COVER PAGE SUBTITLE PLACEHOLDER

COMPANY CONFIDENTIAL

UCODE DNA A breakthrough in UHF security

BU Security and Connectivity

30 April 2015

Training

► Brief introduction to UHF technology

► Approaches to security in UHF based systems

► New UCODE DNA product introduction

• Security innovations

• Target applications and use cases

• Features and functionalities

• Product support

Content

2

Training

BRIEF INTRODUCTION TO UHF

TECHNOLOGY

Training

► Generic term for contactless communication technology

► RFID uses radio waves to exchange data between an

RFID reader (transceiver) and an RFID tag (transponder)

► Various operating ranges

Proximity (few cm), Vicinity (1m), Long Range (several m)

► Various frequencies depending on the application

LF (120-150 KHz), HF (13.56 MHz), UHF (860 to 960 MHz),

Standardized in ISO18000

► Many different applications

Animal identification, logistics control, car immobilizer,

payments, access, personal identification …

RFID: Radio Frequency Identification Principles

4

Training

Low frequency (125kHz/134.2kHz)

Read Range ~ 1.2m

Inductive coupling

RFID technologies comparison

5

High frequency (13.56MHz)

Read Range ~ 10cm - 1.5m

Inductive coupling

Ultra high frequency (840-960MHz)

Very long read ranges of up to 10+m

Standards EPC Class 1 Gen2

ISO 18000-6 Item Management

EM – wave propagation

Solution of choice for long reading distances

4 billion UHF tags sold yearly!

Training

► 1940s-50s: RFID research started. Early form

of RFID

► 1960s: prelude of RFID explosion. Much

research and many inventions.

► 1970s: explosion and growth of RFID

systems. First patents of active and passive

transponders.

► 1980s: commercialization of first RFID

systems.

► 1990s: RFID becomes mainstream. UHF

technology developed.

► 2000s: EPCGlobal founded and Class1,

Class0 air interface standards released.

Currently there are more than 4 billion UHF

tags sold every year!

UHF technology review

6

Joint Technical Committee (JTC) 1

SC 31 “Smart Labels”

WG 4 “Item Level Mgt”

SG3 / SG6 “Air Interface”

ISO/IEC 18000

EPC

HF/UHF

UHF EPC Gen 2

► ISO/IEC 18000 started around 2000.

► EPCGlobal delivered EPC Gen2 in 2008.

► ISO/IEC integrated UHF EPC Gen2 into ISO 18000-6

as mode C in 2009.

Training

UHF technology applications

7

Use case:

► Brand protection

► Taxation, identification of

faked products

IC features offered:

► Memory, tag tamper alarm

Product

Authentication

Use case:

► Theft (EAS)

► Inventory control

► Brand protection

► Supply chain

management

IC features offered:

► ReadProtect, EAS,

tamper alarm

Retail Supply

Chain management

Use case:

► Device configuration

► Authentication, brand

protection

► Production control, PCB

tagging

► Theft

IC features offered:

► Digital switch, data transfer

Consumer

Electronics

Use case:

► Supply chain

management

► Brand protection

► Inventory control

► Theft

IC features offered:

► Read Protect, EAS,

tamper alarm

FMCG

Training

APPROACHES TO SECURITY

IN UHF BASED SYSTEMS

Training

► Current solutions have a compromise on security vs read range.

Smartcard (HF) solutions offer high end security features -> read range is limited due to HF technology

UCODE (UHF) solutions offer large read ranges -> security features are limited (TID, Password protection)

UHF security

9

Security

Read range

UCODE

Smartcards

ICODE

HF

UHF UCODE

DNA

Training

► Where does the security come from?

Electronic, machine-readable content

Content programmed by authorized

parties only

► Example:

UID on RFID tags

► Where is the flaw?

Nowadays we share the world with

“machines”

Content can be emulated

Security without any secrets

10

Low

security

High

security

Training

► Where does the security come from?

We have an electronic, machine-readable secret

Secrets are shared only with a limited number of privileged

parties

► Example:

Access Password (diversified or not)

Custom Commands

Proprietary Protocols

► Where is the flaw?

