University of Virginia New Directions in Reliability, Security and Privacy in

advertisement
New Directions in Reliability,
Security and Privacy
in
Radio Frequency Identification Systems
Leonid Bolotnyy
Gabriel Robins
lbol@cs.virginia.edu
www.cs.virginia.edu/~lb9xk
robins@cs.virginia.edu
www.cs.virginia.edu/robins
Department of
Computer Science
University of Virginia
1
Talk Outline
• Introduction to RFID
• Reliable Object Identification
– Multi-Tag RFID Systems
• Physical Security and Privacy
– PUF-Based Algorithms
• Inter-Tag Communication
– Generalized Yoking-Proofs
• Common Themes and Conclusion
2
Talk Outline
• Introduction to RFID
• Reliable Object Identification
– Multi-Tag RFID Systems
• Physical Security and Privacy
– PUF-Based Algorithms
• Inter-Tag Communication
– Generalized Yoking-Proofs
• Common Themes and Conclusion
3
General RFID System
Local Server
Tags
Reader
Tag ID
Tag ID
4
Introduction to RFID
• Tags types:
passive
semi-passive
active
• Frequencies: Low (125KHz), High (13.56MHz), UHF (915MHz)
• Coupling methods:
signal
signal
reader
antenna
Inductive coupling
Backscatter coupling
5
RFID History
1935
1960
1973
What’s next?
1999
2006
2004
1999
6
Talk Outline
• Introduction to RFID
• Reliable Object Identification
– Multi-tag RFID Systems
• Physical Security and Privacy
– PUF-Based Algorithms
• Inter-Tag Communication
– Generalized Yoking-Proofs
• Common Themes and Conclusion
7
Obstacles of Reliable Identification
• Bar-codes vs. RFID
– line-of-sight
– scanning rate
• Object detection obstacles
– radio noise is ubiquitous
– liquids and metals are opaque to RF
• milk, water, juice
• metal-foil wrappers
–
–
–
–
–
–
temperature and humidity
objects/readers moving speed
object occlusion
number of objects grouped together
tag variability and receptivity
tag aging
8
Case Studies
• Defense Logistics Agency trials (2001)
–
–
–
–
3% of moving objects did not reach destination
20% of tags recorded at every checkpoint
2% of a tag type detected at 1 checkpoint
some tags registered on arrival but not departure
• Wal-Mart experiments (2005)
– 90% tag detection at case level
– 95% detection on conveyor belts
– 66% detection inside fully loaded pallets
9
Multi-Tag RFID
Use Multiple tags per object to increase
reliability of object detection/identification
10
The Power of an Angle
• Inductive coupling: distance ~ (power)1/6
• Far-field propagation: distance ~ (power)1/2
• Optimal Tag Placement:
B-field
β
4
1
power ~ sin2(β)
3
2
61.86
Expected angle (Degrees)
65
58.11
60
55
180
1


 2
47.98
50
45
40
35
30
# of Tags
32.7
1
180
1


 2
2
2
 
0

2
0
(

2
3
2
 
0

2
0
Max[1 ,  2 ]sin( ) d d
  ) sin( )d d
4
11
Equipment and Setup
• Equipment
x4
x1
x8
x100’s
x1
x100’s
• Setup
–
–
–
–
–
empty room
20 solid non-metallic & 20 metallic and liquid objects
tags positioned perpendicular to each other
tags spaced apart
software drivers
12
Experiments
• Read all tags in reader’s field
• Randomly shuffle objects
• Compute average detection rates
• Variables
–
–
–
–
–
–
–
–
–
reader type
antenna type
tag type
antenna power
object type
number of objects
number of tags per object
tags’ orientation
tags’ receptivity
13
Linear Antennas
Antenna Pair #1, Power = 31.6dBm
1
0.9
Detection Probability
0.8
0.7
0.6
0.5
0.4
1Tag: 58%
2Tags: 79%
3Tags: 89%
4Tags: 93%
0.3
0.2
0.1
0
1
2
3
4
5
6
7
8
9
10 11 12 13 14 15 16 17 18 19 20
Object Number
14
Circular Antennas
Antenna Pair #1, Power = 31.6dBm
1
Detection Probability
0.9
0.8
0.7
0.6
1Tag: 75%
0.5
2Tags: 94%
3Tags: 98%
0.4
4Tags: 100%
0.3
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Object Number
15
Linear Antennas vs. Multi-tags
Power = 31.6dBm
1
0.9
0.8
Detection Probability
0.7
0.6
0.5
0.4
2 Readers, 2 Tags 84.5%
