implementing rfid protocol
TRANSCRIPT
-
8/6/2019 Implementing RFID Protocol
1/22
IMPLEMENTING RFID PROTOCOL(ANALYSIS OF RFID PROTOCOL)
University of BirminghamSchool of Computer ScienceM.Sc Computer Security
Summer ProjectAli Raza Malkana
1055458
-
8/6/2019 Implementing RFID Protocol
2/22
RFID Systems
Transponder or Tag Data carrying device
Micro chip
Transceiver or Reader Active device
Read information
RF module, Control unit,& Coupling element
Backend Database IT system for data
storage
-
8/6/2019 Implementing RFID Protocol
3/22
Types of RFID Tags
Active Tags Self powered, heavier, expensive, higher range, computational ability
Semi Active Tags Self powered, moderate range, moderate computational ability
Passive Tags Small, Light, cheap, no power, less computational power
Low Frequency Tags (124KHz 135KHz) ~10cm
High Frequency Tags(13.56MHz) ~1m
Ultra High Frequency Tags(860MHz 960MHz) ~0.4m
-
8/6/2019 Implementing RFID Protocol
4/22
RFID Security Threats
Privacy
Tracking
Eavesdropping
Replay Attack Relay Attack
Cloning Attack
Dos Attack
Content Addition or Modification/Attack
Reverse Engineering
Physical Tempering
Etc
-
8/6/2019 Implementing RFID Protocol
5/22
RFID Vs BarcodesRFID Systems will facilitate efficient and automated collection and management of information.
Simple Identify
Line of sight
Human Interaction
Slow
Cheap
Reliable
Uniquely Identify
Line of sight not required Automatic
Fast( hundred tags/sec)
Expensive
Security Threats
Privacy
Tracking
Cloning
Barcodes RFID Tags
-
8/6/2019 Implementing RFID Protocol
6/22
Why light/ultra lightweight Protocol ?
Full fledge Protocol Use cryptographic primitives (symmetric encryption, crypto one way functions, public key
algorithm)
Price Competition
Low cost RFID tags (passive)
Least computational and storage resources
Limited communication ability.
IncapableGates (5k-10k)
Security (250-3K) Sha-1(4.3k),MD5(16k),sha-256(23k)
-
8/6/2019 Implementing RFID Protocol
7/22
Security Analysis of RFID Protocol
Family Ultra light mutual
authentication Protocol
LMAP
EMAP
E2MP
Strong Authentication Strong
Integrity Protocol (SASI)
HB Family
HB
HB+
HB++
HB-MP
HB-MP+
HB-MP++
Protocol
Vulnerabilities
Attacks
Security Analysis Data Confidentiality
DOS Attack
Man in Middle Attack
Data Integrity
Forgery Resistant Tag Anonymity and
unlinkability
Replay Attack
Forward Security
-
8/6/2019 Implementing RFID Protocol
8/22
LMAP :-Ultra lightweight Authentication
Protocol
Tag Identification
Mutual Authentication Reader Authentication
Tag Authentication
Index-pseudonym Update
Key Updating
-
8/6/2019 Implementing RFID Protocol
9/22
Vulnerabilities of LMAP
No Acknowledgement mechanism of message D.
Synchronization of secret parameters.
Message D act as a confirmation.
Stateless Tags.
Improper construction of sub messages.
Using of bitwise AND or OR operations.
All the operations used in ultra light weight protocols
are T-Functions.
-
8/6/2019 Implementing RFID Protocol
10/22
Attacks on LMAP
De-Synchronization Attack
Full Disclosure Attack
Passive Attack
-
8/6/2019 Implementing RFID Protocol
11/22
De-Synchronization Attack
Secret key K(K1||K2||K3||K4)and IDS are updated after everysuccessful run of protocol.
If at the end of a protocol bothreader and tag save differentvalues for these parameters tagwill be de-synchronized.
