Feasible
Privacy for
Lightweight
RFID Systems
David Evans
work with Karsten Nohl
University of Virginia
SPAR Seminar
Johns Hopkins University
17 October 2007
UPC Bar Code
EPC Gen 2 RFID
Identities
8-12 digits
(product identity)
64-128 bits
(item identity)
Reading
Optical Scanner
Wireless Reader
Tag Cost
Ink, Paper
($0.00001?)
Circuit, Antenna
($0.05)
www.cs.virginia.edu/evans/talks/spar07
2
Photo by Bill Bryant
Protest at Texas Wal-Mart
www.cs.virginia.edu/evans/talks/spar07
3
“More-Efficient Mugging”
“Just in case you
want to know, she’s
got 700 Euro and
8 World Cup tickets…”
From Ari Juels USENIX Security 2004 talk
http://www.usenix.org/events/sec04/tech/slides/juels.htm
www.cs.virginia.edu/evans/talks/spar07
4
Realistic Threats
Profiling/Tracking
Corporate Espionage
www.cs.virginia.edu/evans/talks/spar07
5
Solutions for Paranoids
RFID Shield ($9.99)
Tin Foil
www.cs.virginia.edu/evans/talks/spar07
6
Basic Hash Protocol
R, HK(R)
key: K
nonce: R
N tags
N hashes
Stephen Weis, Sanjay Sarma, Ronald Rivest, and Daniel
Engels. Security in Pervasive Computing, March 2003
www.cs.virginia.edu/evans/talks/spar07
7
Basic Hash
Protocol
Privacy
Robustness
YA-TRAP
[Tsudik 06]
Scalability
Tree-Hash
Protocol
Insubvertible Encryption [Ateniese,
Camenisch, de Medeiros CCS 2005]
www.cs.virginia.edu/evans/talks/spar07
8
Tree-Hash Protocol
David Molnar and David Wagner. CCS 2004.
k1,0
k2,0
T1
k1,1
k2,1
T2
k2,2
k2,3
T3
Reader computes up to
www.cs.virginia.edu/evans/talks/spar07
Basic Hash
Protocol at
each level
T4
b logbN hashes
9
Analysis of Tree Protocol
• Attacker wants traces of individuals
• Attacker can easily acquire tags and
break their secrets
• Assume no side channels: only
protocol layer leaks
• Assume a good cryptographic hash
function
– Second part of the talk is about whether
this is reasonable
www.cs.virginia.edu/evans/talks/spar07
10
Shared Secrets
Each broken tag enables attacker to group
intercepted tags using shared secrets
48
192
12
3
n
Group of n tags
Stolen secret
Broken tag
Information theoretic measure of privacy
based on the group size
www.cs.virginia.edu/evans/talks/spar07
11
Pr[X x]
Groups and Leakage
b=1, upper bound
b=1, real value
b=10, upper bound
b=10, real value
1
0.9
0.8
0.7
0.6
0.5
0.4
0.3
0.2
0.1
0
0
1
2
3
4
5
6
7
8
Information Leakage - x [bits]
www.cs.virginia.edu/evans/talks/spar07
9
10
12
Cost Trade-Off
cost
1
0.9
0.8
0.7
0.6
0.5
0.4
0.3
0.2
0.1
0
1000
900
800
700
600
500
400
300
200
100
0
0
4
8
12
16
relative protection cost
relative attack value
attack value
20
minumum group size [x104]
www.cs.virginia.edu/evans/talks/spar07
13
Low-Leakage Tree Protocol
• Avoid small groups
• Leads to two-level
tree for systems
with billions of tags
• Opposite of
originally proposed
binary tree
www.cs.virginia.edu/evans/talks/spar07
…
…
…
…
Reader computes up to
N hashes
1B tags ~ 31K hashes
14
Tree-Hash Protocol Feasible?
• Random Number
An RN16 drawn from a Tag’s RNG... shall not be
predictable with a probability greater than 0.025% if
the outcomes of prior draws from the RNG, performed
under identical conditions, are known.
