1
Author: Esteban Masobro[[email protected]][[email protected]]
Royal Holloway, University of London Weekend Conference 6 & 7 September 2014
The MSc Project Experience:
Security Protocols for Low-Cost RFID Tags –
Analysis and Automated Verification of
Proposed Solutions
Supervisor:
Dr Konstantinos Markantonakis http://km.isg.rhul.ac.uk/
2
AcknowledgementThis presentation is strongly based on the
information obtained from the various resources at our disposal, mainly:The project supervisor. [1]The project seminar at the VLE. [2]The project guide. [3]
Any mistakes are entirely this speaker’s fault.
3
ContentsPart 1 - Introduction
1.1 The Presentation1.1.1 Intended audience1.1.2 Motivation 1.1.3 Objectives
1.2 The MSc Project 1.2.1 An Introductory Idea 1.2.2 The Overall Picture
1.2.3 The Project Process Steps 1.2.4 The Project Supervisor
4
ContentsPart 2 - My Project Topic
2.1 RFID Technology 2.1.1 My Project Topic 2.1.2 General Purpose 2.1.3 Architecture 2.1.4 Basic Operation 2.1.5 Example Application 2.2 Some Security Issues 2.2.1 Privacy 2.2.2 Anonymity 2.2.3. The Big Brother’s Concern 2.2.4 Hashing the Identifier 2.2.5 Untraceability
2.2.6 Non-Protocol Proposals 2.2.7 Automated Formal Proof
5
ContentsPart 3 - The Project Process 3.1 Selection of the Project Topic 3.2 Specification of the Objectives 3.3 Identification of Methodology 3.4 Development of the Project Plan 3.5 Collection and Processing of Data 3.6 Production of the Report 3.7 Drawing Conclusions
Part 4 – Pitfalls and Highs
Bibliography
7
ContentsPart 1 - Introduction
1.1 The Presentation1.1.1 Intended audience1.1.2 Motivation 1.1.3 Objectives
1.2 The MSc Project 1.2.1 An introductory idea 1.2.2 The Overall Picture
1.2.3 The Project Process Steps 1.2.4 The Project Supervisor
8
Intended AudienceWho is this presentation for?
Current students on the programmeStudents who have not yet started the courseA more general audience is also welcome
AssumptionsNo specialist knowledge is assumedFamiliarity with the basics of Information
Security can be helpful
9
MotivationThe MSc project is worth one quarter of the
degree’s overall mark, and so it should be taken seriously.
Experience shows that a preliminary good understanding of the project process is essential.
Emphasis will be placed on the identification of typical pitfalls and highs.
This presenter’s own project will be used as a running example.
10
Objectives Provide an overall picture of the MSc Project.Describe the experience of the project by
means of the speaker’s own.Overview the different steps of the project
process.Identify typical pitfalls and highs.
11
ContentsPart 1 - Introduction
1.1 The Presentation1.1.1 Intended audience1.1.2 Motivation 1.1.3 Objectives
1.2 The MSc Project 1.2.1 An introductory idea 1.2.2 The Overall Picture
1.2.3 The Project Process Steps 1.2.4 The Project Supervisor
12
An Introductory IdeaThe MSc project:
Is an independent and well-defined piece of work, dealing with some aspect of Information Security.
Must show that an all-encompassing perspective has been obtained of all that is known about the subject matter.
Must add value to this knowledge. Is largely represented by the report, which
must be satisfactorily structured, presented, written, and have adequate length and referencing.
14
The Project Process Steps
Step 1
•Selection of the Project Topic
Step 2
•Specification of the Objectives
Step 3
•Identification of methodology
Step 4
•Development of the Project Plan
Step 5
•Collection and processing of data
Step 6
•Production of the report
Step 7
•Drawing conclusions
15
The Project Supervisor has the experience of many projects and knows what the examiners are looking for.
The Project Supervisor is the first port of call on all issues related to the project, and should be regularly informed on progress.
