RFID SECURITY
Network Security - IT653
Deepti Agrawal
KReSIT, IIT Bombay
What is RFID?

Radio-Frequency Identification Tag
Holds
a small amount
Antenna of unique data – a serial
number or other unique
attribute of the item
Chip
The
data can be read
from a distance – no
contact or even line of
sight necessary
How Does RFID Work?
02.3DFEX4.78AF51
EasyToll card #816
Radio signal (contactless)
Range: from 3-5 inches to 3 yards
Tags (transponders)
Reader (transceiver) Database
Attached to objects, call out their
(unique) name and/or static data
on a special radio frequency
Reads data off the tags
without direct contact
Matches tag IDs to
physical objects
RFID Tag Power Sources


Passive (this is what mostly used now)
•
•
Semi-passive
•
•

Tags are inactive until the reader’s interrogation signal “wakes”
them up
Cheap, but short range only
On-board battery, but cannot initiate communication
•
Can serve as sensors, collect information from environment: for
example, “smart dust” for military applications
More expensive, longer range
Active
•
On-board battery, can initiate communication
The capabilities of a basic
RFID tag

Little memory
• Static 64-to-128-bit identifier in current ultra-cheap generation

Little computational power
• A few thousand gates
• Static keys for read/write permission

Not enough resources to support public- or symmetric-key
cryptography
• Cannot support modular arithmetic (RSA, DSS), elliptic curves,
DES, AES;
• Hash functions barely feasible
• Recent progress on putting AES on RFID tag
RFID is the Barcode of the Future
Barcode
RFID
Fast, automated scanning
(object doesn’t have to leave
pocket, shelf or container)
Line-of-sight reading
Reading by radio contact
Static Data
“Write Capabilities”
• Reader must be looking at the barcode • Reader can be anywhere within range
•No cryptographic operations possible
• Products carry updated info as they move
through the supply chain
Specifies object type
Specifies unique object id
• E.g., “I am a pack of Juicy Fruit”
• E.g., “I am a pack of Juicy Fruit #86715-A”
Can look up this object
in the database
Commercial Applications of
RFID






Physical-access cards
Inventory control
• Gillette Mach3 razor blades, pet tracking
Logistics and supply-chain management
• Track a product from manufacturing through shipping
to the retail shelf
Gas station and highway toll payment
Libraries
Euro banknotes
The consumer privacy problem
…and the tracking problem
Wig
serial #A817TS8



Mr. Jones pays with a credit card; his RFID tags now linked to his
identity; determines level of customer service
• Think of car dealerships using drivers’ licenses to run credit
checks…
Mr. Jones attends a political rally; law enforcement scans his RFID
tags
Mr. Jones wins Turing Award; physically tracked by paparazzi via
RFID
Risks



Personal privacy
• I’ll furtively scan your briefcase and learn how much cash
you are carrying and which prescription medications you
are taking …
Corporate espionage : Privacy is not just a consumer issue
• Track your competitor’s inventory
Skimming: read your tag and make my own
• In February, JHU-RSA Labs team skimmed and cloned
Texas Instruments’ RFID device used in car anti-theft
protection and SpeedPass gas station tokens
Blocking Unwanted Scanning
FARADAY CAGE
•Container made of foil or
metal mesh, impenetrable
by radio signals of certain
frequencies
•Invitation to
Shoplifters
•Maybe works for a
wallet, but huge hassle
in general – locomotion
difficult
Blocking Unwanted Scanning (Contd.)
“KILL” tag after purchase
• Special command
permanently de-activates
tag after the product is
purchased
•RFID tags are much too
useful in “live” state…
Disables many futuristic
applications.
Futuristic Applications




Tagged products
• Clothing, appliances, CDs, etc. tagged for store returns and locatable in
house
“Smart” appliances
• Refrigerators that automatically create shopping lists and when milk expires
• Closets that tell you what clothes you have available, and search the Web
for advice on current styles, etc.
• Washing machines that detect improper wash cycle
“Smart” print
• Airline tickets that indicate your location in the airport
• Business cards
Recycling
• Plastics that sort themselves
Consumers will not want their tags “killed,” but should still have a right
to privacy!
Blocking Unwanted Scanning (Contd.)
The “BLOCKER TAG”
Blocker simulates
all (billions of) possible
tag serial numbers!!
1,2,3, …, 2023 pairs
of sneakers and…
(reading fails)…
How does blocker tag work?

