secure uhf tags with strong cryptography
play

Secure UHF Tags with Strong Cryptography Development of ISO/IEC - PowerPoint PPT Presentation

Jul 24, 2023 •147 likes •416 views

Secure UHF Tags with Strong Cryptography Development of ISO/IEC 18000-63 Compatible Secure RFID Tags and Presentation of First Results Walter Hinz, Klaus Finkenzeller, Martin Seysen Barcelona, February 19 th , 2013 Agenda Motivation for

  1. Secure UHF Tags with Strong Cryptography Development of ISO/IEC 18000-63 Compatible Secure RFID Tags and Presentation of First Results Walter Hinz, Klaus Finkenzeller, Martin Seysen Barcelona, February 19 th , 2013

  2. Agenda � Motivation for Secure UHF Tags � The Rabin-Montgomery Cryptosystem � Message Flow � Protocol Extension with Mutual Authentication � Proof-Of-Concept Implementation Secure UHF Tags with Strong Cryptography February 19th, 2013 Slide 2

  3. Agenda � Motivation for Secure UHF Tags � The Rabin-Montgomery Cryptosystem � Message Flow � Protocol Extension with Mutual Authentication � Proof-Of-Concept Implementation Secure UHF Tags with Strong Cryptography February 19th, 2013 Slide 3

  4. Inductive and radiative RFID Systems Secure UHF Tags with Strong Cryptography February 19th, 2013 Slide 4

  5. Secure UHF RFID Cryptographic protection of UHF RFID systems facilitates novel applications thanks to its long operating range Today: Security � RF 13,56 MHz: Smart Card OS / 10 cm � UHF 868 MHz: Non-secure memory / 10 m HF 13.56 SCOS Secure Secure UHF RFID: UHF � Cryptographic security with same operating range Power Technology � technological leap consumption � µController with SCOS � full flexibility in the X 50 choice of authentication protocols � AES efficiently implemented in hardware UHF memory Reading range Secure UHF Tags with Strong Cryptography February 19th, 2013 Slide 5

  6. Agenda � Motivation for Secure UHF Tags � The Rabin-Montgomery Cryptosystem � Message Flow � Protocol Extension with Mutual Authentication � Proof-Of-Concept Implementation Secure UHF Tags with Strong Cryptography February 19th, 2013 Slide 6

  7. The Rabin-Montgomery Crypto Suite � Based on the asymmetric cryptosystem by Michael O. Rabin (1979) � Augmented by a method from Peter Montgomery (1985) to avoid the division of long numbers in modular arithmetic � Allows cost and energy efficient implementation by combining the Rabin and Montgomery algorithms � Allows non-traceable and confidential identification and authentication � Does not require a private (secret) key to be stored in a tag � the tag performs only efficient public key operations � Time consuming private key operations need only be performed by the interrogator � Can be combined with symmetric mutual authentication, based on AES Secure UHF Tags with Strong Cryptography February 19th, 2013 Slide 7

  8. How the RAMON Tag Authentication Works RAMON is a public key protocol, using four different keys: A public key K E , used for encryption. � � This is the only key stored on the tag A private key(-set) K D , used for decryption � � This key is only stored in a secure memory in the interrogator An optional key set K s , K V ,used to validate a signed UID � � As the data length might exceed the buffer capacity of tag or interrogator, response messages are chained � First response chunk is delivered while ongoing encryption produces more data consecutively � Optimised transaction time Secure UHF Tags with Strong Cryptography February 19th, 2013 Slide 8

  9. Information Flow with RAMON Tag Authentication 1 3 Generate {K S , K V } Generate {K D , K E } Sign Tag IDs with K S 2 4 System Tag Issuer store Tag IDs, K E Integrator 6 5 store (Signed) Tag IDs, (K V ) Secure Storage Signature Secure Storage List of (signed) verification key Tag IDs (public) K V RAMON 7 List of (signed) decryption key Tag IDs (Signed) Tag ID, K E Signature RAMON (private) K D generation key encryption key (private) K S (public) K E Signature RAMON verification key Encryption key (public) K V (public) K E User Memory verify 7 8 (Signed) Tag ID 10 store / RAMON Tag Interrogator retrieve RAMON 9 Encryption key (public) K E Optional steps and components are indicated with a dashed line . n Step n of the information flow Secure UHF Tags with Strong Cryptography February 19th, 2013 Slide 9