It is wise to involve your Project Supervisor at every step of the project process, from the selection of the project topic and the establishment of the project plan, to the approval of the report structure and review of draft reports.
Nonetheless, students must do all the work.
The Project Supervisor
17
ContentsPart 2 - My Project Topic
2.1 RFID Technology 2.1.1 My Project Topic 2.1.2 General Purpose 2.1.3 Architecture
2.1.4 Basic Operation 2.1.5 Example Application 2.2 Some Security Issues 2.2.1 Privacy 2.2.2 Anonymity 2.2.3 The Big Brother’s Concern 2.2.4 Hashing the Identifier 2.2.5 Untraceability
2.2.6 Non-Protocol Proposals 2.2.7 Automated Formal Proof
18
My project topic is “Security Protocols for Low-Cost RFID Tags”.
A short background to the topic of my project:General purpose, architecture and basic
operation of an RFID systemWhy the technology has to overcome security
and privacy issues before widespread adoptionThe relevance of automated formal verification
of security protocols
My Project Topic
19
RFID is an Auto-ID technology.Other Auto-ID technologies include:
Barcode systems Optical character recognition Biometrics Smart cards
General purpose
Texas Instruments' HF-I family of 13.56 MHz RFID tags. Picture taken from [7].
20
Architecture of an RFID system:A large set of resource-constraint tags.A set of computationally powerful readers.A computationally powerful backend system.A communication channel between backend
server and readers.A communication channel between reader and
tags.
Architecture
21
Architecture (Tags)
Confidex’s Silverline printable, flexible on-metal adhesive RFIDLabel. Picture taken from [7].
A steer with an eTatoo dangle tag. Picture taken from [7].
VeriChip's 134 kHz passive tag, designed for implantation in humans, is the size of a grain of rice. Picture taken from [7].
22
Architecture (Readers)
Motorola’s MC9190-Z handheld reader. Picture taken from [7].
qIDmini from CAEN RFID. Picture taken from [7].
24
Basic Operation
Reader Tag
What is your ID?
My ID is 8193
Backend System
What object is tag with ID
8193 attached to?
It’s attached to a cheap
polyester wig, etc.
25
RFID can be applied to a wide range of applications, from tracing of tagged products througout the supply chain to pet and drug identification.
Let’s consider an example at the Dutch horticultural supply chain called “From Plant to Customer”.
It attempts to reduce labour cost and increment efficiency and accuracy.
EPC Gen 2 passive UHF RFID tags are attached to both trays of plants and trolleys by growers.
Example Application
26
Example Application
GROWER DISTRIBUTION CENTER
EXPORTER
TRANSPORT COMPANYRETAILE
R
Pictures taken from [7].
28
Example Application
RFID Portal at an outgoing dock door. Hamiplant exporter. Picture taken from [7].
29
ContentsPart 2 - My Project Topic
2.1 RFID Technology 2.1.1 My Project Topic 2.1.2 General Purpose 2.1.3 Architecture
2.1.4 Basic Operation 2.1.5 Example Application 2.2 Some Security Issues 2.2.1 Privacy 2.2.2 Anonymity 2.2.3 The Big Brother’s Concern 2.2.4 Hashing the Identifier 2.2.5 Untraceability
2.2.6 Non-Protocol Proposals 2.2.7 Automated Formal Proof
30
Basic Operation
Reader Tag
What is your ID?
My ID is 8193
Backend System
What object is tag with ID
8193 attached to?
It’s attached to a cheap
polyester wig, etc.
31
Privacy
Reader Tag
What is your ID?
My ID is 8193
Backend System
What object is tag with ID
8193 attached to?
It’s attached to a cheap
polyester wig, etc.
33
Anonymity
Reader Tag
What is your ID?
My ID is 8193
Backend System
Anonymity breached, the attacker now knows that Bob wears a cheap polyester wig.
What object is tag with ID
8193 attached to?
It’s attached to a cheap
polyester wig, etc.
35
Hashing the identifier
Reader Tag
What is your ID?