EPC Class 1 Gen 2 Standard
~12 good bits out of 16
• Hash function (rest of this talk...)
www.cs.virginia.edu/evans/talks/spar07
15
Implementing Hash Functions
10k
gates
SHA-256
4k
gates
AES
2k
gates
RFID tag
Power consumption scales with gates, not “Moore’s Law”.
Reading distance is inverse square-cube of power needed.
www.cs.virginia.edu/evans/talks/spar07
16
Cryptographic Hash Functions
Not sufficient for privacy!
• Pre-image resistance
– Given H(x) it is hard to find x
Not necessary for privacy!
• Second pre-image resistance
– Given y hard to find x such that H(x) = y
• Collision resistance
Hardest
– Hard to find x and y such that H(x) = H(y)
www.cs.virginia.edu/evans/talks/spar07
17
Non-Private Strong Hash
H(x) = G(x) || x
where G is a strong,
cryptographic hash function
www.cs.virginia.edu/evans/talks/spar07
18
Private Hash Function
H(R,K)
R: (non-secret) nonce
K: key shared with reader
• Correctness: given H(R,K), R, and key
set easy to find K
• Privacy: given a set of <H(R,K), R>
tuples it is hard to identify two tuples
generated by the same key (without
knowing key set)
www.cs.virginia.edu/evans/talks/spar07
19
Abstract Design
H(R, K) = D(R1, K1)  …  D(Rn, Kn)
where
R = R1 || … || Rn
K = K1 || … || Kn
independent nonce/key shares
D(r, k) is a “Distortion Function” with:
• Even output distribution
• Black-box function with poly-time reversing
oracle that outputs set of k’s producing a
given output
www.cs.virginia.edu/evans/talks/spar07
20
Security Argument: 2-split
X = D(R1, K1)  D(R2, K2)

Precompute one side
…
…
DR1 ,
n = total key bits,
divided between
K1 and K2
DR2 ,
Try values to find match
Brute force attack: (2n)
Meet-in-middle attack: (2n/2) space, time
www.cs.virginia.edu/evans/talks/spar07
21
Concrete Abstract Design
• 3-split: D(R1, K1)  D(R2, K2)  D(R3, K3)
• Implementable Distortion Function
– Even output distribution
o Black-box function with reverse oracle
Implementable function such that
attacker cannot find correlations: no
easier way to break than by finding the
intermediate values
www.cs.virginia.edu/evans/talks/spar07
22
CRC
• Cyclic Redundancy Check
• Already required on EPC tags
• Designed [Peterson, 1961] to be easy
to implement in hardware, errorchecking code (no crypto goals)
CRCg(X) = remainder of polynomial
division X by g in GF(2)
www.cs.virginia.edu/evans/talks/spar07
23
Implementing CRC
data
input


…
generator input
www.cs.virginia.edu/evans/talks/spar07
24
Attempted CRC Privacy Protocol
Nguyen Duc, Park, Lee, and Kim. Enhancing Security of
EPCglobal Gen-2 RFID Tag against Traceability and Cloning.
Symposium on Cryptography and Information Security, 2006.
