25
RFID Innovations at the Bottom Wayne Burleson Electrical and Computer Engineering University of Massachusetts Amherst [email protected] rfid-cusp.org
RFID Innovations at the Bottom
Wayne BurlesonElectrical and Computer EngineeringUniversity of Massachusetts Amherst
Abstract:• RFID systems present many opportunities for innovations at different
levels and across many application domains.
• This talk presents some innovations at the bottom level of the stack, namely the digital and analog hardware that implements the actual RFID tags.
• Security and privacy are increasing concerns in RFID systems that can be partially addressed with lightweight hardware primitives.
• Most current RFID tags are designed in older CMOS technologies for cost reasons. We briefly explore the technology scaling issues that arise as tags are fabricated in 45nm technologyand below.
• Finally, we look forward to the future where RFID tags have significantly more capability and explore the architectures and resources that are most appropriate in this still highly constrained computing environment.This work is funded by the National Science Foundation, RSA Labs and the Semiconductor Research Corporation.
Who am I?• VLSI Designer/Consultant• I teach VLSI Design, Embedded Systems and most
recently, Security Engineering• I do research on VLSI Circuits
– Low-power and Side-channels (NSF)– Interconnects (SRC, Intel)– Clocking and Wave-pipelining (NSF and Intel)– SRAM (Intel, NSF)– Soft-errors (Sharp, Intel)– Thermal Sensing and Management (SRC, AMD)
• And research on VLSI Architecture– Adaptive SOC (NSF)– On-chip Monitor NOC (SRC)– Video, 3D Graphics, DSP(NSF)– Crypto, Embedded Security (NSF)
• Sabbaticals at ENST/Paris 1997 and LIRM/Montpellier 2003
4
rfid-cusp.org
RFID Consortium for Security & Privacy
My Collaborators• UMass VLSI Circuits and Systems
Group: Lang Lin, Serge Zhilyaev, Mike Todd, Jeff Little, Ibis Benito, Dan Holcomb (now at Berkeley)
• UMass CompSci: Kevin Fu, Ben Ransford, Shane Clark, NeginSalajegheh, Andres Molina
• U. Bochum: Christof Paar, Andy Rupp, Thomas Eisenbarth, Tim Gueneysu
• UMass ECE: Tilman Wolf, WeiboGong, Dennis Goeckel, Bob Jackson, Russ Tessier,
• LESTER, U. Bretagne Sud: Guy Gogniat, Lilian Bossuet (U. Bordeaux)
• UMass Transportion Center: John Collura, Marguerite Zarrillo (UMD)
• Umass Cybersecurity Cluster Team: Brian Levine (CS), Gerome Miklau (CS), Anna Nagurney (Management), M.J. Peterson (PoliSci), Andrew Papachristos (Sociology)
• Worcester Polytechnic: Berk Sunar• MITRE: Rich Petrovich, Adam
Woodbury• General Dynamics: Peter Gage• Intel Research, Seattle• RSA Labs: Ari Juels, • ThingMagic: Ravi Pappu, • NIST: Tom Karygiannis
• Apologies to anyone I forgot
Trends in VLSI Research
• Applications– Microprocessors– DSP– Video– Wireless– Hand-sets– Smart Cards– Sensor Networks– RFID– Smart Dust– …
• Design Challenges– Area– Performance– Complexity– Test/Yield– Power– Flexibility– Reliability– Security– Privacy
70’s
80’s
90’s
00’s
10’s
Vision
• RFID Technologies present new challenges and opportunities across many levels– Systems– Protocols– Architecture– Circuits
• Readers• Tags
– Active– Passive
Application Domains
• Supply Chain
• Access Control
• Payment Systems
• Voting
• Medical
• Sensing
RFID-CUSP meeting
Why is RFID interesting from a Hardware perspective?
• Very cost-sensitive, high-volume, justifies large design effort• Very low-power/energy budget• Low-level of complexity and efficiency requirements warrant full-custom
design– Mostly hardware rather than software implementation– Very little memory (10^2- 10^5 bits), some is non-volatile
• Soft real-time performance requirements• Side-channel leakage and tamper attacks require careful circuit designs• Mixed-signal design due to unusual wireless communications and energy
harvesting approach• Application/Algorithm/Architecture/Circuit co-design, crossing traditional
layers of abstraction
• Improved radio frequency communication range and power delivery efficiency
• Power efficiency (currently 20-30uW for digital)• Energy storage (batteries and super-capacitors) to allow
reader-less operation• Data storage (currently 1-4K bits, moving to 10-100Kb, both
volatile and non-volatile)• Security services
– Authentication (Hash functions, Device-tied functions)– Encryption (Private, Public)– Consensual reading– Intrusion detection– Side-Channel attacks (EM, power, fault-injection, gltich, timing)
• New HW-related features in Next Generation tags– Data Storage
• Shared among multiple untrusted parties• Logging (e.g. for intrusion detection)
– Sensors• Location• Temperature, Bacteria, Chemical• Off-line Computation
– Time-aware (real-timers)– Reliability
• More Moore (45nm and below)• More than Moore (non-CMOS, non-electronic,
etc.)
