Modelling Privacy for Off-line RFID Systems
description
Transcript of Modelling Privacy for Off-line RFID Systems
![Page 1: Modelling Privacy for Off-line RFID Systems](https://reader035.fdocuments.us/reader035/viewer/2022062501/568165b6550346895dd8b4bf/html5/thumbnails/1.jpg)
Modelling Privacy for Off-line RFID Systems
Flavio GarciaRadboud University Nijmegen
together with Peter van RossumRFIDSec 2009
![Page 2: Modelling Privacy for Off-line RFID Systems](https://reader035.fdocuments.us/reader035/viewer/2022062501/568165b6550346895dd8b4bf/html5/thumbnails/2.jpg)
Outline
• Current RFID privacy models• A new model for off-line RFID systems that
considers reader corruption• Forward and self-stabilizing backwards privacy• Protocols• Conclusions
![Page 3: Modelling Privacy for Off-line RFID Systems](https://reader035.fdocuments.us/reader035/viewer/2022062501/568165b6550346895dd8b4bf/html5/thumbnails/3.jpg)
RFID Systems
![Page 4: Modelling Privacy for Off-line RFID Systems](https://reader035.fdocuments.us/reader035/viewer/2022062501/568165b6550346895dd8b4bf/html5/thumbnails/4.jpg)
Current RFID Models
Permanent secure
connexion
• Juels and Weis (2006)• Vaudenay (2007)•Avoine (2005)
Fwd-Privacy
![Page 5: Modelling Privacy for Off-line RFID Systems](https://reader035.fdocuments.us/reader035/viewer/2022062501/568165b6550346895dd8b4bf/html5/thumbnails/5.jpg)
Fwd-Privacy
Safe Un-SafeTime
![Page 6: Modelling Privacy for Off-line RFID Systems](https://reader035.fdocuments.us/reader035/viewer/2022062501/568165b6550346895dd8b4bf/html5/thumbnails/6.jpg)
Narrow-FWD Private protocol [OSK03]
![Page 7: Modelling Privacy for Off-line RFID Systems](https://reader035.fdocuments.us/reader035/viewer/2022062501/568165b6550346895dd8b4bf/html5/thumbnails/7.jpg)
Many real systems are more complex
Periodicconnexion
What kind of security can still be
guaranteed?
More information
on the readers
![Page 8: Modelling Privacy for Off-line RFID Systems](https://reader035.fdocuments.us/reader035/viewer/2022062501/568165b6550346895dd8b4bf/html5/thumbnails/8.jpg)
Consider off-line systems where readers can be compromised
![Page 9: Modelling Privacy for Off-line RFID Systems](https://reader035.fdocuments.us/reader035/viewer/2022062501/568165b6550346895dd8b4bf/html5/thumbnails/9.jpg)
An adversary is a PPTA with access to the set of oracles O:
• CreateReader(R)• CreateTag(T)• Launch(R)• Send(m,A)• Result()• CorruptTag(T)• Sync()O+ = O {DestroyReader(R)}
![Page 10: Modelling Privacy for Off-line RFID Systems](https://reader035.fdocuments.us/reader035/viewer/2022062501/568165b6550346895dd8b4bf/html5/thumbnails/10.jpg)
Fwd and Bwd-Privacy
Safe Un-Safe
Unachievable!
(Unless extra assumptions are made)
Safe
![Page 11: Modelling Privacy for Off-line RFID Systems](https://reader035.fdocuments.us/reader035/viewer/2022062501/568165b6550346895dd8b4bf/html5/thumbnails/11.jpg)
Forward privacy
![Page 12: Modelling Privacy for Off-line RFID Systems](https://reader035.fdocuments.us/reader035/viewer/2022062501/568165b6550346895dd8b4bf/html5/thumbnails/12.jpg)
Self-stabilizing backwards privacy
![Page 13: Modelling Privacy for Off-line RFID Systems](https://reader035.fdocuments.us/reader035/viewer/2022062501/568165b6550346895dd8b4bf/html5/thumbnails/13.jpg)
Forward and Self-stabilizing Backwards Private Protocol (idea)
new day!BO
K ← h(k’+1)K’ ← h(k’)
K ← h(k)K ← h(k)
MAC using k’K to `talk’ with the readerK’ to `talk’ with the BO
![Page 14: Modelling Privacy for Off-line RFID Systems](https://reader035.fdocuments.us/reader035/viewer/2022062501/568165b6550346895dd8b4bf/html5/thumbnails/14.jpg)
Forward and Self-stabilizing Backwards Private Protocol
![Page 15: Modelling Privacy for Off-line RFID Systems](https://reader035.fdocuments.us/reader035/viewer/2022062501/568165b6550346895dd8b4bf/html5/thumbnails/15.jpg)
Forward and Self-stabilizing Backwards Private Protocol
![Page 16: Modelling Privacy for Off-line RFID Systems](https://reader035.fdocuments.us/reader035/viewer/2022062501/568165b6550346895dd8b4bf/html5/thumbnails/16.jpg)
Verify key update
Improvement
![Page 17: Modelling Privacy for Off-line RFID Systems](https://reader035.fdocuments.us/reader035/viewer/2022062501/568165b6550346895dd8b4bf/html5/thumbnails/17.jpg)
Improving synchronization
![Page 18: Modelling Privacy for Off-line RFID Systems](https://reader035.fdocuments.us/reader035/viewer/2022062501/568165b6550346895dd8b4bf/html5/thumbnails/18.jpg)
But still de-syncs if a reader is compromised
Almost there
![Page 19: Modelling Privacy for Off-line RFID Systems](https://reader035.fdocuments.us/reader035/viewer/2022062501/568165b6550346895dd8b4bf/html5/thumbnails/19.jpg)
Improving synchronization
![Page 20: Modelling Privacy for Off-line RFID Systems](https://reader035.fdocuments.us/reader035/viewer/2022062501/568165b6550346895dd8b4bf/html5/thumbnails/20.jpg)
What to do
Take special measures when a reader is compromised.
Only update k’’s in BO if no reader corruption
Con: this extends the privacy lost by one time slot
![Page 21: Modelling Privacy for Off-line RFID Systems](https://reader035.fdocuments.us/reader035/viewer/2022062501/568165b6550346895dd8b4bf/html5/thumbnails/21.jpg)
Conclusions
• model for (off-line) RFID systems in the presence of reader corruption
• forward and self-stabilizing backwards private protocols that uses only hash functions.
• De-sync resilience