Security for RFID

Department of Information Management,

ChaoYang University of Technology.

Speaker : Che-Hao Chen (陳哲豪 )

Date:2006/01/18

2

Outline

Introduction RFID standards Security problems Countermeasures

Non-Cryptographic Scheme Cryptographic Scheme

Conclusion

3

Introduction

Auto-ID In 1996, Uniform Code Council (UCC) began developing a

standardized barcode for consumer items

– Universal Product Code (UPC)

Example : A standard of UPC

(A) Application Code (B) Manufacturer Code (C) Product Code (D) Checksum Digit

4

Introduction

Over 5 billion bar codes are scanned daily world-wide.

Drawbacks of Auto-ID human intervention is required to scan a barcode barcodes could be affected by dirt, moisture, abrasion. the ability of storing data on barcode is very low the barcodes is easy to be counterfeited

5

Introduction

Radio Frequency Identification The first radio identification technology was the “Identify Frie

nd or Foe” system used in Allied aircraft during World War II.

Three primary components: The RFID tag The RFID reader The back-end database

6

The RFID tag

Tags are typically composed of A microchip for storage and computation. An antenna coil for communication.

Typical characteristics of RFID tags Active tags Semi-passive tags Passive tags

7

The RFID tag

EPC Tag Classes

8

The RFID reader

Readers may contain Internal storage Processing power Connections to back-end databases

Channels Read-to-tag (forward range) Tag-to-Read (backward range)

9

RFID standards

10

RFID standards

1) RFID in animals (135 KHz) ISO 11748, ISO 11785 and ISO 14223

The original standards defined only a fixed unique 64 bit ISO 18000-2 : The communication protocol of ISO 14223

11

RFID standards

2) Contactless integrated circuit cards (13.56 MHz) Close-coupled cards (ISO 10536)

Distance : < 1cm Proximity cards (ISO 14443)

Distance : approx. 10cm There are two different standards : Type A and Type B

Vicinity cards (ISO 15693) Distance : up to 1m

12

RFID standards

3) Near-Field-Communication (NFC) (13.56 MHz) ISO 18092, ETSI TS 102.190, ECMA 340

Interaction between two electronic devices in close proximity: < 10cm

Near field communication interface and protocol

(NFCIP-1 &NFCIP-2)

13

RFID standards

4) Item Management RFID for item management – ISO 18000

ISO 18000-1 : the reference architecture ISO 18000-2 : low frequency (<135 kHz) ISO 18000-3 : (13,56 MHz) part 3-1 — HF systems part 3-2 — a next generation RFID system in the same frequency band with higher bandwidth (up to 848 kBit/s) ISO 18000-4 : (2.45 GHz) mode 1 — a passive backscatter system mode 2 — a long range, high-data rates system with active tags ISO 18000-5 : currently withdrawn (5.8 GHz) ISO 18000-6 : passive backscatter system around 900 MHz ISO 18000-7 : long range in the 433 MHz band

14

RFID standards

5) Electronic Product Code (EPC) EPC was developed by the Auto-ID Centre of the MIT The standardisation is now within the responsibility of

EPCglobal EPC network is composed of five functional elements:

The Electronic Product Code An Identification System Savant system The Object Naming Service (ONS) The Physical Markup Language (PML)

15

Security problems

Security problems Eavesdropping

Individual Information Leakage Industrial Espionage

Traceability Spoofing

Theft Counterfeiting

Industrial Sabotage Physical Attacks Denial of Service (DoS)

16

Eavesdropping

Read-to-tag (forward range) Perhaps 100 meters

Tag-to-Read (backward range) Perhaps 3 meters

Assume Tag readers have a secure connection to a back-end database. eavesdroppers may only monitor the forward channel

17

Related work

Countermeasures Non-Cryptographic Scheme

Kill Tag approach Selective Blocker Tag Rewriteable Memory Physical ID Separation

18

Rewriteable Memory

A user cannot read the ROM while a value is set to the rewritable memory, and he/she can read the ROM only when the rewritable memory has null value.

19

Physical ID Separation

Globally-unique ID Class ID Pure ID