Δ= 5.2%
0.3
1 Reader,
Δ=14.4%
0.2
0.1
Δ= 6.9%
Δ=19.8%
2 Tags 79.3%
2 Readers, 1 Tag
64.9%
1 Reader,
1 Tag
58.0%
9
12
14
Δ=21.3%
0
1
2
3
4
5
6
7
8
10
11
13
15
16
17
18
19
20
Object Number
16
Importance of Tag Orientation
180-same
180-diff
90-same
90-diff
Circular
Linear
1 Tag
2 Tags
1 Tag
2 Tags
0.55 21%
0.37
0.74 12%
0.52
25% -7% 0.33
0.47
0.67
0.52
0.80
0.63
17
Detection in Presence of Metals & Liquids
Circular Antenna
1
Detection Probability
0.9
0.8
0.7
0.6
0.5
0.4
0.3
0.2
0.1
Power=31.6dBm, No Liquids/Metals
Power=31.6dBm, With Liquids/Metals
Power=27.6dBm, No Liquids/Metals
Power=27.6dBm, With Liquids/Metals
0
1
2
3
4
Number of Tags
• Decrease in solid/non-liquid object detection
• Significant at low power
• Similar results for linear antennas
18
Varying Number of Objects
Experiment 1: 15 solid non-metallic & 15 liquids and metals
Experiment 2: 20 solid non-metallic & 20 liquids and metals
Effect of the Number of Objects on Detection Probability
0.9
Detection Probability
0.8
15/15 experiment
20/20 experiment
0.7
0.6
0.5
0.4
0.3
Metals & Liquids
∆ : 3%-13%
0.2
0.1
0
1 Tag 2 Tags 3 Tags 1 Tag 2 Tags 3 Tags 1 Tag 2 Tags 3 Tags 1 Tag 2 Tags 3 Tags
1 Antenna
2 Antennas
3 Antennas
4 Antennas
19
Applications of Multi-Tags
Reliability
Availability
Localization
Safety
20
More Applications
Security
Packaging
Theft Prevention
Tagging Bulk Materials
21
Economics of Multi-Tags
Cost
2001
2002
2003
2004
2005
2006
2007
2008
2011
$1.04
$0.81
$0.45
$0.19
$0.13
$0.08
$0.06
$0.05
$0.01
Passive Tag Cost Trend
Tag Cost
Year
$1.00
$0.80
$0.60
$0.40
$0.20
$0.00
2001
2002
2003
2004
2005
2006
2007
2008
2011
Year
Historical Cost
Prediction Cost
• Rapid decrease in passive tag cost
• 5 cent tag expected in 2008
• 1 penny tag in a few years
22
Cost Trends
Time
23
Multi-Tag Conclusion
• Unreliability of object detection
– radio noise is ubiquitous
– liquids and metals are opaque to RF
• milk, water, juice
• metal-foil wrappers
–
–
–
–
–
–
temperature and humidity
objects/readers moving speed
object occlusion
number of objects grouped together
tag variability and receptivity
tag aging
$1.00
• Many useful applications
Historical Cost
$0.80
Prediction Cost
$0.60
$0.40
$0.20
• Favorable economics
$0.00
2001
2002
2003
2004
2005
2006
2007
2008
24
2011
Talk Outline
• Introduction to RFID
• Reliable Object Identification
– Multi-tag RFID Systems
• Physical Security and Privacy
– PUF-Based Algorithms
• Inter-Tag Communication
– Generalized Yoking-Proofs
• Common Themes and Conclusion
25
Motivation
• Digital crypto implementations require 1000’s of gates
algorithm
MD4
MD5
SHA-256
AES
Yuksel
# of gates
7350
8400
10868
3400
1701
• Low-cost alternatives
– Pseudonyms / one-time pads
– Low complexity / power hash function designs
– Hardware-based solutions
26
PUF-Based Security
• Physical Unclonable Function [Gassend et al 2002]
• PUF security is based on
– wire delays
– gate delays
– quantum mechanical fluctuations
• PUF characteristics
– uniqueness
– reliability
– unpredictability
• PUF assumptions
– Infeasible to accurately model PUF
– Pair-wise PUF output-collision probability is constant
– Physical tampering will modify PUF
27
Individual Privacy in RFID
• Privacy
A
B
C
Alice was here: A, B, C
privacy
28
Hardware Tampering Privacy Models
Allow adversary to tamper with tag’s memory
Cannot provide privacy without restricting adversary
- simple secret overwrite allows tag tracking
1. Restrict memory tampering functions
- allow bit flips
read-proof
tamper-proof
2. Purely physical privacy
- no digital secrets
3. Detect privacy compromise
- detect PUF modification
29
Private Identification Algorithm
Database
ID
ID
p(ID)
Request
ID1, p(ID1), p2(ID1), …, pk(ID1)
...
