Slides - University of Virginia

download report

Transcript Slides - University of Virginia

School of Engineering and Applied Science
Department of Computer Science
University of Virginia, Charlottesville
Virginia, USA
Web: www.cs.virginia.edu
On Mitigating Covert Channels in RFID-Enabled
Supply Chains
Kirti Chawla, Gabriel Robins, and Westley Weimer
{kirti, robins, weimer}@cs.virginia.edu
This work is supported by U.S. National Science Foundation (NSF) grant: CNS-0716635 (PI: Gabriel Robins)
For more details, visit: www.cs.virginia.edu\robins
01 / 21
RFID Technology Overview
Frequency
Form Factor
Type
Parameters
RFID
Technology
Tag/Transponder
Reader
Aerospace
Backend System
Chip Timing
Components
Supply Chain
Some Applications
02 / 21
Motivating Example – Supply Chains
Factory
Warehouse
YOU
Raw Materials
Store
Reduce Cost
Enhance Competitiveness
A Supply Chain
03 / 21
Motivating Example – Supply Chains
Adversary Supply Chain
Target Supply Chain
How ?
Market
Passive Competitiveness
Active Competitiveness
04 / 21
Supply Chain Attacks – Tag Tracking
Tracked tag serves dual-purpose and is a
source of covert channel
Adversary Supply Chain
05 / 21
Supply Chain Attacks – Tag Duplication
Injected duplicated tag as
source of covert channel
06 / 21
Supply Chain Attacks – Tag Modification
M
Injected modified tag as source of covert
channel
07 / 21
Supply Chain Attacks – Tag Modification
EPC Compliant RFID Tag
User Specific Data
USER
TID
Vendor Specific Data
AFI
Tag Capability
TB
ISO/IEC 15963 Class Identifier
EPC
XPC
RESERVED
EPC Number
Access Password
PC
Kill Password
CRC-16
NSI
XPC_W1I
UMI
EPC Length
Memory Layout of the RFID Tag
Writeable banks conceal information
#
08 / 21
Supply Chain Attacks – Reader Compromise
Compromised readers
source of covert channel
M
C
C
as
09 / 21
Evaluation I – Implications(1)
Brand Loyalty Switch
Pre-attack Scenario
Attacks subtly persuading consumers to
switch brands
Post-attack scenario
10 / 21
Evaluation I – Implications(2)
Brand Aversion
Pre-attack Scenario
Post-attack scenario
Attacks subtly persuading retailers to
prefer brands
11 / 21
Mitigating Approach – Model of Supply Chain
1. Item flow = tag flow
2. Multiple Phases
3. Flow verification
Purchase Phase
Supply Chain
Production Phase
Distribution Phase
12 / 21
Mitigating Approach – Model of Supply Chain
1. Item flow = tag flow
2. Multiple Phases
3. Flow verification
Phase Sink
Global Source
Global Sink
Q
C1
P
C(Q, R) > 0
C2
A
NMOF(A) = max(C1, C2)
Purchase Phase: GUP
C: E  +
Phase Source
C(P, Q) = 0
R
Production Phase: GPP
Distribution Phase: GDP
13 / 21
Mitigating Approach – Taint Checkpoints
1. Item flow = tag flow
2. Multiple Phases
3. Flow verification
How ?
Supply Chain Flow Graph: G = GUP  GPP  GDP
Taint Checkpoint
GUP
GPP
GDP
14 / 21
Mitigating Approach – Taint Check Cover
Taint Check Cover
Given a graph G and no. of taint
checkpoints T, determine the existence of
taint check cover:TCC  G,T
TCC  NP
Vertex Cover
GD
Polynomial Time Reduction
VC P TCC
NP-Complete
GU
15 / 21
Mitigating Approach – Heuristics(1)
Use approximate algorithm of VC for TCC
Time complexity: O(V+E)
Solution size: 2OPT
GD
From the set of edges E, pick an arbitrary
edge , save its endpoints and remove all
edges from E that are covered by those
endpoints
16 / 21
Mitigating Approach – Heuristics(2)
Use cuts to partition graph
Algorithm dependent time-complexity
Solution size: OPT to |V|
GUP
GPP
GDP
1. Cuts based on topology
2. Cuts based on flow properties
3. Random cuts
17 / 21
Mitigating Approach – Heuristics(3)
1. No. of taint checkpoints
2. CoverageVs Efficiency Tradeoff
(1) TNR = |VT|
|V|
(2)
CER = 
Use underlying business requirements
GUP
GPP
Algorithm dependent time-complexity
Solution size: OPT to |V|
GDP
TNR, CER +,
|V|  0
18 / 21
Mitigating Approach – Local Verification Algorithm
Verifying flow locally at every taint checkpoints
GUP
1. Check flag enables check for
duplicate tags
2. Tag data verification enables check
for modified tags
GPP
GDP
19 / 21
Mitigating Approach – Global Verification Algorithm
Verifying flow globally along a path or at central site
GUP
GPP
GDP
Heuristics combined
verification
enables
compromised readers
with global
check
for
20 / 21
Evaluation II – Cost
1. Supply Chain flow graph nodes = 2000
2. No. of taint checkpoints = 10 to 1000
3. Workload = 100 items per case  1000 cases per time interval
Cost of solution
Local verification time cost as a function of
no. of taint checkpoints
Local, and global (with constant and
variable link cost) verification time cost as
a function of no. of taint checkpoints
21 / 21
Countermeasures to Covert Channels
Suggested Countermeasures
Passwords
Pseudonyms
Re-encryption
Direct mitigation
PUF
References

