RFID Security and Privacy Concerns

1
RFID Security and Privacy Concerns

• Corby Ziesman

2
Privacy and Security

• Privacy and security are important factors that
  need to be considered in every project
• If the users privacy rights are not protected,
  the product becomes unfeasible

• If security consequences are not kept in mind
  during product development, then the product will
  be flawed by design and a workaround may need to
  be patched in later on at a greater expense

3
Controversy

• Some privacy activists see RFIDs widespread and
  unrestricted deployment as a kind of doomsday
  scenario in which corporate and government
  interests can pervasively track
  individualspaving the way for a
  techno-totalitarian state in which each persons
  movements, associates, and casual acquaintances
  are carefully monitored and recorded in
  futuristic data centers. 1
• One of the leading crusaders here is Katherine
  Albrecht, director of Consumers Against
  Supermarket Privacy Invasion and Numbering
  (Caspian). Albrecht variously calls RFID tags
  spy chips and tracking devices she organized
  a Benetton boycott that forced the company to
  officially repudiate any RFID testing plans. 1

4
RFIDs Situation

• RFID is small and cheap, and therefore easily
  deployed on a large scale without being
  conspicuous
• RFID transmits wirelessly, and sensitive
  identifying data can be eavesdropped upon
• RFID data from multiple sources can be combined
  to create a history of a persons daily
  activities
• As a result, RFID poses the risk of compromising
  a persons private information

5
Security Hazards
RFID Environment Abstract 1
6
Security Hazards
RFID Threat Contexts 1
7
Some Current Uses of RFID
1 4 5

• Automobile Immobilizers
• Key sends signal so car can start
• Animal Tracking
• Sub-dermal implant identified lost pets
• Payment Systems
• Allows quicker check-outs at the store
• Automobile Toll Collection
• Helps traffic flow quickly
• Inventory Management
• Improves supply chain efficiency
• Bank Notes
• Prevents forgery
• Libraries
• Allows easier management of books and materials
• Passports, Drivers Licenses, and National IDs
• Provides an extra way to verify identities

and more everyday
8
Corporate Data Security Threats
1

• Corporate Espionage Threat
• Competitors can collect confidential supply chain
  data
• Competitive Marketing Threat
• Competitors steal users preferences and use that
  to enhance their own competing product
• Infrastructure Threat
• As companies become reliant on RFID, they become
  more susceptible to new forms of
  denial-of-service attacks
• Trust Perimeter Threat
• As more data is shared, the sharing mechanisms
  increasingly provide new opportunities for attack

9
Personal Privacy Threats
1

• Action Threat
• A persons behavior or intent is inferred from
  RFID data, which may be inaccurate
• (e.g. expensive store items suddenly disappearing
  from the shelf may indicate shoplifting and
  customer is approached as a potential criminal,
  when the customer actually only bumped some
  clothes onto the floor by accident)
• Association Threat
• A persons identity is linked with a purchased
  item
• Different from loyalty cars (e.g. Frys VIP)
  because this may be involuntary, and linked to a
  specific item (serial number) as opposed to a
  product

10
Personal Privacy Threats
1

• Location Threat
• If an item is linked to a specific person (as in
  Association Threat), and there are clandestine
  RFID readers in various locations, a persons
  location may be tracked or be open to
  unauthorized disclosure
• Preference Threat
• A persons preferences may be revealed and abused
• (e.g. a thief who targets those who purchase
  high-cost items as opposed to cheaper items)

11
Personal Privacy Threats
1

• Constellation Threat
• Even if a persons actual identity is not known,
  the RFID tags around that person form a unique
  constellation which can be tracked
• Transaction Threat
• When an item moves from one constellation to
  another, it can be inferred some transaction has
  taken place between the two individuals
  associated with each constellation
• Breadcrumb Threat
• As a person collects tagged items, they build a
  database of items associated with their identity
• Some items get discarded (breadcrumbs) but the
  association still remains with the original owner
• If the breadcrumb is picked up by another
  individual and involved in some crime, the
  breadcrumb leads back to the original owner, and
  not the criminal
• The original owner is liable, at the very least,
  to be bothered by law enforcement

12
An Example Way to Protect RFID
3

• Provide a mechanism to lock/unlock RFID tags
  (using a hash function)
• While unlocked, the full functionality and memory
  of the tag are available to anyone in the
  interrogation zone
• Tags will be equipped with a physical
  self-destruct mechanism and will only be unlocked
  during communication with an authorized reader
• In the event of power loss or transmission
  interruption, tags will return to a default
  locked state

13
Locking Tags
3

• To lock a tag, the owner computes a hash value of
  a random key and sends it to the tag as a lock
  value
• The tag stores the lock value in the meta-ID
  memory location and enters the locked state
• While locked, a tag responds to all queries with
  the current meta-ID value and restricts all other
  functionality
• Each tag always responds to queries in some form
  and thus always reveals its existence

14
Unlocking Tags
3

• To unlock a tag, the owner sends the original key
  value to the tag
• The tag then hashes this value and compares it to
  the lock stored under the meta-ID
• If the values match, the tag unlocks itself

15
Another Example
1 2

• Blocker Tags
• Require no change in hardware
• Use auxiliary tags to create a noisy RF
  environment for unauthorized readers
• Unauthorized readers see a lot of spam RFID
  messages and can not pick out the real messages
• Authorized readers are able to function normally
• A blocker can simulate all RFID tags
  simultaneously, or selectively simulate a subset
  of the ID codes
• (Such as for a specific brand, or some subset
  determined to be in a privacy zone)
• A blocking device may be worn by a consumer to
  create the noisy RF environment around their body
  to prevent unwanted RFID scanning of items they
  may be carrying or wearing

16
Conclusion

• RFID offers many benefits and useful properties
• RFID systems require that privacy and security be
  taken into account during every step of the
  design because of the unique avenues they provide
  to be abused
• There are methods that can be used to help
  protect against abuse, so that they may be
  utilized without sacrificing security or privacy,
  preventing possible consumer backlash

17
References

• 1 RFID Privacy An Overview of Problems and
  Proposed Solutions S. Garfinkel, A. Juels, R.
  Pappu IEEE 2005
• 2 The Blocker Tag Selective Blocking of RFID
  Tags for Consumer Privacy A. Juels, R. Rivest,
  M. Szydlo
• 3 RFID Systems and Security and Privacy
  Implications S. Sarma, S. Weis, D. Engels 2003
• 4 Squealing Euros Privacy Protection in
  RFID-Enabled Banknotes A. Juels, R. Pappu 2003
• 5 Privacy and Security in Library RFID Issues,
  Practices, and Architectures D. Molnar, D.
  Wagner ACM 2004

18
End

• Questions and Discussion