RFID/USNSecurity Issues2009/7/14Cryptography & Information Security Lab

KAIST-ICC

KAIST-ICCContents* / 48

KAIST-ICC

KAIST-ICCAdvent of Ubiquitous society* / 48

KAIST-ICC

KAIST-ICCTransition to Ubiquitous society* / 48

KAIST-ICC

KAIST-ICCRFID/USN concept@ MIC/Korea 2007RFID/USN / IT .* / 48

KAIST-ICC

KAIST-ICCIntroduction to RFID*

KAIST-ICC

What it RFID?KAIST-ICCRadio Frequency IDentication (RFID) is a method of remotely identifying objects using transponders (tags) queried through a radio frequency channel.

* / 48

KAIST-ICC

RFID - overviewKAIST-ICCDataBarcodeRFIDA typical RFID tagA multi-tier system: RFID tag, reader and backend serverAn infrastructure to build ubiquitous society* / 48

KAIST-ICC

RFID readers (1/2)KAIST-ICCFixed-Type Readers

Mobile Readers* / 48

KAIST-ICC

RFID readers (2/2)KAIST-ICCTypical Structure of RFID Reader

Power Supply* / 48

KAIST-ICC

RFID TagKAIST-ICCClassification by Power

Classification by FrequencyLow-frequency (LF: 125 ~ 134.2 KHz and 140 ~ 148.5 KHz)High-frequency (HF: 13.56 MHz)Ultra-high-frequency (UHF: 868 ~ 928 MHz)* / 48

PassiveSemi-passiveActivePower SourcePassiveBatteryBatteryTransmitterPassivePassiveBatteryMax Range(m)101001000

KAIST-ICC

Electronic Product Code (EPC)KAIST-ICC

296 = 79,228,162,514,264,337,593,543,950,33696 bits can uniquely label all products for the next 1,000 years.* / 48

VersionEPC Manager (Manufacturer)Object Class (Product)Serial Number8 bits28 bits24 bits36 bits

KAIST-ICC

EPC classification (1/2)KAIST-ICC

Class-1: Identity Tags (normative):Passive TagsAn electronic product code (EPC) identifierA Tag identifier (TID)A 'kill' function that permanently disables the TagOptional password-protected access controlOptional user memory* / 48

KAIST-ICC

EPC classification (2/2)KAIST-ICCHigher-class Tags (informative)Class-2: Higher-Functionality Passive TagsAn extended TID (Tag ID)Extended user memoryAuthenticated access controlClass-3: Semi-Passive TagsAn integral power sourceIntegrated sensing circuitryClass-4: Active Tags (i.e., sensor node)Tag-to-Tag communicationsActive communicationsad-hoc networking capabilities

* / 48

KAIST-ICC

RFID system applications (1/3)KAIST-ICCLibraries

Supply chain management

* / 48

KAIST-ICC

RFID system applications (2/3)KAIST-ICCAirline Baggage @ JFK Airport

* / 48

KAIST-ICC

RFID system applications (3/3)KAIST-ICC

PassportsTransport paymentsAnti-counterfeitingWhitepapers in 2006 (by Auto-ID Labs.)Access controlAnimal tracking, etc.

* / 48

KAIST-ICC

KAIST-ICCRFID security issues* / 48

KAIST-ICC

Security and Privacy in RFIDPrivacy invasion:Information leakage of users belongings without awareness of a userStatic ID is subject to tracking such as behavior tracking

Lack of authentication:Malicious reading (skimming): Captured information aids duplicating genuine tags.Denial-of-Service(DOS) due to deployment of cloned tags

RisksEavesdropping between T & RDB Desynchronization B & RImpersonation, spoofingReplay attack / Active QueryData loss (DoS, Message hijacking)Forgery (Decoy Tag, etc.)Physical (Hardware) attack* / 48KAIST-ICC

KAIST-ICC

Security Requirements in RFID SystemsConfidentialityIndistinguishabilityAnti-cloningAvailabilityForward security

* / 48KAIST-ICC

KAIST-ICC

Weak Implementations (1/2)In January 2005, researchers at John Hopkins University and the RSA Lab announced a successful attack on the Texas Instruments DST RFID by guessing its 40-bit key using brute-force.The DST RFID was used in Ford immobilizers and ExxonMobil SpeedPass.

* / 48KAIST-ICC

KAIST-ICC

Weak Implementations (2/2) - VideoCracking TI (Texas Instrument) DST (Digital Signature Transponder) chip

TI DSTCracking the key in a DST tagBuying gas using the DST simulatorSniffing a DST tag in a victim's pocket* / 48KAIST-ICC

KAIST-ICC

Security ChallengeThe narrow cost requirements of low-cost RFID systems make low-cost tags extremely resource-scarce environments, far below the requirements for any public-key and symmetric-key cryptographic systems.EPC tags: $0.05, 250 1000 gatesAES: 20,000 30,000 gates* / 48KAIST-ICC

KAIST-ICC

KAIST-ICCIntroduction to USN*

KAIST-ICC

Sensor & Sensor NetworkWhat is a Sensor?A device that produces a measurable response to a change in a physical or chemical condition, e.g. temperature, ground composition, etc.