When the reader sends a signal, more than one RFID tag may
respond: this is a collision
•
•
Reader cannot accurately read information from more than one tag at a time
Example: every tagged item in a supermarket cart responds to the cashier’s
RFID reader

“Tree-walking” protocol for identifying tags recursively asks question:
• “What is your next bit?”

Blocker tag always says both ‘0’ and ‘1’!
• Guarantees collision no matter what tags are present
• To talk to a tag, reader must traverse every tree path
• With 128-bit IDs, reader must try 2128 values – infeasible!

To prevent illegitimate blocking, make blocker tag selective (block only certain ID ranges)
• E.g., blocker tag blocks all IDs with first bit=1
• Items on supermarket shelves have first bit=0
• Can’t block tags on unpurchased items (anti-shoplifting)
• After purchase, flip first bit on the tag from 0 to 1
“Tree-walking” anti-collision
protocol for RFID tags
0
1
?
00
000
001
01
010
10
011
100
11
101
110
111
Example: Supermarket Cart
1. Prefix=“empty”
prefix=0
prefix=00
Collision!
prefix=1
prefix=01
prefix=10
prefix=11
1a. Prefix=0
1b. Prefix=1
No collision
No collision
2. Prefix=00
2. Prefix=11
No collision
Collision!
3. ID=001
3a. ID=110
Talk to tag 001
Talk to tag 110
3b. ID=111
Talk to tag 111
000
Next=1
001
010
Next=0
Next=0
011 100
Next=1
Next=1
Next=0
101 110
111
Next=1
Next=1
Next=1
Pseudonym rotation

Set of pseudonyms known only by trusted verifier
Pseudonyms stored on tag
• Limited storage means at most, e.g., 10 pseudonyms

Tag cycles through pseudonyms

“MMW91”
“74AB8”
?
=
Hash Locks
[Rivest, Weis, Sharma, Engels]
Goal: authenticate reader to the RFID tag
Reader
RFID tag
“Who are you?”
metaID
key
Compute hash(key) and
compare with stored metaID
“My real ID is…”
Stores metaID=hash(key)
Stores key; hash(key) for any tag
Unique key for each tag
Why is this not a perfect solution?
Analysis of Hash Locks




Relatively cheap to implement
• Tag has to store hash implementation and metaID
Security based on weak collision-resistance of hash
function
metaID looks random
Problem: tag always responds with the same value
• Attacker can track the same tag from place to place
even if he cannot learn its real ID
Randomized Hash Locks
[Weis et al.]
Goal: authenticate reader to the RFID tag
Reader
RFID tag
“Who are you?”
Generate random R
R, hash(R,IDk)
Compute hash(R,IDi) for every
known IDi and compare
“You must be IDk”
Stores all IDs:
ID1, … ,IDn
Stores its own IDk
Analysis of Randomized Hash Locks




Tag must store hash implementation and pseudorandom number generator
Secure against tracking because tag response is
different each time
Reader must perform brute-force ID search
• Effectively, reader must stage a mini-dictionary attack
to unlock the tag
Alternative: use a block cipher
• Need a very efficient implementation of AES
External re-encryption approach




Suggested for RFID-embedded banknotes privacy
protection
Banknote tag serial numbers are encrypted with a law
enforcement public key
Periodic re-encryption to reduce the linkability of different
appearances of a given tag.
Resources limited on tag, so re-encryption done by
external agents, usually the reader
References
The material covered in the slides has
been taken from :
 RFID Security and Privacy :
http://www.google.co.in/url?sa=U&start=1&q=http://
www.cs.utexas.edu/~shmat/courses/cs378_spring0
5/&e=9797

RFID: Security and Privacy for Five-Cent
Computers :
http://www.rsasecurity.com/rsalabs/staff/bios/ajuels/
publications/five_cent/RFID_five%20cent.ppt
Questions ?