RFID Security & Privacy at both Physical and System Levels - Presentation to IoT-GSI 26th August 2011 Robert H. Deng & Yingjiu Li School of Information Systems Singapore Management University 2016/5/30 1 RFID Security & Privacy at Physical Level 2016/5/30 2 Radio Frequency IDentification (RFID) Radio signal (contactless) Authenticate / Identify Tags (transponders) Attached to objects, “call out” identifying data on a special radio frequency 2016/5/30 Read / Update Reader (transceivers) Database Read data off tags without direct contact Match tag IDs to physical objects 3 RFID Security Issues • Tag Authentication – Only valid tags are accepted by a valid reader • Reader Authentication – Only valid readers are accepted by valid tags – Not always required but mandatory in some applications (e.g., e-tickets) • Availability – Infeasible to manipulate honest tags such that honest readers do not accept them 2016/5/30 4 RFID Privacy Issues Privacy requirements • Privacy issues • Adversaries identify tags • Adversaries track tags Tags 2016/5/30 • Anonymity: Confidentiality of the tag identity • Untraceability: Unlinkability of the tag’s transactions Radio signal (contactless) Reader 5 RFID Privacy Preserving Authentication Protocol Design Tag T Reader R c r f (optional) Security requirements One way or mutual authentication Privacy requirements • Anonymity: Confidentiality of the tag identity • Untraceability: Unlinkability of the tag’s transactions 2016/5/30 6 Cryptographic Protocols for RFID Privacy • Numerous lightweight RFID protocols for lowcost tags have been proposed • They use simple operations (XOR, bit inner product, CRC, etc) • Most of them have been broken (T. van Deursen and S. Radomirovic: Attacks on RFID Protocols, ePrint Archive: Report 2008/310) 2016/5/30 7 Recent Progress: RFID Privacy Models • Ind-privacy: indistinguishability of two tags (Jules & Weis, PerCom 2007) – Ideal model, but not easy to work with • Unp-privacy: unpredictability of protocol messages (Ha, Moon, Zhou & Ha, ESORICS 2008), (Ma, Li, Deng, Li, CCS09) ─ Only works with symmetric key based protocols • ZK-privacy model: Zero knowledge model (Deng, Li, Yung, Zhao, Esorics 2010) — Output of real world experiment and output of simulated world experiment are indistinguishable — Works with both symmetric key and public key protocols 2016/5/30 8 RFID Security & Privacy at System Level 2016/5/30 9 An IoT Architecture for Sharing RFID Information Query/ Answer Query/ Answer User Query/ Answer Publish/ Update Internet Publish/ Update Information service Information service RFID readers RFID readers RFID tags RFID tags Enterprise information system 2016/5/30 Discovery service Enterprise information system Security and Privacy • Security: Identification/authentication of involving parties – Users, discovery services, information services • Privacy: Only authorized parties can access RFID data as needed – Query, read, write, update, delete • Solution: Access control – Policy management, enforcement, implementation 2016/5/30 11 Access Control Requirements • Cross domain – RFID data to be shared are managed by different parties (IS and DS) • Unknown users – Query issuer may not have prior business relationship or be known to data holders • Visibility – Access to RFID data is based on supply chain information • Compatibility – Access control can be easily enforced in web services and database systems 2016/5/30 12 Existing Access Control Models • • • • Discretionary access control (DAC) Mandatory access control (MAC) Role based access control (RBAC) Attribute based access control (ABAC) Access Subject 2016/5/30 Object 13 Comparison Cross Domain Unknown users Visibility Compatibility DAC √ Χ Χ Χ MAC Χ Χ Χ Χ RBAC Χ Χ Χ Χ ABAC √ √ √ √ 2016/5/30 14 Current Effort • Data Discovery Requirements Document (EPCglobal draft, 2009) – Description of requirements on RFID discovery services, including data confidentiality, integrity and access control • A framework of components for access control in data discovery services (BRIDGE final report, 2009) – Focus on networked services for inter-company operation of supply chains • Our current work – Design secure discovery services and implement the whole system in Singapore 2016/5/30 15