My ID is hash(8193)
Backend System
What object is tag with
hash(ID) = hash(8193) attached to?
It’s attached to a cheap
polyester wig, etc.
36
Hashing the identifier
Reader TagBackend System
?
What is your ID?
My ID is hash(8193)What object is
tag with hash(ID) = hash(8193) attached to?
It’s attached to a cheap
polyester wig, etc.
37
UntraceabilityReader Tag
What is your ID?
My ID is hash(8193)
Backend System
The attacker interrogates Bob’s tag on Monday.
38
Untraceability
Reader Tag
What is your ID?
My ID is hash(8193)
Backend System
The attacker interrogates Bob’s tag on Wednesday. Untraceability breached.
39
ContentsPart 2 - My Project Topic
2.1 RFID Technology 2.1.1 My Project Topic 2.1.2 General Purpose 2.1.3 Architecture
2.1.4 Basic Operation 2.1.5 Example Application 2.2 Some Security Issues 2.2.1 Privacy 2.2.2 Anonymity 2.2.3 The Big Brother’s Concern 2.2.4 Hashing the Identifier 2.2.5 Untraceability
2.2.6 Non-Protocol Proposals 2.2.7 Automated Formal Proof
40
We have seen that protocol proposals attempt to reduce security and privacy issues to acceptable levels.
There are non-protocol proposals as well. Killing the tags is one such proposal.The reader sends a PIN-protected kill
command to the tag.The tag becomes definitively inoperable.Effective to provide privacy.Several drawbacks, e.g. tag functionality is not available afterwards.
Non-Protocol Proposals
Killer Kiosk. Picture taken from [7]
41
ContentsPart 2 - My Project Topic
2.1 RFID Technology 2.1.1 My Project Topic 2.1.2 General Purpose 2.1.3 Architecture
2.1.4 Basic Operation 2.1.5 Example Application 2.2 Some Security Issues 2.2.1 Privacy 2.2.2 Anonymity 2.2.3 The Big Brother’s Concern 2.2.4 Hashing the Identifier 2.2.5 Untraceability
2.2.6 Non-Protocol Proposals 2.2.7 Automated Formal Proof
42
Security protocol design is an error-prone task.
A protocol whose security has been formally proven, to some extent, offers a much greater degree of confidence.
Some automated verification tools have been developed, including:AVISPA/AVANTSSARProverifScytherCasper/FDR
Automated Formal Proof
43
The AVISPA tool is an example of a tool for the automated formal verification of security protocols.
Automated Formal Proof
Architecture of the AVISPA Tool. Picture taken from [8].
44
As an example, we will examine the Needham-Schroeder Public-Key Protocol. Original version (of 1978) without key server [9].
Description of the protocol:
Automated Formal Proof
{Na.A}_Kb
{Na.Nb}_Ka
{Nb}_Kb
45
The modelling of our example can be found at the AVISPA Library [10]
The protocol claims include two-party mutual authentication.
In particular, our security goals are:Secrecy of both nonces Na, Nb.Strong authentication on alice_bob_nbStrong authentication on bob_alice_na
Automated Formal Proof
46
Unfortunately, a man-in-the-middle attack is possible:Two sessions are needed. The first one
between Alice and the intruder, and the second one between the intruder and Bob.
After the second session Bob believes that he is communicating with Alice, but he actually talks to the intruder!
Automated Formal Proof
53
Automated Formal Proof{Na.A}_Ki
{Na.A}_Kb
{Na.Nb}_Ka
(
(
)
){Na.Nb}_Ka
{Nb}_Ki
53
{Nb}_Kb
( )
At the end of the protocol run, Bob believes he is talking to Alice, but he talks to the intruder, instead.
54
It was not until around seventeen years later that the protocol was broken an fixed by Lowe using the tool Casper/FDR.
Automated Formal Proof
{Na.A}_Kb
{Na.Nb.B}_Ka
{Nb}_Kb
55
A tool for the automated formal verification of security protocols, such as AVISPA, would have found the attack.
