RFID, sensors, and security

David SIMPLOT-RYLRFID tags and communicating sensors

Security@INRIA13 décembre 2005

RFID Tags and Communicating Sensors: Overview of Security Aspects

David SIMPLOT-RYL

IRCICA/LIFL, Université de Lille 1CNRS UMR 8022, INRIA Futurs, France

http://www.lifl.fr/~simplot [email protected]

http://www.lifl.fr/~simplot

mailto:[email protected]



Outline

Introduction



RFID Tags

Smart labelsRadio Frequency Identification Tag

By opposition to bar code which use optical principles

A strongly limited component:500 times smaller than a classical microprocessor

Chip with a size of some mm²RFID Tag

Intel Pentium 4



Principle

Typically, RFID Tags are passive components: they have no battery!Tag are powered by electromagnetic field generated by reader

Communication from reader device to vicinity tags: amplitude shift keying (ASK)Communication from tags to reader device: impedance shift keying (ISK)

courtesy Intersoft



EAS Application

Electronic Article SurveillanceOnce powered, the tag emitsThe reader listen channel and activate alarm as early as transmission is detectedDuring checkout, the tag is burned out

Problem: power and hear the tag whatever the tag orientation



Current smart labels

RFID Tag can memorize information

Up to 256 bytes for present generationsRewritable (flash memory)Or not (write once)Can be protected by password



Substitute of bar code

Low-cost bar codeless than one cents (€)

High cost for interrogator device

Static information Limited information

~ ten digits (decimal)NB. Systemd that extend bar code capabilities exist (code-barre 2D, etc…)

High-cost tagsTen cents (€)

Lost cost for interrogator device

Dynamic information Significant information

capabilityKilobit order ~ several digit hundreds



Substitute of bar code (2)

Provided information concerns a collection of objects and requires centralized system

Security relies on centralized system

Unidirectional optical communication

Direct line of sightHandlingSensitive to dust…

Information relative to the object

Can be completed by centralized system

Security at tag levelFight against falsification

RF communicationNo Line of Sight



Substitute of bar code (3)

Item by item scanning Scanning of set of items

Batch identificationNo handling

Fast identification More than 200 tags per

second

courtesy to Mike Marsh



Batch identification protocols

Protocol which aims to collect without error all ID or data of tags while minimizing identification time

Collision management (simultaneous transmissions)Avoid tag missing/lostMaximize identification speed

It is MAC layer(medium access)

AlohaCSMA/CD, FDMA, CDMAtoo complex…

Dedicated protocolsSuperTag (Aloha)TIRIS de Texas Instrument (tree based algorithm)I•Code de Phillips (idem)STAC de TagSys/LIFL (adaptive round)

Centralized configurationIntelligence in interrogator device ⇒ simple and low-cost tags

Champ électromagnétique du lecteur



Applications

Batch identification

Marathon Automatic clocking in

Automatic luggage sorting

Automatic inventory50 items in less than one second



Networking the physical world

RF Tag

Networked Tag Readers

SavantControlSystem



More POPS, smaller POPS…

100µm

Courtesy, Alien Technology

* POPS = Portable Objects Proved to be Safe(e.g. smartcards, RFID, sensors, smastdust…)



The MIT Auto-ID Center Vision of “the internet of things” Co

urte

sy, A

uto-

ID C

ente

r



Auto-ID Center classification

Class V tags Readers. Can power other Class I, II and III tags;

Communicate with Classes IV and V.

