securing rfid systems by detecting tag cloning

Securing RFID Systems byDetecting Tag CloningSynchronized Secrets Approach

Mikko Lehtonen, Daniel Ostojic, Alexander Ilic, Florian MichahellesInstitute of Technology Management (ITEM),University of St. Gallen (HSG)Department of Management, Technology, and Economics (DMTEC),ETH ZurichNara, Japan / May 13th, 2009

Click t

o buy NOW!

PDFXCHANGE

www.docutrack.com Clic

k to buy N

OW!PDFXCHANGE

www.docutrack.com

http://www.docu-track.com/index.php?page=38


© ETH / HSGSynchronized Secrets / Mikko Lehtonen et al. /May 2009

Slide 2

Agenda

§ Introduction

§ Synchronized secrets

§ Level of security

§ Implementation

§ Conclusions

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Slide 3

Radio frequency identification (RFID) in a nutshell

Source: Floerkemeier/Lampe

§ RFID tags are “leaves”of pervasivesystems

§ EPCglobal vision: replace barcodeswith 5¢ tags

– Openloop, industrywide networks

– Security comes only afterwards

§ Frequencies– 13.56 MHz, 862956 MHz, 2.45 GHz

§ Reach– Up to 7 m

§ Tag Energy– Passive

§ Applications– Visibility for supply chain

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Slide 4

Many RFID applications need security…

Access control Ticketing

AntiCounterfeiting

Mobile payment

Supply chain security

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Slide 5

… but lowcost tags are not secure against copying

§ Lowcost RFID tags will be deployed in billions

§ Only very few resources (transistors, electric power) for security

§ E.g. EPC Class1 Gen2 tags– EPC = Electronic Product Code (64 bits / 96 bits)– PWD = Access password (32 bits)– TID = Transponder ID (32 bits / 64 bits)

500.001.001

EPC

TID

111.222.333

Tag A

500.001.723EP

CTI

D

Tag B

111.222.333

= rewritable memory

= readonly memory

PWD

PWD

632.267.796632.267.796

Skimming

Eavesdropping,Brute force

Reprogramming?Impersonation device

500.001.001Copied Tag

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Slide 6

Security is a process

Prevention(Cost to break)

Detection(Detection rate)

Response(Expected fine)

RFID Security§ TID, ACCESS§ Lowcost crypto1

(XOR, Hash, PRNG)§ Strong crypto2 (AES,

ECC)§ Physical Unclonable

Function3 (PUF)

RFID Security§ White lists / black lists§ Intrusion detection4

§ Track and tracechecks5

Best practices§ Confiscation / seizures§ Prosecution§ Ending business

relationships

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Slide 7

Agenda

§ Introduction



§ Implementation

§ Conclusions

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Slide 8

Detecting tag cloning with synchronized secrets

§ Alarm = tag cloning attack has occurred– But: Alarm the tag that raised an alarm is the cloned one

§ Minimalist tag hardware requirements: 32 bits EEPROM

§ Pinpoints time window of cloning

§ Same principle proposed for ownership transfer6, access control7

509t3111.222.333

928t2111.222.333

…

STimeID

928S

Tag

111.222.333ID

Backend system

S (new)

ID, S

= rewritable memory

509 Match?

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Slide 9

Example: Anticounterfeiting

WholesalerManufacturer Distributor Hospital

ID509012

509 = 509 OK012 = 012 OKnew secret

677

Backend

677 012 ALARM

ID

509 012 677new secret

Tag co

pying

attac

k

counterfeit

ID012

Investigatio

n

CounterfeitManufacturer

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Slide 10

Vulnerabilities and countermeasures

Permalock ID numbers, protect synchronizedsecret with ACCESS password

Adversary tampers with the tagmemory (denial of service)

Hold the readers in a secure environmentAdversary spoofs genuine tags(denial of service)

Use strong mutual readertobackendauthentication (trusted readers, PKI)

Adversary impersonates backend orperforms man in the middle betweenreader and backend

Use long enough synchronized secrets(e.g. 32 bits, guessing probability 2 x 109)

Adversary guesses the synchronizedsecret

CountermeasureVulnerability

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Slide 11

Agenda

§ Introduction



§ Implementation

§ Conclusions

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Slide 12

Level of security

§ Security ~ Detection of cloned tags = function(scan rate, attack delay)– Prevention rate = Probability(Case 1)

– Detection rate = Probability(Case 1 OR Case 2)

timeCase 1: Cloned tagraises an alarm

timeCase 2: Genuine tagraises an alarm

timeCase 3: No alarm

A

ACloning attack

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Slide 13

Mathematical model of the level of security

Analytical solution for prevention rate

Θ:yprobabilitscanningRe:ion)impersonat to(cloningdelayAttack

:scansbetweenTime

attack

update

TT

<−⋅Θ= 02

Pr)1CasePr( attackupdate TT

),(~),,(~: variablesddistributenormallyAssuming

22attackattackattackupdateupdateupdate NTNT σµσµ

( )

