Extractor by G. Avoine, T. Martin, and J.-P. Szikora, 2009 Gildas Avoine 20 http://sites.uclouvain.be/security/

  21. Impersonation � TI: Texas Instruments. � DST: Digital Signature Transponder. � More than 100 million DST modules sold around the world. � Car ignition key (eg. Ford) and payment cards. Gildas Avoine 21 http://sites.uclouvain.be/security/

  22. Impersonation Video: Texas Instrument DST Reader (k) r Tag (k) E k ( r ) Adversary goal: retrieve the secret k in order to make a clone. 1. Query once the car’s key (tag inside). 2. Try all the possible keys k until finding the one that correctly decipher E k ( r ). 3. Steal the car simulating the car’s key. Gildas Avoine 22 http://sites.uclouvain.be/security/

  23. Impersonation Attack on NXP Mifare Classic � Philips Semiconductors (NXP) introduced the Mifare commercial denomination (1994) that includes the Mifare Classic product. � Applications: public transportation, access control, ticketing… � Memory read & write access are protected by some keys. � Several hundreds million Mifare Classic tags sold up to now. � Several attacks in 2008, Hoepman, Garcia, de Koning Gans, et al. reverse-engineered the cipher Crypto1: every Mifare Classic tag broken in a few minutes. Gildas Avoine 23 http://sites.uclouvain.be/security/

  24. 24 Relay Attacks http://sites.uclouvain.be/security/ Gildas Avoine

  25. 25 http://sites.uclouvain.be/security/ Gildas Avoine Impersonation Relay Attacks

  26. 26 http://sites.uclouvain.be/security/ Gildas Avoine Impersonation Relay Attacks

  27. 27 Adv http://sites.uclouvain.be/security/ Gildas Avoine 10’000 km Impersonation Adv Relay Attacks

  28. Impersonation Relay Attacks: Timing � Reader starts a timer when sending a message. � To avoid half-opened connections. � ISO 14443 “Proximity Cards”. � Used in most secure applications. � Default timer is around 4 ms. � Tag can require more time, up to… Gildas Avoine 28 http://sites.uclouvain.be/security/

  29. Impersonation Relay Attacks: Feasibility Radio link over 50 meters (G. Hancke 05). � With some locally-connected ACR122 (A. Laurie 09). � With Nokia cell phones (A. Laurie 10). � Over Internet (libNFC 10). � Gildas Avoine 29 http://sites.uclouvain.be/security/

  30. COUNTERMEASURES

  31. Protocol Aims in General Framework Definition (Authentication) An authentication is a process whereby one party is assured of the identity of a second party involved in a protocol, and that the second has actually participated (i.e. is active at, or immediately prior to, the time evidence is acquired). [Handbook of Crypto] Definition (Distance Checking) A distance checking is a process whereby one party is assured that a given property on its distance to a second party involved in a protocol is satisfied at some point in the protocol. The area where the property is satisfied is called the neighborhood of the verifying party. 2

  32. Protocol Aims in RFID Framework Definition (Distance Bounding) A distance bounding is a process that consists of an authentication combined with a distance-checking, where the considered property is an upper-bound on the distance between the two parties. 3

  33. Protocol Aims in RFID Framework Definition (Distance Bounding) A distance bounding is a process that consists of an authentication combined with a distance-checking, where the considered property is an upper-bound on the distance between the two parties. Distance bounding does not avoid relay attacks. Distance bounding check that the distance property between the verifier and the claimed prover is verified (Proximity check). 3

  34. No Fraud Reader Reader Reader Tag Tag Adversary Tag Adversary 4

  35. Fraud Reader Reader Reader Adversary Adversary Tag Tag Reader Reader Adversary Adversary Tag 5

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium February 2011,

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium February 2011,

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium February 2011, Corua, Spain RFID Primer RFID Primer Definition Radio frequency identification'' (RFID) means the use of electromagnetic radiating waves

729 views • 47 slides
Privacy Challenges in RFID Gildas Avoine Information Security Group Universit e catholique de

Privacy Challenges in RFID Gildas Avoine Information Security Group Universit e catholique de

Privacy Challenges in RFID Gildas Avoine Information Security Group Universit e catholique de Louvain Belgium SUMMARY Background about RFID Privacy: Information Leakage Privacy: Malicious Traceability Is Privacy a Research Challenge?