  10. Basics: Rabin Cryptosystem The Rabin cryptosystem is an asymmetric cryptographic technique, whose security, like that of RSA, is related to the factorization problem. Message M 2 Encryption: C M mod n = Secret key p, q Public key n n = p * q p, q : primes, almost Cipher text C : Reader � � � � Tag equal size, p ≡ q 3 (mod 4 ) ≡ Decryption: y p y q 1 ⋅ + ⋅ = p q p 1 + 4 m C mod p C mod p r ( y p m y q m ) mod n = = + = ⋅ ⋅ + ⋅ ⋅ p p q q p q 1 + r n r − = − 4 m C mod q C mod q = = q s ( y p m y q m ) mod n + = ⋅ ⋅ − ⋅ ⋅ p q q p s n s − = − One root r , s is our Message M Secure UHF Tags with Strong Cryptography February 19th, 2013 Slide 10

  11. Basics: Montgomery Modular Multiplication The Montgomery approach allows a much more efficient calculation of the cipher text C in the tag. Message M Secret key p, q Public key n * 2 1 − Encryption: C M R mod n = n = p * q p, q : primes, almost equal size, p ≡ q 3 (mod 4 ) ≡ Cipher text C* : Reader � � Tag � � Residue R is a power of 2 and k > . R ≥ 2 n Conversion: In other words, R is at least * 2 1 − C C R mod n ( M R ) R mod n = = the next power of 2 which is larger than n . d bl nd ⋅ n 1 mod 2 ; 1 nd d ; nd Rabin Decryption (previous slide) = ≤ < ≈ 2 Secure UHF Tags with Strong Cryptography February 19th, 2013 Slide 11

  12. Agenda � Motivation for Secure UHF Tags � The Rabin-Montgomery Cryptosystem � Message Flow � Protocol Extension with Mutual Authentication � Proof-Of-Concept Implementation Secure UHF Tags with Strong Cryptography February 19th, 2013 Slide 12

  13. RAMON Protocol Steps – Tag Identification Only Interrogator Tag Identification Identification Generate RND challenge CH Generate RND number RN CH (1) Tag (1) Tag Decrypt R Generate Response R [Validate Signature of UID] * Tag identified or Tag identified or even authenticated even authenticated Stop here, if only tag identification is required *: signature validation is an optional step Secure UHF Tags with Strong Cryptography February 19th, 2013 Slide 13

  14. Detailed data flow for tag only authentication Interrogator Tag {Database, K D , K V } {(signed)UID, K E } Generate RND challenge CH CH Generate RND number RN Generate Response R R R = ENC (K E ,MIX(CH,RN,UID)) Decrypt P = DEC (KD,R) � CH, RN, UID Validate Signature of UID Secure UHF Tags with Strong Cryptography February 19th, 2013 Slide 14

  15. Detailed Protocol Step 1: Interrogator send challenge � Step 1: The interrogator challenge is delivered to the tag. � The tag immediately starts with the cryptographic calculation and answers with the length of the response data which will be calculated. Interrogator Tag Command RFU CSI Length Message RN-16 CRC-16 11010010 2 ’00' xx EBV Interrogator Challenge step 1 xx xx Command Step 1 AuthMethod Step RFU Interrogator Challenge 11 2 01 2 0000 2 CH [127:0] Header Length Response RN-16 CRC-16 0 EBV Response data length xx xx Response Step 1 Start Calculaton AuthMethod Step RFU Response data length 11 2 10 2 0000 2 (Total Nr. of Bytes) Secure UHF Tags with Strong Cryptography February 19th, 2013 Slide 15