IDn, pn(IDn), pn2(IDn), …, pnk(IDn)
• It is important to have
– a reliable PUF
– no loops in PUF chains
– no identical PUF outputs
• Assumptions
– no denial of service attacks (e.g., passive adversaries, DoS
detection/prevention mechanisms)
– physical compromise of tags not possible
30
PUF-Based Ownership Transfer
• Ownership Transfer
• To maintain privacy we need
– ownership privacy
– forward privacy
• Physical security is especially important
• Solutions
–
–
–
–
public key cryptography (expensive)
knowledge of owners sequence
short period of privacy
trusted authority
31
PUF-Based MAC Algorithms
• MAC = (K, τ, υ)
• valid signature σ : υ K(M, σ) = 1
• forged signature σ’ : υ K(M’, σ’) = 1, M = M’
• MAC based on PUF
– Motivation: “yoking-proofs”, signing sensor data
– large keys (PUF is the key)
– cannot support arbitrary messages
• Assumptions
– adversary can adaptively learn poly-many (m, σ) pairs
– signature verifiers are off-line
– tag can store a counter (to timestamp signatures)
32
Large Message Space
Assumption: tag can generate good random numbers
(can be PUF-based)
Key: PUF
σ (m) = c, r1, ..., rn, pc(r1, m), ..., pc(rn, m)
Signature verification
• requires tag’s presence
• password-based or in radio-protected environment (Faraday Cage)
• learn pc(ri, m), 1 ≤ i ≤ n
• verify that the desired fraction of PUF computations is correct
To protect against hardware tampering
• authenticate tag before MAC verification
• store verification password underneath PUF
33
Small Message Space
Assumption: small and known a priori message space
message
PUF
counter
Key[p, mi, c] = c, pc(1)(mi), ..., pc(n) (mi)
PUF reliability is again crucial
σ(m) = c, pc(1)(m), ..., pc(n) (m),
...,
c+q-1, pc+q-1(1)(m), pc+q-1(n)(m)
sub-signature
Verify that the desired number of sub-signatures are valid
34
Attacks on MAC Protocols
• Impersonation attacks
original
clone
– manufacture an identical tag
– obtain (steal) existing PUFs
• Modeling attacks
– build a PUF model to predict PUF’s outputs
• Side-channel attacks
– algorithm timing
– power consumption
• Hardware-tampering attacks
– physically probe wires to learn the PUF
– physically read-off/alter keys/passwords
35
Conclusions and Future Work
Hardware primitive for RFID security
Identification, MAC, Ownership Transfer,
and Tag Authentication Algorithms
• Properties:
– Physical keys
– Protect tags from physical attacks
– New attack models
• Future Work:
–
–
–
–
Design new PUF
Manufacture and test PUF
Develop PUF theory
New attack models
36
Talk Outline
• Introduction to RFID
• Reliable Object Identification
– Multi-tag RFID Systems
• Physical Security and Privacy
– PUF-Based Algorithms
• Inter-Tag Communication
– Generalized Yoking-Proofs
• Common Themes and Conclusion
37
Inter-Tag Communication in RFID
• Idea: Heterogeneity in ubiquitous computing
• Applications:
38
“Yoking-Proofs”
• Yoking: joining together / simultaneous
presence of multiple tags
• Key Observation: Passive tags can communicate
with each other through reader
• Problem Statement: Generate proof that a group of
passive tags were identified nearly-simultaneously
• Applications – verify that:
– medicine bottle sold together with instructions
– tools sold together with safety devices
– matching parts were delivered together
– several forms of ID were presented
39
Assumptions and Goals
• Assumptions
–
–
–
–
–
Tags are passive
Tags have limited computational abilities
Tags can compute a keyed hash function
Tags can maintain some state
Verifier is trusted and powerful
• Solution Goals
–
–
–
–
Allow readers to be adversarial
Make valid proofs improbable to forge
Allow verifier to verify proofs off-line
Detect replays of valid proofs
• Timer on-board a tag
– Capacitor discharge can implement timeout
40
Generalized “Yoking-Proof” Protocol
Idea: construct a chain of mutually dependent MACs