Class IV tags: Active tags with

broad-band peer-to-peer communication

Class III tags:semi-passive RFID tags

Class II tags: passive tags with additional

functionality

Class 0/Class I:read-only passive tags



Benefits of class IV tags

Decentralized behavior

The request is broadcasted in the whole network by using multi-hop method

Similar to sensor networks Complete population

Reader

Monitoring station

http://www.wave-lynk.com/images/CT-5300-Logic Link.jpg
















Sensor applications

Military applications:(4C’s) Command, control, communications, computingIntelligence, surveillance, reconnaissanceTargeting systems

Health careMonitor patientsAssist disabled patients

Commercial applicationsManaging inventoryMonitoring product quality

Misc.Monitoring disaster areas Home security



Sensor Nets for Search and Rescue

Inactive Sensor







Active Sensor





Privacy risks

Privacy Risks for Consumers and EnterprisesPrivacy advocates decry the risks of RFID: silent physical tracking of consumers and inventorying of their possessions. For businesses too, RFID introduces new privacy and security risks -- and a whole new dimension to corporate espionage. See CNIL recommendations



500 Eurosin wallet

Serial numbers:597387,389473

…

Wigmodel #4456

(cheap polyester)

30 items of lingerie

The Times(paid with Amex card 345882299)

Pack of cigarettes(fourth pack this week)



Privacy risks



Privacy risks

There are well-known techniques to deal with this issue…My GSM could be identified by any fake BTS

What is the difference with RFID ?



Medium is different

“Tree-walking” protocol for identifying RFID tags

000 001 010 011 100 101 110 111

00 01 10 11

0 1

?



Low cost RFID tags







Low cost?



Trade-off security vs cost

Cost ~ number of transistorsSecurity level ~ effort the pirate has to produce

NB. High similarity between RFID evolution and smartcard history

Security level

Cos

t

Research efforts



Tag privacy approaches

DesactivationReactivation problem

Public-key based protocolHeavyweight

User interventionNot user friendly :-)

Blocker tagInterference when identification is needed

Silent tree-walkingJust kidding

One-time identifiersPseudonym tags



Tag Authentication

Threats:Cloning and forgery

Approaches:Track and trace Anticipate movements, detect and report frauds Effort on network infrastructure

Challenge-response Heavyweight Tamper resistance is required

Static authentication Cloning is not addressed

Idem with public-key Heavyweight



Security on network infrastructure

Threats:Disclosure of information about tagsModificationTraffic analysis, etc.

Challenges:Tag databases potentially need to be available to many parties Suppliers, retailers, consumers, auditors, …

Information about a given tag may be managed in many places, and/or may change hands over timeReader security

Classical challenges in software infrastructure (middleware)!The challenge is the size of the database



Localization and positioningExample of DV-hop triangulation:

Base station (position known)Sensors

Security problems in sensor networks (1)



Positioning

Room = 10m x 10m

PrecisionHop = ± 43 cm

ν = ± 35 cm

RSS = ± 18 cm



Coverage and exposure problemsCoverage problem Quality of service (surveillance) that can be provided by a particular

sensor network Activity scheduling (nodes can sleep while preserving surveillance

surveillance)Exposure problem A measure of how well an object, moving on an arbitrary path, can

be observed by the sensor network over a period of time





Dissemination and data gathering

Flooding is used to build gathering treesBuilding suitable gathering trees is an open questionFlooding is a beaconless protocol but energy consumingData fusion is possible along transmission

bottleneck




The problem is to detect and isolate misbehavior nodes

Some techniques:Group key managementReputation mechanismVirtual currency to enhance cooperation



Conclusion

We can learn a lot from smartcard historyShortcuts are preferred to replay :-)

Privacy/AuthenticationChallenges are in cost/security tradeoffNew authentication protocols?

Middleware issuesGo beyond of simple “re-painting”Performance issues are the important problem

Sensor networksGroup key managementSimilarities with security in ad hoc network (of course)

Operating SystemMobile code (not for now)



RFID Tags and Communicating Sensors: Overview of Security Aspects

David SIMPLOT-RYL

IRCICA/LIFL, Université de Lille 1CNRS UMR 8022, INRIA Futurs, France

http://www.lifl.fr/~simplot [email protected]

http://www.lifl.fr/~simplot

mailto:[email protected]

Business

RFID, sensors, and security