  16. Detailed Protocol Step 2: Retrieve calculation results Tag Interrogator � Step 2: The Command RFU CSI Length Message RN- 16 CRC -16 interrogator 11010010 2 ’00' xx EBV Retrieve Response xx xx Command Step 2 retrieves the AuthMethod Step RFU remaining 11 2 01 2 0000 2 fragments by Header Length Response RN -16 CRC - 16 R chaining. espon 0 EBV Response data length xx xx seD Response Step 2 AuthMethod Step RFU Response data fragment Remaining ata Part1 11 2 10 2 0000 2 Part from result (Nr. of Bytes) � Once the Command RFU CSI Length Message RN- 16 CRC-16 interrogator 11010010 2 ’00' xx EBV Retrieve Response xx xx Command Step 3 has retrieved AuthMethod Step RFU Calculation 11 2 01 2 0000 2 the entire R finished espo nseD record, it is Header Length Response RN -16 CRC- 16 ata Part2 able to 0 EBV Response data length xx xx Response Step 3 authenticate AuthMethod Step RFU Response data fragment Remaining 11 2 10 2 0000 2 Last part from result ’00 ' the tag. Secure UHF Tags with Strong Cryptography February 19th, 2013 Slide 16

  17. Detailed Protocol steps for tag only authentication � In Step 1, the interrogator challenge is delivered to the tag. This message is used to request the tag to perform authentication. � In Step 2, the interrogator retrieves the remaining fragments by chaining further Authenticate commands and responses. Once the interrogator has fetched the entire authentication record it is able to authenticate the tag. Power - up & ~ killed . Tag state transitions acc Authenticate to ISO/IEC 18000-63 Finished ( Step 1 ) Authenticate Authenticate Authenticate TAM 1.2 Init TAM 1.1 TAM 1.3 ( Step 1 ) ( Step 2 ) ( Step 2 ) Error Finished or Error Any other command Mutual authentication Secure UHF Tags with Strong Cryptography February 19th, 2013 Slide 17

  18. Agenda � Motivation for Secure UHF Tags � The Rabin-Montgomery Cryptosystem � Message Flow � Protocol Extension with Mutual Authentication � Proof-Of-Concept Implementation Secure UHF Tags with Strong Cryptography February 19th, 2013 Slide 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CSE 154 LECTURE 2: MORE CSS Nesting tags &lt;p&gt; HTML is &lt;em&gt;really,

CSE 154 LECTURE 2: MORE CSS Nesting tags &lt;p&gt; HTML is &lt;em&gt;really,

CSE 154 LECTURE 2: MORE CSS Nesting tags &lt;p&gt; HTML is &lt;em&gt;really, &lt;strong&gt;REALLY &lt;/em&gt; lots of&lt;/strong&gt; fun! &lt;/p&gt; HTML tags must be correctly nested (a closing tag must match the most recently opened

823 views • 33 slides
Advanced Tools from Modern Cryptography Lecture 12 MPC: UC-secure OT UC-Secure OT UC-secure

Advanced Tools from Modern Cryptography Lecture 12 MPC: UC-secure OT UC-Secure OT UC-secure

Advanced Tools from Modern Cryptography Lecture 12 MPC: UC-secure OT UC-Secure OT UC-secure OT is impossible (even against PPT adversaries) in the plain model (i.e., without the help of another functionality) But possible from simple

527 views • 16 slides
1 Symmetric algorithm Public key algorithm Secret key public key and private key C 1 = E

1 Symmetric algorithm Public key algorithm Secret key public key and private key C 1 = E

Cryptography security Cryptography may be a component of a secure system Cryptographic Systems Adding cryptography may not make a Authentication &amp; Communication system secure Protocols Paul Krzyzanowski Distributed Systems

753 views • 23 slides
Finding Cryptographically Strong Elliptic Curves An Introduction Hamish Ivey-Law

Finding Cryptographically Strong Elliptic Curves An Introduction Hamish Ivey-Law

Outline Elliptic curve cryptography Secure domain parameters Case study: finding secure Edwards curves Finding Cryptographically Strong Elliptic Curves An Introduction Hamish Ivey-Law hlaw@iml.univ-mrs.fr Institute de Math ematiques de

662 views • 41 slides
Applied Cryptography (Pt. 1) Engineering Secure Software Last Revised: October 13, 2020

Applied Cryptography (Pt. 1) Engineering Secure Software Last Revised: October 13, 2020

Applied Cryptography (Pt. 1) Engineering Secure Software Last Revised: October 13, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Networks, Cryptography, and You Most application developers Dont implement networking

333 views • 30 slides
CSCE 790 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2020

CSCE 790 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2020

CSCE 790 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2020 Previous Class Classical Cryptography Frequency analysis Never use home-made cryptography Goals of Cryptography