Automated Formal Proof
SATMC Outputs for NSPK and NSPK-fixed, respectively. Pictures taken from [11]
57
ContentsPart 3 - The Project Process 3.1 Selection of the Project Topic 3.2 Specification of the Objectives 3.3 Identification of Methodology 3.4 Development of the Project Plan 3.5 Collection and Processing of Data 3.6 Production of the Report 3.7 Drawing Conclusions
Part 4 – Pitfalls and Highs
Bibliography
58
The Project Process Steps
Step 1
•Selection of the Project Topic
Step 2
•Specification of the Objectives
Step 3
•Identification of methodology
Step 4
•Development of the Project Plan
Step 5
•Collection and processing of data
Step 6
•Production of the report
Step 7
•Drawing conclusions
59
How did I choose my topic?Two aspects of Information Security that
especially interest me: Cryptography and Smart Card Security.
I have some strength in them.My supervisor suggests “Security Protocols for
Low-Cost RFID Tags”. It is a topic of timely interest. It has not been covered in the course material.Value can be added to existing knowledge:
A comprehensive overview of the topic can be offered.
Analytical work can be conducted in several ways.
Selection of the Project Topic
60
The Project Process Steps
Step 1
•Selection of the Project Topic
Step 2
•Specification of the Objectives
Step 3
•Identification of methodology
Step 4
•Development of the Project Plan
Step 5
•Collection and processing of data
Step 6
•Production of the report
Step 7
•Drawing conclusions
61
Which are my objectives?1. Establishment of an all-encompassing perspective
of what information is known about the subject matter.
2. Identification of security properties significant in the field.
3. Justified selection of three case studies.4. Description, analysis, and suggestions for
improvement.5. Classification of a number of security protocols.6. Review of a selection of tools for the automated
formal verification of security protocols.7. Provision of suggestions for the improvement of
the tools.
Specification of the Objectives
62
The Project Process Steps
Step 1
•Selection of the Project Topic
Step 2
•Specification of the Objectives
Step 3
•Identification of methodology
Step 4
•Development of the Project Plan
Step 5
•Collection and processing of data
Step 6
•Production of the report
Step 7
•Drawing conclusions
63
Which where the main methods that I used? A comprehensive literature search. This
includes books, research publications, the Internet and literature by vendors. Using external assistance. Case studies. Collecting and documenting data.
Identification of Methodology
64
The Project Process Steps
Step 1
•Selection of the Project Topic
Step 2
•Specification of the Objectives
Step 3
•Identification of methodology
Step 4
•Development of the Project Plan
Step 5
•Collection and processing of data
Step 6
•Production of the report
Step 7
•Drawing conclusions
65
The project plan must established as soon as possible so that the supervisor can determine whether it is viable.
All important events in the development of the project should be identified, together with their intended completion date. For instance: When are we going to complete the literature
search? When are we going to produce draft chapters?
More than enough time should be allocated to each activity so that unwanted surprises are avoided.
Development of the Project Plan
Time goes fast. Picture taken from [14]
66
The Project Process Steps
Step 1
•Selection of the Project Topic
Step 2
•Specification of the Objectives
Step 3
•Identification of methodology
Step 4
•Development of the Project Plan
Step 5
•Collection and processing of data
Step 6
•Production of the report
Step 7
•Drawing conclusions
67
It is advisable to note down all resources usedIt can be useful to maintain a project diaryDon’t forget to make regular backup of data
Collection and Processing of Data
How to Back Up Data from Hard Drive(s) to External Media. Picture taken from [14]
68
The Project Process Steps
Step 1
•Selection of the Project Topic
Step 2
•Specification of the Objectives
Step 3
•Identification of methodology
Step 4
•Development of the Project Plan
Step 5
•Collection and processing of data
Step 6
•Production of the report
Step 7
•Drawing conclusions
69
Your report must be satisfactorily structured, presented, written, and have adequate length and referencing. For instance: Examiners will notice if you have not allocated
enough time to your report and it has been done without the necessary care.
