A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme

A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme

Divyan M. Konidala, Zeen Kim, Kwangjo Kim{divyan, zeenkim, kkj}@icu.ac.kr

International Research Center for Information Security

CONFERENCE ON RFID SECURITY-07


2

Introduction - EPCglobal EPCglobal Inc™

Industry-driven standards RFID in supply chain management

We consider EPCglobal Architecture Framework EPCglobal Class 1 Gen 2 UHF RFID Protocol


3

Contents Introduction RFID-based supply chain management system

EPCglobal Architecture Framework Security Threats and Requirements Security Assessment of Class 1 Gen 2 UHF RFID Protocol Proposed Tag-Reader Mutual Authentication Scheme

Scheme Analysis

Conclusion and Future Work


4

EPCglobal Architecture Framework

EPC-IS


5

Introduction - Tag’s 4 Memory Blocks

**We Focus on RESERVED memory Block**RESERVED memory Block has….

•Access Password (APwd)•Kill Password (KPwd)


6

Introduction - RESERVED Memory Block Manufacturer of the product stores APwd and

KPwd in the Reserved Memory Bank Reserved Memory Bank is R/W LOCKED,

Cannot be Read Cannot be Re-Written


7

Security Threats and Requirements Tag-Reader Mutual Authentication

Malicious RFID Readers Snoop, corrupt, manipulate

Cloned Fake RFID Tags Counterfeit products

Man-in-the-Middle Attack Eavesdrop and impersonate

Tamperproof Tags RFID Tag Snatching


8

One-Way Reader to Tag Authentication Proposed by EPCglobal

Proposed by EPCglobal Class 1 Gen 2 UHF RFID Protocol

Not Secure

Un-encrypted openly sent random numbers used as pads to cover-code tag’s APwd

Tag’s Access Password easily exposed to disgruntled employee managing hand-held reader

RFID Tag

9. If (4 & 8) = Yes: Reader Authentic; No: End Communication with Reader

R1. ReqT12. R

M M T13. CCPwd =APwd R

L L T27. CCPwd =APwd R

R5. ReqT26. R

M M T1

4. Verify I f: APwd == (CCPwd R )

RFID Reader

L L T2

8. Verify I f: APwd == (CCPwd R )


9

Security Weakness – EPCglobal Schheme – Exposed APwd

Manufacturer

Reader

Tag

Unauthorized AccessFake Cloned Tags

APwd

APwd Apwd (Exposed)

Only one-way Reader-to-Tag Authentication

Malicious, Compromised Reader

Disgruntled Employee


10

Goals Tag-Reader mutual authentication

simple, light-weight, practically secure (supply chain) A better cover-code or obscure tag APwd Secure distribution of obscured tags' APwd to

stakeholder's RFID readers The manufacturer: implicitly keep track on the

whereabouts of its products. Our scheme adheres to EPCglobal standards


11

Goals NO cryptographic (hash) functions/keys within the tag NO tag - reader synchronization security keys/hash

values. We improve scheme proposed by EPCglobal to

accommodate tag-reader mutual authentication. Our scheme utilizes tag's already existing,

16-bit random number generator, XOR function, Access & Kill Passwords.


12

Proposed Tag-Reader Mutual Authentication Scheme Emphasis on Tag’s Access & Kill Password Manufacturer of the product is involved in the

mutual authentication process Scenario:

A pallet has reached the distributor Distributor’s reader query tag on pallet Reader and Tag must authenticate each other Reader does not know tag’s Apwd Reader contact manufacturer and follow this procedure


13

STEP 1: ReqR

STEP 2: {EPC, RT1, RT2}


STEP 4: {EPC, CCPwdM1, CCPwdL1, RM1, RM2, RM3, RM4}

Step 3.2: Generate & Store{RM1, RM2, RM3, RM4}

Step 3.3: ExecutePAD1 = PadGen(RT1,RM1)PAD2 = PadGen(RT2,RM2)

Step 3.4: ComputeCCPwdM1 = APwdM PAD1CCPwdL1 = APwdL PAD2

STEP 5: {CCPwdM1, CCPwdL1, RM1, RM2, RM3, RM4}

Step 5.2: ExecutePAD3 = PadGen(RT1,RM1)PAD4 = PadGen(RT2,RM2)Step 5.3: Verify IFAPwdM = = CCPwdM1 PAD3APwdL = = CCPwdL1 PAD4Y: Reader AuthenticN: Stop Comm. With Reader

STEP 7: {EPC, CCPwdM2, CCPwdL2, RT3, RT4}

Step 6.1: Generate{RT3, RT4}Step 6.2: ExecutePAD5 = PadGen(RT3,RM3)PAD6 = PadGen(RT4,RM4)Step 6.3: ComputeCCPwdM2 = APwdM PAD5CCPwdL2 = APwdL PAD6