+−

<⋅Θ=

22

4,

2~

where,0Pr)1CasePr(

attackupdate

attackupdateNZ

Z

σσ

µµ

Θupdateattack µµ −

10...05

222

==

==

attack

update

attackupdate

µµ

σσ

Illustration of the analytical solution

“Attackeris slow”

“Genuinetag always

rescanned”

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Slide 14

Time (after last scan) / hour

Prob

abili

ty(s

ame

tag

is sc

anne

d ag

ain)

Evaluation in an RFID access control application8

Benchmark: Deckard4

63% Detection rate(@ 4% False alarm rate)

Prevention rate,Pr(Case 1)

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Slide 15

Quantitative evaluation in an RFID access controlapplication

10

10

5

6

# Cloned tagsdetected

10

10

256

375

# Manualverifications

6Hit rate 63.0%Falsealarm rate 3.7%

Benchmark (Mirowskiet al. 2007)4,8

5Hit rate 46.3%Falsealarm rate 2.5%

Benchmark (Mirowskiet al. 2007)4,8

7Prevention rate 72%Detection rate 99.15%

Synchronized secrets(24h attack delay)8

4Prevention rate 41%Detection rate 99.15%

Synchronized secrets(2h attack delay)8

# Cloned tagsprevented

ParametersMethod

A1: 10,000 tags scanned, 10 of which are clonedA2: Each alarm leads to a manual verification

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Slide 16

Agenda

§ Introduction



§ Implementation

§ Conclusions

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Slide 17

Implementation on offtheshelf RFID hardware

EPC Gen2 tag

+ backend webserverwith MySQL database

CAEN A828EU UHF Reader

Antenna

§ Standard lowcost RFID

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Slide 18

Time measurements

§ Protocol increases a tag’s processing time by 180% (309 msè 864 ms)

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Slide 19

Agenda

§ Introduction



§ Implementation

§ Conclusions

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Slide 20

Conclusions

§ Detectionbased security method applicable for RFIDtags used in today’s supply chains

§ Implemented on offtheshelf hardware, analyzed witha mathematical model & by benchmarking

§ A high scan rate provides a high level of security

§ Disadvantage is possible delay before alarms,advantage is a small number of manual checks

§ Can be applied where tags are repeatedly scanned, butcompanies need a consensus of a common backend

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com




Slide 21

You’re welcome to participate!

Securing Supply Chain with AutoIDLessons Learned from the SToP Project

27.5.2009, Zürich, Switzerlandwww.SToPproject.eu/Conference

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com

http://www.SToP-project.eu/Conference




Slide 22

Thank you for your attention!

Securing RFID Systems by Detecting Tag CloningSynchronized Secrets Approach

Mikko LehtonenETH Zurich, Information ManagementPhone: +41 44 632 8624Fax: +41 44 632 1045EMail: [email protected]

1 Juels, A.: Minimalist cryptography for lowcost RFID tag. In: Blundo, C., Cimato, S. (eds.) International Conference on Security in CommunicationNetworks SCN 2004. LNCS, vol. 3352, pp. 149164, Springer, Heidelberg (2004)2 Batina, L., Guajardo, J., Kerins, T., Mentens, N., Tuyls, P., Verbauwhede, I.: An Elliptic Curve Processor Suitable For RFIDTags. Cryptology ePrintArchive, Report 2006/227 (2006)3 Devadas, S., Suh, E., Paral, S., Sowell, R., Ziola, T., Khandelwal, V.: Design and Implementation of PUFBased "Unclonable" RFID ICs for AntiCounterfeiting and Security Applications. In: IEEE International Conference on RFID 2008, pp. 5864 (2008)4 Mirowski, L., Hartnett., J.: Deckard: A System to Detect Change of RFID Tag Ownership. International Journal of Computer Science and NetworkSecurity, 7(7) (2007)5 Lehtonen, M., Michahelles, F., Fleisch, E.: How to Detect Cloned Tags in a Reliable Way from Incomplete RFID Traces. In IEEE RFID 2009 Conference,Orlando, Florida, April 2009.6 Ilic, A., Michahelles, F., Fleisch, E.: The Dual Ownership Model: Using Organizational Relationships for Access Control in Safety Supply Chains. In: IEEEInternational Symposium on Ubisafe Computing (2007)7 Grummt, E., Ackermann, R.: Proof of Possession: Using RFID for largescale Authorization Management. In: Mhlhuser, M., Ferscha, A., Aitenbichler, E.(eds.) Constructing Ambient Intelligence, AmI07 Workshops Proceedings. Communications in Computer and Information Science, pp. 174182 (2008)8 Mirowski, L., Hartnett, J., Williams, R., Gray, T.: A RFID Proximity Card Data Set. Tech. Report University of Tasmania (2008).

Click t

o buy NOW!

PDFXCHANGE


k to buy N

OW!PDFXCHANGE

www.docutrack.com



securing rfid systems by detecting tag cloning

Documents