security for rfid department of information management, chaoyang university of technology. speaker :...
TRANSCRIPT
Security for RFID
Department of Information Management,
ChaoYang University of Technology.
Speaker : Che-Hao Chen (陳哲豪 )
Date:2006/01/18
2
Outline
Introduction RFID standards Security problems Countermeasures
Non-Cryptographic Scheme Cryptographic Scheme
Conclusion
3
Introduction
Auto-ID In 1996, Uniform Code Council (UCC) began developing a
standardized barcode for consumer items
– Universal Product Code (UPC)
Example : A standard of UPC
(A) Application Code (B) Manufacturer Code (C) Product Code (D) Checksum Digit
4
Introduction
Over 5 billion bar codes are scanned daily world-wide.
Drawbacks of Auto-ID human intervention is required to scan a barcode barcodes could be affected by dirt, moisture, abrasion. the ability of storing data on barcode is very low the barcodes is easy to be counterfeited
5
Introduction
Radio Frequency Identification The first radio identification technology was the “Identify Frie
nd or Foe” system used in Allied aircraft during World War II.
Three primary components: The RFID tag The RFID reader The back-end database
6
The RFID tag
Tags are typically composed of A microchip for storage and computation. An antenna coil for communication.
Typical characteristics of RFID tags Active tags Semi-passive tags Passive tags
8
The RFID reader
Readers may contain Internal storage Processing power Connections to back-end databases
Channels Read-to-tag (forward range) Tag-to-Read (backward range)
10
RFID standards
1) RFID in animals (135 KHz) ISO 11748, ISO 11785 and ISO 14223
The original standards defined only a fixed unique 64 bit ISO 18000-2 : The communication protocol of ISO 14223
11
RFID standards
2) Contactless integrated circuit cards (13.56 MHz) Close-coupled cards (ISO 10536)
Distance : < 1cm Proximity cards (ISO 14443)
Distance : approx. 10cm There are two different standards : Type A and Type B
Vicinity cards (ISO 15693) Distance : up to 1m
12
RFID standards
3) Near-Field-Communication (NFC) (13.56 MHz) ISO 18092, ETSI TS 102.190, ECMA 340
Interaction between two electronic devices in close proximity: < 10cm
Near field communication interface and protocol
(NFCIP-1 &NFCIP-2)
13
RFID standards
4) Item Management RFID for item management – ISO 18000
ISO 18000-1 : the reference architecture ISO 18000-2 : low frequency (<135 kHz) ISO 18000-3 : (13,56 MHz) part 3-1 — HF systems part 3-2 — a next generation RFID system in the same frequency band with higher bandwidth (up to 848 kBit/s) ISO 18000-4 : (2.45 GHz) mode 1 — a passive backscatter system mode 2 — a long range, high-data rates system with active tags ISO 18000-5 : currently withdrawn (5.8 GHz) ISO 18000-6 : passive backscatter system around 900 MHz ISO 18000-7 : long range in the 433 MHz band
14
RFID standards
5) Electronic Product Code (EPC) EPC was developed by the Auto-ID Centre of the MIT The standardisation is now within the responsibility of
EPCglobal EPC network is composed of five functional elements:
The Electronic Product Code An Identification System Savant system The Object Naming Service (ONS) The Physical Markup Language (PML)
15
Security problems
Security problems Eavesdropping
Individual Information Leakage Industrial Espionage
Traceability Spoofing
Theft Counterfeiting
Industrial Sabotage Physical Attacks Denial of Service (DoS)
16
Eavesdropping
Read-to-tag (forward range) Perhaps 100 meters
Tag-to-Read (backward range) Perhaps 3 meters
Assume Tag readers have a secure connection to a back-end database. eavesdroppers may only monitor the forward channel
17
Related work
Countermeasures Non-Cryptographic Scheme
Kill Tag approach Selective Blocker Tag Rewriteable Memory Physical ID Separation
18
Rewriteable Memory
A user cannot read the ROM while a value is set to the rewritable memory, and he/she can read the ROM only when the rewritable memory has null value.