1
2
3
5
4
Anonymous Yoking: tags keep their identities private
41
Related Work on “Yoking-Proofs”
• Juels [2004]
– protocol is limited to two tags
– no timely timer update (minor/crucial omission)
• Saito and Sakurai [2005]
–
–
–
–
solution relies on timestamps generated by trusted database
violates original problem statement
one tag is assumed to be more powerful than the others
vulnerable to “future timestamp” attack
• Piramuthu [2006]
–
–
–
–
discusses inapplicable replay-attack problem of Juels’ protocol
independently observes the problem with Saito/Sakurai protocol
proposed fix only works for a pair of tags
42
violates original problem statement
Talk Outline
• Introduction to RFID
• Reliable Object Identification
– Multi-tag RFID Systems
• Physical Security and Privacy
– PUF-Based Algorithms
• Inter-Tag Communication
– Generalized Yoking-Proofs
• Common Themes and Conclusion
43
Common Themes
PUF-Based
Security and Privacy
Multi-Tags
RFID
Generalized
“Yoking-Proofs”
44
Conclusion and Future Research
• Contributions
• Future Research
–
–
–
–
–
–
–
More multi-tag tests
Object localization using multi-tags
Split tag functionality between tags
Prevent adversarial merchandize inventorization
PUF design
More examples of inter-tag communication
Applications of RFID
45
Publications
•
L. Bolotnyy and G. Robins, Multi-tag Radio Frequency Identification Systems, IEEE Workshop on Automatic
Identification Advanced Technologies (Auto-ID), Oct. 2005.
•
L. Bolotnyy and G. Robins, Randomized Pseudo-Random Function Tree Walking Algorithm for Secure RadioFrequency Identification, IEEE Workshop on Automatic Identification Advanced Technologies (Auto-ID), Oct. 2005.
•
L. Bolotnyy and G. Robins, Generalized “Yoking Proofs” for a Group of Radio Frequency Identification Tags,
International Conference on Mobile and Ubiquitous Systems (Mobiquitous), San Jose, CA, July 2006.
•
L. Bolotnyy and G. Robins, Physically Unclonable Function -Based Security and Privacy in RFID Systems, IEEE
International Conference on Pervasive Computing and Communications (PerCom), New York, March 2007.
•
L. Bolotnyy, S. Krize, and G. Robins, The Practicality of Multi-Tag RFID Systems, International Workshop on RFID
Technology - Concepts, Applications, Challenges (IWRT), Madeira, Portugal, June 2007.
•
L. Bolotnyy and G. Robins, The Case for Multi-Tag RFID Systems, International Conference on Wireless
Algorithms, Systems and Applications (WASA), Chicago, Aug. 2007.
•
L. Bolotnyy and G. Robins, Multi-Tag RFID Systems, International Journal of Internet and Protocol Technology,
Special issue on RFID: Technologies, Applications, and Trends, 2(3/4), 2007.
•
1 conference and 1 journal paper in submission
•
2 invited book chapters in preparation
Security in RFID and Sensor Networks, to be published by Auerbach Publications, CRC Press, Taylor&Francis Group
46
More Successes
• Deutsche Telekom (largest in EU) offered to patent our multi-tags idea.
• Received $450,000 NSF Cyber Trust grant, 2007 (PI: Gabriel Robins).
• Technical Program Committee member:
International Workshop on RFID Technology - Concepts, Applications,
Challenges (IWRT), Barcelona, Spain, June 2008.
• Our papers and presentation slides used in lecture-based
undergraduate/graduate courses (e.g., Rice University,
George Washington University).
47
48
Thank You!
Dissertation Committee: Gabriel Robins (advisor), Dave Evans,
Paul Reynolds, Nina Mishra, and Ben Calhoun
Stephen Wilson, Blaise Gassend, Daihyun Lim,
Karsten Nohl, Patrick Graydon, and Scott Krize
Questions?
lbol@cs.virginia.edu
www.cs.virginia.edu/~lb9xk
49
BACK UP SLIDES
NOT USED DURING
PRESENTATION
50
Types of Multi-Tags
• Redundant Tags
• Complimentary Tags
• Dual-Tags
– Own Memory Only
– Shared Memory Only
– Own and Shared Memory
• Triple-Tags
• n-Tags
51
Controlling Variables
1.
