rfid security
play

RFID Security Gildas Avoine UCL, Louvain-la-Neuve, Belgium - PowerPoint PPT Presentation

Aug 20, 2023 •324 likes •1.28k views

Ecole Internationale de Printemps Syst` emes R epartis : METIS2008 RFID Security Gildas Avoine UCL, Louvain-la-Neuve, Belgium Department of Computing Science and Engineering RFID Security gildas.avoine@uclouvain.be Introduction Outline

  1. Ecole Internationale de Printemps Syst` emes R´ epartis : METIS2008 RFID Security Gildas Avoine UCL, Louvain-la-Neuve, Belgium Department of Computing Science and Engineering RFID Security gildas.avoine@uclouvain.be

  2. Introduction Outline of this Talk Part 1: RFID primer Part 2: Security threats in RFID systems Part 3: Ensuring Privacy RFID Security gildas.avoine@uclouvain.be

  3. Part 1: RFID Primer RFID Security gildas.avoine@uclouvain.be

  4. Outline 1 First Step 2 Daily Life Examples 3 Tags Characteristics 4 Identification and Authentication Protocols RFID Security gildas.avoine@uclouvain.be

  5. First Step RFID Security gildas.avoine@uclouvain.be

  6. Definition Radio Frequency IDentification (RFID) is a method of storing and remotely retrieving data (typically an identifier) using devices called RFID tags or transponders. An RFID tag is a small object that can be attached to or incorpo- rated into a product, animal, or person. RFID tags contain antennas to enable them to receive and respond to radio-frequency queries from an RFID transceiver. RFID Security gildas.avoine@uclouvain.be

  7. Architecture and Definitions Infrastructure Identifier Request − − − − − − − − − − − − − − − − − → Unique Identifier ← − − − − − − − − − − − − − − − − − Data Request (+ Auth) − − − − − − − − − − − − − − − − − → Data (Encrypted) ← − − − − − − − − − − − − − − − − − RFID Security gildas.avoine@uclouvain.be

  8. History RFID exists since the forties (IFF, Russian spy). Commercial RFID applications appeared in the early eigthies. Boom which RFID technology is enjoying today relies on the willingness to develop small and cheap RFID tags. Auto-ID Center created in 1999 at the MIT. (EPC code) RFID Security gildas.avoine@uclouvain.be

  9. Daily Life Examples RFID Security gildas.avoine@uclouvain.be

  10. Daily Life Examples Applications Management of stocks (Wal-Mart, US DoD, etc.) Libraries (Santa Clara Library, etc.) Pets identification Anti-counterfeiting (luxury articles, etc.) Sensor networks (Michelin’s tyres, etc.) Acess control (Building, ⋆ Famous Baja Beach Club, etc.) Automobile ignition keys (TI DST Module, etc.) Localization of people ⋆ (Amusement parks, etc.) Electronic documents (IDs, Passports, etc.) Public transportation (Paris, Boston, etc.) RFID Security gildas.avoine@uclouvain.be

  11. Quelques formats de tags RFID Security gildas.avoine@uclouvain.be

  12. Daily Life Examples Readers RFID Security gildas.avoine@uclouvain.be

  13. Tags Characteristics RFID Security gildas.avoine@uclouvain.be

  14. Tag Characteristics tamper−resistance communication distance yes memory meters centim. no 4 2 0 1 8 2 1 computation c r i c o r t i x e r t m e m m m 0 . 2 y $ 0 s y s a EPC Gen2 e v 0 8 i 0 . s $ s a p H z G 4 2 . e v i power source s s a p − e 3 i $ m v i H z e t M c 0 s a 0 9 9 3 6 1 5 O S I Eg. Logistics cost H z M 5 6 3 . 3 1 4 4 4 Eg. Access Control 1 O I S z H K 3 5 1 − 2 4 standard 1 frequency RFID Security gildas.avoine@uclouvain.be

  15. Tags Characteristics Communication Model application presentation application application session transport transport network internet communication data link physical physical physical OSI TCP / IP RFID RFID Security gildas.avoine@uclouvain.be

