ari juels rsa laboratories 19 october 2005 rfid : the problems of cloning and counterfeiting
TRANSCRIPT
Ari JuelsRSA Laboratories19 October 2005
RFID: The Problems of
Cloning and Counterfeiting
RFID devices take many forms
“RFID” really denotes a spectrum of devices
Automobile ignition key Mobile phone
Toll paymentplaque
Basic“smart label”
“Smart label” RFID tag
• Passive device – receives power from reader
• Range of up to several meters
• Simply calls out (unique) name and static data
“74AB8”
“5F8KJ3”
“Evian bottle#949837428”
Capabilities of “smart label” RFID tag
• Little memory– Static 96-bit+ identifier in current ultra-cheap tags
– Hundreds of bits soon
• Little computational power– Several thousand gates (mostly for basic functionality)
– No real cryptographic functions possible
– Pricing pressure may keep it this way for a while, i.e., Moore’s Law will have delayed impact
The grand vision:EPC (Electronic Product Code) tags
Barcode EPC tag
Line-of-sight Radio contact
Specifies object type Uniquely specifies object
Fast, automated scanning
Provides pointerto database entryfor every object, i.e., unique, detailed history
Impending explosion in (EPC) RFID use
• EPCglobal– Joint venture of UCC and EAN– Wal-Mart, Procter & Gamble, DoD, etc.– Recently ratified new EPC-tag standard (Class 1 Gen 2)
• Pallet and case tagging first – Item-level retail tagging, automated tills, seem years away
• Estimated costs• 2008: $0.05 per tag; hundreds of dollars per reader (?)• Beyond: $0.01 per tag; several dollars per reader (?)
Other forms of RFID
• Automobile immobilizers
• Payment devices– Currency?
Other forms of RFID
“Not Really Mad”
• Tracking cattle
• Passports
Other forms of RFID
• RFID readers in mobile handsets
Showtimes:16.00, 19.00
• Medical compliance
Wigmodel #4456
(cheap polyester)
Das Kapital and Communist-
party handbook
1500 Eurosin wallet
Serial numbers:597387,389473
…30 items of lingerie
Replacement hipmedical part #459382
The privacy problemBad readers, good tags
Mr. Jones in 2015
1500 Eurosin wallet
Serial numbers:597387,389473
…
Replacement hipmedical part #459382
The authentication problem
Mad-cowhamburgerlunch Counterfeit!
Counterfeit!
Good readers, bad tags
Mr. Jones’s car!
Mr. Jones in 2015
RFID and sensors will underpin critical infrastructure
Authentication therefore has many facets:– Physical security– Consumer goods and pharmaceuticals safety– Transaction security– Brand value
…but it’s getting short shrift
I’ll talk about three different projects on RFID authentication
The Digital Signature Transponder (DST)
Joint work with S. Bono, M. Green, A. Stubblefield, A. Rubin, and M. Szydlo
USENIX Security ‘05
“I’m tag #123”
Car #123
40-bit challenge C
24-bit response R = fK(C)
(simplified)
•Helps secure tens of millions of automobiles•Philips claims more than 90% reduction in car theft thanks to RFID! (TI did at one point.)
•Also used in millions of payment transponders
f
The Digital Signature Transponder (DST)
The Digital Signature Transponder (DST)
“I’m tag #123”
Car #123
40-bit challenge C
24-bit response R = fK(C)
(simplified)
• The key K is only 40 bits in length!
f
The Digital Signature Transponder (DST)
“I’m tag #123”
Car #123
40-bit challenge C
24-bit response R = fK(C)
(simplified)
f
Our aim: Demonstrate security vulnerability by cloning real DSTs
The Digital Signature Transponder (DST)
“I’m tag #123”
Car #123
40-bit challenge C
24-bit response R = fK(C)
(simplified)
f
But what is the cryptographic function f ???
f
Black-box cryptanalysis
C
R = fK(C)f?
key K
Programmable DST
f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15 f16
Routing Network
Routing Network
f17
f18
f19
f20
f21
Challenge register
Key register
400 clocks / 3 cycles
Texas Instruments DST40 cipher (not original schematic)
???
