- security and privacy threats

RFID privacy

Foundations of Secure e-Commerce (bmevihim219)

Dr. Levente Buttyán

Associate Professor BME Hálózati Rendszerek és Szolgáltatások Tanszék

Outline

- RFID applications - RFID architecture

- security and privacy threats

- prevention of tracking at the application layer

- privacy problems at lower layers

Introduction

RFID = Radio-Frequency Identification

allows us to identify objects or subjects with neither physical nor visual contact

• need to place a transponder on or in the object and query it remotely using a reader

the principle is fundamentally not new

• identify-friend-or-foe system of the Royal Air Force in WWII to distinguish allied aircrafts from enemy aircrafts

• motorway tolls, ski lifts, identification of livestock and pets, automobile ignition keys …

RFID is becoming interesting due to the ability to develop very small and cheap transponders called “electronic tags”

• offer only weak computation and storage capabilities

• passively powered by the reader’s electromagnetic field

• communication distance is relatively short (a few meters)

• when outside of the reader’s field, tags are inert

• low cost, small size can be deployed at very large scale

• pose new security and privacy problems!

Example applications

access control

• current access control systems in buildings often use RFID- based wireless tokens, e.g., cards or badges

RFID in the automobile sector

• keyless entry using a key fob that contains an active RFID tag

• passive entry systems automatically unlock doors when the driver carrying a passive RFID tag approaches the car

• appeared recently, e.g., on Renault Laguna, Mercedes-Benz S- class, CL-class, and Toyota Lexus LS430

• many car keys have an RFID device integrated into them which activates the fuel injection system (anti-theft measure)

• car keys can be replaced with cards that stay in the drivers

Example applications (cont’d)

supply chain

• the idea is to replace barcodes with low cost RFID tags

• advantages

• tags can be scanned quickly in large quantities

• no need for visual channel

• tags can be placed right on or in objects, instead of the packaging

• tags may contain unique identifiers for individual objects

• facilitates management of objects throughout the entire supply chain (manufacturing, storage, distribution, … )

• stock and inventories in supermarkets and warehouses is a primary application domain (e.g., Wal-mart, Metro, Migros, …)

RFID in libraries

• a tag in each volume makes borrowing and returning books easier

• inventories can be carried out without taking books from the shelves

• examples: K.U. Leuven (Belgium), Santa Clara (United States),

Example applications (cont’d)

subdermal tags

• RFID based identification of domestic animals is done routinely today

• identification of people ???

• nightclubs (e.g., Baja Beach Club, Barcelona)

• VIPs (e.g., members of a special organization)

• prisoners

electronic IDs (passports, ID cards)

• already in use today

• chip in the passport contains biometric information of the bearer electronic payments systems

• electronic toll collection (e.g., EZ Pass)

• automated fare collection (AFC) in public transport systems

• contactless payment cards (e.g., Mastercard PayPass)

Applications in the future

smart and easy shopping

• fast check-out at point-of-sale terminals

• terminal reads all tags in the shopping cart in a few seconds

• payment can be speeded up using contactless credit cards

• return items without receipt

• no need to keep receipts of purchased items

• tracking faulty or contaminated products

• object IDs can serve as indices into purchase records

• one can easily list all records that contain IDs belonging to a particular set of products and identify consumers that bought those products

smart household appliances

• washing machine can select the appropriate program by reading the tags attached to the clothes

• refrigerator can print shopping lists automatically or even order food on-line interactive objects

• consumers can interact with tagged objects through their mobile phones acting as an RFID reader (NFC – Near Field Communications technology)

• the mobile phone can download and display information about scanned

RFID system architecture

RFID system elements

• RFID tags + RFID reader(s) + back-end infrastructure

RFID tag = microcircuit + RF antenna

request

response (ID)

ID

reader tags

back-end infrastructure and

RFID tag characteristics

power

• active tags have their own battery

• passive tags have no internal energy source

• obtain energy from the reader’s electromagnetic field

• reflect reader’s RF signal and modulate it with information to be sent

• semi-passive tags have battery but use it only for internal calculations

• power for communication is obtained from the reader

communication range

• depends on frequency and transmission power

• low frequency (LF) and high frequency (HF) tags: few decimeters

• ultra-high frequency (UHF) tags: several meters

• note: by using specific antennas and transmission powers above the legal limits, we can largely surpass these ranges

• note: information sent by a reader (forward channel) can be

captured at a distance far superior than that sent by a tag (backward

channel)

RFID tag characteristics (cont’d)

memory

• tags contain a minimum number of memory bits to store their identifier (between 32 and 128 bits)