Radio noise
2.
Tag variability
3.
Reader variability
4.
Reader power level
5.
Distance to objects &
type, # of antennas
52
Circular Antennas vs. Multi-Tags
Power = 31.6dBm
1
0.9
Detection Probability
0.8
0.7
0.6
2 Readers, 2 Tags 99.4%
Δ= 5.2%
0.5
1 Reader,
Δ=3.2%
0.4
Δ= 15.1%
Δ=8.4%
2 Tags 94.2%
2 Readers, 1 Tag
91.0%
1 Reader,
75.9%
1 Tag
Δ=18.3%
0.3
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Object Number
53
Power
1 Tag
2 Tags
3 Tags
4 Tags
Circular Antennas
1
1
0.9
0.9
Detection Probability
Detection Probability
Linear Antennas
0.8
0.7
0.6
0.5
0.4
0.3
0.2
0.1
0.8
0.7
0.6
0.5
0.4
0.3
0.2
0.1
0
0
31.6
30.6
29.6
28.6
Power (dBm)
27.6
26.6
25.6
31.6
30.6
29.6
28.6
27.6
26.6
25.6
Power (dBm)
• Decrease in detection with decrease in power
• More rapid decrease in detection for circular antennas
54
Multi-Tags on Metals and Liquids
0.9
0.8
Power=31.6dBm, Circular Antennas
Power=31.6dBm, Linear Antennas
Power=27.6dBm, Circular Antennas
Power=27.6dBm, Linear Antennas
Detection Probability
0.7
0.6
0.5
0.4
0.3
0.2
0.1
0
1 Tag
2 Tags
3 Tags
Antenna #1
1 Tag
2 Tags
3 Tags
Antenna #2
Number of Tags
1 Tag
2 Tags
3 Tags
Antenna #1 and #2
• Low detection probabilities
• Linear antennas outperform circular
55
• Drop in detection at low power • Multi-tags better than multiple readers
Detection Delta
Change in Detection Based on # of Antennas and Tags
Change in Detection Probability
0.16
0.14
0.12
0.1
0.030
0.014
0.08
0.06
0.029
0.036
0.04
0.02
1
2
3
1
2
3
1
2
3
1
2
3
tag tags tags
tag tags tags
tag tags tags
tag tags tags
1 Antenna
2 Antennas
3 Antennas
4 Antennas
0
56
Anti-Collision Algorithms
Algorithm
Redundant Tags
Connected-Tags
Binary
No Effect
No Effect
Binary Variant
No Effect
No Effect
Randomized
Linear Increase**
No Effect*
STAC
Causes DoS
No Effect*
Slotted Aloha
Linear Increase**
No Effect*
* Assuming tags communicate to form a single response
** If all tags are detected
57
Business Case for RFID
• Costs & benefits (business case)
–
–
–
–
Moore’s law
higher employee productivity
automated business processes
workforce reduction
• Tag manufacturing yield and testing
–
–
–
–
30% of chips damaged during manufacturing
15% damaged during printing [U.S. GAO]
20% tag failure rate in field [RFID Journal]
5% of tags purchased marked defective
58
RFID Tag Demand
• Demand drivers
– tag cost
– desire to stay competitive
Increase in RFID tag demand
Decrease in RFID tag cost
• Cost effective tag design techniques
– memory design (self-adaptive silicon)
– assembly technology (fluidic self assembly)
– antenna design (antenna material)
59
Thesis
Multi-tags can considerably improve reliability in RFID
systems at a reasonable cost;
effective PUF implementations can enable hardwaretampering resistant algorithms for RFID security and privacy;
generalized yoking-proofs can provide auditing mechanisms
for the near-simultaneous reading of multiple RFID tags.
60
Related Work on PUF
• Optical PUF [Ravikanth 2001]
• Silicon PUF [Gassend et al 2002]
– Design, implementation, simulation, manufacturing
– Authentication algorithm
– Controlled PUF
• PUF in RFID
– Identification/authentication [Ranasinghe et al 2004]
– Off-line reader authentication using public key cryptography
[Tuyls et al 2006]
61
Privacy Model
Experiment:
1.