  16. Tags Characteristics Standards ISO International Organization for Standardization ( www.iso.org ) EPC Electronic Product Code ( http://www.epcglobalinc.org/ ) RFID Security gildas.avoine@uclouvain.be

  17. Tags Characteristics ISO Standards Generalities There exist numerous ISO standards on contactless identification 18046 11785 17365 17364 11785 10536 15418 10374 11784 15434 15693 14443 17366 18000 15962 18047 15961 19789 17358 24710 15459 15963 17367 18185 117363 24721 19762 RFID Security gildas.avoine@uclouvain.be

  18. Tags Characteristics About EPCglobal “The EPCglobal Network TM was developed by the Auto-ID Centre, a global research team directed through the Massachusetts Institute of Technology with labs around the world.” “Our mission is to make organizations more effective by enabling true visibility of information about items in the supply chain. To that end, EPCglobal develops and oversees standards (...)” “EPCglobal is a neutral, consensus-based, not-for-profit standards organisation.” RFID Security gildas.avoine@uclouvain.be

  19. Tags Characteristics EPCglobal Specifications 900 MHz Class-0 13.56 MHz ISM Band Class-1 860MHz – 930 MHz Class-1 Class-1 Generation-2 UHF (RFID Conformance Requirements) EPCglobal Architecture Framework Version 1.0 EPC Tag Data Standard Version 1.1 rev 1.27 Class-1 Generation 2 UHF Standard Version 1.0.9 Class-1 Gen 2 EPC Standard is now part of ISO 18000-6 Standard RFID Security gildas.avoine@uclouvain.be

  20. Identification and Authentication Protocols RFID Security gildas.avoine@uclouvain.be

  21. RFID Goal WHY do I want to use RFID? What should be the primary GOAL of the protocol? RFID Security gildas.avoine@uclouvain.be

  22. Protocols Identification vs Authentication 2/ Management of stocks (Wal-Mart, US DoD, etc.) Libraries (Santa Clara Library, etc.) Pets identification Anti-counterfeiting (luxury articles, etc.) Sensor networks (Michelin’s tyres, etc.) Access control (Famous Baja Beach Club, etc.) Automobile ignition keys (Texas Instruments, etc.) Localization of people (Amusement parks, etc.) Electronic documents (Passports, etc.) Transport Ticketing (Metro in Paris, etc.) Counting cattle Faciliting sorting of recyclable material RFID Security gildas.avoine@uclouvain.be

  23. Authentication vs Identification Identification: Get Identity of remote party. Authentication: Get Identity + Proof of remote party RFID Security gildas.avoine@uclouvain.be

  24. Classification of the Applications RFID Security gildas.avoine@uclouvain.be

  25. Part 2: Security Threats in RFID Systems RFID Security gildas.avoine@uclouvain.be

  26. Outline Classification of the threats Analysis of the threats Relationship between threats and communication model RFID Security gildas.avoine@uclouvain.be

  27. Classification RFID Security gildas.avoine@uclouvain.be

  28. Classification Impersonation Information Leakage Malicious Traceability Denial of Service RFID Security gildas.avoine@uclouvain.be

  29. Impersonation RFID Security gildas.avoine@uclouvain.be

  30. Impersonation Definition Definition (resistance to impersontation) The probability is negligible that any adversary distinct from the tag, carrying out the protocol playing the role of the tag, can cause the reader to complete and accept the tag’s identity. Speaking about impersonation when dealing with identification does not make sense Impersonation is related to authentication. RFID Security gildas.avoine@uclouvain.be

  31. Impersonation Reader Tag r − − − − − − − − − − − − − − − − − → ID ID, E K ( r ) ← − − − − − − − − − − − − − − − − − Danger: lightweight protocols and algorithms (wired logic instead of microprocessor), problem of key management, tags are not fully tamper-resistant, etc. Do not cut the prices by using weak algorithms or weak keys. R read the standards, hire good engineers and programmers. RFID Security gildas.avoine@uclouvain.be

  32. Impersonation MIT Authentication System (MIT) Theory vs Real Life: authentication is sometimes done using an identification protocol! Example: The RFID-based MIT ID Card. RFID Security gildas.avoine@uclouvain.be

