Embed Size (px)
DESCRIPTION
Toward Practical Public Key Anti-Counterfeiting for Low-Cost EPC Tags. Alex Arbit , Avishai Wool, Yossi Oren, IEEE RFID April 2011. Outline. Anti-counterfeiting for RFID Cryptographic anti-counterfeiting Lab system setup WIPR protocol flow Implementation results Optimizations - PowerPoint PPT Presentation
Citation preview
1
Toward Practical Public Key Anti-Counterfeiting for Low-Cost EPC Tags
Alex Arbit, Avishai Wool, Yossi Oren, IEEE RFID April 2011
2
Outline
Anti-counterfeiting for RFID Cryptographic anti-counterfeiting Lab system setup WIPR protocol flow Implementation results Optimizations Summary & Future work
3
RFID EPC Supply chain Counterfeiting is considered one of the
greatest treats to the world’s economy
Electronic Product Code (EPC) is designed to guarantee uniqueness of every RFID Tag in Supply Chain
Problem: Standard RFID EPC-based supply chain is
generally unprotected and may become an easy target for the adversary
4
RFID Tags Anti-counterfeiting methods
Unique ID (EPC) Unencrypted value – an easy prey for adversary!
A world-wide readers network database to trace compromised tag IDs (track-and-trace) Essential cooperativeness of all supply chains Loss of information privacy
Cryptographic solution Asymmetric solution – Public key on Tag Strong system protection – “breaking” one Tag
doesn’t compromise the supply chain Was considered not feasible for RFID chain due
to high resource consumption on tag side and long execution times!
5
Cryptographic anti-counterfeiting protocol
Non-secret Public key (Tag, reader) Private key (Reader only)
R1
Ek(R1,R2,ID)
Interrogator(knows k)
Tag(knows ID, k)
Generate Random R1 Generate Random R2
Encrypt R1,R2 and ID
Decrypt and Verify R1
Output ID
6
Asymmetric cryptographic approach Tag bears only a partial (public) key -> can only
encrypt messages System not compromised even if a certain tag is
Reader possesses both key parts -> can encrypt and decrypt Only one private key is required for entire chain No need for a constant link to a central server
7
A system view of the suggested public-key based anti-counterfeiting system
Only Tag Integrator possesses all encryption and decryption keys
Tag manufacturer has no signing key Unable to create arbitrary signed TIDs not from Integrator’s
list Reader has private decryption key but no signing key
Can only verify tags but unable to forge new oneso System can operate completely offline once keys are
delivered
8
IAIK Demotag
EPC C1G2 fully compliant UHF tag ATMega128 AVR controller
Integral 128kB Flash, 4kB SRAM 16MHz crystal oscillator Communication interfaces
JTAG UART RFID Analog Front End
9
Experimental System Setup IAIK UHF Demotag with a WIPR algorithm mounted on it CAEN RFID EPC1G2 Reader with MATLAB SCA toolkit 2 PC Workstations
11
Full WIPR Protocol flow
Seamless protocol integration with standard EPC Class I Generation II commands
R1
Ek(R1,R2,ID)
Interrogator(knows k)
Tag(knows ID, k)
Generate Random R1 Generate Random R2
Encrypt R1,R2 and ID
Decrypt and Verify R1
Output ID
12
Tag Firmware Architecture
13
Tag resources usage
14
Implementation results – message encryption time as f(heap size)
Message encryption time shortened from initial 7 seconds down to 180 milliseconds using optimizations!
Will be checked on existing ASIC implementation for the same dramatic effect of RAM usage on performance
2700 2750 2800 2850 2900 2950 3000 3050 3100 3150 32000
1,000
2,000
3,000
4,000
5,000
6,000
7,000
8,000Y (ms)
X (bytes)
15
Response time as a function of block read size
Reader-tag maximum wireless link speed 15kbps After each data transaction reader “shuts down” the
link – inefficient reader implementation slows the link down
Reading out large chunks of data ensures fastest response time
17
Response time as a function of block read size – cont.
Reading out large chunks of data ensures fastest response time
19
Optimizations
Total system’s performance further improved from 840ms to 265ms with full link pipelining
1 2 30
100
200
300
400
500
600
700
800
900
T responseT encryptTchallenge
Total link time
20
Summary
A full strength Public key Crypto system is implemented on standard EPC C1 G2 Tag for RFID supply chain!
RAM usage presents a resource vs. message encrypt time latency trade-off.
A better use of air interface by the reader side squeeze the total execution time down to 0.265s for full pipelining.
System designed for fully off-line operation can be further strengthened by use of standard reader track-and-trace with no additional cost on Tag side .
21
Future Work
Adding a small amount of RAM to existing ASIC implementation to compare performances and benchmarking
Integrate suggested anti-counterfeiting solution with current EPC C1G2 tag chips
Work with other reader vendors to see if they handle a standard EPC Class I Generation II more efficiently
22
Thank You!!תודה רבה