Next Generation RFID Tags
HW Challenges in Next Generation RFID Systems
NSF Smart Tags 2005-2008Burleson, Fu, Stubblefield, Juels
• What we proposed:– Cross-layer RFID Security and Privacy solutions
• What we did:– FERNS: SRAM-based PUF and TRNG– Leakage-aware Power Analysis– Vulnerability Analysis
• Wireless Credit Cards• Implanted Medical Devices
– Computational RFID: Mementos, CCCP, Computing with Ramped Power
– Integrated Transportation Payment Systems
Ongoing Projects
• RFID Trends (applications, capabilities, challenges)• More Moore - 45nm RFID (SPURS)• Computational RFID (Kevin Fu, Deepak Ganesan et al)• Process variation, leakage and SC (Lang Lin)• Trojan Side Channel (Christof Paar)• UWB (Ari Juels, Dennis Goeckel, Dan Boneh)• Lightweight Challenge/Response (Serge Zhilyaev)• Lightweight TRNG and PUF: FERNS (Dan Holcomb, Kevin Fu)• Alternative Asymmetric Crypto (Christof Paar)• Applications
– Transportation (Umass Transportation Center, Andy Rupp)– Medical (Kevin Fu, Bill Maisel M.D., Harvard Medical School)
Recent media attention of our work
NSF researchers produce RFID random number generatorA trio of University of Massachusetts researchers have found
an inexpensive way to produce sets of truly random numbers for radio frequency identification tags. The technique also produces a unique fingerprint for each tag. The approach involves reading the state of the memory of the RFID tag as it is being powered up.
Daniel Holcomb, Wayne Burleson and Kevin Fu conducted the research, which was funded by the National Science Foundation. The RFID Consortium published the results, in the most recent edition of the Proceedings of the Conference on RFID Security.
Having a source of truly random numbers has been one of the biggest challenges for computer science. Programs that encrypt data require a robust source of random numbers.
Researchers See Privacy Pitfalls in No-Swipe Credit CardsBy JOHN SCHWARTZAMHERST, Mass. —…the University of Massachusetts, Amherst, … RFID-CUSP, a new consortium of industry and academic researchers financed by the National Science Foundation to study RFID…The demonstration revealed potential security and privacy holes in a new generation of credit cards — cards whose data is relayed by radio waves without need of a signature or physical swiping through a machine. …The card companies have implied through their marketing that the data is encrypted The finding comes at a time of strong suspicion among privacy advocates and consumer groups about the security of the underlying technology, called radio frequency identification, or RFID. Though the systems are designed to allow a card to be read only in close proximity, researchers have found that they can extend the distance. The actual distance is still a matter of debate, …and even the shortest distance could allow a would-be card skimmer to mill about in a crowded place and pull data from the wallets of passersby, or to collect data from envelopes sitting in mailboxes.The experiment was conducted by researchers here working with RSA Labs, a part of EMC, an information management and storage company. the first fruit ofSecurity experts who were not involved in the research have praised the paper, and said that they were startled by the findings. Aviel D. Rubin, a professor of computer security at Johns Hopkins University, said, “There is a certain amount of privacy that consumers expect, and I believe that credit card companies have crossed the line.”
“Quirks of RFID Memory Make for Cheap Security Scheme”
Un nouveau procédé capable de sécuriser à bas prix la majorité des puces RFIDhttp://www.bulletins-electroniques.com/actualites/58415.htmLes puces utilisant la radio identification, souvent désignées par le sigle RFID pour Radio frequency identification, sont désormais parties intégrantes de notre quotidien ; dans les cartes de crédit, les permis de conduire, les passeports, les étiquettes dans les magasins. Cependant un grand nombre de ces puces n'a encore aucun moyen de se prémunir contre une lecture pirate. Dans un rapport qui sera très prochainement publié, une équipe d'informaticiens américains proposent un nouveau système de sécurité RFID qui fonctionne grâce aux circuits mémoire présents dans les puces RFID.
L'idée est simple : utiliser le fonctionnement intermittent de ce type de puce. Ne possédant pas leur propre source d'alimentation, les puces RFID "passives" reçoivent leur énergie des ondes radio provenant des lecteurs RFID. "Parce que de telles sources d'énergie sont soumises à des perturbations en traversant l'air, ces puces voient leur alimentation varier constamment, plusieurs fois par seconde" explique Wayne Burleson, professeur d'électronique et d'informatique à l'University of Massachusetts Amherst. "Et à chaque fois que la puce reçoit plus de puissance, sa mémoire, si elle est de type SRAM (Static Random-Access Memory), se réinitialise avec un assortiment de 1 et de 0".