It is advisable to follow the recommended length for the report, i.e. around 50-60 pages.
It is important to avoid making the same point at several different parts of your project.
If you state something, you must either argue it or provide the necessary references.
You should not assume that your reader will have an in-depth knowledge of your project topic.
It makes a great difference if the report is coherently structured.
Production of the Report
70
The Project Process Steps
Step 1
•Selection of the Project Topic
Step 2
•Specification of the Objectives
Step 3
•Identification of methodology
Step 4
•Development of the Project Plan
Step 5
•Collection and processing of data
Step 6
•Production of the report
Step 7
•Drawing conclusions
71
At the end of the project, conclusions must be drawn and included in the report. In my project, I included: Identification of contribution and main results
An improved version of three protocols Classification of fifteen representative protocols Presentation of five suggestions for the
improvement of the tools to better meet the requirements of security protocols for low-cost RFID tags
List of original objectives of the project, and an explanation of the extent to which they were achieved
Attempt pointers to the possible evolution of the subject area We can also make predictions
Drawing Conclusions
73
ContentsPart 3 - The Project Process 3.1 Selection of the Project Topic 3.2 Specification of the Objectives 3.3 Identification of Methodology 3.4 Development of the Project Plan 3.5 Collection and Processing of Data 3.6 Production of the Report 3.7 Drawing Conclusions
Part 4 – Pitfalls and Highs
Bibliography
74
The first piece of advice is to read the project guide and
keep it in mind... If your project topic has not been extensively studied, you have a better chance to add value. Generally speaking, you must go beyond the mere description of all that is known about the subject matter. It is essential that you add value.
Pitfalls and Highs
75
Your project topic should have a clear focus. Otherwise, it is likely that you will not be able to address issues deeply enough.
There is no excuse for plagiarism. We must not paraphrase (let alone copy paste) work of others without appropriate referencing. Examples include papers,
books or past MSc projects. It might seem obvious, but it is important to double-check your work.
Pitfalls and Highs
Picture taken from [12]
76
It is key that your project report reflects all the work that you have done.
It is important that your project report features a short introduction that includes: A short background to the problem Objectives and rationale Methodology Structure of the Report, stating the different parts and their relationship
If your native language is not English, it is advisable to have your your report reviewed for English language.
Pitfalls and Highs
“Comedies, Histories and Tragedies”, by William Shakespeare [15]
77
A good literature review: Identifies the security issues arising in the subject
area Is reasonably comprehensive Is up-to-date Places the right weight to the different areas, and
examines the relationship between them Defines the basics of the subject area in the main
body of the report, and, where relevant, also provides example(s) and possibly references for further information.
In addition to this comprehensive literature review, analysis must be provided, together with corresponding argued conclusions.
Pitfalls and Highs
78
Examiners value personal opinion, originality and independence of thought.
For every reference in your project, be careful that you take into account whether it is outdated. For instance: The apparently cutting-edge
methodology/technology that you are analysing, has been shown flawed subsequently?
Time goes fast, so don’t delay the start of your project.
Pitfalls and Highs
79
The use of a reference manager can be very helpful.
It is best to insert your citations as you write [3].
Pitfalls and Highs
Picture taken from [16]
80
ContentsPart 3 - The Project Process 3.1 Selection of the Project Topic 3.2 Specification of the Objectives 3.3 Identification of Methodology 3.4 Development of the Project Plan 3.5 Collection and Processing of Data 3.6 Production of the Report 3.7 Drawing Conclusions
Part 4 – Pitfalls and Highs
Conclusions
Bibliography
81
The MSc project is worth one quarter of the degree’s overall mark, and so it should be taken seriously.
The MSc project is an independent and well-defined piece of work, dealing with some aspect of Information security. It demonstrates that all that is known about the subject area has been found out, and adds value to it. In addition, it is largely represented by the report.
Your report must be satisfactorily structured, presented, written, and have adequate length and referencing.
