RRFID Authentication :

Minimizing Tag Computation

RRFID Authentication :

Minimizing Tag Computation

CHES2006 Rump Session,

Yokohama. Japan

2006. 10. 11.

Ph.D. Jin KwakKyushu University, JAPAN

jkwak@security.re.kr

or jkwak@itslab.csce.kyushu-u.ac.jp

2

Background - Definition of RFID

RFID (Radio Frequency Identification) is data carrier technology that transmits information via signal in the radio frequency portion of the electromagnetic spectrum. [GS1 US]

RFID- Radio Frequency Identification

3

Limitation of Current RFID

Storage

Low-cost RFID tag has hundreds of bits-memory - EPC C0/0+, EPC Cl G1, EPC C1G2 tag has tens of bits R/W block - Philips’ UCODE EPC G2 tag has 512 bits of on chip memory

Computation

5¢ RFID tag cannot implement - symmetric key cryptography - public key cryptography - hash operation - random number generation

Security or Efficiency?

Computation or Storage?

4

Assumptions

Limited successivetag queries

The probability that an attacker can successively transmit a Query to targeted RFID tags in different locations before updating the RFID tags’ identification data is very low

Limited interleavingThe mobility of RFID tags and password mechanism restrict the attacker’s ability to perform attack

5

Initial Set-up Process

Tagged Item

0( || )KE ID R 0R 1R

6

Authentication Process(1/2)C

K ey pad

User

RFIDReader

Middleware &

Application

Tagged Item

1. Query

2. ( || )K iE ID R

1 1 2 19. , ( || ) ,i K i i i iR E ID R R R R

3. Password request

InformationServices

DiscoveryServices

1

10.

( || )i

K i

Checking R

then Gaining E ID R

( || )K iE ID R iR 1iR

1( || )K iE ID R 2iR

ID .Info

ID .Info12. Updating

12. Updating

Insecure Communication

Secure Communication

1iR

iR 1iR

2iR 1iR

7

Authentication Process(2/2)

K ey padRFIDReader C

Tagged Itemsfrom Manufacturer k

Manufacturer k

Retailer 1

RFIDReader C

Tagged Itemsfrom Manufacturer 1

Manufacturer 1

Retailer 1

K ey pad

…

Current

Password

New

Password

Item 1

(Made by Manufacturer 1)PWM1 PWR1

Item 2

(Made by Manufacturer 1)PWM1 PWR1

Item n

(Made by Manufacturer k)PWMk PWR1

Item n+1

(Made by Manufacturer k)PWMk PWR1

……

8

Security

C

K ey pad

User

RFIDReader

Middleware &

Application

Tagged Item

1. Query

2. ( || )K iE ID R

1 1 2 19. , ( || ) ,i K i i i iR E ID R R R R

3. Password request4. PW

InformationServices

DiscoveryServices

5. ID 6. URL

7. ID

1

10.

( || )i

K i

Checking R

then Gaining E ID R

( || )K iE ID R iR 1iR

1( || )K iE ID R 2iR

ID .Info

ID .Info12. Updating

12. Updating

Insecure Communication

Secure Communication

1iR

iR 1iR

2iR 1iR

2

11. i

R

1

8. ,

.i

RInfo

Without PW, the attackers

cannot obtain ID

By assumptions, tracking probability is very low

The attackers cannot use the clone without PW

DoS is easily detected

Week anonymity

Strong anonymity

Anti-counterfeiting

Recognizability

9

Efficiency

C

K ey pad

User

RFIDReader

Middleware &

Application

Tagged Item

1. Query

2. ( || )K iE ID R

1 1 2 19. , ( || ) ,i K i i i iR E ID R R R R

3. Password request4. PW

InformationServices

DiscoveryServices

5. ID 6. URL

7. ID

1

10.

( || )i

K i

Checking R

then Gaining E ID R

( || )K iE ID R iR 1iR

1( || )K iE ID R 2iR

ID .Info

ID .Info12. Updating

12. Updating

Insecure Communication

Secure Communication

1iR

iR 1iR

2iR 1iR

2

11. i

R

1

8. ,

.i

RInfo

RFID tag only perform XOR operations

RFID tag needs under 300 bits memory

Low computation

Small storage

10

Thanks …

Please e-mail to jkwak@security.re.kr or jkwak@itslab.csce.kyushu-u.ac.jp