• depending on the target application, tags can have ROM, EEPROM, RAM or SRAM

• electronic anti-theft devices (EAS, Electronic Article Surveillance) that can be found on many items, require only one bit (enabled EAS / not enabled EAS)

• they do not really allow object identification, only detection

computing power can vary in a wide range:

• no computational capabilities, only memory that can be remotely accessed

• only simple logical operations (e.g., XOR and AND)

• a few thousand logical gates that allow for symmetric key encryption and hash

• more evolved tags could use asymmetric key crypto, but those are

expensive

RFID tag characteristics (cont’d)

physical characteristics

• typically antenna size determines the size of the tag

• antenna size depends on the communication range and frequency

• smallest tag today is µ -tag from Hitachi (~0.4 mm)

tamper resistance

• infeasible for low cost tags (low cost ~ few Euro cents)

Some specific examples

Various RFID tags

Logistic and industry

Key fob CD label

Nail tag

Life stock and pets

Logistic and industry (naked)

Various RFID readers

Related standards

ISO

• 14443: proximity cards (A – Mifare, B – Calypso)

• 15693: vicinity cards (can be read from a larger distance than proximity cards)

• 18000: describes a series of diverse RFID technologies, each utilizing a unique frequency band

EPC (Electronic Product Code)

• established by EPCGlobal, a non profit organization made up of several companies and academics

• promotes very low cost RFID technology with the goal of integrating it into supply chains

• Class 1: unique identifier (a code that allows the identification of the product to which the tag is attached), and a function permitting the definitive

destruction of the tag

• Class 2: more memory and authentication functions

• Class 3: semi-passive tags

• Class 4: active tags, which can potentially communicate with each other

• currently only Class 1 is fully specified ISO 18000-6

Objectives: identification and authentication

(mutual) authentication

• an authentication protocol allows a reader to be convinced of the identity of a queried tag

• in case of mutual authentication, the protocol allows a tag to be convinced of the identity of a querying reader

identification

• an identification protocol allows a reader to obtain the identity of a queried tag, but no proof is required

• in many cases, identification is sufficient (e.g., inventory in a warehouse), although requirements also depend on the

adversary model

Basic protocols

identification

R(eader) T(ag): request T R: ID

authentication

R: pick a random number N R T: N

T: compute F(ID, N) T R: ID, F(ID, N)

where F is some (not necessarily strong) crypto function, e.g.,

an encryption or a keyed hash

Security threats

impersonation

• the adversary can (with non-negligible probability) successfully complete the authentication protocol in the name of a tag

• relevant only for authentication protocols, because identification protocols are trivially vulnerable to impersonation (no proof of identity is required)

• countermeasures need strong crypto and proper key management

• all tags sharing the same crypto key is not a good approach

– tags are not tamper resistant

– compromising a single tag allows the adversary to impersonate any other tag

• tags must have individual keys

– key diversification techniques are applicable

– once the tag identifies itself, the reader (back-end system) can look-up the tag key in a database, or compute it on-the-fly using some master key

Security threats (cont’d)

relay (wormhole) attack

• the adversary relays messages between a legitimate reader and a legitimate tag that is remote

• all systems that assume that successful run of the protocol via the RF interface means that the tagged object or person is present are defeated (e.g., access control systems, car anti- theft systems, inventory systems, …)

• the feasibility of such relay attacks has been demonstrated

• defense is difficult, crypto alone does not help

• distance-bounding protocols have been proposed …

Distance-bounding protocols

estimate the distance between the parties from the round trip time

• rapid bit exchange in multiple rounds

• essentially, no computation during the distance estimation phase

• challenge-response principle to avoid that one party can send earlier than the reception of the other’s last message

• estimated distance is only an upper bound on the real

distance (because any party can always delay responses)

• if the parties are really far away, then estimated distance cannot be small (it is larger than the real distance) relay attack is detected

• however, false positives are possible

Example: Hancke-Kuhn protocol

protocol:

R : pick a nonce r and generate bits C₁, …, C_n R T : r

T : compute h(K|r) and split result into R⁽⁰⁾₁, …, R⁽⁰⁾_n, R⁽¹⁾₁, …, R⁽¹⁾_n T R : ID

R T : C₁ T R : R^(C1)₁

…

R T : C_n T R : R^(Cn)_n

R : look up K that belongs to ID, compute h(K|r) and split result into R’⁽⁰⁾₁,

…, R’⁽⁰⁾_n, R’⁽¹⁾₁, …, R’⁽¹⁾_n, and for all i, compare R^(Ci)_i with R’^(Ci)_i properties:

• tag authentication (prob. 1-(1/2)ⁿ) with distance bounding (prob. 1-(3/4)ⁿ)

• tag does not need to do computation during the distance estimation phase distance estimation phase

An attack on the H-K protocol

R : pick a nonce r and generate bits C

, …, C

R A(T) : r

A(R) T : r

T : compute h(K|r) and split result into R

, …, R

, R

, …, R

T A(R) : ID

A(R) sends 0, …, 0 to T and receives R

, …, R

A(R) T : r

T : compute h(K|r) and split result into R

, …, R

, R

, …, R

T A(R) : ID

A(R) sends 1, …, 1 to T and receives R

, …, R

, A(T) R : ID

A(T) responds to any challenge C

of R without communicating

remotely with T

Privacy threats

in most of the applications, RFID tags respond to the reader’s query automatically, without authenticating the reader (only the tag authenticates itself)

interaction usually reveals tag specific information (typically the ID stored in the tag, or even more) clandestine scanning of tags is a plausible threat two particular privacy problems:

• inventorying

• tracking

Inventorying

– a reader can silently determine what objects a person is carrying

• reader-tag interaction may reveal more than an ID (e.g., title of a tagged book, name of a tagged medicine, …)

• object can be identified by resolving the ID read from the tag

watch: Casio

book: Applied Cryptography

shoes: Nike suitcase:

Samsonit e jeans: Lee

Cooper

Tracking

– set of readers can determine where a given person is located

• trivial if tags use unique identifiers

• even if tag

response is not unique, it is

possible to track a constellation of a set of particular tags (or tag

types/standards!!!)

IDs: 12, 34, 56, 78

@ 7:32

IDs: 12, 34, 56, 78

@ 7:45

IDs: 12, 34, 56, 78

@ 8:03

IDs 12, 34, 56, 78

@ 8:21

Is this really a problem?

other technologies also permit the tracking of people (e.g., video surveillance, GSM, Bluetooth)

however, consider the following:

• RFID tags permit everybody to track people using low cost equipment

• tags cannot be switched off easily

• physical or electronic destruction of tags during checkout

• but how to verify that operation was successful???

• tags can be easily hidden, their lifespan is not limited, and analyzing the collected data can be efficiently automated

• although nominal reading distance is only a few decimeters or

meters, a more efficient antenna and larger power could be used to go beyond the presupposed limits

• in many cases, an adversary can get close enough (e.g., public transport)

• current trend is towards UHF systems, where the communication

Is this really a problem?

http://www.boycottbenetton.com/

• Press release: Benetton selects Philips to introduce smart labels across 5,000 worldwide stores

• Press release: Hidden sensors in clothing may fuel global surveillance network

• Press release: Benetton has publicly retreated from plans to fit clothing with tiny remote surveillance and tracking chips

http://www.boycottgillette.com/spychips.html

• Gillette has been caught hiding tiny RFID surveillance chips in the

packaging of its shaving products. These tiny, high tech spy tags are being used to trigger photo taking of unsuspecting customers!

• "The world's stupidest anti-shoplifting campaign" - CommsWorld http://www.bigbrotherawards.org/

• In their "Future Store", a supermarket of the "Extra" chain in Rheinberg near Duisburg (opened in April 2003 with a well-advertised event featuring Claudia Schiffer), the Metro Group are trialing the use of transponders or so-called RFIDs ("Radio Frequency Identification" devices).

• For its instigation and the related marketing concepts, the Metro Group is receiving an exemplary and future-oriented Big Brother Award.

Dead tags tell no tales

idea: permanently disable tags with a special “kill” command part of the EPC specification

advantages:

• simple

• effective disadvantages:

• eliminates all post-purchase benefits of RFID for the consumer and for society

• no return of items without receipt

• no smart house-hold appliances

• …

• cannot be applied in some applications

• library

• e-passports

• banknotes

similar approaches:

• put RFID tags into price tags or packaging which are removed and

“Sleep” command

idea:

• instead of killing the tag definitively, put it in sleep mode

• tag can be re-activated if needed

advantages:

• simple

• effective

disadvantages:

• difficult to manage in practice

• tag re-activation must be password protected

• how the consumers will manage hundreds of passwords for their tags?

• passwords can be printed on tags, but then they need to be

Other similar approaches

Faraday cage

• can be effective in some applications (e.g., passports, money wallets)

• may not be usable in others (e.g., clothes, subdermal)

clipped tags

• tag’s antenna can be physically separated from the chip

• reactivation of the tag can only be done intentionally

On crypto based approaches

tag should not send ID in clear

public key crypto would solve the problem

• ID is encrypted with the public key of the reader

• only the reader can decrypt it

but public key crypto is not available for low cost tags symmetric encryption with a common shared key

• enough to compromise a single tag, and than all tags become traceable symmetric encryption with individual tag keys

• encryption must be randomized !!!