  33. Impersonation KeeLoq Attack (KUL, Technion, Hebrew Inst.) � Inc., KeeLoq: Car locks and alarms, sold by Microchip R used by Chrysler, Daewoo, Honda, BMW, Jaguar, Fiat, GM, Volvo,... Attack with 2 44 . 5 crypt. op. (secure at least 2 80 , recom. 2 128 ). Two days on 50 Dual Core machines. The poor design allows to recover the master key. RFID Security gildas.avoine@uclouvain.be

  34. Impersonation Texas Instrument (RSA Labs & Johns Hopkins) Attack against the Digital Signature Transponder manufactured by Texas Instrument, used in automobile ignition keys (there exist more than 130 millions such keys). Car Key (RFID) r E (r) k Cipher (proprietary) uses 40-bit keys: recovering a key takes less than 1 minute using a time-memory trade-offs. RFID Security gildas.avoine@uclouvain.be

  35. Mifare Classic 1/ Cards Readers Controllers Back-end RFID Security gildas.avoine@uclouvain.be

  36. Mifare Classic 2/ Each card shares a key with the reader. The encryption algorithm – Crypto 1 – is not public. The authentication protocol is neither public. Crypto1 uses 48 bit keys. RFID Security gildas.avoine@uclouvain.be

  37. Mifare Classic 3/ ID , r 1 Tag Reader − − − − − − − − − − − − − − − − − → E k ( r 1 ) ← − − − − − − − − − − − − − − − − − E k ( data ) − − − − − − − − − − − − − − − − − → RFID Security gildas.avoine@uclouvain.be

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium February 2011,

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium February 2011,

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium February 2011, Corua, Spain RFID Primer RFID Primer Definition Radio frequency identification'' (RFID) means the use of electromagnetic radiating waves

729 views • 47 slides
RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium April 2011,

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium April 2011,

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium April 2011, Rennes, France Summary RFID Primer. Examples. Capabilities. Particularities. Authentication in RFID. Theory. Practical

934 views • 64 slides
A Case Against Currently Used Hash Functions in RFID Protocols Workshop on RFID Security 2006

A Case Against Currently Used Hash Functions in RFID Protocols Workshop on RFID Security 2006

VLSI Institute for Applied Information Processing and Communications (IAIK) VLSI & Security A Case Against Currently Used Hash Functions in RFID Protocols Workshop on RFID Security 2006 RFIDSec06 July 13-14, 2006, Graz, Austria

232 views • 21 slides
Smartcards and RFID Security in Organisations Erik Poll Digital Security University of Nijmegen

Smartcards and RFID Security in Organisations Erik Poll Digital Security University of Nijmegen

Smartcards and RFID Security in Organisations Erik Poll Digital Security University of Nijmegen 1 Goals of today What are smartcards and RFID tags? what can they do? what security can they provide? and what are the limits here?

1.17k views • 80 slides
The Future Security Challenges in RFID Gildas Avoine, UCL Belgium Workshop in Information

The Future Security Challenges in RFID Gildas Avoine, UCL Belgium Workshop in Information

The Future Security Challenges in RFID Gildas Avoine, UCL Belgium Workshop in Information Security Theory and Practices 1 4 September 2009, Brussels, Belgium Summary A brief reminder about RFID. Description of the threats, state of

880 views • 41 slides
Atlanta, USA 1. TSA worldwide RFID Trial History 2. ASTREC research effort in RFID 3. Inflight

Atlanta, USA 1. TSA worldwide RFID Trial History 2. ASTREC research effort in RFID 3. Inflight

March 2, 2014 Monte Jade's RFID Seminar Atlanta, USA 1. TSA worldwide RFID Trial History 2. ASTREC research effort in RFID 3. Inflight RFID 4. Current Airport RFID Deployments 5. Atlanta International Airport Activity with IATA RFID

912 views • 35 slides
Persistent Security for RFID Mike Burmester and Breno de Medeiros Computer Science Department

Persistent Security for RFID Mike Burmester and Breno de Medeiros Computer Science Department