???
???
Not implemented this way!
f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15 f16
Routing Network
Routing Network
f17
f18
f19
f20
f21
Challenge register
Key register
400 clocks / 3 cycles
Texas Instruments DST40 cipher (not original schematic)
???
???
???
Not implemented this way!
f17
f18
f19
f20
f21
Black-box cryptanalysis
One internal wire
Case A
Or two internal wires?
Case B
Black-box cryptanalysis
01
01100000010011001000001
Case A Case B
2 possible values 4 possible values
Same principle applies to more complex structures…
f17
f18
f19
f20
f21
Same principle applies to more complex structures…
Consider two particular input wires…
Or do two inputs go to same box?
Case A
Do two inputs go to different boxes?
Case B
Case A
One internal wire
Case B
Two internal wires
f
Not implemented this way!
???
???
???
The full cloning process
1. Skimming
2. Key cracking
3. Simulation
Step 1: SkimmingObtain
responses r1,r2
to two challenges,
c1, c2
Takes only1/4 second!
The full cloning processStep 1: Skimming
The full cloning processStep 2: Key cracking
C
Find secret key k such that
r1=fk(c1) and
r2 = fk(c2)
(30 mins. on 16-way parallel cracker;
Faster with Hellman table)
The full cloning processStep 3: Simulation
Simulate radio protocols with computation of
fk
“Human” authentication for RFID tags
Joint work with Steve Weis
Crypto ‘05
RFID tags are a little like people
• Very limited memory for numbers
• Very limited ability for arithmetic computation
≈
Hopper-Blum (HB) Human Identification Protocol
Secret X Secret X
Challenge A
Response f(X,A)
Hopper-Blum (HB) Human Identification Protocol
Secret X Secret X
Challenge A
R = (X • A) + Nη
modular dot product
noise w.p. η
Hopper-Blum (HB) Human Identification Protocol
HB ProtocolExample, mod 10
X = (3,2,1) X = (3,2,1)
(0, 4, 7)
R = 5 7
Learning Parity in the presence of Noise (LPN)
• Given multiple rounds of protocol, find X (or other equally good secret)– Given q challenge-response pairs (A1,R1)…(Aq,Rq) ,, find X’ such
that Ri = X’ • Ai on at most ηq instances, for constant η > 0– Binary values
• Note that noise is critical!
• LPN is NP-hard – even within approx. of 2• Theoretical and empirical evidence of average-case
hardness• Poly. adversarial advantage in HB protocol → LPN
HB Protocol
X X
C
R
Problem: Not secure against active adversaries!
HB+ Protocol
X,Y X,Y
D
C
(D • Y) + + Nη
R = (C • X)
HB+ Protocol
X,Y X,Y
D
(D • Y) + + Nη
HB+ Protocol
X,Y X,Y
D
C
(D • Y) + + Nη
R = (C • X)
Intuition:• Add extra HB protocol with prover-generated challenge • Adversary effectively cannot choose challenge here
In the paper
• Most of paper elaborates security reduction from HB+ to LPN
• Implementation of algorithm seems very practical – just linear number of ANDs and XORs and a little noise!– Looks like EPC might be amenable, but…
Further work• Security reduction is concrete, but very loose• What concrete security parameters – key length and
communications complexity – yield adequate security?• Limited model: “We win if counterfeiter detected”
– Assume counterfeiter aims to duplicate tag without alerting verifier, i.e., detection model
– Appropriate for centralized verifier (with DoS controls), e.g., prox cards, casino chips, etc.
– Gilbert, Robshaw, and Sibert demonstrate man-in-the-middle attack in stronger prevention model
– Can HB techniques be extended to prevention model?
Addressing Cloning of EPC Tags
WiSe ‘05
Drug tracing / anti-counterfeiting
Inevitable reliance on EPC tags for anti-
counterfeiting
Made in
Canada
• EPC (Class-1 Gen-2) is easy to countefeit: It’s basically just a wireless barcode! • Tight tracking is useful per se in combating counterfeiting, e.g., via duplicate detection• But integrity of tag is needed where data coordination is loose• What can we do today to prevent cloning of EPC tags?• We can use the “kill” feature!
