Overview of the latest in RFID Research at the Auto-ID Lab ...

Overview of the latest RFID Research21st March 2007 1

Overview of the latest RFID Researchat Auto-ID Lab, ADELAIDE

Alfio Grasso

Deputy Director, Auto-ID Lab, Adelaide

2

AUTO-ID LABS

Overview of the latest RFID Research21st March 2007

Overview

Auto-ID Lab, Adelaide

Security Anti-Counterfeiting and Security Authentication Lightweight Cryptography

Specialised RFID Tag Antenna Design

Conclusions


Adelaide, Auto-ID Lab

4

AUTO-ID LABS


The Auto-ID Laboratories

5

AUTO-ID LABS


Auto-ID Labs

One of 7 Auto-ID Labs around the world MIT, USA Cambridge, UK Adelaide, Australia Keio, Japan Fudan, China St Gallen, Switzerland ICU, Korea

6

AUTO-ID LABS


Three entities

Auto-ID Lab EPCglobal research

via sub-award from MIT

RFID Automation Contract Research

Eight Consultancies One Research Contract One Research Project

Australasian Adoption Research Initiative RFID adoption, Networking, Resources

7

AUTO-ID LABS


Contract ResearchSeparate from the EPCglobal funded work

Commercial Infrastructure Adelaide Research & Innovation Pty Ltd

Intellectual Property Protection

Pork CRC Research Contract

Joint Strike Fighter

8

AUTO-ID LABS


Auto-ID Lab, Personnel

Prof. Peter Cole

Mr. Alfio Grasso

Dr. Behnam Jamali

Mr. Damith Ranasinghe

Mr. Kin Seong Leong

Ms. Mun Leng Ng

Mr. Raja Ghosal

Mr. Manfred Jantscher (visiting)


Anti-counterfeiting and SecurityAuthentication

Lightweight Cryptography

10

AUTO-ID LABS


Auto-ID Labs

In 2006 Global Auto-ID Labs launched the Flagship ProjectAnti-Counterfeiting and Secure Supply-Chain Focuses on protection against counterfeiting and

on product traceability. The main emphasis is on EPC technology without

neglecting other methods. In addition to the technology, topics include the

impacts on processes within an enterprise, the assessment of customer acceptance and the analysis of business cases in order to examine operational efficiency.

http://www.autoidlabs.org/publications/page.html

11

AUTO-ID LABS


RFID Channels

Insecure communication channel

Authorised Interrogator

Powering channel

Forward channel (Reader to Tag commands)

Backward channel (Tag to Reader responses)

LegitimateTag

Physical channel

12

AUTO-ID LABS


Security and Privacy Concepts

Security aims Confidentiality Integrity Authentication Non-reputation Availability

Privacy aims Anonymity Unlinkability

13

AUTO-ID LABS


Security Models

Unconditional security Perfect security, assumes unrestricted computational power of an

adversary

Computational security No known algorithm to break it within polynomial time

Practical security No breaking algorithm within N operations, with N chosen to be high.

Modern primitives offer practical security.

Provable security Possible to show the complexity of breaking a primitive is equivalent to

solving a well know supposedly hard mathematical problem

14

AUTO-ID LABS


Security Services

Confidentiality Only authorised parties receive information

Authentication The ability of a party to be sure the message is from a claimed source

Integrity Assures us a message is not altered on the way

Non-reputation Proof of transmission and reception

Access Control Restricts and controls access to a system

Availability Provides means to assure a system is available when needed

15

AUTO-ID LABS


Attacks

Ciphertext-only attack

Known-plaintext attack

Chosen-plaintext attack

Adaptive chosen-plaintext attack

Chosen-ciphertext attack

Adaptive chosen-ciphertext attack

Known-key attack

Man-in-the-middle attack

Replay attack

Impersonation attack

Dictionary attack

Incomplete session attack

16

AUTO-ID LABS


Some Security IssuesEavesdropping

Corporate espionage. Victim of theft

Cloning and Physical attacks Fraud: counterfeiting RFID-labeled items. Theft: replace merchandise with decoy label.

Denial of service. Corrupt data with fake tags. Disrupt RFID-dependent infrastructures.

Communication layer weaknesses Insecurities from tag generated random numbers Power analysis of the powering channel

17

AUTO-ID LABS


Some Privacy Issues

Profiling Identify a person’s interest by the RFID items they carry

Tracking Any RFID item can potentially identify the person If a payment is made via a credit card, any tags on that

person can be used to identify that person, and track them Once the identity is known they can be tracked. RFID enabled currency can be used to determine cash on a

target.

18

AUTO-ID LABS


RFID Security Framework

Low cost labels. 200-4000 gates available for security (cost limitation). Time available for operations : 5 -10 ms. Label reading speeds: 1000-1500 labels/s. Data transmission rates: in the order of 100kbps. Labels reveal their presence through a non-identifying signal.

The long term security of label contents can not be guaranteed.

Power utilization of security related silicon should not exceed the tag power consumption range of 50-100 microwatts.