Persistent Security for RFID Mike Burmester and Breno de Medeiros Computer Science Department Florida State University Tallahassee, FL 32306 { burmeste,breno } cs.fsu.edu Abstract. Low-cost RFID tags are being deployed to support smart

513 views • 12 slides
The Future Security Challenges in RFID Gildas Avoine, UCL Belgium Third International Workshop on

The Future Security Challenges in RFID Gildas Avoine, UCL Belgium Third International Workshop on

The Future Security Challenges in RFID Gildas Avoine, UCL Belgium Third International Workshop on RFID Technology Concepts, Applications, Challenges in the Eleventh International Conference on Enterprise Information Systems 6 10 May

552 views • 37 slides
IntelliSense RFID RFID PLATFORM WITH SENSORS INTEGRATION CAPABILITIES One Global Sensing

IntelliSense RFID RFID PLATFORM WITH SENSORS INTEGRATION CAPABILITIES One Global Sensing

IntelliSense RFID RFID PLATFORM WITH SENSORS INTEGRATION CAPABILITIES One Global Sensing Tag Oslo, 28 November 2007 IntelliSense RFID Workshop IntelliSense RFID RESEARCH PROJECT FOR TECHNOLOGY DEVELOPMENT WITHIN THE FIELDS OF RFID

788 views • 13 slides
The Art of RFID Exploitation Melanie Rieback FIRST 20 June, 2007 What is RFID? RFID = Radio

The Art of RFID Exploitation Melanie Rieback FIRST 20 June, 2007 What is RFID? RFID = Radio

The Art of RFID Exploitation Melanie Rieback FIRST 20 June, 2007 What is RFID? RFID = Radio Frequency Identification Modern RFID Applications VeriChips Subdermal RFID VeriChips Subdermal RFID VeriChips Subdermal RFID VeriChips

628 views • 29 slides
Privacy Challenges in RFID Gildas Avoine Information Security Group Universit e catholique de

Privacy Challenges in RFID Gildas Avoine Information Security Group Universit e catholique de

Privacy Challenges in RFID Gildas Avoine Information Security Group Universit e catholique de Louvain Belgium SUMMARY Background about RFID Privacy: Information Leakage Privacy: Malicious Traceability Is Privacy a Research Challenge?

343 views • 32 slides
An ECDSA Processor for RFID Authentication Michael Hutter, Martin Feldhofer, and Thomas Plos

An ECDSA Processor for RFID Authentication Michael Hutter, Martin Feldhofer, and Thomas Plos

VLSI Institute for Applied Information Processing and Communications (IAIK) VLSI & Security An ECDSA Processor for RFID Authentication Michael Hutter, Martin Feldhofer, and Thomas Plos Workshop on RFID Security 2010 07. - 09.06.2010,

1.12k views • 17 slides
TrainTraxx.com HiveID RFID/NFC Solutions for Model Railroaders Presented by Carlton Brown &

TrainTraxx.com HiveID RFID/NFC Solutions for Model Railroaders Presented by Carlton Brown &

TrainTraxx.com HiveID RFID/NFC Solutions for Model Railroaders Presented by Carlton Brown & Blaine McDonnell Using RFID for Model Railroad Operations What is RFID? How does RFID Work? RFID Frequencies and Type of Tags

853 views • 25 slides
DEVELOPMENT OF AN RFID SYSTEM FOR SPS-ALPHA 1 OBJECTIVES RFID Implementation: SPS-ALPHA

DEVELOPMENT OF AN RFID SYSTEM FOR SPS-ALPHA 1 OBJECTIVES RFID Implementation: SPS-ALPHA

DEVELOPMENT OF AN RFID SYSTEM FOR SPS-ALPHA 1 OBJECTIVES RFID Implementation: SPS-ALPHA Structure RFID Technology Applications in SPS-ALPHA architecture Part Identification Location Referencing 2 Why Space Solar No

241 views • 22 slides
RFID Security and Privacy Gildas Avoine, UCL Belgium These slides will be soon available at

RFID Security and Privacy Gildas Avoine, UCL Belgium These slides will be soon available at