Passwords gets transmitted over RF

One can “listen in”, “read it” and then later on use it

If diversified, read many and reverse it

Custom Commands, once transmitted, can also be

replicated / emulated

Security with secrets which are in plain

11

Low

security

High

security

Training

► Where does the security come from?

Secrets not only electronic and machine-readable

but also encrypted

Meaning: I write “XZR125N” but I mean “NXP

RFID”

► Example

Encrypted user memory

Static digital signature (diversified or not, even

when based on crypto keys)

► Where is the flaw?

Secrets are still transmitted over RF (the same

secret every time = static)

I can still read “XZR125N”

Once I read it, I can emulate it (replay attack)

and/or I can reverse engineer it

Security with secrets which are encrypted

12

Low

security

High

security

Training

► Where does the security come from?

All of the above still applies

electronic, machine-readable,

programmable by authorized parties only

and diversified secrets

► Key difference comes from the fact that secrets

are never transmitted!

What gets transmitted is a different message in

every transaction (=dynamic)

No emulation possible (what do you emit if

message is different every time)

No reverse engineering possible (what you do not

know, you cannot break)

Security based on cryptographic authentication

13

Low

security

High

security

Training

► Only security based on cryptographic authentication offers protection against common attacks

Security approach comparison

14

Protected against… …eavesdropping? …emulation? …reverse engineering?

Security w/o secrets No No No

Security w/ plain secrets No No No

Security w/ encrypted secrets No No No

Security based on cryptographic

authentication Yes Yes Yes

Training

► Security based on cryptographic authentication

► Security with secrets which are encrypted

► Security with secrets which are plain

► Security without any secrets

The first three approaches are not considered “real” security

15

First three methods are based on

simple electronic protection

I write static data to memory…

I read out the same static data from

memory…

During data transmission someone

“eavesdrops”…

Once static data is intercepted, system is

vulnerable…

Low

security

High

security

Training

► Security based on cryptographic authentication

► Security with secrets which are encrypted

► Security with secrets which are plain

► Security without any secrets

UHF Security approach

16

True security comes only from

cryptographic authentication

There is no simple read / write operation

involved…

Each transmission generated based on

new computation…

Each transmission is different from any

other transmission…

The secrets which are the basis for

computations never transmitted Low

security

High

security

Training

► NXP has more tan 20 years of track record and leadership experience in

Securing transactions and identities in close to 100 countries

Well over 2B pcs of eGov and eBanking smartcards shipped

Close to 800 cities worldwide rely on eTicketing Solutions from NXP

► Common to all of these applications: high end security but only at short distance (proximity smartcard technology <10cm)

Cryptographic authentication solutions

17

Bank Cards Smart Mobility

(MIFARE) Cards

eGovernment

#1

Training

UCODE DNA PRODUCT INTRODUCTION

Training

NXP presents: Passive UHF tag IC with cryptographic authentication

19

world-leading

long range

contactless performance

cutting-edge

security implementation

for tag authentication

All based on international standards

* GS1 (EPCglobal™ Inc.) UHF RFID Generation-2 Version 2.0

** ISO/IEC 29167-10 for proof of origin based on AES (Advanced Encryption Standard)

Training

UCODE DNA goes beyond the unexpected and into the revolutionary new features

20

The expected

Standard Gen2 Perks

Serial TID (96b)

EPC (up to 448b)

Kill & Access PWs (32b each)

Top notch RF Performance

15m range on a license plate

10m range on a windshield label

The unexpected

User Memory

3kb - with BlockPermalock

The extras

Privacy Protection

The revolutionary

Security

two 128b AES keys + AES digital core for crypto authentication

Trust Provisioning service offering for hassle-free deployment

Training

► Kill PW set and diversified

(PWTID = f(TID, MasterPW))

► Access PW set and diversified

(PWTID = g(TID, MasterPW))

► Reliable AES keys generated, diversified and Inserted

(KEYTID = AES(TID, MasterKey))