Conclusions
82
Obtain as much information as possible about the project process before start working on it:Read the Project GuideBe active in the Project SeminarBe receptive to the experience of past project
reportsInvolve your project supervisor and follow his
or her advice. He or she has the experience of many projects and knows the assessment process in-depth.
Conclusions
83
Bibliography [1] Konstantinos Markantonakis. ‘Advice given as my project
supervisor’. Personal communication. 2013-2014. [2] Colin Walter. ‘Advice given to students as Information
Security Project module tutor’. VLE at RHUL’s MSc in Information Security. 2013.
[3] K.M. Martin. MSc in Information Security Project Guide. University of London Press. 2008.
[4] Klaus Finkenzeller. RFID Handbook: Fundamentals and Applications in Contactless Smart Cards, Radio Frequency Identification and Near-Field Communication. Wiley, 3rd edition, 2010.
[5] Andreas Hagl and Konstantin Aslanidis. RFID: Fundamentals and Applications. In: Kitsos, P., Zhang, Y. (eds.) RFID Security: Techniques, Protocols and System-On-Chip Design, ch. 1, Springer, Heidelberg, pages 3-26, 2008.
[6] A. Juels. RFID Security and Privacy: A Research Survey. IEEE Journal on Selected Areas in Communications, 24(2): 381 - 394, February 2006.
84
Bibliography [7] RFID Journal. Available at http://www.rfidjournal.com
. Last accessed August 2014. [8] Yohan Boichut. TA4SP - The Tree Automata based on
Automatic Approximations for the Analysis of Security Protocols. Author’s webpage at http://www.univorleans.fr/lifo/Members/Yohan.Boichut/ta4sp.html. Last accessed August 2014.
[9] Roger Needham and Michael Schroeder. Using Encryption for Authentication in Large Networks of Computers. Communications of the ACM, v.21 n.12, p.993-999, Dec. 1978.
[10] David von Oheimb. Modelling of the NSPK Protocol. Available at the website of the AVISPA project, The AVISPA Library, http://www.avispa-project.org/. Last accessed August 2014, January 2005.
85
Bibliography [11] A. Armando et al. The AVISPA Tool Web Interface.
Available at the website of the AVISPA project, http://www.avispa-project.org/, Last accessed August 2014, 2005.
[12] Learner First. Online Plagiarism Detection Services . Available at http://www.learnerfirst.org/2012/09/19/online-plagiarism-detection-services/. Last accessed August 2014.
[13] Raymond Cooper, Consultant Property Lawyer. Rights of Pre-Emption and the Rule Against Perpetuities . Available at http://www.raymondcooper.co.uk/land-law/rights-pre-emption-rule-perpetuities/. Last accessed August 2014, 2013.
[14] University of Delaware. How to Back Up Data from Hard Drive(s) to External Media. Available at http://www.udel.edu/topics/backups/zipdisk.html. Last accessed August 2014.
86
Bibliography [15] William Shakespeare. Comedies, Histories and
Tragedies. Printed by Ifaac Iaggard, and Ed. Blount. 1623.
[16] Sourceforge.net. JabRef Reference Manager webpage at sourceforge.net. Available at http://jabref.sourceforge.net/contact.php. Last accessed August 2014.
[17] Dreamstime. Sunbathers on Barcelona's city beach under palm trees in Summer. Available at http://www.dreamstime.com/royalty-free-stock-photography-barcelona-beach-sunbathers-summer-spain-june-london-uk-s-city-under-palm-trees-catalonia-image34814567. Last accessed August 2014,2012.
[18] Katherine Albrecht and Liz McIntyre. NH CASPIAN Anti-RFID protest . Bedford, New Hampshire. November 5, 2005, Wal-Mart. Available at the Spychips website at http://www.spychips.com/protest/nh-protest/slideshow/. Last
accessed August 2014. 2005.
87
Thank you
Sunbathers on Barcelona's city beach under palm trees in Summer. Picture taken from [17].