• reader needs to search through the entire set of tag keys and attempt decryption with them (no hint on the key/identity can be provided to the reader)

ID refreshment (pseudonyms)

• adversary should not be able to tell the difference between the information sent by the tag and a random value

• information sent by the tag should only be used once

Weis-Sarma-Rivest-Engels protocol

setup

• each tag is initialized with a randomly chosen identifier ID

• system stores an entry for each tag in its database that contains ID protocol

R T : request

T : pick a random number r, and compute s = h(ID|r) T R : r, s

R : search through the database for the ID for which h(ID|r) = s an alternative

• in theory, the hash function may leak information about its input (e.g., certain bits)

• instead of hashing, s can be computed as s = ID XOR f_K(r), where K is a key shared between T and R, and f.(.) is a pseudo random fn

a potential problem

Molnar-Wagner protocol

setup

• each tag is initialized with a randomly chosen identifier ID and a tag key K

• the system stores an entry for each tag in its database that contains both ID and K

protocol

R : pick a random number a R T : a

T : pick a random number b, and compute s = ID XOR f_K(0|a|b) T R : b, s

R : search through the database for an (ID, K) pair for which ID XOR f_K(0|a|b) = s; if found, then compute t = f_K(1|a|b)

R T : t notes

• the protocol provides mutual authentications

• 0 and 1 serves as direction indicators

Ohkubo-Suzuki-Kinoshita protocol

setup

• each tag maintains a state variable s

• the system stores for each tag its ID and its initial state s₀

• two hash functions h and g, and a system parameter m are agreed upon protocol

R T : request

T : compute response r = g(s) and new state s = h(s) T R : r

R : search through the database and find the entry for which g(h⁽ⁱ⁾(s₀)) = r for some 0 < i <= m

notes

• protocol provides forward privacy: even if a tag is compromised, its

previous interactions cannot be associated with the tag (previous state of the tag cannot be computed due to the one-way property of h)

• no authentication is provided an adversary can replay tag responses

OSK protocol with authentication

setup

• same as before protocol

R : pick a random number r R T : r

T : compute response a = g(r XOR s) and new state s = h(s) T R : a

R : search through the database and find the entry for which g(r XOR h⁽ⁱ⁾(s₀)) = a for some 0 < i <= m; if found compute b = g(w XOR h⁽ⁱ⁺¹⁾(s₀)), where w is a fixed known value

R T : b notes

• both versions are vulnerable to a DoS attack where an adversary queries the tag more than m times; such a victim tag can no longer identify itself to the system

• if state is advanced only if a correct b is received from R, then privacy can be defeated by preventing T to receive b: state is not updated, and T gives the same response to the same r as before

The HB protocol

HB stands for Hopper and Blum’s secure human authentication protocol

• involves only simple operations that even a human can perform such as XOR and AND

basic idea:

• tag and reader share a secret value x of k bits

• reader sends a challenge a to the tag

• tag computes the binary inner product a.x (involves only XOR and AND) and sends the result back

• legitimate tag gives the right answer with prob. 1, while an impersonating adversary succeeds with probability ½

• repeating the procedure can reduce the success probability of the adversary arbitrarily ( (½)ⁿ )

• unfortunately, each run of the protocol leaks information about x, and ~k runs result in a s.l.e. that can be solved for x with Gaussian elimination

• to thwart this, the tag injects noise in its responses, and sends a wrong result with probability 0 < q < ½

• legitimate tag gives the right answer with prob. 1-q > ½, while an

impersonating adversary succeeds with probability ½ still distinguishable

The HB protocol (cont’d)

setup

• tag stores the secret value x (k bits long), and system parameter q

• system stores for each tag its x value protocol

R : pick a from {0, 1}^k uniformly at random R T : a

T : pick v from {0, 1} such that Pr{v = 1} = q , and compute s = a.x + v T R : s

R : for each entry x’ in the database, check if s = a.x’; after n rounds, the reader selects the entry that matches ~(1-q)n times

an active attack

• an adversary can challenge the tag n times with the same a

• tag responds with a.x ~(1-q)n > n/2 times and a.x + 1 ~qn < n/2 times the value of a.x can be obtained

• repeat multiple times with different linearly independent a values system of linear equations can be solved for x