343 views • 32 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location

Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location

Mobile Networks - Module H2 Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; privacy preserving routing in ad hoc networks; Slides adapted from Security and

909 views • 55 slides
Interaction of RFID Technology and Public Policy Presentation at RFID Privacy Workshop @ MIT

Interaction of RFID Technology and Public Policy Presentation at RFID Privacy Workshop @ MIT

Interaction of RFID Technology and Public Policy Presentation at RFID Privacy Workshop @ MIT 15 TH November 2003 By Rakesh Kumar Wipro Technologies India Privacy Consumers Perspective Privacy can be defined as customers ability to

284 views • 17 slides
RFID Security and Privacy Gildas Avoine, UCL Belgium These slides will be soon available at

RFID Security and Privacy Gildas Avoine, UCL Belgium These slides will be soon available at

RFID Security and Privacy Gildas Avoine, UCL Belgium These slides will be soon available at http://sites.uclouvain.be/security/publications.html Lecturer Presentation Lecturer Presentation: University Prof. Gildas Avoine. Universit

1.12k views • 90 slides
29.09.2007 No Shortage of Public Fears RFID and Privacy The risk [RFID] poses to humanity

29.09.2007 No Shortage of Public Fears RFID and Privacy The risk [RFID] poses to humanity

29.09.2007 No Shortage of Public Fears RFID and Privacy The risk [RFID] poses to humanity is on Marc Langheinrich Institute for Pervasive Computing a par with nuclear weapons. Dr. Katherine Albrecht Katherine Albrecht,

315 views • 4 slides
A New Framework for RFID Privacy Robert H. Deng, Yingjiu Li, Moti Yung, Yunlei Zhao ESORICS 2010

A New Framework for RFID Privacy Robert H. Deng, Yingjiu Li, Moti Yung, Yunlei Zhao ESORICS 2010

A New Framework for RFID Privacy Robert H. Deng, Yingjiu Li, Moti Yung, Yunlei Zhao ESORICS 2010 Outline Introduction. Model of RFID Systems. Adaptive Completeness and Mutual Authentication. zk-Privacy: Formulation, Clarifications

456 views • 35 slides
A Case Against Currently Used Hash Functions in RFID Protocols Workshop on RFID Security 2006

A Case Against Currently Used Hash Functions in RFID Protocols Workshop on RFID Security 2006

VLSI Institute for Applied Information Processing and Communications (IAIK) VLSI & Security A Case Against Currently Used Hash Functions in RFID Protocols Workshop on RFID Security 2006 RFIDSec06 July 13-14, 2006, Graz, Austria

232 views • 21 slides
Formal verification of privacy (for RFID protocols) Stphanie Delaune quipe EMSEC (IRISA),

Formal verification of privacy (for RFID protocols) Stphanie Delaune quipe EMSEC (IRISA),

Formal verification of privacy (for RFID protocols) Stphanie Delaune quipe EMSEC (IRISA), CNRS, France Tuesday, September 13th, 2016 Security protocols everywhere ! Cryptographic protocols small programs designed to secure

923 views • 56 slides
Some Recent Development Some Recent Development in RFID Privacy Models Robert H. Deng School of

Some Recent Development Some Recent Development in RFID Privacy Models Robert H. Deng School of

Some Recent Development Some Recent Development in RFID Privacy Models Robert H. Deng School of Information Systems y Singapore Management University 2010/12/6 1 Introduction RFID tags are low-cost electronic devices, from which

547 views • 17 slides
The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy Ari Juels Ron Rivest

The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy Ari Juels Ron Rivest

The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy Ari Juels Ron Rivest Mike Szydlo MIT CSAIL RSA Laboratories RSA Laboratories What is a R adio- F requency Id entification (RFID) tag? In terms of appearance Chip

678 views • 26 slides
Privacy and RFID Irreconcilable Differences? Marc Langheinrich Institute for Pervasive Computing

Privacy and RFID Irreconcilable Differences? Marc Langheinrich Institute for Pervasive Computing

T Labs Usability Colloquium June 25, 2007 Privacy and RFID Irreconcilable Differences? Marc Langheinrich Institute for Pervasive Computing ETH Zurich, Switzerland C.A.S.P.I.A.N. Consumers against supermarket privacy invasions and

451 views • 25 slides
Designing Low-Cost Untraceable Authentication Protocols for RFID Dave Singele IFIP WG 11.2

Designing Low-Cost Untraceable Authentication Protocols for RFID Dave Singele IFIP WG 11.2

Designing Low-Cost Untraceable Authentication Protocols for RFID Dave Singele IFIP WG 11.2 Seminar Istanbul June 07, 2010 Outline of the talk n Introduction n RFID authentication protocols n Security requirements n Privacy requirements n

344 views • 31 slides
RFID Technologies: Emerging Issues, Challenges, Policy Options A study by TNO and Telecom Italia

RFID Technologies: Emerging Issues, Challenges, Policy Options A study by TNO and Telecom Italia

RFID Technologies: Emerging Issues, Challenges, Policy Options A study by TNO and Telecom Italia for IPTS IFIP/FIDIS Summerschool Karlstad - 2007 Overview RFID Technologies RFID Markets RFID Privacy issues Conclusions 2

734 views • 19 slides
Smartcards and RFID Security in Organisations Erik Poll Digital Security University of Nijmegen

Smartcards and RFID Security in Organisations Erik Poll Digital Security University of Nijmegen

Smartcards and RFID Security in Organisations Erik Poll Digital Security University of Nijmegen 1 Goals of today What are smartcards and RFID tags? what can they do? what security can they provide? and what are the limits here?