If you care about security… you need to have

21

Training

► Generate master passwords for Kill and Access

► Derive individual Kill and Access passwords for each tag separately

► Insert Kill and Access passwords into each tag individually

► Generate AES master keys

► Derive all unique and tag-specific AES keys and insert them

UCODE DNA: Trust provisioning from NXP

22

All this can be done by NXP TRUST PROVISONING

delivering UCODE DNA ready to use

Training

► There are number of applications where combination of high read

range with cryptographic security brings value:

automatic vehicle identification (e.g. electronic toll collection)

visitor / staff access control and location service (e.g. at theme parks)

visitor classification and pre-processing (e.g. at border crossings)

retail SCM / brand protection (e.g. expensive wines or branded fashion items)

asset tracking (e.g. for high value assets)

UCODE DNA: applications and use cases

23

Training

Automatic Vehicle Identification

► UCODE DNA allows us to...

Reliably

Cost effectively

Securely

► Identify vehicles in various traffic situations

► Use cases

Electronic toll collection

Access control to gated parking facilites

Law enforcement

Fleet management

24

Please check upcoming Automatic Vehicle

Identification webinar!

Training

Crowd management

► UCODE DNA provides cryptographic features to

uniquely identify individuals in large crowd situations

► Theme parks to have a real time visitor dynamics

► Border control for preprocessing of individuals

► Concerts & Festivals for easy Access control

25

AES key 1 – Group key (unique across group of tags)

AES key 2 – Tag key (unique per tag)

Privacy

Security

Training

Retail brand protection and Asset tracking

► UCODE DNA cryptographic authentication features

allows to protect high value assets and high end

brands.

► Dangerous goods can now obtain the highest

level of protection through UCODE DNA.

► High end brands can now protect their goods

through strong cryptographic protection.

26

Training

► Designed in accordance with GS1™ UHF RFID Gen2 v2.0 [Annex N, Tag Alteration (Authenticate)]

► AES (Advanced Encryption Standard) cryptographic authentication according to ISO/IEC 29167-10

► Up to 3 kb of user memory with BlockPermalock

► 96-bit unique tag identifier (TID), factory-locked with 48-bit unique serial number

► Up to 224-bit EPC

► 32-bit kill password and 32-bit access password

► Innovative functionality

Tag authentication via 128-bit AES unique crypto key

Privacy protection via Untraceable command and 128-bit AES group crypto key

Trust Provisioning for Secure Secrets

► READ sensitivity: -19 dBm

► AES authentication sensitivity: -18 dBm

► WRITE sensitivity: -11 dBm

► WRITE speed: 32 bits per 1.5 milliseconds

UCODE DNA Product features

27

Training

PRODUCT SUPPORT

Training

Product support

► Documentation:

Datasheet available in Docstore: https://www.docstore.nxp.com

Docstore registration requires NDA with NXP -> please contact your NXP representative

► Delivery types

► Reusage of UCODE7 antennas possible as a starting point

Require optimization for best RF performance

► Partners offering labels and license plates with UCODE DNA

29

Training

WRAP UP

Training

Conclusion

31

► UCODE DNA tag IC brings security to passive UHF RFID.

► Combines expectional long-range contactless

performance with cutting-edge cryptographic security

implementation for tag authentication.

Training

Time for

Q & A

32

UCODE DNA - a breakthrough in UHF security Carlos Paternain (Speaker) / Eric Leroux (Host)

Training

MobileKnowledge Thank you for your attention

33

► We are a global competence team of hardware and

software technical experts in all areas related to contactless

technologies and applications.

► Our services include:

Application and system Design Engineering support

Project Management

Technological Consulting

Advanced Technical Training services

► We address all the exploding identification technologies that

include NFC, secure micro-controllers for smart cards and

mobile applications, reader ICs, smart tags and

labels, MIFARE family and authentication devices.

www.themobileknowledge.com

For more information

Eric Leroux

eric.leroux@themobileknowledge.com

+34 629 54 45 52

Training 34

Thank you for your kind attention!

► Please remember to fill out our evaluation survey (pop-up)

► Check your email for material download and on-demand video addresses

► Please check NXP and MobileKnowledge websites for upcoming webinars

and training sessions

www.nxp.com/products/related/customer-training.html

www.themobileknowledge.com/content/knowledge-catalog-0

UCODE DNA - a breakthrough in UHF security Carlos Paternain (Speaker) / Eric Leroux (Host)