Tag  Reader : R, CRCID || R  K
Fixed (standard) generator polynomial
K changes when updated by legitimate reader
www.cs.virginia.edu/evans/talks/spar07
25
CRC Properties
x  X g  set of values evenly divided by g :
CRC g  X    X   x
A1  CRC g K1 || R1   K1 || R1   x1
A2  CRC g K 2 || R2   K 2 || R2   x2
x1 , x2  X g
www.cs.virginia.edu/evans/talks/spar07
26
CRC Does Not Provide Privacy
x1 , x2  X g
A1  CRC g K1 || R1   K1 || R1   x1
A1  A2  K1  K2  || R1  R2   x1  x2
If two readings were from same tag:
A1  A2  00... || R1  00... || R2   x1  x2
CRC g  A1  A2  00... || R1  00... || R2   CRC g ( x1  x2 )
0
Otherwise, non-zero (with high probability)
www.cs.virginia.edu/evans/talks/spar07
27
Private Hash Function
D(R1, K1)  D(R2, K2)  D(R3, K3)
D(r , k )  CRC k a  r kb 
•
•
•
•
Distortion Function Required Properties
Confusion: changing one input bit flips each output
bit with probability ½
Diffusion: changing one generator bit flips each
output bit with probability ½
Even distribution: all outputs are equally likely
Complexity: hard to correlate better than black box
www.cs.virginia.edu/evans/talks/spar07
28
Proof Sketches
• Confusion and Diffusion
– Requires: Hamming weight of generator is
½ length
– Proof: Follow bit probabilities through CRC
• Even Distribution
– CRC provides even outputs over [0,g-1]
• But not over all output bits
– To get approximately even distribution:
use only i low-order output bits, and
combine outputs (second is reversed)
www.cs.virginia.edu/evans/talks/spar07
29
Attacks on Complexity
• Most known crypto attacks don’t apply
• No chosen plaintext makes
differential/linear cryptanalysis
infeasible
– Recall assumption: if attacker has physical
access they can just extract key
• Statistical Attacks (e.g., distinguishing
attacks) fail because output is evenly
distributed and no state is kept
www.cs.virginia.edu/evans/talks/spar07
30
Algebraic Attacks
• Create and solve system of equations
for bits
• Successfully break many stream
ciphers (and some block ciphers)
• Even partial knowledge of single key
bit can weaken privacy
• No general defense exists
www.cs.virginia.edu/evans/talks/spar07
31
3-bit CRC Complexity
k1
k6 k5 k4 k3 k2 k1
+
k4
(g3k1)
k1
+
g3
k3
(g2k1)
g2
+
k2
(g1k1)
g1
k11g,15g
g
k22g2kk24g1  k3
k1k1gg13 
2
After 5 shifts: H
H 2,5  k1 g1 g 2  g 3   k 2 g 2  k 4
k1g1g2  k1g1g3  k2g1g2  k1g2  k2g3  k3g2  k5
H 3,5  k1 g1 g 3  k 2 g 3  k5
www.cs.virginia.edu/evans/talks/spar07
32
Algebraic Attacks
• Difficulty depends on complexity:
– Degree determines feasibility of linear
system solving
– Density determines possibility for
simplifications
• Degree > 6 considered practically
unsolvable [Courtois and Meier,
EuroCrypt 2003]
www.cs.virginia.edu/evans/talks/spar07
33
20000
l=20,k=100
l=20,k=50
l=20,k=30
15000
degree
number of monomials
Distortion Complexity
10000
5000
0
20
40
60
80
100
input length (key + 0s)
8
7
6
5
4
3
2
1
0
0
50 100 150 200 250 300
clock cycles
Shifting 250 times provides sufficient degree
www.cs.virginia.edu/evans/talks/spar07
34
Implementation
• CRC with fixed generator already
included on tags (required by EPC
Class 1 standard)
• Extend to support variable generator:
130 gates (355 total GE)
– Smallest known AES: 3400 gates
• Reader: simple implementation can
do 10x (AES) - 40x (SHA-256) as
many hashes as alternatives
www.cs.virginia.edu/evans/talks/spar07
35
Summary
• Cheap RFIDs are expensive bar
codes, not little computers
– Can’t do division, encryption,
cryptographic hashing, etc.
• Privacy does not require strong
crypto hashing
– Very simple, inexpensive functions may
be sufficient for privacy
www.cs.virginia.edu/evans/talks/spar07
36
“We cannot even
answer the most basic
questions because we
don’t know enough
about you. That is the
most important aspect
of Google’s expansion.”
Eric Schmidt
(Google’s CEO)
May 2007
www.cs.virginia.edu/evans/talks/spar07
37
For more information:
evans@cs.virginia.edu
http://www.cs.virginia.edu/evans
Karsten Nohl and David Evans. Private Hash
Functions: Lightweight Protection for RFID
Systems. (In submission, request by email)
Karsten Nohl and David Evans. Optimizing
Secret Trees for Privacy. (In submission,
request by email)
Karsten Nohl and David Evans. Quantifying
Information Leakage in Tree-Based Hash
Protocols. ICICS 2006.
www.cs.virginia.edu/evans/talks/spar07
38