RFID Security and Privacy Gildas Avoine, UCL Belgium These slides will be soon available at http://sites.uclouvain.be/security/publications.html Lecturer Presentation Lecturer Presentation: University Prof. Gildas Avoine. Universit

1.12k views • 90 slides
MAS.S61: Emerging Wireless & Mobile Technologies Lecture 4: Low-power communica2on, RFID

MAS.S61: Emerging Wireless & Mobile Technologies Lecture 4: Low-power communica2on, RFID

MAS.S61: Emerging Wireless & Mobile Technologies Lecture 4: Low-power communica2on, RFID RFID (Radio Frequency IDentification) Inventory control Access Control Security Sensitive Applications Tracking & Localization Long-Range

546 views • 35 slides
Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Miller and Baileys ECE 422 Anonymity Anonymity: Concealing your identity In the context of the Internet, we

860 views • 61 slides
Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division

Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division

Homeland Security Advanced Research Projects Agency A View from Washington: The Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division Director http://www.dhs.gov/cyber-research Presentation Outline

794 views • 32 slides
Enhancing UNTs Presence in Sub -Saharan Africa: Building Partnerships with Ethiopian Higher

Enhancing UNTs Presence in Sub -Saharan Africa: Building Partnerships with Ethiopian Higher

Enhancing UNTs Presence in Sub -Saharan Africa: Building Partnerships with Ethiopian Higher Education Institutions Daniel Gelaw Alemneh, Ph.D University of North Texas Daniel.Alemneh@unt.edu AFRICA RESEARCH SYMPOSIUM Thinking and

608 views • 27 slides
Privacy and security in the cloud Challenges and solutions for our future information society

Privacy and security in the cloud Challenges and solutions for our future information society

Privacy and security in the cloud Challenges and solutions for our future information society Panel Building trust the technical challenges World Summit on the Information Society Forum 25-29 May 2015 ITU, UNESCO, UNDP and UNCTAD

709 views • 17 slides
DMAP : Global Name Resolution Services Through Direct Mapping Tam Vu WINLAB, Rutgers University

DMAP : Global Name Resolution Services Through Direct Mapping Tam Vu WINLAB, Rutgers University

DMAP : Global Name Resolution Services Through Direct Mapping Tam Vu WINLAB, Rutgers University http://www.winlab.rutgers.edu/~tamvu/ (Joint work with Akash Baid, Yanyong Zhang, Thu D. Nguyen, Junichiro Fukuyama, Richard P. Martin, Dipankar

584 views • 35 slides
Verteilte Systeme (Distributed Systems) Karl M. Gschka Karl.Goeschka@tuwien.ac.at

Verteilte Systeme (Distributed Systems) Karl M. Gschka Karl.Goeschka@tuwien.ac.at

Verteilte Systeme (Distributed Systems) Karl M. Gschka Karl.Goeschka@tuwien.ac.at http://www.infosys.tuwien.ac.at/teaching/courses/ VerteilteSysteme/ Lecture 5: Naming and Discovery Name, Address, Identifier Name Space and Name

670 views • 66 slides
CSE 5306 Distributed Systems Naming Jia Rao http://ranger.uta.edu/~jrao/ 1 Naming Names

CSE 5306 Distributed Systems Naming Jia Rao http://ranger.uta.edu/~jrao/ 1 Naming Names

CSE 5306 Distributed Systems Naming Jia Rao http://ranger.uta.edu/~jrao/ 1 Naming Names play a critical role in all computer systems To access resources, uniquely identify entities, or refer to locations To access an entity, you

612 views • 37 slides
GLIF Meeting, Seattle, USA Ronald van der Pol <rvdp@sara.nl> SARA 1-2 October 2008 Ronald

GLIF Meeting, Seattle, USA Ronald van der Pol <rvdp@sara.nl> SARA 1-2 October 2008 Ronald

GLIF Meeting, Seattle, USA Ronald van der Pol <rvdp@sara.nl> SARA 1-2 October 2008 Ronald van der Pol <rvdp@sara.nl> ( SARA ) GLIF Meeting, Seattle, USA 1-2 October 2008 1 / 14 Outline Introduction 1 About the Global

413 views • 14 slides

More recommend