EPCglobal Network Security: Research Challenges and

Solutions

Yingjiu LiAssistant Professor

School of Information SystemsSingapore Management University

1August 2008 @ National RFID Center

2

What is EPCglobal Network?

• EPC and EPCglobal Network

3

Double-Edge Sword

• ID collection, track and trace, information sharing• Adversaries (passive, active, and physical)

– Eavesdropping– Masquerading– Replay– MITM– De-synchronization– Tag cloning– DoS– Side-channel attack– Physical attack

4

Major Security Requirements

• Private identification, anti-tracking, secure information sharing

• Our focus: private ID and anti-tracking– Strong, moderate, weak, null anti-tracking– Secure handover (ownership transfer)

5

Challenges in Protocol Design

• Conflicting objectives with constraints

Security(private ID and anti-tracking)

Visibility (track and trace)

Efficiency (dynamic structure

and massive data)

Cost

6

Technical Solutions• RFID privacy without ownership handover

– Overview of problems and proposed solutions (Garfinkel, Juels, and Pappu: S&P 05)

• RFID security in EPCglobal Network (RFID-enabled supply chain)– Private ID: encryption or keyed hash of ID– Anti-tracking: random numbers are used to generate

private ID– Secure ownership handover: key update with de-

synchronization resilience– Visibility: distributed or centralized– Efficiency: how to search DB to identify a tag (linear

or log-linear)– Low cost: thousands of gates with PRNG and hash

7

Solution 1: Protecting RFID Communications in Supply Chains (Li and Ding: ASIACCS 07)

8

Solution 2: RFID Tag Ownership Transfer (Song: RFIDSec 08)

9

Solution 3: Unidirectional Key Distribution Across Time and Space (Juels, Pappu, Parno: USENIX 08)

Secret sharing across space: a secret key is distributed across the tags in a pallet.

Secret sharing across time: a secret key is distributed across multiple pallets.

10

Solution 4: Dual Security Modes in RFID-Enabled Supply Chain Systems

11

Comparison of Typical Technical Solutions

Anti-tracking

Handover and visibility

Efficiency (tag search)

Cost

(tag)

ASIACCS 07

Weak Distributed (EPC IS)

Batch process

Moderate

RFIDSec 08

Strong Distributed

(EPC IS)

Tag by tag Moderate

USENIX 08

Null Distributed

(EPC IS)

Decryption Low

Dual modes

Strong Centralized (EPC DS)

Switch Moderate

12

Future Direction

• A security framework for EPCglobal network– Access control, flow control, disclosure

control, trust negotiation, key management, audit, visibility maintenance, query authentication at high level

– Secure RFID protocol at low level (covert channel)

– Ownership handover in between (key management)

13

Questions?

Please contact me at yjli@smu.edu.sg