527 views • 26 slides
Cryptography Crash Course Symmetric Key Cryptography School on Secure IoT, 2016 Dr. Ir. Jens

Cryptography Crash Course Symmetric Key Cryptography School on Secure IoT, 2016 Dr. Ir. Jens

Cryptography Crash Course Symmetric Key Cryptography School on Secure IoT, 2016 Dr. Ir. Jens Hermans KU Leuven/COSIC Cryptology: basic principles Eve Alice Bob CRYP CRYP Clear Clear %^C&amp; %^C&amp; TOB TOB @&amp;^( @&amp;^(

1.32k views • 119 slides
Strong Cryptography from Weak Secrets Building Efficient PKE and IBE from Distributed Passwords

Strong Cryptography from Weak Secrets Building Efficient PKE and IBE from Distributed Passwords

Distributed Cryptography Distributed Password Public-Key Cryptography The Decision-Linear Case Strong Cryptography from Weak Secrets Building Efficient PKE and IBE from Distributed Passwords Xavier Boyen 1 Cline Chevalier 2 Georg Fuchsbauer 3

680 views • 36 slides
Public-Key Cryptography Lecture 12 CCA Secure PKE Hybrid Encryption CCA Secure PKE In SKE, to get

Public-Key Cryptography Lecture 12 CCA Secure PKE Hybrid Encryption CCA Secure PKE In SKE, to get

Public-Key Cryptography Lecture 12 CCA Secure PKE Hybrid Encryption CCA Secure PKE In SKE, to get CCA security, we used a MAC Bob would accept only messages from Alice But in PKE, Bob wants to receive messages from Eve as well! But only if it is

336 views • 14 slides
Advanced Tools from Modern Cryptography Lecture 7 Secure 2-Party Computation: Yao s

Advanced Tools from Modern Cryptography Lecture 7 Secure 2-Party Computation: Yao s

Advanced Tools from Modern Cryptography Lecture 7 Secure 2-Party Computation: Yao s Garbled Circuit Recall MPC without Honest-Majority Plan (Still sticking with passive corruption): Two protocols, that are secure computationally The

449 views • 15 slides
Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9 CCA Security SIM-CCA Security (PKE) Recv Send PK/Enc SK/Dec Replay Filter Secure (and correct) if: s.t. output of is distributed

1.26k views • 101 slides
Applied Cryptography (Pt. 2) Engineering Secure Software Last Revised: October 16, 2020

Applied Cryptography (Pt. 2) Engineering Secure Software Last Revised: October 16, 2020

Applied Cryptography (Pt. 2) Engineering Secure Software Last Revised: October 16, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Recap Symmetric keys Benefit: fastest, mathematically the strongest Drawback:

425 views • 23 slides
Cryptography: Public Key Cryptography; Mathematical Preliminaries Greg Plaxton Theory in

Cryptography: Public Key Cryptography; Mathematical Preliminaries Greg Plaxton Theory in

Cryptography: Public Key Cryptography; Mathematical Preliminaries Greg Plaxton Theory in Programming Practice, Spring 2005 Department of Computer Science University of Texas at Austin Secure Communication Earlier we discussed the problems

202 views • 18 slides
Com 2 MaC Workshop on Cryptography 26-28 june 2000 - Pohang - South Korea Secure Designs for

Com 2 MaC Workshop on Cryptography 26-28 june 2000 - Pohang - South Korea Secure Designs for

Com 2 MaC Workshop on Cryptography 26-28 june 2000 - Pohang - South Korea Secure Designs for Public-Key Cryptography based on the Discrete Logarithm David Pointcheval Dpartement d Informatique ENS - CNRS David.Pointcheval@ens.fr

660 views • 28 slides
Strong Crypto for Tiny RFID Tags Challenges and Design Issues 11-13 July 2007, Malaga, Spain

Strong Crypto for Tiny RFID Tags Challenges and Design Issues 11-13 July 2007, Malaga, Spain

VLSI Institute for Applied Information Processing and Communications (IAIK) VLSI &amp; Security Strong Crypto for Tiny RFID Tags Challenges and Design Issues 11-13 July 2007, Malaga, Spain Martin Feldhofer IAIK Graz University of

842 views • 39 slides
PHP Summary PHP tags &lt;?php ?&gt; Mixed with HTML tags File extension .php

