Ensuring Dual Security Modes in RFID-Enabled Supply Chain Systems

1
Ensuring Dual Security Modes in RFID-Enabled
Supply Chain Systems
The 5th Information Security Practice and
Experience Conference (ISPEC 2009)
Tieyan Li Cryptography and Security Department
Institute for Infocomm Research (I2R) 13-15
Apr. 2009 Xian, China
2
Outline
Project Summary - why should it be done?

1. Backgrounds
2. Our dual security modes RFID- enabled supply
   chain system
3. Analysis
4. Conclusions

Meet the security needs of low-cost RFID tags!
3
Part 1 (1) RFID Basics
Project Summary - why should it be done?

• A RFID system consists of 3 main components
• Tags,Readers,Backend databases
• Generic working principles of RFID Technology
• Contact-less
• No clear line-of-sight
• Broadcast of signal
• Perfect working conditions for attackers!

100 meters
Tag
Reader
Database
Attacker
4
Part 1 (2) Architecture of RFID Enabled Supply
Chain
5
Part 1 (3) Security Threats of RFID-Enabled
Supply Chain

• Spoofing
• Cloning
• Skimming Data
• Denial of Service
• Shielding
• Data Tampering
• Eavesdropping

6
Part 1 (4) Security Requirements of
RFID-Enabled Supply Chain

• Authoritative access
• Authenticity of tags
• Unlinkability
• Forward and backward secrecy
• De-synchronization resilience

7
Part 2 (1) Dual security modes
1 . Strong security mode In insecure
environment. Provides normal processing
speed. 2. Weak security mode In relative
insecure environment E.g. Factory Provides
high processing speed.
8
Part 2 (2) Initialization

• Tags that are equipped with pseudo-random
  number
• generators, standard XOR and hash
  calculations.

Initialization Tag Database Reader
initialization get from TA.
9
Part 2 (3) Protocols

• Tag reading protocol
• Security mode switching protocol
• Temporary secret update protocol
• Ownership handover process procedure

10
Part 2 (3.1) Reading Protocol
11
Part 2 (3.2) Security Mode Switching Protocol
12
Part 2 (3.3) Temporary Secret Updating Protocol
13
Part 2 (3.4) Ownership Handover Process
14
Part 3 Analysis (1) Visibility

• Unauthorized entities are prevented from
  tracking the movement of material flow.
• Authorized entities are provided with supply
  chain visibility.

15
Part 3 (2)Security

• Authoritative access to RFID tags
• Authenticity of tags
• Weak unlinkability (in weak security mode)
• Strong unlinkability (in strong security mode)
• Forward and backward secrecy
• De-synchronization resilience

16
Part 3 (3) Efficiency

• In the weak security mode, the time complexity
  for an authorized reader to identify a batch of n
  tags is O (n log n).
• In the strong security mode, the time complexity
  is O(n2)

17
Part 3 (4) Comparison

• 12 Y. Li and X. Ding, ASIACCS 07
• 13 A. Juels, R. Pappu, and B. Parno,
• USENIX Security Symposium 2008
• 14 B. Song, RFID-sec 08

18
Part 4 Conclusions

• We investigate the security, visibility, and
  efficiency issues for RFID-enabled supply chain
  systems.
• We distinguish the environments into two secure
  levels, design a dual security modes RFID-enabled
  RFID supply chain system.
• Our system provides visibility for supply chain
  partners, and is secure and efficient.

19
Q A?
Thank you! Email litieyan_at_i2r.a-star.edu.sg