The basic idea of FERNS(Fingerprint Extraction and Random
Numbers from SRAM)
• 100% reliable ID using 64 bit fingerprints (> 19 bits in Hamming distance)• 128 bit random numbers extracted from 256 byte SRAMs
Random number extraction with unstable states
ID extraction with fixed states
17UNIVERSITY OF MASSACHUSETTS AMHERST • Department of Computer Science
S&P for Pervasive Medical Devices
Heart
• Implantable medical devices
• Induce fibrillation wirelessly
17
Scenario 1: Public Transportation
Bay Area Rapid TransitIntegrated Payment Systems
for a wide range of public and private surface transportation services and facilities (tolls, subway, train, bus, parking,…)
based on modern electronic and information technology (e.g. smart card, RFID, image, video, Internet, cryptography)
allow new forms of sustainable revenue generation critical to the planning, design, construction, rehabilitation and maintenance of our aging transportation infrastructure.
However, in order to gain broad acceptance, these systems must be:
1. secure, 2. privacy-preserving
Scenario 2: Open Road Tolling
• Open road tolling (ORT) is the collection of tolls on toll roads in three or more adjacent lanes without the use of lane dividing barriers or toll-booths.
• Although currently deployed in Canada, Australia, Europe and several U.S. states, problems exist with accuracy, security and privacy. Recent security breaches in Texas and London, and privacy concerns limiting adoption in Massachusetts.
• Extension to integrated payment systems (a single card or transponder being used across regions, states and facilities) remains an open problem with respect to security and privacy
Analysis and Mitigation of Process Variation Impacts on
Power-Attack Tolerance
Lang Lin, Wayne Burleson
University of Massachusetts, Amherst
Hitachi Mu-Chip
2.45 Ghz, 1 cm range
65nm CMOS
Wafer-level ionization-basedProgramming of 96 bit ID
No security
No channel control
Grains of rice
Secure Passive UHF RFID Sensor (SPURS)• Goal: Design a EPC Class 1, Gen2 compliant RFID tag in 45nm CMOS with new
functions:– encryption,
– temperature sensor
– external bus (for prototyping)
• Tag operates at UHF (900MHz), harvests RF energy for power• Design uses SOI instead of bulk CMOS (lower power, better impedance matching
of antenna for harvesting efficiency)• Design partitioned into 2 parts:
– Analog (Jeff Little): Energy harvesting, voltage rectifier, data demodulation, system clock, power-on-reset, & modulator
• Analog Design, Custom Circuits & Layout, (derived from EPFL design)
– Digital (Mike Todd): Gen2 state machine & functional blocks, block cipher & external data bus• ASIC Design with Verilog and ARM Standard Cells
– Thermal Sensor (Basab Datta): Very lightweight sensor for ambient temperature sensing, 8 bits, 1 point calibration
22
SPURS Block Diagram– ~5K gates
23
VDD
RFID Encryption• Block Cipher – PRESENT [1]
– 64 bit block cipher
– 80 bit key
• Multiple ways to approach encryption protocol– Encrypt all messages
• No way for reader to know what key
– Always encrypt specific commands [2]• Does not allow unencrypted communication
– Use a specific bit specify if a message is encrypted• Requires changing every Gen2 command
– Send a custom command RT to begin encrypting• Custom commands allowed in Gen2
• Allowing unencrypted commands may increase read range/lower latency[1] A. Bogdanov et al., ‘‘PRESENT: An Ultra-Lightweight Block Cipher,’’ Proc. Workshop Cryptographic Hardware and Embedded Systems (CHES 07), LNCS 4727, Springer, 2007, pp. 450-466.[2] Man et al., Hong Kong University of Science and Technology, Low Power VLSI Design for a RFID Passive Tag baseband System Enhanced with an AES Cryptography Engine, RFID Eurasia, Sept. 2007 Page(s):1 - 6
24
For RFID News and Applications
• RFIDJOURNAL.COM EVENTS BECOME A MEMBER SIGN INJUNE 4, 2009 | FEATURED NEWS
• RFID to Protect Intellectual Property• RFID Raises Profits at Plant Nursery• Team to Develop Standards for Testing RFID in Health Care• Researchers to Reveal RFID Benchmarks for Apparel Retail
at RFID In Fashion 2009• RFID News Roundup•••
Some Conclusions
• RFID has numerous incarnations and is emerging as a significant business.
• Innovations at each layer of RFID systems must use appropriate abstractions of neighboring layers.
• Hardware innovations can leverage low-energy techniques from other fields.
• There’s plenty of room at the bottom…(apologies to R. Feynman)