PHP Summary PHP tags &lt;?php ?&gt; Mixed with HTML tags File extension .php

IT360: Applied Database Systems PHP Arrays, Files, Functions PHP Summary PHP tags &lt;?php ?&gt; Mixed with HTML tags File extension .php Statements Separated by semicolon if..else.., while, do, for, switch

360 views • 12 slides
Post-Quantum Crypto Challenges Prof. Audun Jsang Universitetet i Oslo DN.no, 1 December 2017

Post-Quantum Crypto Challenges Prof. Audun Jsang Universitetet i Oslo DN.no, 1 December 2017

Post-Quantum Crypto Challenges Prof. Audun Jsang Universitetet i Oslo DN.no, 1 December 2017 Audun Jsang - 2018 PQ Crypto Challenges 2 Aftenposten.no, 10 May 2018 Audun Jsang - 2018 PQ Crypto Challenges 3 Principle for Quantum

587 views • 42 slides
Hardware Arithmetic Units and Cryptoprocessors for Hyperelliptic Curve Cryptography Gabriel

Hardware Arithmetic Units and Cryptoprocessors for Hyperelliptic Curve Cryptography Gabriel

Hardware Arithmetic Units and Cryptoprocessors for Hyperelliptic Curve Cryptography Gabriel GALLIN CNRS IRISA Univ. Rennes 1 November 29 th , 2018 Ph.D. supervised by Arnaud TISSERAND, CNRS Lab-STICC Introduction 1 HTMM

591 views • 40 slides
(NPKI) Interregional Standardization Forum for PKI &amp; e-Trust 4-5 th April 2019 Introduction

(NPKI) Interregional Standardization Forum for PKI &amp; e-Trust 4-5 th April 2019 Introduction

National Public Key Infrastructure (NPKI) Interregional Standardization Forum for PKI &amp; e-Trust 4-5 th April 2019 Introduction The Public key infrastructure (PKI) is the set of hardware, software, policies, processes, and procedures

303 views • 7 slides
Law: Business or Profession Conference of Regulatory Officers Keynote Address quinn emanuel

Law: Business or Profession Conference of Regulatory Officers Keynote Address quinn emanuel

quinn emanuel trial lawyers | australia Level 15, 111 Elizabeth Street, Sydney NSW 2000, Australia | TEL +61 2 9146 3500 Level 41, 108 St Georges Terrace, Perth WA 6000 Australia | TEL +61 8 6382 3000 Law: Business or Profession Conference of

341 views • 22 slides
Practical Security and Key Management Management University of Amsterdam Introduction SNE -

Practical Security and Key Management Management University of Amsterdam Introduction SNE -

Practical Security and Key Practical Security and Key Management Management University of Amsterdam Introduction SNE - Research Project 2 Research Question Security levels Secure elements By: Key Magiel van der Meer management PGP

778 views • 20 slides
Chosen-Ciphertext Security Chosen-Ciphertext Security without Redundancy without Redundancy

Chosen-Ciphertext Security Chosen-Ciphertext Security without Redundancy without Redundancy

Chosen-Ciphertext Security Chosen-Ciphertext Security without Redundancy without Redundancy Duong Hieu Phan David Pointcheval ENS France CNRS-ENS France Asiacrypt '03 Taipei - Taiwan December 1 st 2003 Summary Summary Asymmetric

235 views • 21 slides
Oblivious Computation in Public Cloud for Privacy-aware Access Control Policies and Data Search

Oblivious Computation in Public Cloud for Privacy-aware Access Control Policies and Data Search

Oblivious Computation in Public Cloud for Privacy-aware Access Control Policies and Data Search Ph.D. Dissertation Defense Zeeshan Pervez Department of Computer Engineering Kyung Hee University, Global Campus, Korea email:

650 views • 24 slides
Secure Networks Starting with Basic Reference Model for Security Architecture A Historic Review

Secure Networks Starting with Basic Reference Model for Security Architecture A Historic Review

Secure Networks Starting with Basic Reference Model for Security Architecture A Historic Review of a Nascent Industry Seattle University CSSE 572 Spring 2008 Mohsen Banan Guest Speaker May 15, 2008 Less Talked About Security

215 views • 19 slides

More recommend