Technieue for Preventing DoS Attacks on RFID System

Conference:SoftCOM(2010)Author: Deepak Tagra, Musfiq, Rahman and Srinivas SampalliPresent: 102062595 侯宗佑

1/17

Outline

• Introduction• Security Issues• Gossamer Protocol• De-synchronization Attack• Extension• Conclusion

Introduction

2/17

Security Issues

• Vulnerable to Evasdropping.– Traffic analysis

• Confidential data• Personal privacy

– Spoofing• SQL injection• Data integerty

– Replay attack• De-synchronization

3/17

Security Issues

• Deny of service– Kill command attack– Jamming– De-synchronization attack– Tag data modification

• Data encryption and authentication is required.

4/17

Security Issues

• Difficulties– No power supply.– Cost must be low.– Limited hardware scale.

• Only able to do bitwise operation.• Classic encryption/authentication techniques cannot be

implemented.– AES,DES,SHA-1,md5....

• Protocol must be low-cost and light-weighted.

5/17

Gossamer Protocol

• UMAP family– Tag anoymity– Data encryption– Mutual authentication

• Only bitwise logical operation.• Enhancement of SASI protocol.

– Using non-triangular function for encryption.

6/17

Gossamer Protocol

• Tag identication

Reader TagHello

IDS

7/17

Gossamer Protocol

• Mutual Authentication

Reader Tag

PRNG: (n1,n2)

Keys: (IDS,K1,K2)

Keys: (IDS,K1,K2)

A = f(IDS,K1,K2,n1,Const)

B = f(IDS,K1,K2,n1,Const)

C = f(IDS,K1’,K2’,n3,Const) A||B||C

n3 = MIXBITS(n1,n2)

8/17

Gossamer Protocol

• Mutual authentication

Reader Tag

Keys: (IDS,K1,K2)

Extract n1, n2 from A,B

Compute C’, If C’ == C

D = (IDS,K1’,K2’,n1’,Const)

DCompute D’, If D’ == DSUCCESS

n1’ = MIXBITS(n3,n2)

n1’ = MIXBITS(n3,n2)

9/17

10/17

Gossamer Protocol

• Key updating

TagReader

New Keys(IDSnew,K1new,K2new) = f(IDS,K1,K2,n1,n2,n3)

New Keys(IDSnew,K1new,K2new) = f(IDS,K1,K2,n1,n2,n3)

Old Keys(IDSold,K1old,K2old) = (IDS, K1,K2) )

11/17

De-synchroniztion Attack

• Prevented

TagReader

Attacker

D(Blocked)

C(Blocked) New Keys(IDSnew,K1new,K2new) = f(IDS,K1,K2,n1,n2,n3)

Old Keys(IDSold,K1old,K2old) = (IDS, K1,K2) )

Old Keys(IDSold,K1old,K2old) = (IDS, K1,K2) )

12/17

De-synchronization Attack

• Not prevented

TagReader

Attacker

A||B||C(Copied)

D(Blocked)

Old Keys(IDSold,K1old,K2old) = (IDS, K1,K2) )

New Keys(IDSnew,K1new,K2new) = f(IDS,K1,K2,n1,n2,n3)

Old Keys(IDSold,K1old,K2old) = (IDS, K1,K2) )

13/17

Reader TagReader

Attacker

D’

A’||B’||C’New Keys(IDS’new,K1’new,K2’new) Old Keys(IDSold,K1old,K2old)

= (IDS, K1,K2) )

New Keys(IDS’new,K1’new,K2’new)

De-synchronization Attack

14/17

Attacker Tag

D

A||B||C New Keys(IDSnew,K1new,K2new) = f(IDS,K1,K2,n1,n2,n3)

Old Keys(IDSold,K1old,K2old) = (IDS, K1,K2) )

De-synchronization Attack

15/17

Reader TagReader

Attacker

IDS or IDSnew

HelloNew Keys(IDS’new,K1’new,K2’new) Old Keys(IDSold,K1old,K2old)

= (IDS, K1,K2) )

New Keys(IDSnew,K1new,K2new)

De-synchronization Attack

Extension

Reader TagReader

Attack

IDS or IDSnew

HelloNew Keys(IDS’new,K1’new,K2’new) Old Keys(IDSold,K1old,K2old)

= (IDS, K1,K2) )

New Keys(IDSnew,K1new,K2new) Old Keys(IDSold,K1old,K2old) = (IDS, K1,K2) )

16/17

17/17

Conclusion

• Classified DoS attack on RFID.• Point out the vulerbility of Gossamer protocol.• Propose a simple extension to solve the problem.