Hokey Min and Gengui Zhou, Supply Chain Modeling: Past, Present and Future, Journal of
Computer and Industrial Engineering, Elsevier Science Direct, Volume 43, Issue 1-2, pp. 231-249,
July 2002.

Rebecca Angeles, RFID Technologies: Supply-Chain Applications and Implementation Issues,
Information Systems Management, 22:1, pp. 51-65, 2005.

David Molnar, Andrea Soppera and David Wagner, A Scalable, Delegatable Pseudonym Protocol
Enabling Ownership Transfer of RFID Tags, Selected Areas in Cryptography, Ontario, Canada, 2005.

Daniel V. Bailey, Dan Boneh, Eu-Jin Goh and Ari Juels, Covert Channels in Privacy-Preserving
Identification Systems, 14th ACM International Conference on Computer and Communication
Security, Alexandria, Virginia, pp. 297-306, 2007.

Simson L. Garfinkel, Ari Juels and Ravi Pappu, RFID Privacy: An Overview of Problems and proposed
Solutions, IEEE Security and Privacy, Volume 3, Issue 3, pp. 34-43, May 2005.

Aikaterini Mitrokotsa, Melanie R. Rieback and Andrew S. Tanenbaum, Classification of RFID
Attacks, International Workshop on RFID Technology, Barcelona, Spain, pp. 73-86, June 2008.

Melanie R. Rieback, Bruno Crispo and Andrew S. Tanenbaum, RFID Guardian: A Battery-Powered
Mobile Device for RFID Privacy Management, Lecture Notes in Computer Science, Springer, Volume
3574, pp. 184-194, July 2005.

Ira S. Moskowitz and Myong H. Kang, Covert Channels - Here to Stay, In 9th IEEE International
Conference on Computer Assurance, pp. 235-243, July 1994.
References

Leonid Bolotnyy and Gabriel Robins, Physically Unclonable Function-Based Security and Privacy in
RFID System, 5th International Conference on Pervasive Computing and Communications, New
York, USA, pp. 211-128, March 2007.

Thomas H. Cormen, Charles E. Leiserson, Ronald L. Rivest and Clifford Stein, Introduction to
Algorithms – Third Edition, MIT Press, Cambridge, 2009.

EPCGlobal, UHF C1 G2 Air Interface Protocol Standard,
http://www.epcglobalinc.org/standards/uhfc1g2/uhfc1g2_1_1_0-standard-20071017.pdf

EPCGlobal, Tag Data StandardsVersion 1.4, Revision June 11, 2008,
http://www.epcglobalinc.org/standards/tds/tds_1_4-standard- 20080611.pdf

Anylogic Professional 6, AB-SD Supply Chain Model Simulator, http://www.xjtek.com

Gildas Avoine, Cedric Lauradoux, and Tania Martin, When Compromised Readers Meet RFID,
Workshop on RFID Security, Leuven, Belgium, 2009.

Mike Burmester and Jorge Munilla, A Flyweight RFID Authentication Protocol, Workshop on RFID
Security, Leuven, Belgium, 2009.

Khaled Oua, and Serge Vaudenay, Pathchecker: A RFID Application for Tracing Products in SupplyChains, Workshop on RFID Security, Leuven, Belgium, 2009.

A. Karygiannis, T. Phillips, and A. Tsibertzopoulos, RFID Security: A taxonomy of Risks, Conference
on Communications and Networking in China (ChinaCom), Beijing, China, pp. 1-8, 2006.
Questions