Secure Ownership and Ownership Transfer in RFID Systems€¦ · Introduction Ownership Ownership...

IntroductionOwnership

Ownership TransferExample

Conclusion

Secure Ownership and Ownership Transferin RFID Systems

Ton van Deursen1 Sjouke Mauw1 Sasa Radomirovic1

Pim Vullers1,2

1University of Luxembourg, Luxembourg.{ton.vandeursen, sjouke.mauw, sasa.radomirovic}@uni.lu

2Radboud University Nijmegen, The [email protected]

European Symposium on Research in Computer Security23th September 2009

T. Van Deursen, S. Mauw, S. Radomirovic, P. Vullers Secure Ownership and Ownership Transfer in RFID Systems



Conclusion

Outline

1 Introduction

2 Ownership

3 Ownership Transfer

4 Example

5 Conclusion




Conclusion

Introduction: Radio Frequency Identification

RFID tags are used to replace bar codes

Storing additional data is also possible

Secure communication between reader and computer

Insecure wireless communication between reader and tag




Conclusion

Introduction: Ownership Transfer

RFID tags have many differentowners within a supply chain

Future use, say in smart fridges,also involves consumers

What is an owner?




Conclusion

Introduction: Supermarket Scenario

Running example

1 RFID tags

Tagged Products

2 RFID readers

Supermarket Reader: Cashier (Checkout)Customer Reader: You (Cell phone)




Conclusion

Outline

1 Introduction

2 Ownership


4 Example

5 Conclusion




Conclusion

Physical and Virtual Ownership




Conclusion

Two Views of Ownership: System View

System View

Ownership is the ability to execute a test protocol.

An agent which is able to successfully execute a test protocol is atag owner.

Definition (Tag Owner)

An agent R is owner of tag T with respect to test protocol P insystem state s, denoted by ownsP(R, T , s), if and only if

∃t∈traces(P,s) ∀r∈runsof(t) success(r , t).




Conclusion

Two Views of Ownership: Agent View

Agent View

Ownership is the belief of owning a tag.

An agent which believes it owns a tag is a tag holder.

Definition (Tag Holder)

The belief of an agent is modelled by a variable.




Conclusion

Two Views of Ownership: Example

Product bought in a supermarket

Agent view Registered the tag on cell phoneOwnership verified on the agent levelby inspecting the register on the cell phone

System view Follows automatically from the system stateOwnership is inspected on system levelby executing the ownership test protocol




Conclusion

Secure Ownership and Exclusive Ownership

Definition (Secure Ownership)

Whenever an agent is the holder of a tag,it is also the owner of that tag.

A holder never loses ownership of a tag unintentionally.

Definition (Exclusive Ownership)

Whenever an agent is the holder of a tag,no other agents own that tag.

A holder is the exclusive owner of a tag.




Conclusion

Outline

1 Introduction

2 Ownership


4 Example

5 Conclusion




Conclusion

Ownership Transfer

Functional Requirement

An agent can become owner by means of an ownership transfer.

A protocol which can assign a new owner to a tag is an ownershiptransfer protocol.




Conclusion

Secure Transfer and Exclusive Transfer

Definition (Secure Transfer)

A tag must be releasedbefore a new agent may become owner of that tag.

A new owner must be granted to gain ownership of a tag.

Definition (Exclusive Transfer)

Whenever an agent obtains a tag,no other agents own that tag.

A protocol achieves exclusive transfer of a tag.




Conclusion

Overview

Ownership

System owner: completion of a test protocol.Agent holder: value of a variable.

Secure holder must be owner.Exclusive no other owner besides holder.

Ownership transfer

Transfer functional: an agent becomes owner.Signals obtain, release: start holding, stop holding.Secure new owner must be released to.

Exclusive no other owner when obtained.




Conclusion

Outline

1 Introduction

2 Ownership


4 Example

5 Conclusion




Conclusion

Example

Yoon and Yoo protocol (2008)

Ownership transfer protocol

Based on a shared secret p = {ID}k , the pseudonym

Completely insecure:

Secure ownershipSecure transferExclusive ownershipExclusive transfer




Conclusion

The Yoon and Yoo Protocol

old owner T new owner

release

First Phase

Secure: ID , k′, {ID}k′

Third Phase

obtain

ID , k, {ID}k

R

p = {ID}k

T

nonce nr

nr

h(p⊕ nr)

key k′

a := h({ID}k)⊕ {ID}k′

b := h({ID}k ⊕ {ID}k′)

a, b

if b = h(p⊕ h(p)⊕ a)then p := h(p)⊕ a




Conclusion

The Attack

ID , k, {ID}k

R E

p = {ID}k

T0

h(p)

nonce nr

nrnr

h(p⊕ nr)h(p⊕ nr)

key k′

a := h({ID}k)⊕ {ID}k′

b := h({ID}k ⊕ {ID}k′)

a, ba, b

if b = h(p⊕ h(p)⊕ a)then p := h(p)⊕ a

p := h(p)⊕ a




Conclusion

Outline

1 Introduction

2 Ownership


4 Example

5 Conclusion




Conclusion

Conclusion

Developed a verification framework

Formal definition of ownershipSecurity and privacy requirements for ownershipFormal definition of ownership transferSecurity and privacy requirements for ownership transfer

Broken a number of protocols

Future work

Implement this framework in a model checker

Relate to other properties like for example untraceability


Secure Ownership and Ownership Transfer in RFID Systems€¦ · Introduction Ownership Ownership...

Documents

Transcript of Secure Ownership and Ownership Transfer in RFID Systems€¦ · Introduction Ownership Ownership...