The attack can be launched bymaking following sub-messages. Attacker intercept the message
A||B||C and change the C bychanging jth bit of C.
Tag when compute the value of n2will computer a different value.
When Tag respond with D interceptthe D and toggle the same bit.
50% success rate of this simpleattack.
-
8/6/2019 Implementing RFID Protocol
12/22
Full Disclosure Attack
Tag has no memory for keeping status
info, reader is stateful.
Tag will answer any request from anytag.
Send all possible A||B||C to tag.Where A,B are obtained by changing
the j-th bit of A and B.
A proper D or an Error Message.Attacker is actually concluding that the jth
bit of n1 is equal to jth bit of B or not.
Maximum in 96 trails attacker can get toknow the value of n1.
From A,B,IDS,n1 attacker can find K1,K2.
-
8/6/2019 Implementing RFID Protocol
13/22
Passive AttackBreaks LMAP after eavesdropping a few consecutive rounds.
Every bit effects only the bit which are to the left from that given bit.
Least significant bits are independent of all bits.
From message B= (IDS V ID) + n2, once can conclude the value of n2
by set bits of IDS. No difficulty if you know the every bit on the right hand side.
First attacker calculate the least significant bit of every secret
shared between tag and reader.
Next step is to calculate the bit immediately before the least
significant one with the knowledge of earlier bit.
Step by step attacker learns all the secret bit by bit from the least
significant to most significant bits.
-
8/6/2019 Implementing RFID Protocol
14/22
Security Analysis of UMAP
User Data Confidentiality
DOS Attack
Man in middle attack
Data integrity
Forgery Resistant
Tag Anonymity and unlinkability
Replay Attack
Forward Security
-
8/6/2019 Implementing RFID Protocol
15/22
Countermeasures
Keep record of multiple IDS in database.
Careful construction of messages.
Sending of message in case of readerauthentication failure.
Provide randomness in message by using un
predictable rotations.
Storing status information on tag.
Avoiding use of only (AND & OR) bitwise functions.
-
8/6/2019 Implementing RFID Protocol
16/22
Evaluation
Nodoubts, it was a brilliant idea.
Actually, The design provide confusion and diffusion
of output values but no concrete security.
-
8/6/2019 Implementing RFID Protocol
17/22
HB FamilyHB,HB+,HB++,HB-MP,HB-MP+,HB-MP++
Security depends on LPNProblem.
Secure against passiveattack.
Uni authentication andmultiple rounds protocols
Active attack is stillpossible.
Query the tag with same
challenge multiple time. Gaussian elimination help
to find secret.
-
8/6/2019 Implementing RFID Protocol
18/22
HB-MP
Use of rotation.
Different length of key
and messages.
New fresh key for
every single round.
Improper design of
rotation to generaterandom key turns out
to be the weakness.
-
8/6/2019 Implementing RFID Protocol
19/22
Active Attack against HB-MP
Rotation is performed based on a constant key y's
ith bit.
The key for each run in different sessions of protocol
remain the same.
Attacker initiate different sessions but concentrate
on single round.
From this information attacker can get to know thesecret key x by analysing just few runs of multiple
session.
-
8/6/2019 Implementing RFID Protocol
20/22
Security Analysis
Data Confidentiality
DOS Attack
Man in middle attack Data integrity
Forgery Resistant
Tag Anonymity and unlinkability
Replay Attack
Forward Security
-
8/6/2019 Implementing RFID Protocol
21/22
Concluding Remarks
Analysed two families of RFID protocol.
The invention of least resource consuming function to
provide security is required.
The use of purely random rotation can help.
Invention of new light cryptographic functions.
Research on Lightweight implementation of recent
cryptographic primitives. PRESENT Ultra-Lightweight Block Cipher[1570], Grain stream cipher [1294]
Use of LFSR
-
8/6/2019 Implementing RFID Protocol
22/22
Countermeasure
Use of proper non-linear function for randomization
Generation of proper random keys for each run in
same session.