Title: A Simple and Costeffective RFID TagReader Mutual Authentication Scheme
1A Simple and Cost-effective RFID Tag-Reader
Mutual Authentication Scheme
CONFERENCE ON RFID SECURITY-07
- Divyan M. Konidala, Zeen Kim, Kwangjo Kim
- divyan, zeenkim, kkj_at_icu.ac.kr
International Research Center for Information
Security
2Introduction - EPCglobal
- EPCglobal Inc
- Industry-driven standards
- RFID in supply chain management
- We consider
- EPCglobal Architecture Framework
- EPCglobal Class 1 Gen 2 UHF RFID Protocol
3Contents
- Introduction
- RFID-based supply chain management system
- EPCglobal Architecture Framework
- Security Threats and Requirements
- Security Assessment of Class 1 Gen 2 UHF RFID
Protocol - Proposed Tag-Reader Mutual Authentication Scheme
- Scheme
- Analysis
- Conclusion and Future Work
4EPCglobal Architecture Framework
EPC-IS
5Introduction - Tags 4 Memory Blocks
- We Focus on RESERVED memory Block
- RESERVED memory Block has.
- Access Password (APwd)
- Kill Password (KPwd)
6Introduction - RESERVED Memory Block
- Manufacturer of the product stores APwd and KPwd
in the Reserved Memory Bank - Reserved Memory Bank is R/W LOCKED,
- Cannot be Read
- Cannot be Re-Written
7Security Threats and Requirements
- Tag-Reader Mutual Authentication
- Malicious RFID Readers
- Snoop, corrupt, manipulate
- Cloned Fake RFID Tags
- Counterfeit products
- Man-in-the-Middle Attack
- Eavesdrop and impersonate
- Tamperproof Tags
- RFID Tag Snatching
8One-Way Reader to Tag Authentication Proposed by
EPCglobal
- Proposed by EPCglobal Class 1 Gen 2 UHF RFID
Protocol - Not Secure
- Un-encrypted openly sent random numbers used as
pads to cover-code tags APwd - Tags Access Password easily exposed to
disgruntled employee managing hand-held reader
9Security Weakness EPCglobal Schheme Exposed
APwd
Manufacturer
Malicious, Compromised Reader Disgruntled Employee
APwd
Reader
APwd
Apwd (Exposed)
Tag
Only one-way Reader-to-Tag Authentication
Unauthorized Access Fake Cloned Tags
10Goals
- Tag-Reader mutual authentication
- simple, light-weight, practically secure (supply
chain) - A better cover-code or obscure tag APwd
- Secure distribution of obscured tags' APwd to
stakeholder's RFID readers - The manufacturer implicitly keep track on the
whereabouts of its products. - Our scheme adheres to EPCglobal standards
11Goals
- NO cryptographic (hash) functions/keys within the
tag - NO tag - reader synchronization security
keys/hash values. - We improve scheme proposed by EPCglobal to
accommodate tag-reader mutual authentication. - Our scheme utilizes tag's already existing,
- 16-bit random number generator,
- XOR function,
- Access Kill Passwords.
12Proposed Tag-Reader Mutual Authentication Scheme
- Emphasis on Tags Access Kill Password
- Manufacturer of the product is involved in the
mutual authentication process - Scenario
- A pallet has reached the distributor
- Distributors reader query tag on pallet
- Reader and Tag must authenticate each other
- Reader does not know tags Apwd
- Reader contact manufacturer and follow this
procedure
13Proposed Tag-Reader Mutual Authentication
14(No Transcript)
15(No Transcript)
16Pad Generation Function PadGen(.) 1/3
17Pad Generation Function PadGen(.) 2/3
Random Numbers from Tag and Manufacturer
18Pad Generation Function PadGen(.) 3/3
19Tags Logical Memory Access Password Map
20Security Analysis 1/4
- Possible Attacks
- APwd KPwd are only 32-bits
- Brute-force attack or ciphertext-only attack
- Practically Secure
- An enclosure (warehouse) that is sealed from
external noise and radio signals from malicious
readers. - RFID supply chain processing environment
- Extremely fast paced
- Not feasible to continuously eavesdrop on one
particular tag-reader communication channel - Several bulks of items pass through several
readers with in a very short interval of time.
21Security Analysis 2/4
- Reader Impersonation Attack
- Reader to authenticate first to tag
- A malicious reader
- Does not posses both the APwd and KPwd
- cannot access manufacturer (EPC-IS) due to lack
credentials. - Cloned Fake Tags and Tag Impersonation Attack
- Tag to authenticate to the manufacturer.
- A malicious tag or a cloned fake tag
- Do not posses both the APwd and KPwd,
- Manufacturer must detect and terminate the
communication, - if a tag emulator using the same or weak random
numbers - if tag is not moving through the supply chain
processing
22Security Analysis 3/4
- Tag's Access Password Never Exposed
- Does not use random numbers sent in an
un-encrypted form as pads - Generated pads are known only to tag and
manufacturer - Secure against Insider Attacks
- Does not deliver the tag's APwd to any of the
stakeholder's reader. - The reader relays only the cover-coded APwd
- RFID system level check",
- A compromised reader is continuously trying to
interrogate only one particular tag
23Security Analysis 4/4
- Secure against Replay Attacks
- We use two random numbers each, generated by both
the tag and the manufacturer. - As unique random numbers generate unique pads
- Password Scalability
- We adhered to the 32-bit passwords
- Our scheme can still be applicable, and more
strengthened, when the length of the APwd and
KPwd is extended
24Implementation Analysis 1/2
- Overhead Analysis
- Secure channel between tag and manufacturer
- PKI-based certificate, encryption and signature
schemes may be expensive - Reader communicate with manufacturer to
authenticate every tag - To reduce this overhead,
- The manufacturer can setup a secure server at
every stakeholder's supply chain processing
facility - Only, the manufacturer can remotely access,
monitor, and manage this server and also update
the server with tags' Access Kill passwords - We can also assume that the manufacturer's EPC-IS
is a highly resource rich entity, which is
designed to take heavy computational and storage
load. - Secure channel with only Keyed-Message
Authentication Code (MAC)
25Implementation Analysis 2/2
- Light-Weight Tag-Reader Mutual Authentication
- Our scheme does not use any special cryptographic
functions. - Tag already has capability
- XOR operations,
- Generate random numbers,
- Temporarily store random numbers
- Fetch the APwd and KPwd
- Our scheme just needs an additional
- Five 16-bit temporary storage memory slots
- four random numbers from the manufacturer and one
for PadGen(.) function. - Class-1 Gen-2 tags can have a 512-bit memory
capacity or more (depending on the manufacturer)
26Conclusion
- Our scheme
- Not fully secure
- Simple, cost-effective, light-weight to be
implemented on tag - Practically secure,
- Highly suitable to the RFID-based supply chain
processing scenario - Adhere to EPCglobal standard
- Our scheme provides considerable challenges to
thwart - Cloned fake tags
- Malicious readers
- Disgruntled employees or compromised readers
- Tags APwd leakage
- Man-in-the-middle attacks
27Thank you!
International Research Center for Information
Security