A passive adversary observes polynomially-many rounds of
reader-tag communications with multiple tags
2.
An adversary selects 2 tags
3.
The reader randomly and privately selects one of the 2 tags and
runs one identification round with the selected tag
4.
An adversary determines the tag that the reader selected
Definition: The algorithm is privacy-preserving if an adversary can not
determine reader selected tag with probability substantially greater than ½
Theorem: Given random oracle assumption for PUFs,
an adversary has no advantage in the above experiment.
62
Improving Reliability of Responses
• Run PUF multiple times for same ID & pick majority
number of runs
unreliability
chain length
probability
N
overall
reliability
R(μ, N, k) ≥ (1 - ∑
m=
R(0.02, 5, 100) ≥ 0.992
N+1
2
N μm(1-μ)N-m )k
m
• Create tuples of multi-PUF computed IDs &
identify a tag based on at least one valid position value
tuple size
expected number
of identifications
(ID1, ID2, ID3)
∞
S(μ, q) = ∑
i q
i [(1 – (1-μ)i+1)q - (1 – (1-μ) ) ]
i=1
S(0.02, 1) = 49, S(0.02, 2) = 73, S(0.02, 3) = 90
63
Choosing # of PUF Computations
probv(n, 0.1n, 0.02)
n
probv(n, t, μ) = 1 - ∑
i=t+1
probf(n, 0.1n, 0.4)
n μi(1-μ)n-i
i
n
n τj(1-τ)n-j
probf(n, t, τ) = 1 - ∑
j
j=t+1
α < probv ≤ 1 and probf ≤ β ≤ 1
0 ≤ t ≤ n-1
64
MAC Large Message Space Theorem
Given random oracle assumption for a PUF,
the probability that an adversary could forge a
signature for a message is bounded from above
by the tag impersonation probability.
65
MAC Small Message Space Theorem
Given random oracle assumption for a PUF, the
probability that an adversary could forge a signature
for a message is bounded by the tag impersonation
probability times the number of sub-signatures.
66
Purely Physical Ownership Transfer
r0, c1, ..., cn
(r1, a)
oid = h(counter)
r1, a = hs(r0, r1)
counter = counter - 1
hs(r1, new)
s = poid(v1) + ... + poid(vn)
v1 = h(c1), ..., vn = h(cn)
Challenges sent to tag in increasing order
• Properties:
–
–
–
–
–
All PUF computations must be correct
PUF-based random number generator
Physical write-once counter
oid is calculated for each identification
Inherently limited # of owners
67
Using PUF to Detect and Restore
Privacy of Compromised System
s1,0
s2,0
s3,0
s1,1
s2,1
s3,1
s3,2
s2,2
s3,3 s3,
s3,5
s1,2
s2,3
s3,6
s2,4
s3,7
s3,8
s3,9
s2,5
s3,10
4
1. Detect potential tag compromise
2. Update secrets of affected tags
68
PUF vs. Digital Hash Function
algorithm
MD4
MD5
SHA-256
AES
Yuksel
PUF
# of gates
7350
8400
10868
3400
1701
545
• Reference PUF: 545 gates for 64-bit input
– 6 to 8 gates for each input bit
– 33 gates to measure the delay
• Low gate count of PUF has a cost
–
–
–
–
probabilistic outputs
difficult to characterize analytically
non-unique computation
extra back-end storage
• Different attack target for adversaries
– model building rather than key discovery
• Physical security
– hard to break tag and remain undetected
69
PUF Design
•
Attacks on PUF
–
–
–
–
•
impersonation
modeling
hardware tampering
side-channel
Weaknesses of existing PUF
reliability
•
New PUF design
–
–
•
no oscillating circuit
sub-threshold voltage
Compare different non-linear delay approaches
70
PUF Contribution and Motivation
Contribution
• Physical privacy models
• Privacy-preserving tag identification algorithm
• Ownership transfer algorithm
• Secure MAC algorithms
• Comparison of PUF with digital hash functions
Motivation
• Digital crypto implementations require 1000’s of gates
• Low-cost alternatives
– Pseudonyms / one-time pads
– Low complexity / power hash function designs
– Hardware-based solutions
71
Speeding Up The Yoking Protocol
Idea: split cycle into several sequences of dependent MACs
starting / closing tags
Requires
– multiple readers or multiple antennas
– anti-collision protocol
72
Download