1.17k views • 80 slides
Reducing Latency for Linux Transport Per Hurtig Karlstad University Andreas Petlund Simula

Reducing Latency for Linux Transport Per Hurtig Karlstad University Andreas Petlund Simula

Reducing Latency for Linux Transport Per Hurtig Karlstad University Andreas Petlund Simula Research Laboratory Dublin 06.10.2015 RITE Reducing Internet Transport Latency Reducing Internet Transport Latency The EU-project RITE : Partners

656 views • 42 slides
XCPs Performance in the Presence of Malicious Flows Dina Katabi dk@mit.edu How does XCP

XCPs Performance in the Presence of Malicious Flows Dina Katabi dk@mit.edu How does XCP

XCPs Performance in the Presence of Malicious Flows Dina Katabi dk@mit.edu How does XCP Work? Round Trip Time Round Trip Time Throughput Throughput Feedback Feedback = Feedback + 0.5 packet/sec Congestion Header How does XCP Work?

548 views • 12 slides
0-RTT Key Establishment with Full Forward Secrecy Felix Gnther 1 Britta Hale 2 Tibor Jager 3

0-RTT Key Establishment with Full Forward Secrecy Felix Gnther 1 Britta Hale 2 Tibor Jager 3

0-RTT Key Establishment with Full Forward Secrecy Felix Gnther 1 Britta Hale 2 Tibor Jager 3 Sebastian Lauer 4 1 Technischen Universitt Darmstadt 2 NTNU Norwegian University of Science and Technology 3 Paderborn University 4 Ruhr-Universitt

702 views • 51 slides
Is the Round- -trip Time trip Time Is the Round Correlated with the Number of Correlated with

Is the Round- -trip Time trip Time Is the Round Correlated with the Number of Correlated with

Is the Round- -trip Time trip Time Is the Round Correlated with the Number of Correlated with the Number of Packets in Flight? Packets in Flight? Authors : Authors Saad Biaz Nitin H. Vaidya biazsaad@auburn.edu nhv@uiuc.edu Auburn

438 views • 12 slides
Transport layer Terminology Terminology: bandwidth (1/2) Mirriam-Webster online (

Transport layer Terminology Terminology: bandwidth (1/2) Mirriam-Webster online (

IN2140: Introduction to Operating Systems and Data Communication Transport layer Terminology Terminology: bandwidth (1/2) Mirriam-Webster online ( http://www.m-w.com ): Traditional, real definition! Main Entry: band*width,

460 views • 9 slides
Its Time for Low Latency Steve Rumble , Diego Ongaro, Ryan Stutsman, Mendel Rosenblum, John

Its Time for Low Latency Steve Rumble , Diego Ongaro, Ryan Stutsman, Mendel Rosenblum, John

Its Time for Low Latency Steve Rumble , Diego Ongaro, Ryan Stutsman, Mendel Rosenblum, John Ousterhout Stanford University 1 Future Web Applications Need Low Latency They will access more bytes of data Bandwidth problem

109 views • 7 slides
HighSpeed TCP and Quick-Start for Fast Long-Distance Networks: * Workshop on Protocols for Fast

HighSpeed TCP and Quick-Start for Fast Long-Distance Networks: * Workshop on Protocols for Fast

HighSpeed TCP and Quick-Start for Fast Long-Distance Networks: * Workshop on Protocols for Fast Long-Distance Networks CERN, Geneva, Switzerland February 3-4, 2003 1 Topics: * HighSpeed TCP . URL: http://www.icir.org/floyd/hstcp.html

953 views • 29 slides
Some Modeling and Estimation Issues in Control of Heterogenous Networks Krister Jacobsson, Niels

Some Modeling and Estimation Issues in Control of Heterogenous Networks Krister Jacobsson, Niels

Some Modeling and Estimation Issues in Control of Heterogenous Networks Krister Jacobsson, Niels Mller, Karl Henrik Johansson and Hkan Hjalmarsson Department of Signals, Sensors and Systems, KTH Automatic Control 1 Overview Focus of our

693 views • 11 slides

More recommend