19

AUTO-ID LABS


Initial Proposals

Kill tags at checkout. Customers may want to build applications.

Erase unique identifiers at checkout. Still allows tracking by tag “constellations”.

Restrict and detect unauthorized reads. Cheap to build, hard to always detect. Some scope is found with security schemes

designed with reader distance based trust

Use strong cryptography to protect tags. Too expensive for low-cost (5-cent) tags.


Cryptography

21

AUTO-ID LABS


Kerchoff’s principle

Do not rely on keeping an algorithm secret. Even if you think no one will think of it, someone almost

certainly will.

Publish an algorithm but keep the key secret. That key should be chosen from amongst a large

number of possible keys, that could be used.

Have some mathematical foundation for the belief that it will be hard to extract the key from what can be overheard.

22

AUTO-ID LABS


Shannon insights

Add confusion and diffusion Confusion: encoding the information,

e.g. Swapped (A -> X), shifted (A +3 =D), or

Ac (mod p), Diffusion: spreading the information,

adding redundant information, or noise

23

AUTO-ID LABS


Public Key Cryptography

Public key ciphersExamples RSA Diffie-Hellman ECC

Digital signatures These form the second group of keyed cryptographic tools.

Based on key pairs instead a single shared key. Only one key need be kept secret. Sometimes called asymmetric key systems. The receiving party issues the public encrypting key and keeps to itself the decrypting key.

24

AUTO-ID LABS


Public Key Encryption

The key pair used in the example is the secret key SBob of Bob and the public key PBob of Bob.

c = E(PBob, m) Channel m = D(SBob, c)

PBob, c

Alice

Eve

BobPBob PBob

c c

25

AUTO-ID LABS


Precautions needed

In practice P is prime of 300 digits and a and b are at least 100 digits long

Is vulnerable to man in the middle attack

Cure is to digitally sign what is sent if a public key infrastructure is available, or use a pre-shared password.

26

AUTO-ID LABS


Elliptic Curve Cryptography

Uses the discrete log problem but over a finite abelian group of points x, y on an elliptic curve y2 = x3 + a*x + b mod (p)

ECC keys can be shorter for the same security when compared with other systemsNo mathematical proof of the difficulty has been published but the scheme is accepted as a standard by USA National Security Agency.Keys must be large enough.

A 109 bit key has been broken (roughly same security to RSA 640)

160 bits ECC - same security as RSA 1024 bits. 224 bits ECC - same security as RSA 2048 bits.


One Time Codes

28

AUTO-ID LABS


Need for something simpler

RFID tags cannot support the computing burdens of the usual systems that are supported by significant computing power at both ends of a communication link, nor even of the lightweight protocols listed above.

There is a need for something significantly simpler

One Time Codes Only proven security method by Shannon Entropy

(1949) Provides Perfect Secrecy

29

AUTO-ID LABS


One time codes: 1

Have available a set of purely random numbers in the tag and matching tag dependent number in a secure data based

Some are to authenticate the tag to a reader, some to authenticate a reader to a tag, some might be to permit authenticated change of tag identity to prevent trace of items

Use certain of these to XOR with tag identities to disguise them from eavesdroppers.

30

AUTO-ID LABS


One time codes: 2

Need a large supply to cater for many authentications

Options Reserve a pair for final authentication by end user Recharge in a secure environment Assume an eavesdropper cannot be every where

and use old codes for identity change for fresh reader or tag authentications

Better to use a shrinking function


Shrinking Generators

32

AUTO-ID LABS


The Shrinking Function

Two linear shift registers, A (data) and S (sampling), with different seeds, clocked together.

Outputs are combined as follows If S is 1, output is A If S is 0, there is no output and another clock is applied

This scheme has been resistant to cryptanalysis for 12 years.

No known attacks if feedback polynomials are secret and registers are too long for an exhaustive search.

33

AUTO-ID LABS


Shrinking Generator

Shrinking Generator Minimal hardware complexity Shrink the output from LFSR R1 Produce irregular sequence K Practical alternative to a one time pads Known attacks have exp time complexity Keep connection polynomials secret Use maximum length LFSRs

LFSR R2

LFSR R1

Output (K)CE CLK

D QBuffer

Clock


Physically Uncloneable Functions in RFID

35

AUTO-ID LABS


Simple challenge-response protocol

Reader chooses a challenge, x, which is a random number and transmits it to the label.

The label computes and transmits the value y to the reader (here e is the encryption rule that is publicly known and K is a secret key known only to the reader and the particular label).

The reader then computes .

Then the reader verifies that .

