A Simple and Costeffective RFID TagReader Mutual Authentication Scheme

1
A Simple and Cost-effective RFID Tag-Reader
Mutual Authentication Scheme
CONFERENCE ON RFID SECURITY-07

• Divyan M. Konidala, Zeen Kim, Kwangjo Kim
• divyan, zeenkim, kkj_at_icu.ac.kr

International Research Center for Information
Security
2
Introduction - EPCglobal

• EPCglobal Inc
• Industry-driven standards
• RFID in supply chain management
• We consider
• EPCglobal Architecture Framework
• EPCglobal Class 1 Gen 2 UHF RFID Protocol

3
Contents

• Introduction
• RFID-based supply chain management system
• EPCglobal Architecture Framework
• Security Threats and Requirements
• Security Assessment of Class 1 Gen 2 UHF RFID
  Protocol
• Proposed Tag-Reader Mutual Authentication Scheme
• Scheme
• Analysis
• Conclusion and Future Work

4
EPCglobal Architecture Framework
EPC-IS
5
Introduction - Tags 4 Memory Blocks

• We Focus on RESERVED memory Block
• RESERVED memory Block has.
• Access Password (APwd)
• Kill Password (KPwd)

6
Introduction - RESERVED Memory Block

• Manufacturer of the product stores APwd and KPwd
  in the Reserved Memory Bank
• Reserved Memory Bank is R/W LOCKED,
• Cannot be Read
• Cannot be Re-Written

7
Security Threats and Requirements

• Tag-Reader Mutual Authentication
• Malicious RFID Readers
• Snoop, corrupt, manipulate
• Cloned Fake RFID Tags
• Counterfeit products
• Man-in-the-Middle Attack
• Eavesdrop and impersonate
• Tamperproof Tags
• RFID Tag Snatching

8
One-Way Reader to Tag Authentication Proposed by
EPCglobal

• Proposed by EPCglobal Class 1 Gen 2 UHF RFID
  Protocol
• Not Secure
• Un-encrypted openly sent random numbers used as
  pads to cover-code tags APwd
• Tags Access Password easily exposed to
  disgruntled employee managing hand-held reader

9
Security Weakness EPCglobal Schheme Exposed
APwd
Manufacturer
Malicious, Compromised Reader Disgruntled Employee
APwd
Reader
APwd
Apwd (Exposed)
Tag
Only one-way Reader-to-Tag Authentication
Unauthorized Access Fake Cloned Tags
10
Goals

• Tag-Reader mutual authentication
• simple, light-weight, practically secure (supply
  chain)
• A better cover-code or obscure tag APwd
• Secure distribution of obscured tags' APwd to
  stakeholder's RFID readers
• The manufacturer implicitly keep track on the
  whereabouts of its products.
• Our scheme adheres to EPCglobal standards

11
Goals

• NO cryptographic (hash) functions/keys within the
  tag
• NO tag - reader synchronization security
  keys/hash values.
• We improve scheme proposed by EPCglobal to
  accommodate tag-reader mutual authentication.
• Our scheme utilizes tag's already existing,
• 16-bit random number generator,
• XOR function,
• Access Kill Passwords.

12
Proposed Tag-Reader Mutual Authentication Scheme

• Emphasis on Tags Access Kill Password
• Manufacturer of the product is involved in the
  mutual authentication process
• Scenario
• A pallet has reached the distributor
• Distributors reader query tag on pallet
• Reader and Tag must authenticate each other
• Reader does not know tags Apwd
• Reader contact manufacturer and follow this
  procedure

13
Proposed Tag-Reader Mutual Authentication
14
(No Transcript)
15
(No Transcript)
16
Pad Generation Function PadGen(.) 1/3
17
Pad Generation Function PadGen(.) 2/3
Random Numbers from Tag and Manufacturer
18
Pad Generation Function PadGen(.) 3/3
19
Tags Logical Memory Access Password Map
20
Security Analysis 1/4

• Possible Attacks
• APwd KPwd are only 32-bits
• Brute-force attack or ciphertext-only attack
• Practically Secure
• An enclosure (warehouse) that is sealed from
  external noise and radio signals from malicious
  readers.
• RFID supply chain processing environment
• Extremely fast paced
• Not feasible to continuously eavesdrop on one
  particular tag-reader communication channel
• Several bulks of items pass through several
  readers with in a very short interval of time.

21
Security Analysis 2/4

• Reader Impersonation Attack
• Reader to authenticate first to tag
• A malicious reader
• Does not posses both the APwd and KPwd
• cannot access manufacturer (EPC-IS) due to lack
  credentials.
• Cloned Fake Tags and Tag Impersonation Attack
• Tag to authenticate to the manufacturer.
• A malicious tag or a cloned fake tag
• Do not posses both the APwd and KPwd,
• Manufacturer must detect and terminate the
  communication,
• if a tag emulator using the same or weak random
  numbers
• if tag is not moving through the supply chain
  processing

22
Security Analysis 3/4

• Tag's Access Password Never Exposed
• Does not use random numbers sent in an
  un-encrypted form as pads
• Generated pads are known only to tag and
  manufacturer
• Secure against Insider Attacks
• Does not deliver the tag's APwd to any of the
  stakeholder's reader.
• The reader relays only the cover-coded APwd
• RFID system level check",
• A compromised reader is continuously trying to
  interrogate only one particular tag

23
Security Analysis 4/4

• Secure against Replay Attacks
• We use two random numbers each, generated by both
  the tag and the manufacturer.
• As unique random numbers generate unique pads
• Password Scalability
• We adhered to the 32-bit passwords
• Our scheme can still be applicable, and more
  strengthened, when the length of the APwd and
  KPwd is extended

24
Implementation Analysis 1/2

• Overhead Analysis
• Secure channel between tag and manufacturer
• PKI-based certificate, encryption and signature
  schemes may be expensive
• Reader communicate with manufacturer to
  authenticate every tag
• To reduce this overhead,
• The manufacturer can setup a secure server at
  every stakeholder's supply chain processing
  facility
• Only, the manufacturer can remotely access,
  monitor, and manage this server and also update
  the server with tags' Access Kill passwords
• We can also assume that the manufacturer's EPC-IS
  is a highly resource rich entity, which is
  designed to take heavy computational and storage
  load.
• Secure channel with only Keyed-Message
  Authentication Code (MAC)

25
Implementation Analysis 2/2

• Light-Weight Tag-Reader Mutual Authentication
• Our scheme does not use any special cryptographic
  functions.
• Tag already has capability
• XOR operations,
• Generate random numbers,
• Temporarily store random numbers
• Fetch the APwd and KPwd
• Our scheme just needs an additional
• Five 16-bit temporary storage memory slots
• four random numbers from the manufacturer and one
  for PadGen(.) function.
• Class-1 Gen-2 tags can have a 512-bit memory
  capacity or more (depending on the manufacturer)

26
Conclusion

• Our scheme
• Not fully secure
• Simple, cost-effective, light-weight to be
  implemented on tag
• Practically secure,
• Highly suitable to the RFID-based supply chain
  processing scenario
• Adhere to EPCglobal standard
• Our scheme provides considerable challenges to
  thwart
• Cloned fake tags
• Malicious readers
• Disgruntled employees or compromised readers
• Tags APwd leakage
• Man-in-the-middle attacks

27
Thank you!

• QA

International Research Center for Information
Security