rfid security and privacy. rfid radio frequency identification warning: "rfid tag" can...
TRANSCRIPT
Most basic use: replacement of barcode• wireless readout• no alignment required• passive tag
- reader provides power through EM field
• tag contains only ID, no processor• very cheap• database of tag IDs and their meaning
DB
T-shirt
##FEEBDAED
##
What is needed for this?
• Small identifying tag– can be placed in an animal / object– very cheap– most basic form: almost no logic
• Contactless readout– reading device provides electromagnetic field– tag gets power from EM field– tag causes time-dependent impedance changes
At the other end of the spectrum:wireless smartcards
• processor• optional: battery• active transmitter, not just passive impedance• ROM memory
- keys- software
• RAM memory• flash / EEPROM
- sensitive data• supports read & write operations• password protection• crypto
RFID vs. Traditional smart cards
• Similar: data on an electronic device
• Different: power supply and data exchange without galvanic contacts
• Different: limited power on the card side
Active tags Passive tags
Power Battery Supplied by the reader
Availability of power
Continuous Only in field of reader
Range ~100m up to 3-5m, usually less
Price >10 euro less than 10 cents
Memory 1-2Mb 0.5-2Kb
Size > 2cm*2cm > 0.05mm*0.05mm (without antenna)
Active vs passive
Some examples
Shanghai public transportation card
Passports
Dutch library reader’s pass
Animal identification
Stockidentification
Carkeys
Toll payment
Key holder Clock Plastic card Nails
Small box Label Plastic pin Roll of smart labels
toys toys connected to PC
Implications for security…• No money/power for
– public key crypto- tamper resistance / detection- tamper-resistant clock
• Multiple readers and millions of tags– tag collision, reader collision
• anti-collision protocols– synchronisation– lots of different keys
• Non-contact and non-line-of-sight– hard to physically impede the communication
Implanting RFID in humans?
• Advantageous for– cancer patients undergoing chemotherapy;– people with pacemakers or other medical
implants; – cognitive impairment due to epilepsy,
diabetes, or Alzheimer’s disease;– emergency (allergy)…
• Your favourite drink at the bar?!
• 2004: The attorney general of Mexico and 18 of his staff had chips implanted to allow them to gain access to certain high-security areas.
• 2006: President of Colombia agreed to require Colombian citizens to be implanted with RFID chips before they could gain entry into the US for seasonal work.
• 2008: UK jails considering RFID implants for prisoners.
• 2008 - ...:OV Chipkaart security issues in the Netherlands.
• Security of car locks, wireless payment, etc
Impact on society
Things that can go wrong (6)
Tags captured and secret info extracted (invasive and side channel attacks)
The Pandora's box of RFID
• Ethical issues• Privacy• Tracking• Skimming• Tag cloning• Cross-contamination• Tag killing• Invasive attacks• Jamming
Some sources…
• http://www.avoine.net/rfid/• http://www.emc.com/emc-plus/rsa-labs/research-
areas/rfid-privacy-and-security.htm• http://eprint.iacr.org/2008/310.pdf
• And the “usual suspects”:– http://www.Wikipedia.org/– http://scholar.google.com/
Suggested topics: choose three sub-topics• Applications:
• banknotes• e-Passports • anti-counterfeiting • public transport• car keys
• Protocols• HB+ • EC-RAC• EMAP• distance bounding• ... other protocols
• Various kinds of attacks & countermeasures• Mifare hack• RFID viruses / malware• Cloning• ... other attacks
• Privacy enhancement• (universal) re-encryption
• blocker tag
• formal privacy verification
• Crypto on RFID tags• PUFs
• elliptic curves
• random number generators
• ... other crypto