STEP 9: {EPC, AUTHENTIC: Y/N}

Step 3.1: Store{RT1, RT2}

Step 5.1: Temporarily Store {RM1, RM2, RM3, RM4}


Step 8.3: Verify IFAPwdM = = CCPwdM1 PAD7APwdL = = CCPwdL1 PAD8

Y: Tag AuthenticN: Tag is Fake

Step 8.1: Store {RT3, RT4}

Tag Already Has:EPC; Apwd(32)=ApwdM (16) | | APwdL (16) ;KPwd(32)=KPwdM (16) | | KPwdL (16) ;16it-Random No. Genarator: RTx ;PadGen(.) function

Step 1.1: Generate & Temporarily Store{RT1, RT2}

Secure ChannelInsecure Channel

Reader Authentiction Process

Tag Authentiction Process

Manufacturer Already Has:EPC; Apwd(32)=ApwdM (16) | | APwdL (16) ;

KPwd(32)=KPwdM (16) | | KPwdL (16) ;16it-Random No. Genarator: RMx ;

PadGen(.) function

RFID Tag RFID Reader Manufacturer

Proposed Tag-Reader Mutual Authentication


14

STEP 1: ReqR


























PadGen(.) function



15

STEP 1: ReqR


























PadGen(.) function



16

Pad Generation Function: PadGen(.) [1/3]


17


Random Numbers from Tag and Manufacturer


18



19

03Fh13Eh13Dh

03Ch13Bh03Ah

139h138h137h036h135h034h033h032h131h130h

02Fh 1512Eh 1412Dh 1312Ch 1212Bh 1102Ah 10029h 9128h 8027h 7026h 6125h 5124h 4023h 3122h 2021h 1120h 0

BitAddr. Locn.

BitAddr. Locn.

1514131211109876543210

LSBsC5D6h

MSBsAC9Eh

Tag’s Logical Memory & Access Password Map


20

Security Analysis [1/4] Possible Attacks

APwd & KPwd are only 32-bits Brute-force attack or ciphertext-only attack

Practically Secure An enclosure (warehouse) that is sealed from external

noise and radio signals from malicious readers. RFID supply chain processing environment

Extremely fast paced Not feasible to continuously eavesdrop on one particular tag-

reader communication channel Several bulks of items pass through several readers with in a

very short interval of time.


21

Security Analysis [2/4] Reader Impersonation Attack:

Reader to authenticate first to tag A malicious reader

Does not posses both the APwd and KPwd cannot access manufacturer (EPC-IS) due to lack credentials.

Cloned Fake Tags and Tag Impersonation Attack: Tag to authenticate to the manufacturer. A malicious tag or a cloned fake tag

Do not posses both the APwd and KPwd, Manufacturer must detect and terminate the communication,

if a tag emulator using the same or weak random numbers if tag is not moving through the supply chain processing


22

Security Analysis [3/4] Tag's Access Password Never Exposed:

Does not use random numbers sent in an un-encrypted form as pads

Generated pads are known only to tag and manufacturer Secure against Insider Attacks:

Does not deliver the tag's APwd to any of the stakeholder's reader.

The reader relays only the cover-coded APwd RFID “system level check",

A compromised reader is continuously trying to interrogate only one particular tag


23

Security Analysis [4/4] Secure against Replay Attacks:

We use two random numbers each, generated by both the tag and the manufacturer.

As unique random numbers generate unique pads Password Scalability:

We adhered to the 32-bit passwords Our scheme can still be applicable, and more

strengthened, when the length of the APwd and KPwd is extended


24

Implementation Analysis [1/2] Overhead Analysis

Secure channel between tag and manufacturer PKI-based certificate, encryption and signature schemes – may be expensive

Reader communicate with manufacturer to authenticate every tag To reduce this overhead,

The manufacturer can setup a secure server at every stakeholder's supply chain processing facility

Only, the manufacturer can remotely access, monitor, and manage this server and also update the server with tags' Access & Kill passwords

We can also assume that the manufacturer's EPC-IS is a highly resource rich entity, which is designed to take heavy computational and storage load.

Secure channel with only Keyed-Message Authentication Code (MAC)


25

Implementation Analysis [2/2] Light-Weight Tag-Reader Mutual Authentication:

Our scheme does not use any special cryptographic functions. Tag already has capability

XOR operations, Generate random numbers, Temporarily store random numbers Fetch the APwd and KPwd

Our scheme just needs an additional Five 16-bit temporary storage memory slots four random numbers from the manufacturer and one for PadGen(.)

function. Class-1 Gen-2 tags can have a 512-bit memory capacity or more

(depending on the manufacturer)


26

Conclusion Our scheme

Not fully secure Simple, cost-effective, light-weight to be implemented on tag Practically secure, Highly suitable to the RFID-based supply chain processing scenario Adhere to EPCglobal standard

Our scheme provides considerable challenges to thwart Cloned fake tags Malicious readers Disgruntled employees or compromised readers Tag’s APwd leakage Man-in-the-middle attacks

Thank you!Q&A

International Research Center for Information Security

Date post:	21-Feb-2016
Category:	Documents
Upload:	xylia
View:	40 times
Download:	0 times

A Simple and Cost-effective RFID Tag-Reader Mutual Authentication Scheme

Documents