The HB ⁺ protocol (cont’d)

setup

• tag stores secret values x and y (each of them is k bits long), and system parameter q

• system stores for each tag its (x, y) values protocol

T : pick b from {0, 1}

uniformly at random, and v from {0, 1} such that Pr{v = 1} = q

T R : b

R : pick a from {0, 1}

uniformly at random R T : a

T : compute s = a.x + b.y + v T R : s

R : for each entry (x’, y’) in the database, check if s = a.x’ + b.y’;

after n rounds, the reader selects the entry that matches ~(1-q)n

times

The HB ⁺ protocol (cont’d)

an active (man-in-the-middle) attack is still possible

• active adversary modifies the reader’s challenge a to a’ = a+d

• tag responds with s = a’.x + b.y + v = a.x + b.y + v + d.x

• the same d is used in each of the n rounds

• if the tag is successfully authenticated, then d.x = 0. otherwise d.x = 1

• repeat the whole procedure for sufficiently many linearly independent d values, and solve the obtained system of linear equations for x

• once x is determined, an attacker can impersonate the tag by setting b = 0

• the adversary can select b, and respond to the reader’s challenge a with a.x + v (v is chosen according to the probability q)

• the same b is used in each of the n rounds

• if authentication is successful, then b.y = 0, otherwise b.y = 1

• repeat the whole procedure for sufficiently many linearly independent b values, and solve the obtained system of linear equations for y

Traceability in lower layers

collision avoidance layer

• responsible for selecting a single tag when multiple tags are in the reader’s range (singulation procedure)

• also uses identifiers (although these are not necessarily fixed)

• singulation procedure may reveal these identifiers

physical layer

• defines the physical air interface (frequency, modulation, data encoding, timings, etc)

• radio fingerprinting may be a problem here

Binary tree walking

a deterministic singulation procedure based on a depth first

search in a binary tree, where the leaves are the singulation IDs

• in each step, the reader sends an ID prefix, and each tag whose ID starts with that prefix responds with the next bit of the ID

• if multiple tags respond with the same bit, then no collision will occur, and the reader can extend the prefix with the response bit

• otherwise, if some tags respond differently, then there’s a collision, and the reader recurses on both possible extensions of the prefix

reader: prefix “-” ? tags: collision reader: prefix “0” ? tags: 0

reader: prefix “00” ? tags: 1

reader: prefix “1” ? tags: 0

reader: prefix “10” ? -

0 1

00 01 10 11

000 001 010 011 100 101 110 111 100

101 001

The blocker tag

idea:

• tree is divided into two zones

• privacy zone: all IDs starting with 1

• upon purchase of a product, its tag is transferred into the privacy zone by setting the leading bit

the blocker tag is a special tag, such that when the prefix in the reader’s query starts with 1, it simulates a collision

• when the blocker tag is present, all IDs in the privacy zone will appear to be present for the reader

• when the blocker tag is not present, everything works normally

-

0 1

00 01 10 11

000 001 010 011 100 101 110 111

privacy zone

Slotted Aloha

a probabilistic collision avoidance protocol

• time is divided into n slots, where n is chosen by the reader

• each tag randomly chooses one slot and responds to the reader when its slot arrives

• some collisions may occur

• to recover, the reader queries the tags again (until no collision occurs)

• it can mute the tags that have not brought out collisions by indicating their identifiers or the time slots during which they transmitted

• it can choose a more appropriate n

Privacy problems with Slotted Aloha

if the switch-off technique is used, the reader may mute correctly identified tags by broadcasting their identifier

• better to broadcast slot numbers instead of identifiers

an attack based on keeping a singulation session open is still possible:

• adversary sends a singulation request to a target tag, tag responds in slot s’

• adversary does not close the session (no ack is sent)

• later when the adversary suspects that the target tag is present, she can confirm this by sending a new singulation request indicating that only tags which transmitted during s’ must retransmit

• if a tag retransmits, there is a high probability that it is the adversary’s target tag

• another tag will respond to the second singulation request if and only if its last session also stayed opened and it also transmitted during s’

it is fundamental that singulation sessions cannot stay open

• use some internal timeout to abort singulation sessions with abnormal duration

• such timers can be implemented by loading a capacitor on the first request and close any open session when the capacitor is empty

Radio fingerprinting

the transient behavior at the very beginning of a transmission will be slightly different for different

transceivers, especially if they are produced by different manufacturers

one person may carry RFID tags from many different

manufacturers, and the particular constellation of brands may be unique to a person!

the same may be said about constellation of standards (that

differ in frequency band, modulation, and bit encodings)