Sensor NetworksA large number of low-cost, low-power, multifunctional, and small sensor nodesThey benefit from advances in 3 technologiesdigital circuitrywireless communicationsilicon micro-machining* / 48KAIST-ICC

KAIST-ICC

Wireless Sensor Networks (WSN)New technologies have reduced the cost, size, and power of micro-sensors and wireless interfaces.Circulatory NetEnvironmental MonitoringStructural* / 48KAIST-ICC

KAIST-ICC

WSN - PropertiesCompose of a large number of sensor nodesDensely deployed inside(near) the phenomenonLow energy consumptionRelocation or recharge is impossibleSelf-organizing network (infrastructureless)Random deployment : manual configuration is unfeasible

* / 48KAIST-ICC

KAIST-ICC

Applications: U-farm* / 48KAIST-ICC

KAIST-ICC

Applications: Weather sensing Fire Detection* / 48KAIST-ICC

KAIST-ICC

Applications: Fire Detection Cultural Property Asset Management using USN Bush Fire Detection* / 48KAIST-ICC

KAIST-ICC

Applications: Battle Field* / 48KAIST-ICC

KAIST-ICC

Applications: Disaster Detection2(2) : 15 : 7 : 2(7) : 4 : 2 : 2(6) : 11 : 6* / 48KAIST-ICC

KAIST-ICC

Communication ArchitectureSensor nodes can bedata originators anddata routers * / 48KAIST-ICC

KAIST-ICC

Node HardwaresensorsCPUradiobatteryAcoustic, seismic, magnetic, etc. interfaceElectro-magnetic interfaceLimited-battery supplyEventdetectionWireless communication with neighboring nodesIn-node processing* / 48KAIST-ICC

KAIST-ICC

Examples of Sensor Nodes* / 48KAIST-ICC

KAIST-ICC

KAIST-ICCUSN security issues* / 48

KAIST-ICC

Why should we consider the Security? (1/2)Providing confidentiality, integrity, and availability of the communications and computations

Sensor networks are vulnerable to security attacks due to the broadcast nature of transmission

Sensor nodes can be physically captured or destroyed* / 48KAIST-ICC

KAIST-ICC

Why should we consider the Security? (2/2)Since the system is able control house infrastructuree.g., gas, water control etcIf the adversary attacks house infra systemHouse infrastructure can be a serious harm to humane.g., Open gas valve, overheat the micro-wave

KAIST-ICC* / 48

KAIST-ICC

Security Threats of Each Application* Yee Wei Lawand Havinga, P.J.M., How to Secure a Wireless Sensor Network, 2005* / 48KAIST-ICC

KAIST-ICC

Constraints of WSN* / 48KAIST-ICC

KAIST-ICC

Security Requirements for WSNData Confidentiality (Eavesdropping)Dont leak sensor readingsSolution: EncryptionData Authentication (inject / alter Attack)data was really from claimed senderSolution: MACData Integrity (inject / alter Attack)Received data is not altered in the mid-waySolution: data authentication* / 48KAIST-ICC

KAIST-ICC

Attacks on WSNTypical attacks on WSN are:Sybil attackWormholesHELLO flood attacks

Notations= adversary= base station* D. Wagner, Security for Sensor Networks: Cryptography and Beyond, SASN 2003* / 48KAIST-ICC

KAIST-ICC

HELLO flood attackInferring a node is a neighbor (i.e. within radio range) after receiving a broadcast packet from them may be ill-conceived. An adversary with a powerful transmitter could easily reach every node in the network.

* D. Wagner, Security for Sensor Networks: Cryptography and Beyond, SASN 2003* / 48KAIST-ICC

KAIST-ICC

Sybil attackAn adversary may present multiple identities to other nodes. The Sybil attack can disrupt geographic and multipath routing protocols by being in more than one place at once and reducing diversity.

* D. Wagner, Security for Sensor Networks: Cryptography and Beyond, SASN 2003* / 48KAIST-ICC

KAIST-ICC

WormholesTunnel packets from one part of the network and replay them in a different part.

* D. Wagner, Security for Sensor Networks: Cryptography and Beyond, SASN 2003* / 48KAIST-ICC

KAIST-ICC

ConclusionRFID/USNs are essential technology for up-coming Ubiquitous worldIf the system is not designed with security in mindThis technology would harm human life

Security should be considered from the design of entire Ubiquitous systemKAIST-ICC* / 48

KAIST-ICC

KAIST-ICC

******************************************