The kill function
Kill PIN K
“morituri te salutamus”
“Kill” + 32-bit PIN K’K = K’
• Only mandatory EPC security feature is for privacy!• Idea: Cause tags on consumer items to self-destruct before they leave shop
The kill function
Kill PIN K
Bad PIN; [Reset]
“Kill” + 32-bit PIN K’K ≠ K’
• “Kill” authenticates reader, but not very useful for tag authentication since it kills tags!
Low signal strength
Kill PIN K
Bad PIN; [Reset]
K ≠ K’“Kill” + 32-bit PIN K’
Low signal strength
Kill PIN K
• Tag achieves accept/reject function for PINs:– “Good PIN” is accept– “Bad PIN” is reject
Good PIN; insufficient power!
“Kill” + 32-bit PIN K’K = K’
How to authenticate a tagwith low signal strength
Kill PIN K
• If tag accepts K and rejects K’, then tag is good; otherwise bad• Counterfeit EPC tag will fail with high probability• “Intelligent” counterfeit tag succeeds with probability at most ½!
– (Can boost detection probability with more bogus PINs, but expensive)
“Kill” + PIN K
“Kill” + random PIN K’
Implementing this Scheme• Calibrating signal strength from reader would be hard• Manufacturer can exchange privacy kill feature for authentication kill feature
– Just set tag power threshold required for “kill” very high – Tag always thinks signal strength is too low– Still complies with EPC standard, which does not specify power threshold– Does not comply with conformance specifications
• Prob. ½ detection not high for individual clone, but very high for broad supply chain– A little like scheme for detecting fraudulent ballots
• Shortcomings:– Vulnerable to short-range eavesdropping– Limited execution on untrusted readers
• But much better than no authentication!
Conclusions
Welcome to Hell IT Department
Moral 1:Standard crypto modeling fails for cheap RFID
011001010010
Welcome to Hell IT Department
A cheap RFID tag cannot survive here…but worst case often isn’t reality for RFID
011001010010
We need new primitives and flexible modeling
• Low-cost tags will probably not be able to do full-blown crypto for some time– Moore’s Law opposed by pricing pressure…
• Crypto community should not take black and white view, e.g., abandon crypto-challenged tags to wolves (EPC Class-1 type)
• We need new primitives:– E.g., can we build good PRFs with really low gate count, e.g.,
hundreds of gates?• And new modeling:
– What special characteristics do RFID tags present to attackers? • E.g., physical and radio layers
– What security properties can we sacrifice in the real world? • Learning to cut the right corners…
Moral 2“We have not received one reported incident of fraud in the
eight years [the DST] has been used by consumers and we are confident the systems remain secure.”
- Texas Instruments, 10 February 2005
1980: Not one reported incident of a computer virus in the wild
1999: Not one reported incident of a major DDoS attack on the Internet
“This year TI will begin ramping [up] production of its 128-bit encrypted RFID chips first introduced in early 2003…”
Moral 2“We have not received one reported incident of fraud in the
eight years [the DST] has been used by consumers and we are confident the systems remain secure.”
- Texas Instruments, 10 February 2005
1980: Not one reported incident of a computer virus in the wild
1999: Not one reported incident of a multi-pronged DDoS attack on the Internet
• RFID is a new critical infrastructure in the making• We should learn from the history of the Internet, where phishing, spam, etc. are crippling e-commerce• Security community must promote and address security in RFID systems before problems become costly and pervasive
“This year TI will begin ramping [up] production of its 128-bit encrypted RFID chips first introduced in early 2003…”
To learn more
• Primers and current RFID news:– www.rfidjournal.com
• RSA Labs RFID Web site:– www.rsasecurity.com/go/rfid– www.rfid-security.com (unofficial)
• JHU/RSA RFID Web site:– www.rfidanalysis.org
• New survey (and all papers described here) at www.ari-juels.com