)(' xey K

yy '

)( xey K

36

AUTO-ID LABS


A lightweight primitivePhysically Uncloneable Functions Easy to compute but hard to predict Alternative to storing keys on insecure hardware devices

f(c1,c2,c3,…,cm, k) {c1,c2,c3,…,cm}

}1,0{),. . . ,,,( 321 ncccccwhere

{r}

}1,0{),...,,,( 321 mrrrrr

k ={ gate and wire delay variations due to IC fabrication process variations}

37

AUTO-ID LABS


• Use of PUFs on RFID tags to securely store keys• 800 challenge-response pairs to uniquely identify over

109 chips

c 0 c 1 c 2 c 6 1 c 6 2 c 6 3

01

S w i t c h c o m p o n e n t

A r b i t e r

c i = 0 c 0 = 1

S w i t c h c o m p o n e n t o p e r a t io n

0

A r b i t e r o p e r a t i o n a s t h e r a c e b e t w e e n t h e s i g n a l e n d s a s t h e

a r b i t e r

A r b i t e r

A r b i t e r

1

PUF structure

38

AUTO-ID LABS


Tag authenticationUse sets of challenges and responses to authenticate tags

The response bit string can be compared with that stored in a secure database

Similarly to a one time pad, challenges can not be used again

39

AUTO-ID LABS


Backend support

A secure backend database is required to store challenge response pairsA secure method of distributing challenge response pairs are requiredLabels need to be characterised prior to deployment

40

AUTO-ID LABS


Lightweight hardware

Use XOR operation to allow challenge sets to be reused simple to implement and low computation complexity

41

AUTO-ID LABS


Mutual authentication

Use Reader generated Random numbersReuse hardware on tag (CRC generator)Achieves mutual authentication and prevents unauthorised users from obtaining tag EPC


Specialised RFID tag antenna design

Tag ConstraintsSmall UHF Animal Ear Tag (pigs)Small HF Animal Ear Tags (pigs, sheep)Compact Metal Mount Tags (UHF)Dual Frequency Tag Antennas

43

AUTO-ID LABS


RFID Tag Constraints

Consist of

Basic requirement:- Compact- Reliable- Inexpensive

M ATCHINGNETW O RK

RFID CHIP(LO AD)


Small UHF Animal Ear Tags

45

AUTO-ID LABS


A Simple Loop Antenna

Front view

Back view

46

AUTO-ID LABS


UHF ear tag


Small HF Animal Ear Tags

48

AUTO-ID LABS


HF ear tag


Compact Metal Mount UHF Tag

50

AUTO-ID LABS


Metallic EnvironmentMetallic Environment Surrounding

Warehouses full of metallic shelves Industrial area with heavy machinery

Object to be identified Canned food Metallic mechanical parts Metallic beer kegs

Challenge To get sufficient fields to reach RFID tag antenna near

metal.

51

AUTO-ID LABS


Common Tag for Metallic Objects

Conventional planar passive UHF RFID tags not suitable for metallic item identification.

Existing RFID tags Normally big in area. To be small, need high dielectric constant

substrate which may be expensive.

52

AUTO-ID LABS


Design Concept

Small in size Hrec = 10 mm, Lrec = 25 mm, Wrec = 5 mm

Exploits the theory of boundary conditions for better performance

53

AUTO-ID LABS


Compact UHF Metal Mount Tag

The UHF antenna design for tagging metallic objects

Small top loaded monopole above a ground with a series inductor to achieve a reasonable match to the RFID chip impedance.


Dual Frequency AntennaUHF and HF

55

AUTO-ID LABS


Dual Frequency Antenna

Supply Chain uses UHF Range

Some Item Level Tagging application require HF Local Fields (reduced read range) No known impact on materials,

Pharmaceuticals

Both UHF and HF Item Level Tagging workgroups defining an air interface protocol that is functionally equivalentChip designs may soon be released that conform to both EPCglobal’s HF and UHF specificationsNeed for a two port dual frequency antenna

56

AUTO-ID LABS


Concept

Merge HF loop antenna and UHF dipole antenna, by providing a matching circuit Transforms the UHF short circuit present at

the HF antenna terminals to an open circuit at the UHF dipole

HF antenna consists of overlapping coils to provide capacitance

Gap on UHF antenna prevents short of HF antenna, but strip on underside provides a UHF path.

57

AUTO-ID LABS


Practical Example


Conclusions

59

AUTO-ID LABS


Conclusions

Auto-ID Lab, Adelaide setup to provide assistance to Australasian Industry in adopting EPCglobal technologyCurrent research directed to RFID solutions in security, authentication, and anti-counterfeiting

Public Key Cryptography and or Secret Channel, Symmetric Key, (eg: DES, newer AES) are all well established but cannot be applied, directly to RFID tags

Severe cost constraints and other limitations restrains the use of complex security engines

Some approaches using one time codes, PUFs and shrinking functions are promising.

Vulnerabilities are still being researched.

Active research and development in small UHF and HF tag antennas


Most papers and presentations on our website

http://autoidlabs.eleceng.adelaide.edu.au/researchpapers.htm


Questions

62

AUTO-ID LABS


Further Information

Alfio Grasso

Deputy Director

Auto-ID Lab, Adelaide

University of Adelaide

Web: autoidlab.eleceng.adelaide.edu.au/

Email : [email protected]

Ph: +61-8- 8303 6473

Mob: +61 402 037 968

Overview of the latest in RFID Research at the Auto-ID Lab ...

Business

Transcript of Overview of the latest in RFID Research at the Auto-ID Lab ...